Hello,
I would like to use nginx to load balance Citrix ICA sessions (socks
over https) to four netscalers. Nginx would just distribute the 5
sessions to 4 netscalers. Just tcp with ip hash, no ssl offloading
necessary. The traffic is approx. 5 Gbit/s. The connections are long
running approx. 1
Hello,
I would like to substitue '_' with '-' and '+' with ' ' in the $URI and
pass it to upstream server that can't handle _ and + in the URI (IIS).
Based on [1] I found a working solution, however I would like to know if
there is a more efficient way to do the same for example using lua?
locati
Hello francis,
> > Howto set expires only if upstream does not have set an expires?
> * Francis Daly [2017-11-23 00:26]:
> You can set a value based on $upstream_http_expires --
> { default off; "" 7d; }
> in the appropriate "map" should set your Expires time to 7 days from
> now if there is
Hello,
I would like to add an Expires Header only to upstream content that has
not already set an Expires header. Is there an easy way to do that with
nginx?
I thought about trying to add a header_filter_by_lua checking the
Expires header and set the necessary value if not already set. Is there
an
Hello Maxim,
> Could you please confirm you do _not_ have ssl_certificate defined
> in the server block where you've added ssl_verify_client?
I confirm the same, the ssl_certificate is defined in another server
block. The fix works for me, thanks.
Cheers,
Thomas
Hello,
I'm running nginx from git HEAD, when I add the following two lines to a
https server:
ssl_client_certificate /tmp/ca.crt;
ssl_verify_client on;
and connect to the website, I get:
2017/05/15 08:12:04 [alert] 9109#0: worker process 12908 exited on signal 11
(core dumped)
2017/05/15 08:12:
Hello Nikos,
> Are you sure that the nginx module you are using supports the proxy
> protocol version 2?
you're probably right. Nginx seems to support only version 1 of the
proxy protocol because I can't see the binary header preamble. Can
someone confirm?
https://thomas.glanzmann.de/tmp/nginx.p
Hello Roman,
> Please try the attached patch.
thank you for the patch. The patch solves my SNI problem:
185.46.137.5 - [15/Dec/2016:22:25:00 +0100] "vpn.gmvl.de"
Cheers,
Thomas
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/ma
Hello Roman,
> You can try logging $ssl_preread_server_name in access_log.
thank you. It seems that nginx is not able to extract the server_name
from openconnect correctly:
2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] ""
When I connect with a browser:
2a01:598:8181:37ef
Hello,
> How can someone debug ngx_stream_ssl_preread_module?
put the following line in the stream section:
error_log /var/log/nginx/sni_error.log debug;
Once done I found out that
2016/12/15 17:09:00 [error] 21043#0: *7426 recv() failed (104: Connection reset
by peer) while proxying connect
Hello,
I would like to use ngx_stream_ssl_preread_module to multiplex between a
squid, nginx webserver and ocserv (ssl vpn). I setup nginx the following
way:
stream {
upstream webserver {
server 127.0.0.1:443;
}
upstream squidtls {
server 12
Hello Roman,
* Roman Arutyunyan [2016-10-12 20:07]:
> On Wed, Oct 12, 2016 at 07:50:06PM +0200, Thomas Glanzmann wrote:
> > I would like to use ngx_stream_ssl_preread_module to multiplex a web
> > server, openvpn, and squid to one ip address and port. However I would
> >
Hello,
I would like to use ngx_stream_ssl_preread_module to multiplex a web
server, openvpn, and squid to one ip address and port. However I would
also like to keep the real client ip address in my http logs, is that
possible, if so how?
Cheers,
Thomas
Hello Francis,
* Francis Daly [2016-06-19 11:57]:
> http://nginx.org/r/add_header
> That suggests that you can use an "always" parameter.
> Is that appropriate in this case?
yes, thank you a lot. That solved my problem.
Cheers,
Thomas
___
n
Hello,
I would like to send the header:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
Despite the 401 Unauthorized request. Is that possible?
Currently the header is only added after a successful authorization:
(x1) [~] curl -v https://tuvl.de
* Rebuilt URL to: htt
Hello,
I had to host a potential unsecure PHP web application. So I though about
writing a small c programm which creates a network, filesystem, pid,
uts, and ipc namespace and run php-fpm inside it. I needd from the PHP
web application access to a mysql database, mailserver and ftp server of
the l
Hello,
> > How to proxy request to different upstream by url request parameters?
> http://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky
this is part of the commercial subscription, but you can probably obtain
the same using a MAP like that:
map $arg_key $backend {
key1 bac
Hello,
> How to proxy request to different upstream by url request parameters?
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky
Cheers,
Thomas
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/n
Hello Maxim,
> The u->buffer is allocated by ngx_http_upstream_process_header(),
> and ngx_http_upstream_upgrade() cannot be called bypassing
> ngx_http_upstream_process_header().
> That is, the change you suggest isn't needed in vanilla nginx
> (even with custom modules).
I agree. The reason
While using the ugprade funcationality of nginx to tunnel propiertary
HTTP commands I noticed that data were only passing through from
upstream to downstream but not the other way around. The reason for that
was that no receive buffers for downstream were allocated. Normally the
receiver buffers fo
Hello Nickos,
antoher way would be the SNI to distinguish. It would be nice to have
SNI proxy support in NGINX. However there is a third party proxy which
probably already does the job:
https://github.com/dlundquist/sniproxy
I'll test it later after I bisected the problem with anyconnect.
Cheers
Hello,
* Thomas Glanzmann [2014-01-22 16:15]:
> I would like to extend nginx with a CONNECT statement which connects to
> a TCP socket. Could someone walk me through which source files I need to
> modify and which fucntions I should have a look at?
to answer my own question. The
Hello everyone,
I would like to extend nginx with a CONNECT statement which connects to
a TCP socket. Could someone walk me through which source files I need to
modify and which fucntions I should have a look at?
Or if there is anything else that can give me a quickstart?
My use case is that I wo
Hello everyone,
I'm currently using apache mod_jk to load balance over four backend
tomcat servers. The sessions are not replicated so I need stickyness
based on jvmRoute. The mod_jk configuration is:
worker.list=router, jkstatus
worker.router.type=lb
worker.router.balance_workers=tomcat-01, tomc
Hello Francis,
* Francis Daly [2013-03-10 13:57]:
> You can use an internal rewrite to a file, provided that you actually
> rewrite to a file. Here, you rewrite to a directory without including
> the trailing /.
I wanted to rewrite to a directory. I see my mistake now and it should
have been obv
Hello,
I'm running nginx 1.2.1-2.2 on Debian Wheezy (testing). I try to obtain
the following:
Depending on the subnet accessing either rewrite internally to a cgi
script or to a static Website. For the cgi script that works perfectly
fine, for the static web site nginx always does a HTTP 301 inste
26 matches
Mail list logo
