Re: Nginx - Only handles exactly 500 request per second - How to increase the limit?

500 requests max sounds very much like the default max_requests parameter from PHP-FPM process manager. Btw, the configuration snippet you provided is incomplete (include [...]/*.conf). How can people help you? Have a look at nginx -T. --- *B. R.* On Wed, Jan 24, 2018 at 7:08 AM, Payam Chychi wr

Re: Multiple certificates in one server block?

Jim already replied with his ECDSA+RSA example in a single server block. You can also serve several names from a single server block. However, I never tested serving a certificate for several domains all served by the same virtual server block. I *suppose* nginx might be clever enough to select th

Re: HTTP/405

It would be interesting to amend the flawed RFC to adapt to the real world then, wouldn't it? Much like in any languages, specifications/reference and real world offen differ, but that should me a pretext to ignor the specs are here for a reason: make everyone try to speak the same language and be

Re: HTTP/405

How was that 405 generated? Show used configuration please. --- *B. R.* On Fri, Aug 4, 2017 at 7:28 AM, Frank Liu wrote: > https://tools.ietf.org/html/rfc7231#page-59 says: > > ... The origin server MUST generate an >Allow header field in a 405 response containing a list of the target >r

Re: nginx limit_req and limit_conn not working to prevent DoS attack

The original confusion came from the fact you slided away from the basic mantra of the Unix philosophy stating 'Make each program do one thing well'. nginx is a Web server, which generalized itself into a stream server. It serves content and manages access (protects it). What you are trying to ach

Re: How do I exclude one folder from a try_files?

You do not seem to be understanding what you are doing. First, all path start with '/', thus your 'location ~* wiki/images/' directive will never match anything. Second, why are you using regex locations? Prefix ones are most efficient as you do not need any special processing inside the location

Re: session ticket key rotation

nginx configuration is parsed/analyzed by nginx master process by design. Moreover, TLS configuration is kept at this level if I recall well. Thus, the user your master process use needs to have the rights to access the specified file. To reload nginx configuration, you will indeed need to use SIG

Re: When will primary server come back in http upstream module?

1. 'unavailable' means the server will automatically and temporarily be removed from the pool of servers managed by the upstream (same effect as manually parametering it as down) 2. the fail_timeout parameter documentation of the very section you provided a link to is pretty clear: t

Re: killed child process

... and you would end up with connections serving different content (as per different configuration) on the long run, leading potentially to an increased number of problems. How would you shut them down, if not gracefully? If you want to keep long-lived connections open, do not make changes server

Re: fastcgi cache background update ssi подзапросов

https://mailman.nginx.org/mailman/listinfo/nginx-ru --- *B. R.* 2017-05-10 19:18 GMT+02:00 Roman Arutyunyan : > Добрый день, > > On Wed, May 10, 2017 at 12:04:39PM -0400, metalfm1 wrote: > > Приветствую! > > > > Директива fastcgi_cache_background_update странно ведёт себя при ssi > > подзапросах.

Re: upstream - behavior on pool exhaustion

? I am not logging the $upstream_status variable, not $upstream_connect_time, thus have limited information. Could that '-' appear anywhere in the list? --- *B. R.* On Thu, Apr 20, 2017 at 2:58 PM, Ruslan Ermilov wrote: > On Wed, Apr 19, 2017 at 05:26:17PM +0200, B.R. via nginx wrote: &

Re: upstream - behavior on pool exhaustion

On Wed, Apr 19, 2017 at 10:51 AM, Ruslan Ermilov wrote: > And what about the next request when all of servers are either "down" > or "unavailable"? > To me, all the unavailable servers have been 'tried', ie their state has been checked, as the docs

Re: upstream - behavior on pool exhaustion

variables should be specified. ​Does not that seem reasonable? --- *B. R.* On Mon, Apr 17, 2017 at 6:09 PM, Ruslan Ermilov wrote: > On Sat, Apr 15, 2017 at 03:55:20AM +0200, B.R. via nginx wrote: > > Let me be clear here: > > I got 6 active servers (not marked down), and the logs s

