Re: Help needed with Nginx SRPM script

> On 16 Apr 2021, at 13:00, Thomas Stephen Lee wrote: > > Thanks a lot, Andrei. > > That worked well. > > I had the same problem in RHEL 8. > > below is the modified script for EL8 Glad to hear it's working for you now. Out of curiosity - in case of RHEL8

Re: Help needed with Nginx SRPM script

ny guarantee it won't break again in future: sed -i '/%setup -q/a tar zxf %{SOURCE100}' /home/builder/rpmbuild/SPECS/nginx.spec should be: sed -i '/%autosetup -p1/a tar zxf %{SOURCE100}' /home/builder/rpmbuild/SPECS/nginx.spec A relevant piece was recently changed in our spec [2]. Hope this helps, -- Andrei [1] https://hg.nginx.org/pkg-oss [2] https://hg.nginx.org/pkg-oss/rev/96441fe2b7d9#l9.26 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Getting started with a Module

4 On Wed, Dec 30, 2020 at 3:58 PM Federico Felman wrote: > Hello Andrei, > > Thanks for writing back. > > I wanted to take enough time check all the links. > > I’ve read about OpenResty but my concern is how to access the data I need. > > So basically I’m diving m

Re: Getting started with a Module

Happy Holidays! You mean something like this? https://serverfault.com/questions/361556/is-it-possible-to-log-the-response-data-in-nginx-access-log Either way, you're probably looking at OpenResty Lua ( https://github.com/openresty/lua-nginx-module), cosockets ( https://github.com/openresty/lua-ng

Re: Switch between upstream server

Use the upstream backup option, not two active with weight differences On Thu, May 28, 2020 at 4:52 PM Sam Henaghan wrote: > I can’t do so as when I go on it it says that 02 my phone company have > blocked it and it’s not secure so please help me out if possible as I > haven’t done it, I can’t p

Re: Want to use --emit-relocs in the linker step

inker option, you should use -Wl,--emit-relocs instead. Also, the better way is to specify linker options via "--with-ld-opt" nginx configure option, e.g.: ./configure --with-ld-opt="-Wl,--emit-relocs" HTH, -- Andrei ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: UDP Load balancing - [Solved]

On Wed, Apr 22, 2020 at 4:22 AM deprito wrote: > Hello @arigatox, > > do you mind share with me, how to LB UDP protocol like wireguard? > > My nginx.conf > user www-data; > worker_processes auto; > pid /run/nginx.pid; > include /etc/nginx/modules-enabled/*.conf; > > stream { > > upstream syslog_u

Re: Extremely slow file (~5MB) upload via POST

Bit off-topic, but, if you really want to improve the performance and ditch an upstream service which just takes in file uploads, you can do it directly in nginx with some Lua. For example https://www.yanxurui.cc/posts/server/2017-03-21-NGINX-as-a-file-server/. I used this method for large sites (2

Re: Failing to cache requests

Thanks for the input! On Sun, Sep 22, 2019 at 3:07 PM Francis Daly wrote: > On Sun, Sep 22, 2019 at 09:37:51AM -0500, Andrei wrote: > > Hi there, > > > Thanks for the confirmation! Is there a way to selectively ignore only > > specific "set-cookie"/cookies,

Re: Failing to cache requests

#x27;t relevant, it would cache on it's own, and if some new cookie appears it will avoid caching the request. I believe this might be doable using Lua, but I haven't had any luck :( On Sun, Sep 22, 2019 at 7:26 AM Francis Daly wrote: > On Sat, Sep 21, 2019 at 01:02:57PM -0500,

Failing to cache requests

Hello, I'm having a hard time understanding why these requests aren't being cached for 10 minutes? Is it the cookies? If so how can I avoid this and force cache? curl -I https://NNN.com/abc123/amp HTTP/1.1 200 OK Date: Sat, 21 Sep 2019 17:59:11 GMT Content-Type: text/html; charset=UTF-8 Connectio

set_real_ip_from behavior

Hello, I'm having some issues with getting X-Forwarded-For set consistently for upstream proxy requests. The server runs Nginx/OpenResty in front of Apache, and has domains hosted behind Cloudflare as well as direct. The ones behind Cloudflare show the correct X-Forwarded-For header being set, usi

