client_max_body_size and chunked encoding

Hi, The doc http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size says size limit is on "Content-Length", but this post https://serverfault.com/questions/871717/nginx-disconnect-when-client-sends-chunked-body-exceeding-desired-size says it also works on chunked encoding. Is

memory usage for ssl_client_certificate

Hi, If I have a 5M pem file for ssl_client_certificate, and 1000 concurrent connections, will nginx load the file 1000 times with 1000*5M memory usage, or only 1 time load in memory to be shared across all connections? Thanks! Frank ___ nginx mailing li

logging of invalid headers

Hi, If we use ignore_invalid_headers and underscores_in_headers to allow those non-compliant headers, is there a way to log such violations while letting them through? Thanks! ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listi

Re: empty variable in access log

uninitialized variables should be logged as "-", or "" (as if it is initialized with ""). I mis-read your earlier comment "If the variable value is not found, a hyphen (“-”) will be logged.". I took it as "if variable is uninitialized, a hyphen is lo

Re: empty variable in access log

30, 2020 at 4:27 PM Maxim Dounin wrote: > Hello! > > On Mon, Nov 30, 2020 at 03:26:59PM -0800, Frank Liu wrote: > > > ok, for testing, I removed the variable from the map, and add one line > in a > > 2-way SSL server config, to create a fresh new variable: > &g

Re: empty variable in access log

127.0.0.1 - - [30/Nov/2020:23:25:12 +] "GET / HTTP/1.1" 400 On Mon, Nov 30, 2020 at 2:46 PM Maxim Dounin wrote: > Hello! > > On Mon, Nov 30, 2020 at 02:04:35PM -0800, Frank Liu wrote: > > > I may have mixed this with special upstream variables, eg: > > $u

Re: empty variable in access log

:35:19AM -0800, Frank Liu wrote: > > > If I create a variable, default to blank: > > > >map upstream_env $upstream_env { > >default ""; > >} > > > > and log it in access log (log_format has $upstream_env). I see a "-" i

empty variable in access log

Hi, If I create a variable, default to blank: map upstream_env $upstream_env { default ""; } and log it in access log (log_format has $upstream_env). I see a "-" in the log file, which is as expected, but for a 2-way SSL virtual host, I don't see the "-", just blank. Is that a bug?

Re: client disconnects

: > Hello! > > On Tue, Nov 24, 2020 at 08:23:08PM -0800, Frank Liu wrote: > > > When a client disconnects (initiated tcp FIN), shouldn't we see 499 in > > nginx logs? But sometimes I see 400, along with below in error log: > > *2314539 client prematurely closed

client disconnects

Hi, When a client disconnects (initiated tcp FIN), shouldn't we see 499 in nginx logs? But sometimes I see 400, along with below in error log: *2314539 client prematurely closed connection, client: x.x.x.x, Since I don't see "while reading client request headers" in the error log, I assume the re

nginx vulnerability

Hi, CVE-2019-20372 mentioned a security vulnerability, but I don't see it in http://nginx.org/en/security_advisories.html Does that mean CVE-2019-20372 is not considered a security vulnerability by nginx? Or is it because nginx standard config won't be vulnerable, and users have to enable error_lo

CVE-2019-20372

Hi, CVE-2019-20372 mentioned a security vulnerability, but I don't see it in http://nginx.org/en/security_advisories.html CVE-2019-20372 did say a fix in nginx 1.17.7. When I check the CHANGES , I see bugfix: *) Bugfix: requests with bodies were handled inco

keepalive and "down" flag

Hi, If I use keepalive between nginx and upstream backend servers, and later add the "down" flag to one of the servers, will nginx stop sending traffic to it immediately or will it still send requests using the existing keepalive connection, just not creating any new connection? Is the "down" flag

Re: proxy module handling early responses

. Does nginx immediately cease transmitting the body and close its side of the connection? Thanks! Frank On Wed, Dec 18, 2019 at 11:37 AM Maxim Dounin wrote: > Hello! > > On Wed, Dec 18, 2019 at 10:09:56AM -0800, Frank Liu wrote: > > > Our upstream returns HTTP/413 along with

SSL session cache full

Hi, I have a question after reading https://trac.nginx.org/nginx/ticket/621 . When that alert is logged in error log, what will happen to the connection? Will the client get an error (such as HTTP 4XX), or will it work as if the server doesn't support session resumption? As mentioned in comment3 i

Re: What about BREACH (CVE-2013-3587)?

