e off;
#Session resumption - Session ID
ssl_session_tickets off;
ssl_session_cache shared:SSL:10m;
#Session resumption - Session Tickets
ssl_session_tickets on;
ssl_session_cache off;
After set each one, I can test if they are active using the following
command and check Session-ID or TLS session t
test to make sure i'm good..
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Hi there,
I am happy to announce the new 0.30 release of Test::Nginx:
https://openresty.org/en/ann-test-nginx-030.html
This version has many new features and fixes several bugs since 0.29,
refer to the above link for details.
This Perl module provides a test scaffold for automated testing in
Hi Francis,
On Mon, Nov 22, 2021 at 6:17 PM Francis Daly wrote:
>
> On Mon, Nov 22, 2021 at 03:42:39PM -0300, Fabiano Furtado Pessoa Coelho wrote:
>
> Hi there,
>
> > NGINX has a -T option, where you can "test configuration, dump it and exit".
> > I
On Mon, Nov 22, 2021 at 03:42:39PM -0300, Fabiano Furtado Pessoa Coelho wrote:
Hi there,
> NGINX has a -T option, where you can "test configuration, dump it and exit".
> Is there a way to process the "include" directive and dump the
> configuration "expanded&qu
Hi...
NGINX has a -T option, where you can "test configuration, dump it and exit".
Is there a way to process the "include" directive and dump the
configuration "expanded"?
Thanks in advance.
Fabiano Furtado
___
nginx mai
> In my case I have a two internal DNS zones, .develop and .test.
>
> On global http section I added my resolver:
>
> ...
>
> http {
> resolver 192.168.140.249 valid=300s;
> resolver_timeout 1s;
>
> ...
>
> And I use proxy_pass directive with DNS na
Hi everyone!
Unfortunately, I can't find information about how Nginx tests
configuration files.
In my case I have a two internal DNS zones, .develop and .test.
On global http section I added my resolver:
...
http {
resolver 192.168.140.249 valid=300s;
resolver_timeout 1s;
...
Appreciate your confidence on Nignx!!
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,288558,288564#msg-288564
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Yup thanks I mailed them today.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,288558,288563#msg-288563
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
I rolled up to a Bugatti dealer and asked for a test drive
the dealer would laugh at me. People buy super cars sight unseen because they
know they are super cars. In the same way, if you need a reverse proxy Then
nginx is what you need. It’s that simple. I don’t work for nginx, I’m not an
> I am assessing the capabilities and doing a POC on Nignx integration as
> reverse proxy. Are there any pre-configured image with all the protocols and
> the necessary clients to test and demo the capabilities of Nignx or Nignx
> plus? Doing a self-assessment with all the necessary
Hi Team,
I am assessing the capabilities and doing a POC on Nignx integration as
reverse proxy. Are there any pre-configured image with all the protocols and
the necessary clients to test and demo the capabilities of Nignx or Nignx
plus? Doing a self-assessment with all the necessary setup on my
On 19/10/19 4:22 pm, Aleksandar Lazic wrote:
Have you tried Lewis suggestion with $arg_id, it looks exactly what you
searching for?
Untested:
location = /test/place {
if ($arg_id = "2") {
return 301 https://new.example.com/test/place?$args;
}
}
I did try but i
Hi P.V.Anthony.
Am 17.10.19 um 23:15 schrieb J. Lewis Muir:
> On 10/18, P.V.Anthony wrote:
>> Currently have the following url,
>>
>> https://old.example.com/test/place?id=1
>> https://old.example.com/test/place?id=2
>> https://old.example.com/test/place?id=3
&g
On 18/10/19 9:47 pm, J. Lewis Muir wrote:
And in your example, you were doing a return inside an "if" which is
noted as being safe in a location context.
Phew! Thank you for the advice.
P.V.Anthony
___
nginx mailing list
nginx@nginx.org
http://mailm
On 18/10/19 2:59 pm, Patrick wrote:
The `if' part should be fine. The problem would be someone crafting a
URL that skips past the `=' check and yet is still parsed as `id=2' by
the underlying app.