Re: upstream - behavior on pool exhaustion

so a 7th item in the list)? Moreover, it is confusing, since proxy_pass handles domain names and one could believe nginx treated the upstream group name as such. --- *B. R.* On Fri, Apr 14, 2017 at 10:21 AM, Ruslan Ermilov wrote: > On Fri, Apr 14, 2017 at 09:41:36AM +0200, B.R. via

upstream - behavior on pool exhaustion

Hello, Reading from upstream docs, on upstream pool exhaustion, every backend should be tried once, and then if all fail the response should be crafted based on the one from the last server attempt. So far so good. I recently

Re: weight and balancing in upstream proxy

Please, enlighten us then. --- *B. R.* On Thu, Apr 13, 2017 at 4:34 PM, Maxim Dounin wrote: > Hello! > > On Thu, Apr 13, 2017 at 10:09:16AM +0200, B.R. via nginx wrote: > > > That is an interesting questions as intuitively, people could think the > > former behavior a

Re: weight and balancing in upstream proxy

That is an interesting questions as intuitively, people could think the former behavior applies. If I got the source code right, and as the docs

Re: Windows 1024 Connections Limit

Even though using nginx on Windows goes way over my head (even for development) and/or seing WIndows as any kind of server, I read that Windows Vista+ support the poll (well, actually WSAPoll ) system call. Since XP may now rea

Re: Mechanism to avoid restarting nginx upon every change

gt; persist with a reload. Needed a restart > > A > On Sun, 9 Apr 2017 at 21:35, B.R. via nginx wrote: > >> You could have got your answer yourself by Reading The... Fine? Manual: >> https://nginx.org/en/docs/control.html >> >> There are tons of interesting pi

Re: Mechanism to avoid restarting nginx upon every change

You could have got your answer yourself by Reading The... Fine? Manual: https://nginx.org/en/docs/control.html There are tons of interesting pieces of informations there, by the nature of said docs... ​I suggest you take a look at everything: https://nginx.org/en/docs/​ --- *B. R.* On Sun, Apr 9,

Re: Login-Credentials based redirection?

You could use a map to match proxy_pass URI to user names, and then use a single password file for the auth_basic module. ​This removes the need of having specific location URI for each user, although you could still keep doing it if they are part of your requirements. --- *B. R.* On Fri, Apr 7, 2

Re: Memory issue

Idea coming right out of the blue: have you given a thought on compiling nginx (+ gradually modules) with valgrind? ​You should know pretty quickly if something is wrong.​ ​Note the slowdown, though. Might not be a good idea on production, or if you do not secure some offload to somewhere else if i

Re: Nginx cookie map regex remove + character

On Sat, Apr 1, 2017 at 1:57 PM, Francis Daly wrote: > If you want to match "word character or plus", use something like [\w+]. > ​Defining a pattern over a simple assertion is kinda strange​. '[' & ']' are useless here, since you are not matching several symbols. Use (?\w+) and you should be all

Re: Configuring a subnet in an upstream server

What would be the meaning of that? How do you route traffic to 192.168.0.0? Do you really want to send requests to 192.168.255.255? How would you handle requests sent to some servers (but not all) if some are not responsive? I suspect what you want to use is dynamic IP addresses for your backends

Re: Question about custom error pages

RTFM? :o) https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page --- *B. R.* On Tue, Mar 21, 2017 at 11:18 PM, Alex Samad wrote: > Hi > > How would I added custom info to the error page. > > Say like for 400 if its a cert error, how can I add that to the page and > maybe to add in

Re: OAuth Access token validation

nginx can authenticate users based on subrequests to an identity server, yes, RTFM: https://nginx.org/en/docs/http/ngx_http_auth_request_module.html If you want to use JSON Web Tokens, only the non-FOSS version will be able to help you: https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html

Re: Reverse proxy problem with an application

This clearly looks like an application problem and not a nginx-related one. nginx does not remove cookies nor, as the configuration snippet you shared suggest, handles authentication. If you use DNS, make sure all requests are served by the instance of nginx you quote, including redirects which mi

Re: keepalive_requests default 100

I suspect nginx' team chose this value for the very reason it was adapted to the use of Apache (remember that nginx is, since its beginning, largely used as a reverse Web proxy in front of Apache farms). I guess the intent here is to probably mimic Apache behavior by default so adoption of that tec