This is documented. Quote from http://nginx.org/en/docs/http/ngx_http_gzip_module.html *When using the SSL/TLS protocol, compressed responses may be subject to BREACH attacks. * On Tue, Feb 4, 2020 at 1:35 PM Rainer Duffner wrote: > > > Am 04.02.2020 um 21

Re: error code 494

Thanks Maxim for the quick fix! Based on https://tools.ietf.org/html/rfc6585#section-5 , shall we by default return 431 instead of 400? On Mon, Feb 3, 2020 at 8:47 AM Maxim Dounin wrote: > Hello! > > On Sun, Feb 02, 2020 at 11:09:14PM -0800, Frank Liu wrote: > > > When I send

Re: error code 494

Thanks for the reply! My question is more about why there is inconsistent response code between using default error page and default error page. > On Feb 3, 2020, at 5:20 AM, Francis Daly wrote: > > On Sun, Feb 02, 2020 at 11:09:14PM -0800, Frank Liu wrote: > > Hi there, >

error code 494

Hi, When I send a request with too longer header value to nginx 1.16.1, I get 400 Bad Request response code and default nginx error page. If I create a custom error page: error_page 494 /my4xx.html; now I can see my error page but the http response code becomes 494. Is that a bug? Shall I see 400

pre-existing data on a connection

Hi, When using nginx as a reverse proxy, how does it handle the pre-existing data on a keepalive connection to the backend? eg: for a request, the backend has a bug that sends 2 identical responses. I assume nginx will take the first response and send it to client. What will happen to the extra d

Re: proxy module handling early responses

2 AM Maxim Dounin wrote: > Hello! > > On Tue, Dec 17, 2019 at 06:37:58PM -0800, Frank Liu wrote: > > > When using nginx as a reverse proxy, in case of a large POST payload, > what > > does nginx do when upstream server sends response before nginx finishes > > postin

proxy module handling early responses

Hi, When using nginx as a reverse proxy, in case of a large POST payload, what does nginx do when upstream server sends response before nginx finishes posting the full payload? One use case is upstream enforces some payload limit and sends a HTTP/413 response when the payload read reaches certain

Re: OCSP stapling for client certificates

https://trac.nginx.org/nginx/ticket/1534 > On Dec 4, 2019, at 9:31 AM, ramirezc wrote: > > I have the same question ast itplayer: Other than CRL, any other alternative > way we can do OCSP validation in the pipeline? > > Posted at Nginx Forum: > https://forum.nginx.org/read.php?2,252893,28640

max pem file size

When using ssl_client_certificate or ssl_trusted_certificate to verify client cert, is there a limit on the pem file size or number of CAs? How to tune that if we need to increase that size? What's the impact if that file is getting too large? ___ nginx m

error_page not honored

I setup my own error_page for 400 but it doesn't seem to be honored. The default page still is returned when client failed to provide certificate. Any ideas? < HTTP/1.1 400 Bad Request < Date: Tue, 18 Jun 2019 17:50:04 GMT < Content-Type: text/html < Content-Length: 230 < Connection: close < 400

Re: nginx proxy and Date header

iant-http-date-headers On Thu, May 23, 2019 at 2:55 AM Maxim Dounin wrote: > Hello! > > On Wed, May 22, 2019 at 10:30:57AM -0700, Frank Liu wrote: > > > Is there a reason why by default nginx doesn't pass the "Date" header > from > > upstream? &g

nginx proxy and Date header

Is there a reason why by default nginx doesn't pass the "Date" header from upstream? http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html seems to indicate Date header shouldn't be altered: The HTTP-date sent in a Date

client_max_body_size

http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size says Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. Can I assume "client_max_body_size" will NOT affect if chunked encoding is used?