Re: Cache vs expires time

because it will ignore those headers even for requests which shouldn't be cached, hence the $skip_cache variable check. Is there a way to tie checking a variable value to the ignore headers method? On Wed, Jan 9, 2019, 19:00 Maxim Dounin wrote: > Hello! > > On Tue, Jan 08, 2019 at

Re: Cache vs expires time

Is there a way to conditionally use proxy_ignore_headers? I'm trying to only ignore headers for requests which have $skip_cache = 0 for example On Tue, Jan 8, 2019 at 9:45 AM Andrei wrote: > Thanks Maxim!! > > On Mon, Jan 7, 2019 at 4:47 AM Maxim Dounin wrote: > >> Hell

Re: Cache vs expires time

Thanks Maxim!! On Mon, Jan 7, 2019 at 4:47 AM Maxim Dounin wrote: > Hello! > > On Sun, Jan 06, 2019 at 03:07:00PM +0200, Andrei wrote: > > > I was wondering how can I force cache of a $request_uri (/abc) for 10 > > minutes, but set the browser expires headers for 5 min

Cache vs expires time

Hello, I was wondering how can I force cache of a $request_uri (/abc) for 10 minutes, but set the browser expires headers for 5 minutes? ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: status/usage of FRiCKLE/ngx_cache_purge. still reliable? alternatives?

I ran both Varnish (for caching), Nginx (ssl offloading) for quite some time in production, but then switched to Nginx only. The main reasons being: - The sheer amount of added context switches (proxying was done local on a cPanel box, seeing 20-30k reqs/sec during peak hours) - Issues with managi

Re: Packages for Ubuntu 18.04 "Bionic"?

Hi Moshe, > On 07 May 2018, at 19:12, Moshe Katz wrote: > > Hello, > > I see that the new Ubuntu 18.04 release has Nginx 1.14.0 > as its install version. > However, as new development progresses, I will want to be on the `mainline` > version on m

Re: Exclude from cache by content-length

Thanks Maxim! On Mon, Apr 16, 2018 at 9:20 AM, Maxim Dounin wrote: > Hello! > > On Mon, Apr 16, 2018 at 03:16:13AM -0500, Andrei wrote: > > > I have an odd upstream application (out of my control) which sometimes > > responds with incomplete pages, and a 200 error..

Exclude from cache by content-length

Hello! I have an odd upstream application (out of my control) which sometimes responds with incomplete pages, and a 200 error.. This causes blank pages to appear in cache. Is there a way to exclude from/bypass cache if the content-length header from the upstream is lower than 5kb for example? Than

Re: GeoIP2

Hi Frank, > On 29 Mar 2018, at 10:23, Frank Liu wrote: > > The nginx geoip module > http://nginx.org/en/docs/http/ngx_http_geoip_module.html > is using the > legacy maxmind db. > I just read maxmind legacy db March 2018 will be the l

Re: Upstream connections using rotating local IPs

Got it working using map, set_rotate and proxy_bind. Thanks though. On Mar 18, 2018 16:58, "Andrei" wrote: > Hello everyone, > > I have a server with 100+ IP addresses, and source IPs for outbound > connections to remote upstreams are rotated in iptables using the metho

Upstream connections using rotating local IPs

Hello everyone, I have a server with 100+ IP addresses, and source IPs for outbound connections to remote upstreams are rotated in iptables using the method described at https://serverfault.com/questions/490854/rotating-outgoing-ips-using-iptables Is there a way to round robin through local IPs f

Upstream requests via proxies

Hello everyone, I ran into a corner case with a project I'm fiddling with which requires making upstream requests via IP restricted 3rd party proxies (no auth). Would this, or anything similar even be possible? ___ nginx mailing list nginx@nginx.org http

Re: Migrating from Varnish

Would it be possible to use the Redis module to track cache? For example, I would like to log each "new" cache hit, and include the URL, cache expiration time, and possibly the file it's stored in? On Nov 23, 2017 23:51, "itpp2012"

Re: Migrating from Varnish

Thanks for the tip. Have you ran into any issues as Maxim mentioned? On Thu, Nov 23, 2017 at 11:53 AM, itpp2012 wrote: > Andrei Wrote: > --- > > I'm aware of the paid version, but I don't have a budget for it yet, >