Can the underlying old app also be changed to log an attack, and throw a
444 when it gets an `id'
On 10/18, P.V.Anthony wrote:
> On 18/10/19 5:26 am, Jeff Dyke wrote:
> > I know this is not an answer to your question, but it begs another,
> > mainly due to the if statement. How many of these are you going to
> > have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
> >
> > Y
On 2019-10-18 13:57, P.V.Anthony wrote:
> Like netsec and using "if" in the config.
The `if' part should be fine. The problem would be someone crafting a
URL that skips past the `=' check and yet is still parsed as `id=2' by
the underlying app.
Can the underlying old app also be changed to log an
On 18/10/19 1:33 pm, Patrick wrote:
Awesome. By `safe' do you mean netsec, or memory-safe, or ?
Like netsec and using "if" in the config.
I suppose for my case, I have to use "if".
Thank you very much for helping to solve this. I was cracking my head on
how to solve this. You really helped.
On 2019-10-18 13:17, P.V.Anthony wrote:
> Tried the following and it works but is it safe?
>
> if ( $request_uri = "/test/place?id=2" ) {
> rewrite ^ http://new.example.com${uri}?${args}? last;
> }
Awesome. By `safe' do you mean netsec, o
On 18/10/19 12:20 pm, Patrick wrote:
Without a map, try starting with:
if ( $uri?$args = /test/place?id=2 ) {
rewrite ^ http://new.example.com/${uri}?${args}? last;
}
Then as the site migration continues turn that `if' test into a regexp
that will match the migrated components.
On 2019-10-18 12:12, P.V.Anthony wrote:
> I am using ispconfig web control that only allows changes in the server
> block.
Without a map, try starting with:
if ( $uri?$args = /test/place?id=2 ) {
rewrite ^ http://new.example.com/${uri}?${args}? last;
}
Then as the site migration con
On 18/10/19 9:03 am, Patrick wrote:
This looks like a gradual migration of content to a new server. Try
using `rewrite' instead of `return'?
map "$uri?$args" $is_new_site {
/test/place?id=2 1;
default 0;
}
server {
...
if ( $is_new_site
On 18/10/19 5:26 am, Jeff Dyke wrote:
I know this is not an answer to your question, but it begs another,
mainly due to the if statement. How many of these are you going to
have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
You've likely considered this, but if not wanted
On 18/10/19 5:15 am, J. Lewis Muir wrote:
You might want to use $arg_id here (i.e., the $arg_ variable for
the argument). Otherwise, it won't work if any other arguments
are given.
Noted. I will change that.
Or is there a way to do the following? That would be ideal.
location =
On 2019-10-18 01:01, P.V.Anthony wrote:
> Currently have the following url,
>
> https://old.example.com/test/place?id=1
> https://old.example.com/test/place?id=2
> https://old.example.com/test/place?id=3
>
> Need to redirect only id=2 to another url.
This looks like a gradual
u are moving domains, could you create a separate route that you
could key off rather than arg_id?
Random thoughts waiting for things to compile
On Thu, Oct 17, 2019 at 5:15 PM J. Lewis Muir wrote:
> On 10/18, P.V.Anthony wrote:
> > Currently have the following url,
> >
> > ht
On 10/18, P.V.Anthony wrote:
> Currently have the following url,
>
> https://old.example.com/test/place?id=1
> https://old.example.com/test/place?id=2
> https://old.example.com/test/place?id=3
>
> Need to redirect only id=2 to another url.
>
> Did the following and i
Hi,
Currently have the following url,
https://old.example.com/test/place?id=1
https://old.example.com/test/place?id=2
https://old.example.com/test/place?id=3
Need to redirect only id=2 to another url.
Did the following and it works for id=2. Need id=1 and id=3 to continue
normally without
I'm testing an nginx config with 40k server blocks acting as proxies
(proxy_pass). Each server block has its own proxy_cache_path. The "nginx -t"
takes about 5 minutes to complete. The config test duration is even
exponential if I add more server blocks and proxy_cache_path. Changin
ne have a suggestion about a simple, free, open source web app,
> with a database that I could test out and get familiar with, nginx's load
> balancing functionality on?