Re: Nginx Map how to check value if empty

This kind of logic, as you found out, can be handled in nginx with the help of the proper tools, namely the map module. You are one step away: you can actually program what you require to be feeding the realip module with the HTTP header name you ended up with. Rather than having contiguous maps, h

Re: Nginx Map how to check value if empty

idating there is no real value, ​differentating this case from a bogus 'empty' which would be a sign of a bug. --- *B. R.* On Sun, Mar 5, 2017 at 10:50 PM, c0nw0nk wrote: > Thank's for the info :) > > But why is $remote_addr outputting a hyphen instead of the users IP... > > I sti

Re: Nginx Map how to check value if empty

That is because it is not: your eyes deceived you having a too quick look at the log line. Your 'empty' variables are actually showing the value '-' in this log line. It probably does not help debugging to have static '-' mixed in the format of your log lines where you put them. --- *B. R.* On Su

Re: nginx stopping abruptly at fix time (2:00 am) repeatedly on Cent OS 7.2

You did not provide any server block configuration. The configuration snippet you provided is incomplete. Old tickets suggest a link to SPDY, then HTTP/2 options: https://trac.nginx.org/nginx/ticket/626. You might want to reproduce the problem on a configuration as minimalist as possible, using th

Re: Nginx multiple upstream with different protocols

I suggest you proxy traffic to an upstream group, and then use failure/timeout parameters there with proper tuning to retry requests on the second upstream in case the first in the list fails. ​It will have an overhead if the 1st entry of the upstream group is invalid on initial connection, but hop

Re: potential null dereference

If you think you spot a bug, You'd better open a ticket on Trac . You could also talk about development matters on the nginx-devel Mailling List. This is the 'users' ML, centered on use cases/configuration/help with/d

Re: Nginx only sends hostname to syslog.

Correct me if I am wrong, since I probably will. >From what I read , 'host name' aka name of the host is a FQDN in the hostname.domain format ( domain being able to have n level-s). Thus, it seems that setting a FQDN as h

Re: Where does $remote_addr come from?

I am curious: apart from a training prospective at code digging, what was the goal? In other words, where did you expect the IP address to come from, if not from a system network socket? Have a nice week-end, --- *B. R.* On Sat, Feb 4, 2017 at 12:02 AM, Paul Nickerson wrote: > > Reading that fi

Re: ssl_protocols & SNI

Any help? --- *B. R.* On Thu, Jan 19, 2017 at 7:07 PM, B.R. wrote: > There is something strange, though. > > I configured cipher suites with ssl_ciphers with suites from TLSv1.0 & > TLSv1.2 (TLSv1.1 having no specific cipher suites but merely relying on > thos from TLSv1.0).

Re: ssl_protocols & SNI

On Thu, Jan 19, 2017 at 3:28 PM, B.R. wrote: > I acknowledge how that works, although OpenSSL providing more flexibility > over SNI for protocols supporting it would have been appreciated. Too bad. > Thanks Maxim for you always concise and straightforward discerning answers! > --- >

Re: ssl_protocols & SNI

: > Hello! > > On Thu, Jan 19, 2017 at 10:04:46AM +0100, B.R. via nginx wrote: > > > Hello, > > > > I tried to overload the value of my default ssl_protocols (http block > > level) in a server block. > > It did not seem to apply the other value in this virtuel

ssl_protocols & SNI

Hello, I tried to overload the value of my default ssl_protocols (http block level) in a server block. It did not seem to apply the other value in this virtuel server only. Since I use SNI on my OpenSSL implementation, which perfectly works to support multiple virtual servers, I wonder why this S

Re: nginx upstream source ip address

You can make nginx listen on 2 IP addresses with 2 listen directives. Or make it listen on all addresses if you wish. For your upstream, configure an upstream block with those 2 IP addresses and make a proxy_pass pinting to it. --- *B. R.* On Sat, Nov 12, 2016 at 4:25 AM, Michael Power wrote: >

Re: Pre-compressed (gzip) HTML using fastcgi_cache?