Re: Migrating from Varnish

Hello, On Thu, Nov 23, 2017 at 11:52 AM, Maxim Dounin wrote: > Hello! > > On Thu, Nov 23, 2017 at 10:24:19AM -0600, Andrei wrote: > > > > > - Does anyone have any recent working documentation on supported > > > > modules/Lua scripts which can achieve w

Re: Migrating from Varnish

Hello Maxim! On Nov 23, 2017 17:55, "Maxim Dounin" wrote: Hello! On Thu, Nov 23, 2017 at 09:00:52AM -0600, Andrei wrote: > Hi all, > > I've been using Varnish for 4 years now, but quite frankly I'm tired of > using it for HTTP traffic and Nginx for SSL offload

Re: Migrating from Varnish

reshed" by subsequent requests. As in I send a purge request for https://domain.com/.*, and subsequent requests for cached items would then fetch the request from the backend, and update the cache. If that makes any sense.. On Nov 23, 2017 17:00, "Andrei" wrote: > Hi all, >

Migrating from Varnish

ent requests? Currently I have Varnish configured to set the ttl's based on request headers which are added in the config with regex matches against the host being accessed. Any other caveats or suggestions I should possibly know of? --Andrei __

Re: execution error - pcre limits exceeded (-8)

> On 21 Apr 2017, at 12:29, Dino Edwards wrote: > > Hi Andrei, > > Which version of modsecurity are you using with nginx? > > I’m using 2.9.1 It's worth to try libmodsecurity (aka ModSecurity 3.x) + nginx connector instead: https://github.com/SpiderLabs/ModSec

Re: execution error - pcre limits exceeded (-8)

Hi Dino, > On 20 Apr 2017, at 21:42, Dino Edwards wrote: > > Hello, > > I have compiled nginx 1.12.0 with modsecurity on a Ubuntu 16.04 server and > I’m running it as a reverse proxy in front of an Apache webserver which hosts > a variety of different type of websites. After enabling modsecu

Re: Reverse Proxy with 500k connections

Yes, split_clients solution fits perfectly in the described use case. Also, nginx >= 1.11.4 has support for IP_BIND_ADDRESS_NO_PORT socket option ([1], [2]) on supported systems (Linux kernel >= 4.2, glibc >= 2.23) which may be helpful as well. Quote from [1]: [..] Add IP_BIND_ADDRESS_NO_PORT t

Re: Nginx multiple upstream with different protocols

I suggest splitting your upstreams by protocol, then proxying requests depending on HTTPS headers to the apropriate group. There's an example on how to detect HTTPs at http://serverfault.com/questions/527780/nginx-detect-https-connection-using-a-header On Thu, Feb 23, 2017 at 4:38 AM, Kilian Ries

Re: Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

Hi Matej, > On 29 Nov 2016, at 11:08, Matej Zuzčák wrote: > > Hello all, > > I have installed Drupal 7 on latest version of Nginx web server which > was compiled with support of ModSecurity module. I have activated core > OWASP rule set. But when I active ModSecurity in my virtual host config >

Re: Are there plans for Nginx supporting HTTP/2 server push?

I stand corrected, neither Plus nor Community support "Server Push". Just another marketing buzz related title with the fine print caveat - "HTTP/2 Fully Supported in NGINX Plus" @ https://www.nginx.com/blog/http2-r7 On Tue, Nov 8, 2016 at 6:17 PM, Maxim Konovalov wrote:

Re: Are there plans for Nginx supporting HTTP/2 server push?

The mentioned boost was in regards to HTTP/2 server push as stated. Not plus vs community. Are there any plans on releasing the server push feature for the community version? On Tue, Nov 8, 2016 at 6:00 PM, Maxim Konovalov wrote: > Andrei, > > On 11/8/16 6:53 PM, Andrei wrote: >

Re: How to delay requests from once unauthorized IP address

This can be done using ngx_http_limit_req_module - http://nginx.org/en/docs/http/ngx_http_limit_req_module.html On Tue, Oct 25, 2016 at 4:01 PM, hide wrote: > Hello! > > My Nginx does fastcgi_pass to some CGI application. The CGI application can > return HTTP status code 401. I want Nginx to ret

Re: Are there plans for Nginx supporting HTTP/2 server push?