Re: Client Certificate OCSP validate

https://trac.nginx.org/nginx/ticket/1534 > On Apr 13, 2019, at 12:16 AM, itplayer wrote: > > Hi, > I'm wondering that if NGINX currently(I use 1.14.1) support client > certificate OCSP validation? > The use case is when client try to login our web application, NGINX sit in > front of the applica

Re: sni hostname and request Host header mismatch

http://hg.nginx.org/nginx/rev/4fbef397c753 indicates the check is only done for the 2-way SSL virtual host. Has everything been added (maybe through a directive) for 1-way SSL since then? On Wed, Oct 10, 2018 at 10:33 AM itpp2012 wrote: > Via map and the default ? > > Posted at Nginx Forum: > ht

sni hostname and request Host header mismatch

Is there a way to configure nginx to fail the request if the client sends a sni header that doesn't match the Host header? curl -k -H "Host: virtual_host2" https://virtual_host1 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listi

Re: GeoIP2 Maxmind Module Support for Nginx

If you click the link in step 4 on the page you mentioned, it goes to the same site in my earlier email. On Fri, Sep 21, 2018 at 3:30 PM wrote: > Am 2018-09-21 17:00, schrieb Frank Liu: > > nginx doesn't officially support geoip2. You have to use third party > > modules lik

Re: GeoIP2 Maxmind Module Support for Nginx

nginx doesn't officially support geoip2. You have to use third party modules like https://github.com/leev/ngx_http_geoip2_module On Fri, Sep 21, 2018 at 2:39 PM anish10dec wrote: > Hi , > > As of now we are using "nginx-module-geoip-1.10.0-1.el7.ngx.x86_64.rpm" > available at repository > https

Re: support http and https on the same port

, Jul 25, 2018 at 1:23 PM, Maxim Dounin wrote: > Hello! > > On Wed, Jul 25, 2018 at 11:37:20AM -0700, Frank Liu wrote: > > > I tried: > > > > error_page 497 $request_uri; > > > > It is kind of working, and I get the correct content/code back, bu

Re: support http and https on the same port

other headers are retained. I also tried: error_page 497 =200 $request_uri; and now I get: HTTP/1.1 200 OK instead of real response code from upstream. On Wed, Jul 25, 2018 at 10:26 AM, Frank Liu wrote: > I just tried it quickly. nginx gives 400 instead of 497 when I connect as > htt

Re: support http and https on the same port

.15.2 * Closing connection 0 Am I missing something? On Wed, Jul 25, 2018 at 9:16 AM, Frank Liu wrote: > Thanks Maxim! > Is there a way to tell nginx to treat 497 as no error, and continue normal > processing? > > On Wed, Jul 25, 2018 at 8:14 AM, Maxim Dounin wrote: > >>

Re: support http and https on the same port

Thanks Maxim! Is there a way to tell nginx to treat 497 as no error, and continue normal processing? On Wed, Jul 25, 2018 at 8:14 AM, Maxim Dounin wrote: > Hello! > > On Wed, Jul 25, 2018 at 07:46:49AM -0700, Frank Liu wrote: > > > Stream servers can now do ssl and non-ss

support http and https on the same port

Stream servers can now do ssl and non-ssl on the same port: https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-15-2/ Can this be added to http virtual hosts as well? If ssl is on a listening port and client doesn't send ClientHello, can nginx fallback to use normal http? Ma

Re: Upload large files via Nginx reverse proxy

Does this work for you? https://serverfault.com/questions/768693/nginx-how-to-completely-disable-request-body-buffering On Thu, Jul 19, 2018 at 8:45 AM, cyberfarer wrote: > We have Nginx as a reverse proxy server to a Pydio server backend running > with Apache2. We are attempting to upload a 50G

Re: SSL errors, verbosity level

Thanks Maxim and those two patches are now merged upstream: http://mailman.nginx.org/pipermail/nginx-devel/2018-July/011287.html http://mailman.nginx.org/pipermail/nginx-devel/2018-July/011288.html On Fri, Jul 13, 2018 at 4:13 AM, Richard Stanway wrote: > I'd also like to voice support for havi

Re: SSL errors, verbosity level

Glad it works and thanks Piotr Sikora for the patch! Since you are using newer openssl, you may want to apply this patch: https://nginx.googlesource.com/nginx/+/ec0b8aad6ca3cb37e03d1c06e42f110e4737af1f%5E%21/ On Wed, Jul 11, 2018 at 6:18 AM, shiz wrote: > > Those unsupported ssl version messag

Re: SSL errors, verbosity level

Those unsupported ssl version messages should be in "info" level instead of "crit", just like other SSL related errors. Applying below patch should make your error log cleaner: https://nginx.googlesource.com/nginx/+/6853c9c868504432ffadb8a7ca58ce8e50a83450%5E%21/ On Sat, Jul 7, 2018 at 8:38 AM, s