$http_accept_encoding gets the value of the HTTP Accept-Encoding header. This might vary depending on the client being used, unless you control them and their value. Thus, the same request being made with a different (set of) value(s) in this header will generate another key. If you simply want t

Re: Dynamically Reload Map

nginx parses configuration as a whole, either on start or on HUP signal. Your map is part of the configuration (separating it in multiple files does not change the fast everything is being merged before being statically interpreted/compiled), thus you need to signal the master process whenever you

Re: content-type does not match mime type

Associating types to file extensions is done through the types directive. You probably have a default_type directive in a global location defining it to application

Re: Nginx old worker process not exiting on reload

RTFM? http://nginx.org/en/docs/control.html --- *B. R.* On Sat, Oct 8, 2016 at 7:34 AM, Sharan J wrote: > Hi, > > Is there a way to prevent this? Is there any other way to kill such > process without the need for rebooting the machine. > > Thanks, > Santhakumari > > On Wed, Oct 5, 2016 at 4:35 P

Re: How to enable OCSP stapling when default server is self-signed?

Considering your rather old version of nginx coming from Ubuntu packages, I suggest you use the lastest stable, officially available on nginx.org . Not related to your issue, but should not hurt (except with regressions ofc ;) ). --- *B. R.* On Thu

Re: 444 return code and rate limiting

If you are to quote what you call documentation, please use some real one: http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names What I said before remains valid: accepting connection, reading request & writing response use resources, by design, even if you th

Re: 444 return code and rate limiting

Responding 444 is... a response. It is not anything else than a (non-standard, thus 'unknown', just like 499 nginx chose to illustrate client-side premature disconnection) HTTP status code as any other. Some speedup might come from using return instead of doing further processing, but there is sti

Re: nginx reverse proxy causing TCP queuing spikes

It is most probably a question more suitable to some Odoo ML. --- *B. R.* On Sun, Sep 25, 2016 at 2:50 AM, Grant wrote: > > I've been struggling with http response time slowdowns and > > corresponding spikes in my TCP Queuing graph in munin. I'm using > > nginx as a reverse proxy to apache whic

Re: how to get common name from client cert in TLS connection instead of HTTPS

It seems the variable you are refering to belongs to the ngx_http_ssl_module, suitable for HTTPS, not in the ngx_stream_ssl_module, suitable for generic TLS. --- *B. R.* On Fri, Sep 16, 2016 at 5:19 AM, Albert Zhang wrote: > how to get common name from client cert in TLS connection instead of >

Re: How to disable request pipelining on nginx upstream

On Thu, Sep 15, 2016 at 11:12 PM, hkahlouche wrote: > Can you please confirm, if no new request is sent to the upstream before > the > entire response is received for the ongoing request (ongoing request > finished)? > In other words, is possible that upstream module sends the next request to > u

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

On Wed, Sep 14, 2016 at 2:23 PM, c0nw0nk wrote: > Yeah the reason it does not work behind CloudFlare is because the > limit_conn > and limit_req is blocking the CloudFlare server IP for making to many > requests. So that is why i am reciving the DOS output "503 service > unavailable" > ​Misconfi

Re: Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers

You were just told the best way to get a meaningful $binary_remote_addr variable using CloudFlare, with the added bonus of a list of network ranges to use with set_real_ip_from to only filter out CloudFlare's IP addresses as sources to be repalced and avoid false positives. Using the $binary_remot

Re: nginx not returning updated headers from origin server on conditional GET

>From what I understand, 304 answers should not try to modify headers, as the cache having made the conditional request to check the correctness of its entry will not necessarily update it: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5. The last sentence sums it all: '*If* a cac

Re: limit-req and greedy UAs

You could also generate 304 responses for content you won't provide (cf. return). nginx is good at dealing with loads of requests, no problem on that side. And since return generates an in-memory answer by default, you won't be hammering your resources. If yo uare CPU or RAM-limited because of thos

Re: add_header Set-Cookie The difference between Max-Age and Expires

I just hope that code won't be used by the owner of wwwooowww.wtf for example. --- *B. R.* On Sat, Sep 10, 2016 at 2:46 PM, c0nw0nk wrote: > Just fixed my problem completely now :) > > For anyone who also uses Lua and wants to overcome this cross browser > compatibility issue with expires and ma

Re: multi server addresses appear in variable $upstream_addr which was not supposed to

The docs say multiple servers might be contacted: $upstream_addr Upstream groups are used to tolerate errors on some responses (and replay the request somewhere else): upstream

Re: No HTTPS on nginx.org by default

. R.* On Thu, Aug 25, 2016 at 10:44 AM, Maxim Konovalov wrote: > On 8/24/16 10:59 PM, B.R. wrote: > > HTTPS was supported, but internal links were systematically served > > over HTTP. > > Right -- this happens because long time nginx.org was HTTP only. > I agree,

Re: how to completely disable request body buffering

fastcgi_request_buffering does deactivate request buffering from what I understand from the docs. client_body_buffer_size is said to be useful/used only when the previous directive is activated. >From what I read it seems your configuration attempts failed to load or to be activated where needed.