>
> Thank you,
>leeand00
>
> Posted at Nginx Forum:
> https://forum.nginx.o
Does anyone have a suggestion about a simple, free, open source web app,
with a database that I could test out and get familiar with, nginx's load
balancing functionality on?
Thank you,
leeand00
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,278284,278284#msg-2
Thank you for the clarification.
2017-02-10 20:45 GMT+08:00 Maxim Dounin :
> Hello!
>
> On Fri, Feb 10, 2017 at 01:31:34PM +0800, linbo liao wrote:
>
> > I setup an test Nginx 1.10.3 on local VM (Centos 6.7 x86_64). I configure
> > the following location
>
Hello!
On Fri, Feb 10, 2017 at 01:31:34PM +0800, linbo liao wrote:
> I setup an test Nginx 1.10.3 on local VM (Centos 6.7 x86_64). I configure
> the following location
>
> location =/404.html {
> root/usr/share/nginx/html;
> }
>
> As my understanding, it is not
Hi,
I setup an test Nginx 1.10.3 on local VM (Centos 6.7 x86_64). I configure
the following location
location =/404.html {
root/usr/share/nginx/html;
}
As my understanding, it is not an valid url, but `nginx -t` pass the
configuration test.
Is it a bug
you.
>
> iperf, snfnettest, or etherate will show you the maximum possible
> bandwidth at the TCP or IP layer.
> If it's under 700 then you know to focus on the NIC and OS. If it's above
> 900 then the
> problem is in your nginx or your test workload.
>
> Posted
bove
900 then the
problem is in your nginx or your test workload.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,271846,271895#msg-271895
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
f of saturating the NIC on your server?
> >
> > On Fri, Jan 6, 2017 at 10:24 AM, MrFastDie
> >
> > wrote:
> >
> > > Hello,
> > >
> > > the last days I played a little with the NGINX settings and the tcp
> > stack
> > > to
>
FYI, benchmark mentioned in the video.
https://github.com/wg/wrk
Wouldn't a number of test machine ls on the Internet make more sense than
flogging nginx locally on your network?
With VPS time being sold by the hour, seems to me you should get one VPS tester
running acceptably, then cl
On Friday 06 January 2017 10:24:06 MrFastDie wrote:
> Hello,
>
> the last days I played a little with the NGINX settings and the tcp stack to
> test the best performance. I used direct connection between my testing
> machine and my server using a cat5e cable.
> My nginx.co
ider the traffic source, is
> it
> known capable of of saturating the NIC on your server?
>
> On Fri, Jan 6, 2017 at 10:24 AM, MrFastDie
>
> wrote:
>
> > Hello,
> >
> > the last days I played a little with the NGINX settings and the tcp
> stack
> > to
You said that your test case peaks at 600Mbit/sec.
Your first step should be to bisect the problem, to see if you're limited by
your hardware+OS or your test + nginx configuration. Easiest way is to install
solarflare's free network test utility from the support section of thei
Which OS? What NIC? You also have to consider the traffic source, is it
known capable of of saturating the NIC on your server?
On Fri, Jan 6, 2017 at 10:24 AM, MrFastDie
wrote:
> Hello,
>
> the last days I played a little with the NGINX settings and the tcp stack
> to
>
Hello,
the last days I played a little with the NGINX settings and the tcp stack to
test the best performance. I used direct connection between my testing
machine and my server using a cat5e cable.
My nginx.conf can be found at pastebin: http://pastebin.com/rRAEwvNc
My sysctl.conf also provides
did you find anhy answer ?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,127854,271666#msg-271666
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
> I updated nginx but the problem persists.
>
> Could it be some sort of misconfiguration of my nginx?
No, but I suggest you try reconfiguring your cipher suites anyway to
exclude anything kerberos related like previously suggested.