Re: keepalive and 5xx

ot;error codes is generated by nginx itself", so what happens if nginx is used as reverse proxy, and the error code is coming from upstream? Will nginx switch off keepalive with client too? Thanks! Frank On Tue, Jul 10, 2018 at 10:04 AM, Maxim Dounin wrote: > Hello! > > On Mon,

keepalive and 5xx

Does nginx automatically disconnect keepalive connection if 5xx response code is generated? ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: SSL Handshake Failure with error:1407609B:SSL in error logs

Since your backend is already doing ssl, you should remove ssl from the listen, so that nginx will just do a simple TCP pass through: Change listen 443 ssl; to listen 443; On Wed, Jul 4, 2018 at 12:31 AM, shivramg94 wrote: > Hi, > > We are trying to configure TCP load balancing with TLS termin

Re: dual stack binding

The issue is with this: [150] # service nginx restart Stopping nginx:[FAILED] Since stopping FAILED, the IP/port still in use. That's why start failed with "binding" error. You can try "service nginx stop" along and check error log to see why it faile

Re: How to pass connection's real IP through Nginx smtp proxy to Postfix/postscreen backend?

Try proxy protocol. On Thu, Jun 21, 2018 at 12:47 PM, wrote: > I run Postfix 3.3.1 & Nginx 1.15.0 > > Both work great. > > I'm beginning to experiment with putting Postfix (and eventually other) > server behind Nginx (v 1.15.0) setup as a mail (SMTP) proxy. > > Without the proxy, Postfix logs sh

Re: Block countries - Nginx

ock it > based on the Country. > > On Tue, May 22, 2018, 4:45 PM Frank Liu wrote: > >> Instead of the default nginx geoip module , I suggest you switch to third >> party geoip2 module for two reasons: >> 1) maxmind deprecated geoip1 db. >> 2)geoip2 module can do what y

Re: Block countries - Nginx

Instead of the default nginx geoip module , I suggest you switch to third party geoip2 module for two reasons: 1) maxmind deprecated geoip1 db. 2)geoip2 module can do what you wanted, and the geo lookup can be based on any variables, such as $http_x_forwarded_for Frank On Mon, May 21, 2018 at 6:3

blank lines in config

Should nginx ignore those blank lines (lines with spaces only) in config? I tried below in the config of nginx 1.14.0: server { ... set $testvar1 "testval1"; ... 300 blank lines, each with 20 spaces ... set $testvar2 "testval2"; ... } nginx configtest says: nginx: [emerg] too long para

Re: ssl_protocols per server and SNI

. Thanks! Frank On Mon, Apr 16, 2018 at 4:23 PM, Frank Liu wrote: > This topic has been discussed in the past. eg: 3 years ago @ > http://mailman.nginx.org/pipermail/nginx/2014-November/045738.html and > nginx couldn't fix it due to OpenSSL. > Has anything changed since then, wi

ssl_protocols per server and SNI

This topic has been discussed in the past. eg: 3 years ago @ http://mailman.nginx.org/pipermail/nginx/2014-November/045738.html and nginx couldn't fix it due to OpenSSL. Has anything changed since then, with newer versions of OpenSSL? ___ nginx mailing li

Re: Virtual hosts sharing same port

need to dig deeper into it. Frank On Mon, Apr 16, 2018 at 9:49 AM, Maxim Dounin wrote: > Hello! > > On Mon, Apr 16, 2018 at 08:13:42AM -0700, Frank Liu wrote: > > > Does that mean nginx will read and combine listen options from > > all virtual hosts and use that to

Re: Virtual hosts sharing same port

gt;> On Apr 16, 2018, at 9:32 AM, Maxim Dounin wrote: >> >> Hello! >> >>> On Mon, Apr 16, 2018 at 07:26:11AM +, Frank Liu wrote: >>> >>> Can I use different listen parameters for virtual hosts using the same >>> port? Eg, one vh has “li

Virtual hosts sharing same port

Can I use different listen parameters for virtual hosts using the same port? Eg, one vh has “listen 443 ssl;” and the other one has “listen 443 ssl h2;” ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

TLS 1.3

https://trac.nginx.org/nginx/roadmap says - [in progress] TLS 1.3 support Now that milestone 1.13 has only 6 days left, is this still in the plan or are we pushing it to 1.15? ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/l

Re: Monitoring http returns

This module can get you started: https://github.com/gfrankliu/nginx-http-reqstat On Tue, Apr 10, 2018 at 9:19 PM, Jeff Abrahamson wrote: > I want to monitor nginx better: http returns (e.g., how many 500's, how > many 404's, how many 200's, etc.), as well as request rates, response > times, etc.