Re: keep-alive to backend + non-idempotent requests = race condition?

What about marking the upstream servers you want to update as 'down' in their pool, reloading the configuration (HUP signal, gracefully shutting down old workers), and waiting for the links to those servers to be clear of any activity? ​Then upgrade and reintegrate updated servers in the pool (whil

Re: No HTTPS on nginx.org by default

HTTPS was supported, but internal links were systematically served over HTTP. Without considering any religion, this problem is now fixed. As per your political decision on serving content (un)encrypted, it is *in fine* your choice and it has been noted. Power users already knew about HTTPS anyway

Re: Too many open files when reloading - Debian Jessie

... or get rid of systemd and its habit of doing everything in-house and being often not compatible with 3rd-party mechanisms. ​Not​ nginx-relatedn though. --- *B. R.* On Wed, Aug 24, 2016 at 1:36 PM, beatnut wrote: > I've just found a solution described here > http://serverfault.com/questions/7

Re: No HTTPS on nginx.org by default

> > On Mon, Aug 22, 2016 at 6:49 PM, Maxim Konovalov wrote: > On 8/22/16 7:41 PM, B.R. wrote: > > In 2016, stating that content served over HTTP is 'secure' blows my > > mind and kills your credibility. > > > Who did that? What's his name? > ​S

Re: No HTTPS on nginx.org by default

ttps://istlsfastyet.com/ > > > > On Mon, Aug 22, 2016 at 12:31 PM, Valentin V. Bartenev > wrote: > >> On Sunday 21 August 2016 15:56:09 B.R. wrote: >> > It is surprising, since I remember Ilya Grigorik made a talk about TLS >> > during the first ever ng

Re: upstream status

As per the docs , it is said this variable contains all the status codes returned by each upstream interrogated. >From what I understood, server1 returned 504, server2 returned 502. Those statuses are included in what

Re: No HTTPS on nginx.org by default

It is surprising, since I remember Ilya Grigorik made a talk about TLS during the first ever nginx conf in 2014: https://www.youtube.com/watch?v=iHxD-G0YjiU https://istlsfastyet.com/ Thus, there is no reason for not going full-HTTPS in delivering Web pages. --- *B. R.* On Fri, Aug 19, 2016 at 9:2

Re: HTTP/2 without forward secrecy (Diffie-Hellman)

On Mon, Aug 15, 2016 at 3:04 PM, Lukas Tribus wrote: > > For that I need to disable forward secrecy (since it is only a test > > environment security is not an issue) > > > > So I changed the "ssl_ciphers" in my /sites-enabled/default file from: > > > > ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNUL

Re: Return proper status codes (404, 302) from client-side Single Page Application

Sending 404 allows providing body content, and displaying beautiful pages is not restricted to 200. Thus, I do not get the 200 status sent to clients. My suggestion would be sending the same HTTP status code to everyone, choosing the most semantically correct in doing so. We are drifting away from

Re: Return proper status codes (404, 302) from client-side Single Page Application

I find it strange you oppose HTTP 404 with 'a proper status code': 404 is a 'proper' status code. I find it even stranger you want to lie to search engines crawlers about the existence of your resource. That said, you can craft/modify upstream requests in the proxy module with directives such as:

Re: Configuring nginx for both static pages and fcgi simultaneously

I disagree: it is a good feature to check for script file existence before calling PHP on it with something like: try_files [...] =404; It helps mitigating attacks by avoiding to pave the way to undue files being interpreted. That only works if the filesystem containing PHP scripts is accessible f

