Re: Nginx - Only handles exactly 500 request per second - How to increase the limit?

500 requests max sounds very much like the default max_requests parameter from PHP-FPM process manager. Btw, the configuration snippet you provided is incomplete (include [...]/*.conf). How can people help you? Have a look at nginx -T. --- *B. R.* On Wed, Jan 24, 2018 at 7:08 AM, Payam Chychi wr

Re: Multiple certificates in one server block?

Jim already replied with his ECDSA+RSA example in a single server block. You can also serve several names from a single server block. However, I never tested serving a certificate for several domains all served by the same virtual server block. I *suppose* nginx might be clever enough to select th

Re: HTTP/405

It would be interesting to amend the flawed RFC to adapt to the real world then, wouldn't it? Much like in any languages, specifications/reference and real world offen differ, but that should me a pretext to ignor the specs are here for a reason: make everyone try to speak the same language and be

Re: HTTP/405

How was that 405 generated? Show used configuration please. --- *B. R.* On Fri, Aug 4, 2017 at 7:28 AM, Frank Liu wrote: > https://tools.ietf.org/html/rfc7231#page-59 says: > > ... The origin server MUST generate an >Allow header field in a 405 response containing a list of the target >r

Re: nginx limit_req and limit_conn not working to prevent DoS attack

The original confusion came from the fact you slided away from the basic mantra of the Unix philosophy stating 'Make each program do one thing well'. nginx is a Web server, which generalized itself into a stream server. It serves content and manages access (protects it). What you are trying to ach

Re: How do I exclude one folder from a try_files?

You do not seem to be understanding what you are doing. First, all path start with '/', thus your 'location ~* wiki/images/' directive will never match anything. Second, why are you using regex locations? Prefix ones are most efficient as you do not need any special processing inside the location

Re: session ticket key rotation

nginx configuration is parsed/analyzed by nginx master process by design. Moreover, TLS configuration is kept at this level if I recall well. Thus, the user your master process use needs to have the rights to access the specified file. To reload nginx configuration, you will indeed need to use SIG

Re: When will primary server come back in http upstream module?

1. 'unavailable' means the server will automatically and temporarily be removed from the pool of servers managed by the upstream (same effect as manually parametering it as down) 2. the fail_timeout parameter documentation of the very section you provided a link to is pretty clear: t

Re: killed child process

... and you would end up with connections serving different content (as per different configuration) on the long run, leading potentially to an increased number of problems. How would you shut them down, if not gracefully? If you want to keep long-lived connections open, do not make changes server

Re: fastcgi cache background update ssi подзапросов

https://mailman.nginx.org/mailman/listinfo/nginx-ru --- *B. R.* 2017-05-10 19:18 GMT+02:00 Roman Arutyunyan : > Добрый день, > > On Wed, May 10, 2017 at 12:04:39PM -0400, metalfm1 wrote: > > Приветствую! > > > > Директива fastcgi_cache_background_update странно ведёт себя при ssi > > подзапросах.

Re: upstream - behavior on pool exhaustion

? I am not logging the $upstream_status variable, not $upstream_connect_time, thus have limited information. Could that '-' appear anywhere in the list? --- *B. R.* On Thu, Apr 20, 2017 at 2:58 PM, Ruslan Ermilov wrote: > On Wed, Apr 19, 2017 at 05:26:17PM +0200, B.R. via nginx wrote: &

Re: upstream - behavior on pool exhaustion

On Wed, Apr 19, 2017 at 10:51 AM, Ruslan Ermilov wrote: > And what about the next request when all of servers are either "down" > or "unavailable"? > To me, all the unavailable servers have been 'tried', ie their state has been checked, as the docs

Re: upstream - behavior on pool exhaustion

variables should be specified. ​Does not that seem reasonable? --- *B. R.* On Mon, Apr 17, 2017 at 6:09 PM, Ruslan Ermilov wrote: > On Sat, Apr 15, 2017 at 03:55:20AM +0200, B.R. via nginx wrote: > > Let me be clear here: > > I got 6 active servers (not marked down), and the logs s