GeoIP2

The nginx geoip module http://nginx.org/en/docs/http/ngx_http_geoip_module.html is using the legacy maxmind db. I just read maxmind legacy db March 2018 will be the last publicly available download. Jan 2, 2019 it will be removed. https://dev.maxmind.com/geoip/geoip2/geolite2/ Is there a plan to s

Re: [nginx] The gRPC proxy module.

Congratulations on the grpc support! Since h2/h2c are used to talk to upstream grpc servers , does that mean we will also see proxy_pass support http/2? > On Mar 18, 2018, at 3:03 AM, Maxim Konovalov wrote: > > Hello, > > for those who don't follow nginx-devel@. > > We also published a blog p

Re: HTTP/405

4:05 AM, Valentin V. Bartenev wrote: > On Thursday 03 August 2017 22:28:41 Frank Liu wrote: > > https://tools.ietf.org/html/rfc7231#page-59 says: > > > > ... The origin server MUST generate an > >Allow header field in a 405 response containing a list of the targ

Re: HTTP/405

> How was that 405 generated? > Show used configuration please. > --- > *B. R.* > > On Fri, Aug 4, 2017 at 7:28 AM, Frank Liu wrote: > >> https://tools.ietf.org/html/rfc7231#page-59 says: >> >> ... The origin server MUST generate an >>Allow heade

HTTP/405

https://tools.ietf.org/html/rfc7231#page-59 says: ... The origin server MUST generate an Allow header field in a 405 response containing a list of the target resource's currently supported methods. nginx doesn't seem to have Allow header field. Is that against RFC? curl -v -X TRACE http://

Re: Upstream HTTP/2 support

This subject has been discussed here: https://trac.nginx.org/nginx/ticket/923 I think it is a good idea to have this support. On Sun, Jul 9, 2017 at 7:55 PM, motor wrote: > The following post is based on the assumptions that 1. upstream HTTP/2 > support is not available in nginx at the moment, a

Re: upstream 429 and non-idempotent request

30 AM, Maxim Dounin wrote: > Hello! > > On Thu, Jun 08, 2017 at 09:55:05AM -0700, Frank Liu wrote: > > > I fully understand the rationale of not retrying non-idempotent requests > if > > they are already sent, but in case of 429 (maybe other cases as well), I > >

Re: upstream 429 and non-idempotent request

stream non-idempotent-http_429;" or whatever http code that we know safe. On Thu, Jun 8, 2017 at 8:20 AM, Maxim Dounin wrote: > Hello! > > On Thu, Jun 08, 2017 at 01:10:25AM -0700, Frank Liu wrote: > > > In case of upstream returning 429, I'd like to have nginx retry next >

upstream 429 and non-idempotent request

In case of upstream returning 429, I'd like to have nginx retry next upstream server. Since nginx by default won't retry non-idempotent requests, how do I force nginx to retry when receiving 429? I imagine this should be the default behavior anyway, or does nginx not care about returning code and w

Re: access log request without query string

e such a simple task ;) > The following approach should just work: > > map $request_uri $request_path { > ~(?[^?]*) $path; > } > ---- > > > On 20 April 2017 at 08:08:46, Frank Liu (gfrank...@gmail.com) wrote: &

access log request without query string

Hi, What's the best way to login the original request uri ($request_uri) without query string? I tried $uri but it seems to be normalized and if I have customized 404 error page /404.html, all those requests are logged as /404.html instead of original requests uri. Thanks! Frank _

Re: weight and balancing in upstream proxy

Hi Aleks, Those information are extremely helpful. Much appreciated! Regards, Frank On Fri, Apr 14, 2017 at 1:47 AM, Aleksandar Lazic wrote: > Hi. > > Am 12-04-2017 23:50, schrieb Frank Liu: > > Hi, >> >> How does nginx balances traffic to upstream with diffe

Re: weight and balancing in upstream proxy

4:49 PM, Francis Daly wrote: > On Wed, Apr 12, 2017 at 02:50:08PM -0700, Frank Liu wrote: > > Hi there, > > > How does nginx balances traffic to upstream with different weight? If I > > have 3 servers in upstream, with weight 1, 2, 4, assuming all are > healthy, > &g

