No shared cipher

2018-05-08 Thread _gg_
Not sure if it's not more of an openssl/TLS 'issue'/question... For some time I've been observing SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking in error.log while having ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.

Re: Logging of mirror requests

2018-05-08 Thread Joe Doe
Thank you very much! That did the trick. On Tue, May 8, 2018 at 12:15 PM, Maxim Dounin wrote: > Hello! > > On Mon, May 07, 2018 at 07:59:10PM -0700, Joe Doe wrote: > > > I have used ngx_http_mirror_module to create mirrors. I would like to log > > these requests as well? So in the /mirror locati

Restricting access by public IP blocking remote content

2018-05-08 Thread pkris
As the subject states when I restrict access to a subdirectory via IP, remote content like Google fonts, and Favicons are blocked. This of course makes sense, but without adding those hostnames to my admin-ip's file I use to allow IP's (explained below), can remote content like this be allowed by

Re: Logging of mirror requests

2018-05-08 Thread Maxim Dounin
Hello! On Mon, May 07, 2018 at 07:59:10PM -0700, Joe Doe wrote: > I have used ngx_http_mirror_module to create mirrors. I would like to log > these requests as well? So in the /mirror location, I added access_log > directive, but the log file was created, but no logs were produced. > > Is loggin

Re: big difference between request time and upstreams time

2018-05-08 Thread Igor A. Ippolitov
Ruslan, Not sure if I know a good article on the topic. Just ensure proxy_buffering is 'on', proxy_buffer size covers maximum possible reply headers  size and proxy_buffers matches 90% margin of your replies (or whatever you think is appropriate). Most of time these recommendations ensures opti

Re: big difference between request time and upstreams time

2018-05-08 Thread Руслан Закиров
On Tue, May 8, 2018 at 7:22 PM, Igor A. Ippolitov wrote: > Ruslan, > > This depends on your routing nginx configuration. > If doesn't have enough buffers to contain a response completely and > temporary files are turned off, then you will run into a situation, when > the delay is propagated from

Re: Packages for Ubuntu 18.04 "Bionic"?

2018-05-08 Thread Moshe Katz
Great. thanks! On Tue, May 8, 2018 at 10:28 AM Konstantin Pavlov wrote: > Hello, > > 07.05.2018 19:12, Moshe Katz wrote: > > Hello, > > > > I see that the new Ubuntu 18.04 release has Nginx 1.14.0 > > as its install version. > > However, as new de

Re: big difference between request time and upstreams time

2018-05-08 Thread Igor A. Ippolitov
Ruslan, This depends on your routing nginx configuration. If doesn't have enough buffers to contain a response completely and temporary files are turned off, then you will run into a situation, when the delay is propagated from client facing nginx to a middle layer nginx. The fact that only c

Re: big difference between request time and upstreams time

2018-05-08 Thread Руслан Закиров
On Tue, May 8, 2018 at 3:11 PM, Igor A. Ippolitov wrote: > Sorry, didn't realize this is an English mailing list. > > To sum it up: the problem is most likely about clients and not the server. > Discrepancy between request time and upstream time usually means that a > client is slow or uses a bad

Re: Packages for Ubuntu 18.04 "Bionic"?

2018-05-08 Thread Konstantin Pavlov
Hello, 07.05.2018 19:12, Moshe Katz wrote: > Hello, > > I see that the new Ubuntu 18.04 release has Nginx 1.14.0 >  as its install version. > However, as new development progresses, I will want to be on the > `mainline` version on my servers. > Right

Re: big difference between request time and upstreams time

2018-05-08 Thread Igor A. Ippolitov
Sorry, didn't realize this is an English mailing list. To sum it up: the problem is most likely about clients and not the server. Discrepancy between request time and upstream time usually means that a client is slow or uses a bad connection. Basically, this is OK unless you have the only server

Re: big difference between request time and upstreams time

2018-05-08 Thread Igor A. Ippolitov
Можно я отвечу ссылкой? http://mailman.nginx.org/pipermail/nginx/2008-October/008025.html Проблема, скорее всего, в клиентах. On 08.05.2018 14:43, Руслан Закиров wrote: Hello, Some selected log records: 14:27:46 1.609 [0.013] [0.002] [192.168.1.44:5002 ] 14:27:50 1.0

big difference between request time and upstreams time

2018-05-08 Thread Руслан Закиров
Hello, Some selected log records: 14:27:46 1.609 [0.013] [0.002] [192.168.1.44:5002] 14:27:50 1.017 [0.017] [0.001] [192.168.1.24:9000] 14:27:51 1.522 [0.021] [0.000] [192.168.1.92:9000] 14:27:50 1.019 [0.019] [0.000] [192.168.1.41:9000] 14:27:52 1.019 [0.018] [0.000] [192.168.1.49:9000] 14:27:52

Re: Proxy pass and SSL certificates

2018-05-08 Thread Joncheski
Hello Meph, In configuration file "cloud.diakont.it.conf": - "ssl_certificate" please set path of only public certificate of server (cloud.diakont.it), and in "ssl_certificate_key" please set path of only private key of server (cloud.diakont.it). In configuration file "ssl-params.conff": - The c