Re: Nginx static file serving - Some files are 404, some not

location / only means 'a location which starts with /'. Basically, this catches every single request, and is the least specific way (lowest precedence ever) to do so. When choosing the most suitable location block, nginx will most of the time use a more specific one. That is why this is called 'def

Re: Order of execution of nginx filters

AFAIK you do not control the order of filters, and when you are building a filter, you deal with data on-the-fly, which means your filter might be invoked with a partial response coming from other filters. Moreover, the module needs to 'win' its selection on a specific event. I suggest you read so

Re: Understanding caching

To add to Francis' answer, browsers might not respect server specification for expiration. must-revalidate however forces the browser to check the expiration of the resource before attempting of really load it again from the server. Read: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec

Re: Master process on reload

Thanks Maxim! Helpful and concise as always. :o) --- *B. R.* On Wed, Jun 29, 2016 at 7:38 PM, Maxim Dounin wrote: > Hello! > > On Wed, Jun 29, 2016 at 07:04:48PM +0200, B.R. wrote: > > > Kind of basic question about nginx behavior here. > > > > On the docs

Re: Differing ocsp responses

nginx workers are recreated on reload (read http://nginx.org/en/docs/control.html#reconfiguration), nothing can thus remains from past cache at this level. --- *B. R.* On Wed, Jun 29, 2016 at 6:26 PM, itpp2012 wrote: > CJ Ess Wrote: > --- > > O

Master process on reload

Hello, Kind of basic question about nginx behavior here. On the docs page http://nginx.org/en/docs/control.html, it is said : > HUP -> changing configuration, keeping up with a changed time zone (only > for FreeBSD and Linux), starting new worker processes with a new > configuration, graceful sh

Re: Is there an original source linking Qualys report codes to codes in nginx configuration?

nginx deals with an underlying library to manage TLS-ciphered content. The webserver merely sends configuration data to it on startup/reload and uses this library to do the actual (en/de)ciphering job. The one officially supported is OpenSSL, for which cipher strings and cipher suites are listed i

Re: Why set keepalive_timeout to a short period when Nginx is great at handling them?

There is no downside on the server application I suppose, especially since, as you recalled, nginx got no trouble for it. One big problem is, there might be socket exhaustion on the TCP stack of your front-end machine(s). Remember a socket is defined by a triple and the number of available ports

Re: error log truncates important infos

PHP-FPM allows generating its own log files. The default behavior of having errors sent back the FastCGI tube can be overridden with proper error logging on PHP-FPM side. 2048 bytes for each line of log is more than enough on the web server side. Do your homework: read the PHP docs. If you are sti

Re: Mapping non-empty $query_string

Are you sure your requests are processed by the right block? Are you sure the configuration is being loaded? Since v1.9.2, you can use the -T command-line parameter to show loaded configuration. On reloading configuration by sending the HUP signal, ensure there is no error message popping up in th

Re: Reverse proxy tuning

RTFM: - upstream module (specifically the server directive) - *_next_upstream & *_*_timeout directives, for each backend communication module and type of timeout ​The

Re: Issue with HTTP/2 and async file upload from Safari on iOS

The problem is, if (s)he is using the official packages, he will get the updates of the mainline channel, thus differing more and more from the stable channel which is supposed to be cheaper on features but with usable ones. My 2 cents, --- *B. R.* On Mon, Jun 6, 2016 at 12:05 PM, Maxim Konovalov

Re: Problem

Rhetorical questions: Are you a troll? Or simply deeply troubled and paranoid? Emails you send to a public mailing list are: 1. Sent to every subscriber (there is a link to unsubscribe at the bottom of every message: http://mailman.nginx.org/mailman/listinfo/nginx) 2. Archived in differe

Re: Problem

xD Maxim. I would have put 'hopefully' along with 'surprisingly' though... just to convince myself such dumbness is marginal. To li...@lazygranch.com, nginx version can already be removed with the help of the server_tokens di

Re: forward data from orginal IP to a new IP

It seems the lock lies in the fact there is no generic way for the listen directive to specify multiple ports, so you are stuck with that much server blocks. Now, you could use the $server_port variable in the proxy_pass directive, but that brings no real improvement. You could use configuration

Re: HTTP not working / downloads 57 byte small file

There is little to nothing anyone can do with such a message. Details? Version? Configuration? Leanest example possible to reproduce the problem? Anything allowing people to help you... and encouraging them to get the the will to do so. http://www.catb.org/esr/faqs/smart-questions.html --- *B. R.*

Re: Поддерживает ли Nginx прозрачный прокси?