Re: weight and balancing in upstream proxy

Hi Maxim, Thanks for pointing out the link is not related. Do you have the answer to the original question or a related link? Thanks Frank > On Apr 13, 2017, at 7:34 AM, Maxim Dounin wrote: > > Hello! > >> On Thu, Apr 13, 2017 at 10:09:16AM +0200, B.R. via nginx wrote: >> >> That is an intere

weight and balancing in upstream proxy

Hi, How does nginx balances traffic to upstream with different weight? If I have 3 servers in upstream, with weight 1, 2, 4, assuming all are healthy, will nginx send traffic to server 1, 2, 3, 2, 3, 3, 3 or 1, 2, 2, 3, 3, 3, 3? If I have two servers with both weight 50, will nginx will 50 request

Re: ssl_protocols & SNI

Hi Maxim, Thanks for explaining why overloading ssl_protocols won't work. Since the problem is with how OpenSSL works, will it work if we use other openssl alternatives? I see people reporting boringssl and libressl work fine with nginx. Does nginx still need to be modified to support overloading

limit connection based on Host header

Hi, I have a default "server" block with "server_name _ ;". Since connections coming in may have different Host header, I am trying to limit the connection based on Host header. limit_conn_zone $server_name zone=perserver:10m; limit_conn perserver 10; Will this work? It seems if the connection

round robin rule

If I configure one "upstream" with 2 servers and use the default round robin, will the traffic be balanced based on the upstream or the virtual servers. e.g.: if I configure 2 virtual host "server" blocks, both proxy_pass the same upstream, will the requests to each virtual host be balanced individ

upstream status

Hi, I am using nginx as proxy with two upstream servers. In the access log, I log the upstream_address, upstream_status, status (downstream), a special response header from upstream, etc. A few times I see in the log upstream_address: server1:port, server2:port with upstream_status: 504, 502 st

Re: udp balancing

ine should be > > "*UDP* balancing decision is on every packet since it is connectionless" > On 23-Jun-2016 22:38, Frank Liu wrote: > > To summarize: > TCP balancing decision is on every new connection. > TCP balancing decision is on every packet since it is con

Re: udp balancing

To summarize: TCP balancing decision is on every new connection. TCP balancing decision is on every packet since it is connectionless. On Thu, Jun 23, 2016 at 9:08 AM, Maxim Konovalov wrote: > On 6/23/16 6:57 PM, Frank Liu wrote: > > That makes sense for udp (connection less). >

Re: udp balancing

wrote: > On 6/23/16 6:44 PM, Frank Liu wrote: > > Hi, > > > > In the default stream/udp/proxy setup, will nginx round robin every > > packet or will it remembers client and send all packets from same > > client to same upstream? > > > The default is round-robi

udp balancing

Hi, In the default stream/udp/proxy setup, will nginx round robin every packet or will it remembers client and send all packets from same client to same upstream? Thanks Frank ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listi

Re: Passive health check in stream_proxy module

Yuriy Medvedev wrote: > Hi, https://www.nginx.com/resources/admin-guide/load-balancer/ > > 2016-06-08 0:03 GMT+03:00 Frank Liu : > >> How does passive health check work in stream_proxy module? especially for >> UDP which is connectionless. How does nginx detect if it is a

Passive health check in stream_proxy module

How does passive health check work in stream_proxy module? especially for UDP which is connectionless. How does nginx detect if it is a failed connection and retry next? Thanks! Frank ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailma

Re: 1.9.13 and non_idempotent

TREAM_FT_HTTP_404) && (r->method & (NGX_HTTP_POST|NGX_HTTP_LOCK|NGX_HTTP_PATCH))) { ft_type |= NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT; On Fri, Apr 1, 2016 at 8:46 AM, Frank Liu wrote: > Can you post a quick patch on how to exclude http_404? > > Thanks! &g

Re: 1.9.13 and non_idempotent

Can you post a quick patch on how to exclude http_404? Thanks! Frank On Tue, Mar 29, 2016 at 8:26 PM, Maxim Dounin wrote: > Hello! > > On Tue, Mar 29, 2016 at 08:04:33PM -0700, Frank Liu wrote: > > > It's a custom error code, think of it as if http_404, so if the f

proxy_next_upstream_timeout behavior

Hi, If I set proxy_next_upstream_timeout to 50 second, will nginx break the current upstream connection at 50 second and fail the request? Or will it wait until current one finishes (or read timeout) then decide whether it should try next upstream and find out it is already more than 50 so fail th