Re: upstream - behavior on pool exhaustion

so a 7th item in the list)? Moreover, it is confusing, since proxy_pass handles domain names and one could believe nginx treated the upstream group name as such. --- *B. R.* On Fri, Apr 14, 2017 at 10:21 AM, Ruslan Ermilov wrote: > On Fri, Apr 14, 2017 at 09:41:36AM +0200, B.R. via

upstream - behavior on pool exhaustion

Hello, Reading from upstream docs, on upstream pool exhaustion, every backend should be tried once, and then if all fail the response should be crafted based on the one from the last server attempt. So far so good. I recently

Re: weight and balancing in upstream proxy

Please, enlighten us then. --- *B. R.* On Thu, Apr 13, 2017 at 4:34 PM, Maxim Dounin wrote: > Hello! > > On Thu, Apr 13, 2017 at 10:09:16AM +0200, B.R. via nginx wrote: > > > That is an interesting questions as intuitively, people could think the > > former behavior a

Re: weight and balancing in upstream proxy

That is an interesting questions as intuitively, people could think the former behavior applies. If I got the source code right, and as the docs

Re: Windows 1024 Connections Limit

Even though using nginx on Windows goes way over my head (even for development) and/or seing WIndows as any kind of server, I read that Windows Vista+ support the poll (well, actually WSAPoll ) system call. Since XP may now rea

Re: Mechanism to avoid restarting nginx upon every change

gt; persist with a reload. Needed a restart > > A > On Sun, 9 Apr 2017 at 21:35, B.R. via nginx wrote: > >> You could have got your answer yourself by Reading The... Fine? Manual: >> https://nginx.org/en/docs/control.html >> >> There are tons of interesting pi

Re: Mechanism to avoid restarting nginx upon every change

You could have got your answer yourself by Reading The... Fine? Manual: https://nginx.org/en/docs/control.html There are tons of interesting pieces of informations there, by the nature of said docs... ​I suggest you take a look at everything: https://nginx.org/en/docs/​ --- *B. R.* On Sun, Apr 9,

Re: Login-Credentials based redirection?

You could use a map to match proxy_pass URI to user names, and then use a single password file for the auth_basic module. ​This removes the need of having specific location URI for each user, although you could still keep doing it if they are part of your requirements. --- *B. R.* On Fri, Apr 7, 2

Re: Memory issue

Idea coming right out of the blue: have you given a thought on compiling nginx (+ gradually modules) with valgrind? ​You should know pretty quickly if something is wrong.​ ​Note the slowdown, though. Might not be a good idea on production, or if you do not secure some offload to somewhere else if i

Re: Nginx cookie map regex remove + character

On Sat, Apr 1, 2017 at 1:57 PM, Francis Daly wrote: > If you want to match "word character or plus", use something like [\w+]. > ​Defining a pattern over a simple assertion is kinda strange​. '[' & ']' are useless here, since you are not matching several symbols. Use (?\w+) and you should be all

Re: Configuring a subnet in an upstream server

What would be the meaning of that? How do you route traffic to 192.168.0.0? Do you really want to send requests to 192.168.255.255? How would you handle requests sent to some servers (but not all) if some are not responsive? I suspect what you want to use is dynamic IP addresses for your backends

Re: Question about custom error pages

RTFM? :o) https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page --- *B. R.* On Tue, Mar 21, 2017 at 11:18 PM, Alex Samad wrote: > Hi > > How would I added custom info to the error page. > > Say like for 400 if its a cert error, how can I add that to the page and > maybe to add in

Re: OAuth Access token validation

nginx can authenticate users based on subrequests to an identity server, yes, RTFM: https://nginx.org/en/docs/http/ngx_http_auth_request_module.html If you want to use JSON Web Tokens, only the non-FOSS version will be able to help you: https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html

Re: Reverse proxy problem with an application

This clearly looks like an application problem and not a nginx-related one. nginx does not remove cookies nor, as the configuration snippet you shared suggest, handles authentication. If you use DNS, make sure all requests are served by the instance of nginx you quote, including redirects which mi