Hello, This Mailing List is intended to be written to in english. You have a russian ML available dedicated for its use: http://nginx.org/en/support.html ​Have a nice day,​ --- *B. R.* 2016-05-09 11:40 GMT+02:00 Yuriy Medvedev : > Конечно умеет, Вам нужно настроить nginx как reverse proxy > > О

Re: Rewrite before regex location

As a sidenote, why using location ~ ^/php-fpm/ and not location /php-fpm/ ? Although being distant to your case (I see others are helping you nicely :o) ), I can but particularly note & enjoy the use of a non-greedy modifier in the regex part of fastcgi_split_path_info intended to result in $fastc

Re: Replace apache with nginx

There is plenty of information around here for you to start. Instead of coming here for pre-cooked recipes, you should show you at least tried... You could read the docs

Re: Trailing Slash redirection poblem

So these opposite redirection rules are fighting each other and are the source of your problem, which Francis helped you to alleviate. Sit back, grab an erasable whiteboard, scratch your head and think about your website's design: both rules probably have their use in their own corner, but you sha

Re: Redirect /login to /

location = / { proxy_pass $scheme://$host/login; } ? --- *B. R.* On Thu, Apr 21, 2016 at 2:56 PM, Geo P.C. wrote: > I have a wordpress site in which be default while accessing wp.geo.com it > goes to login page wp.geo.com/login/ . > > But what i need when i access wp.geo.com, in browser addr

Re: load balancing % available

As per the docs, I do not see a mean of doing what you wish directly in an upstream block. That cut-off might be a feature request you could post on their bug tracker. In the meanwhile, you might parse data about servers from an upstream group on a status page you would have configured. However, t

Re: upstream member liveness

Waow. I am off-topic, but Valentin I shall note you are showing a great deal of patience. Without any doubt your interlocutor will be glad and thankful for it, and will demonstrate it as good as when he (quickly) becomes upset. Btw, I do not know any Captain Evidence, only Captain Obvious. --- *B.

Re: Does "include" use the "configuration prefix" or the "path prefix"?

I found some bits: prefix is explained on the command-line parameters docs page and, in a little more vebose fashion, in an nginx.com tutorial , probably thanks to Rick Nelson. Lif

Re: TLS/SSL Cache Automatic Purge

ote: > Hello! > > On Mon, Apr 11, 2016 at 01:23:02PM +0200, B.R. wrote: > > [...] > > > On a side-note, by default nginx does not store session parameters as it > > prefers tickets > > < > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_

Re: TLS/SSL Cache Automatic Purge

Sounds like US media political messages: 'I am Arnaud, and I approve this message'. That said, welcome! You will have to write your own module if you want to manually delete TLS sessions parameters instead of letting them expire after 10 minutes. You could also emulate this daily purge by keeping

Re: Error 404 if url contains "star"

The only way to know would have been to have a look at the processes table before killing everyone and restarting. If you nginx through the package management of your distribution and service scripts to manage nginx processus, there is little-to-no chance you got multiplt nginx masters running. It

Re: error_page behavior

wrote: > > On Mon, Apr 04, 2016 at 09:36:36PM +0200, B.R. wrote: > > Hi there, > > > > -> Error page HTTP 404 (???) > > > > I only get 404 if error_page.html does not exist. If it does exist, > > I get it with http 200. > > > > As

error_page behavior

Hello, I am struggling to understand the error_page directive behavior: ​server { listen 80; listen [::]:80; server_name example.org; location /proxied { return 418 "Host: $host, Connection: $http_connection"; } } server { listen 80; listen

Re: proxy_read_timeout vs proxy_next_upstream_timeout

On Thu, Mar 31, 2016 at 6:54 PM, Frank Liu wrote: > Given this config: > proxy_next_upstream timeout; > proxy_next_upstream_timeout 50; > proxy_connect_timeout 10; > proxy_read_timeout 100; > If upstream has issues causing connect timeout, nginx will re-try 5 > upstream servers until hitting 50,

  1   2   3   4   5   >