Re: 1.9.13 and non_idempotent

Does that mean by default if one upstream server is down (connect error or connect timeout), nginx won't try the next server and POST request will just fail? Thanks! Frank On Tue, Mar 29, 2016 at 7:48 PM, Maxim Dounin wrote: > Hello! > > On Tue, Mar 29, 2016 at 06:34:59PM -0

Re: proxy_read_timeout vs proxy_next_upstream_timeout

at all: there is no way to mistake > one for the other.​ > --- > *B. R.* > > On Tue, Mar 29, 2016 at 5:03 PM, Frank Liu wrote: > >> Hi >> >> If you set read timeout 2 min and next upstream timeout 50 seconds, will >> nginx break the current connection

Re: 1.9.13 and non_idempotent

> Hello! > > On Tue, Mar 29, 2016 at 06:34:59PM -0700, Frank Liu wrote: > > > If I explicitly configured to retry next upstream based on a > > certain http_xxx, will that stop working if a request is a POST with > > 1.9.13? > > Yes. There is no real difference b

1.9.13 and non_idempotent

If I explicitly configured to retry next upstream based on a certain http_xxx, will that stop working if a request is a POST with 1.9.13? For other http code, I like the idea of not retry if it is non idempotent but for one http_xxx, I want retry no matter what type of request. Thanks Frank __

proxy_read_timeout vs proxy_next_upstream_timeout

Hi If you set read timeout 2 min and next upstream timeout 50 seconds, will nginx break the current connection at 50 second or will it let the read finish until 2min? Thanks Frank ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/l

Re: dns name for upstream

Hi Valentin, Thanks for clearing up . I was looking at the wrong module. Do you have any comments to the other two questions? Frank On Friday, March 11, 2016, Valentin V. Bartenev wrote: > On Thursday 10 March 2016 14:55:06 Frank Liu wrote: > > Hi, > > > > I saw this examp

dns name for upstream

Hi, I saw this example at serverfault.com: server { ... resolver 127.0.0.1; set $backend "http://dynamic.example.com:80";; proxy_pass $backend; ... } I have a few questions: 1) If the resolver DNS becomes unavailable (say connection timeout), what will nginx do? Will it keep

proxy_next_upstream

Does the proxy_next_upstream "timeout" apply to both connect timeout and read timeout? Is it possible to configure proxy_next_upstream to use connect timeout only, not the read timeout? In case a connection is made and the request is sent, I don't want to re-try next upstream even when the read tim

proxy_bind pool

Hi, Is it possible to use proxy_bind to a pool of IPs? Since each IP has a limited ephemeral ports that can be used to make outbound connections to upstream servers, it would be help if we can use a pool of IPs for proxy_bind, or is there another workaround to have more connections to upstream ser

Re: HTTP/2 Gateway

"multiplexing" seems to be a good use case for upstream proxying. We don't have control how fast end users adopting HTTP/2, so we may still have tons of HTTP/1.x requests coming in, but we can certainly upgrade upstream servers that we control to support HTTP/2. If nginx upstream proxy module can a

Re: Next upstream based on custom http code

ill be done by > monitoring backend logs. > > There is no such thing as a 'Coffee Break' HTTP code. :oP > --- > *B. R.* > > On Thu, Dec 10, 2015 at 9:20 PM, Frank Liu > wrote: > >> No, 503 may be a legitimate error from upstream that nginx needs to pass &

Re: Next upstream based on custom http code

much like 'Service Unavailable'. > --- > *B. R.* > > On Thu, Dec 10, 2015 at 5:34 PM, Frank Liu > wrote: > >> Hi >> >> There are a few options for when to try next upstream : >> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_nex

Next upstream based on custom http code

Hi There are a few options for when to try next upstream : http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream Is it possible to configure a custom http code so that upstream servers can send that code if it wants to send nginx to upstream ? Thanks Frank

bind failed

Hi, I was doing some tests today and have created a single test virtual host with listen 8181; and nginx runs fine (1.9.7). Now if I change the listen to only one interface ip: listen 192.168.10.10:8181 configtest shows fine but reload gives "bind failed" in the error log. Is this normal? Thanks!

Timestamp in log

I understand nginx writes the log when request completes, but is time_local (or time_iso8601, msec) representing the time that the request was received or when the request completes and log written? I know Apache and AWS ELB both log the request received time, and want to see nginx works the same.

  1   2   >