Re: keepalive_requests default 100

I suspect nginx' team chose this value for the very reason it was adapted to the use of Apache (remember that nginx is, since its beginning, largely used as a reverse Web proxy in front of Apache farms). I guess the intent here is to probably mimic Apache behavior by default so adoption of that tec

Re: Nginx Map how to check value if empty

This kind of logic, as you found out, can be handled in nginx with the help of the proper tools, namely the map module. You are one step away: you can actually program what you require to be feeding the realip module with the HTTP header name you ended up with. Rather than having contiguous maps, h

Re: Nginx Map how to check value if empty

idating there is no real value, ​differentating this case from a bogus 'empty' which would be a sign of a bug. --- *B. R.* On Sun, Mar 5, 2017 at 10:50 PM, c0nw0nk wrote: > Thank's for the info :) > > But why is $remote_addr outputting a hyphen instead of the users IP... > > I sti

Re: Nginx Map how to check value if empty

That is because it is not: your eyes deceived you having a too quick look at the log line. Your 'empty' variables are actually showing the value '-' in this log line. It probably does not help debugging to have static '-' mixed in the format of your log lines where you put them. --- *B. R.* On Su

Re: nginx stopping abruptly at fix time (2:00 am) repeatedly on Cent OS 7.2

You did not provide any server block configuration. The configuration snippet you provided is incomplete. Old tickets suggest a link to SPDY, then HTTP/2 options: https://trac.nginx.org/nginx/ticket/626. You might want to reproduce the problem on a configuration as minimalist as possible, using th

Re: Nginx multiple upstream with different protocols

I suggest you proxy traffic to an upstream group, and then use failure/timeout parameters there with proper tuning to retry requests on the second upstream in case the first in the list fails. ​It will have an overhead if the 1st entry of the upstream group is invalid on initial connection, but hop

Re: potential null dereference

If you think you spot a bug, You'd better open a ticket on Trac . You could also talk about development matters on the nginx-devel Mailling List. This is the 'users' ML, centered on use cases/configuration/help with/d

Re: Nginx only sends hostname to syslog.

Correct me if I am wrong, since I probably will. >From what I read , 'host name' aka name of the host is a FQDN in the hostname.domain format ( domain being able to have n level-s). Thus, it seems that setting a FQDN as h

Re: Where does $remote_addr come from?

I am curious: apart from a training prospective at code digging, what was the goal? In other words, where did you expect the IP address to come from, if not from a system network socket? Have a nice week-end, --- *B. R.* On Sat, Feb 4, 2017 at 12:02 AM, Paul Nickerson wrote: > > Reading that fi

Re: ssl_protocols & SNI

NI for protocols supporting it would have been appreciated. Too bad. >> Thanks Maxim for you always concise and straightforward discerning >> answers! >> --- >> *B. R.* >> >> On Thu, Jan 19, 2017 at 2:36 PM, Maxim Dounin wrote: >> >>> Hello! >&g

Re: ssl_protocols & SNI

*B. R.* > > On Thu, Jan 19, 2017 at 2:36 PM, Maxim Dounin wrote: > >> Hello! >> >> On Thu, Jan 19, 2017 at 10:04:46AM +0100, B.R. via nginx wrote: >> >> > Hello, >> > >> > I tried to overload the value of my default ssl_protocols (http blo

Re: ssl_protocols & SNI

: > Hello! > > On Thu, Jan 19, 2017 at 10:04:46AM +0100, B.R. via nginx wrote: > > > Hello, > > > > I tried to overload the value of my default ssl_protocols (http block > > level) in a server block. > > It did not seem to apply the other value in this virtuel

ssl_protocols & SNI

Hello, I tried to overload the value of my default ssl_protocols (http block level) in a server block. It did not seem to apply the other value in this virtuel server only. Since I use SNI on my OpenSSL implementation, which perfectly works to support multiple virtual servers, I wonder why this S

Re: nginx upstream source ip address

You can make nginx listen on 2 IP addresses with 2 listen directives. Or make it listen on all addresses if you wish. For your upstream, configure an upstream block with those 2 IP addresses and make a proxy_pass pinting to it. --- *B. R.* On Sat, Nov 12, 2016 at 4:25 AM, Michael Power wrote: >