Hello, This is a common misconception; "HTTP/2 support" is not the same as "HTTP/2 with server push support". That being said, the Nginx.org/community version does not support HTTP/2 with "Server Push" (which most consider the primary boost in HTTP/2), however it is available in Nginx Plus (paid s

Re: Weird problem with redirects

Have you read over https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/? On Sun, Aug 21, 2016 at 1:53 PM, Hamza Aboulfeth wrote: > Hello everyone, > > I finally understand what's going on here... > > http://www.trendmicro.com/vinfo/us/threat-encyclopedia/ > vulnerability/1

Re: Weird problem with redirects

Have a read over http://spam.tamagothi.de/tag/yandex/ for triuch.com related references then double check your content On Sat, Aug 13, 2016 at 8:36 PM, Hamza Aboulfeth wrote: > Hello, > > We have formatted the server and installed everything over again, a week > later the same problem occurred.

setting up proxy peers like HAproxy?

d up connecting to the same backend node. Is something like this doable with Nginx? -- Florin Andrei http://florin.myip.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Compiling Nginx on Windows 7

On 30 May 2015, at 23:00, z_kamikimo wrote: > Im experiencing issues with compiling Nginx on Windows 7, every thing goes > good until nmake -f objs/Makefile. > I get the following error > > Assembling: tmp32\sha1-586.asm > tmp32\sha1-586.asm(1432) : error A2070:invalid instruction operands > tm

Re: is it possible to use multiple sub_filter in one location?

I've solved it by recompiling Nginx to include the nginx_substitutions_filter module: https://github.com/yaoweibin/ngx_http_substitutions_filter_module This module allows multiple subs_filter statements per location. Seems to work just fine in my tests. -- Florin Andrei

is it possible to use multiple sub_filter in one location?

;;' '"pr":"https://pr-bar";'; sub_filter_once off; sub_filter_types *; } But I'm getting this: nginx: [emerg] "sub_filter" directive is duplicate in ... How do I replace multiple things in one location? Thanks. -- Florin Andrei http:

Re: nginx core dump　issue

On 21 Oct 2014, at 00:54, i_way wrote: > Hi expert, > > I am running into nginx core dump issue and I need expert's help. > Thank you so much! > > We are running nginx 1.6.0 + mod_security on RHEL 6.4. > We are using the two ports with https. > > ■core dump > GNU gdb (GDB) Red Hat Enterprise

Re: tmp directory filling up

On 11 Jun 2014, at 23:23, Maxim Dounin wrote: > Hello! > > On Wed, Jun 11, 2014 at 10:58:47AM -0400, Tatonka wrote: > >> Hi, >> >> I have a rails application that is hosted through nginx and passenger. In >> this application I want provide very large files for the users to download >> (>2GB)

Re: nginx Segmentation fault

Not yet. Quick look makes me think that "client_body_in_file_only on;" might help. -- defan > On 04 июня 2014 г., at 19:58, kyprizel wrote: > > Andrei, have you checked issue 630? > > https://github.com/SpiderLabs/ModSecurity/issues/630 > > >> On Wed,

Re: nginx Segmentation fault

e to try - any feedback will be greatly appreciated! Cheers, — Andrei Belov http://nginx.com/ On 04 Jun 2014, at 17:17, Godinho wrote: > I needed to use modsecurity so I compiled nginx and modsecurity. > > Modsecurity was compiled with options: ./configure > --enable-standalone-m

Re: "writev() failed (134: Transport endpoint is not connected)" when upstream down

Branden, On Apr 5, 2013, at 2:24 , Branden Visser wrote: > Hello, I've found that when there are upstream servers unavailable in > my upstream group, applying a little bit of load on the server (i.e., > just myself browsing around quickly, 2-3 req/s max) results in the > following errors even fo

Re: Strange $upstream_response_time latency spikes with reverse proxy

Hello Jay, On Mar 19, 2013, at 2:09 , Jay Oster wrote: > Hi again! > > On Sun, Mar 17, 2013 at 2:17 AM, Jason Oster wrote: > Hello Andrew, > > On Mar 16, 2013, at 8:05 AM, Andrew Alexeev wrote: >> Jay, >> >> You mean you keep seeing SYN-ACK loss through loopback? > > That appears to be the