Lukas
_
I updated nginx but the problem persists.
Could it be some sort of misconfiguration of my nginx?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266590,266800#msg-266800
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman
> nginx version: nginx/1.2.6
> built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
> [...]
> CentOS 6.7 server
Try disabling kerberos cipher suites [1], you may be hitting
some obscure CentOS/RedHat libc issues [2].
[1]
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=ngin
How do i update to the latest stable version of nginx on a CentOS 6.7
server?
Are there any precautions before the update? Will if affect my current
settings-conf ?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266590,266641#msg-266641
___
Sorry, this is the output i get:
Thanks, it's probably time to update my system.
nginx version: nginx/1.2.6
built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf --error-
Hello!
On Wed, May 04, 2016 at 06:58:19AM -0400, kostbad wrote:
> The nginx version is 1.2.6.
That's not "nginx -V" output you were asked for. Nevertheless,
it's probably enough to conclude you should upgrade before doing
anything else. The 1.2.x branch is not supported for more than 3
year
The nginx version is 1.2.6.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,266590,266603#msg-266603
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
> When ssllabs tests for deprecated cipher suites, it stays there forever.
> I have to close the ssllabs test page and then my nginx server stays down
> until i restart it.
Please provide the output of
When ssllabs tests for deprecated cipher suites, it stays there forever.
I have to close the ssllabs test page and then my nginx server stays down
until i restart it.
I also got the following error:
113 upstream prematurely closed connection while reading response header
from upstream, client
kostbad:
Every time i run it, my nginx server (ssl terminator) crashes and i have to
restart it.
I get the following error in my nginx logs:
*734 SSL_do_handshake() failed (SSL: error:140A1175:SSL
routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL
handshaking, client: ..,
I tried to do use the ssltest from qualys.com:
https://www.ssllabs.com/ssltest/
Every time i run it, my nginx server (ssl terminator) crashes and i have to
restart it.
I get the following error in my nginx logs:
*734 SSL_do_handshake() failed (SSL: error:140A1175:SSL
routines:SSL_BYTES_TO_CIPHER
the NGINX
did not passed the 30% CPU while the tolls got to over 100%.
My question is:
Which tool I can use to test NGINX with post requests in the best way?
Thanks,
Ortal
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,264161,264161#msg-264161
e --with-pcre --with-file-aio
> --with-http_realip_module
> --without-http_scgi_module --without-http_uwsgi_module
> --without-http_fastcgi_module --with-http_spdy_module --with-cc-opt='-O2 -g
> -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buff
with-file-aio --with-http_realip_module
--without-http_scgi_module --without-http_uwsgi_module
--without-http_fastcgi_module --with-http_spdy_module --with-cc-opt='-O2 -g
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic'
--add-mo
I would prefer RPM. Just patching the official one.
RPM patching process is pretty standardized and shouldn't take more than a
few minutes. Could you explain what problem you have?
On Mon, Jun 15, 2015, 05:59 ajjH6 wrote:
> Hello
>
> What is a good method for deploying a newly compiled nginx bi
Hello
What is a good method for deploying a newly compiled nginx binary with an
extra module? (mod_security)
I can get all to compile ok. However, I do not want to compile on my
production server. There are two many dependencies (ie HTTPD for mod_sec).
In the case of mod_security, it seems only
Hi again,
After some searching on Nginx source code, eventually i did find out the
issue. The issue was on module type. I had defined it as NGX_STREAM_MODULE,
but it must be NGX_HTTP_MODULE because i did intend to add some features to
upstream module. Also I had to change configuration directive
Hello everyone,
Recently for some of our needs on Nginx, I am working to develop a new
module on Nginx. So I have started to develop a test and basic module. My
intention is to call a function before selecting one servers in upstream
section. For this, I set NGX_STREAM_MODULE type. when running
Thanks halozen and Francis. Knowing where to read in the manual is half the
battle.
I think I will tackle combining the iredmail code into my own website since
at the moment I only have one domain I am going to put on this server.
With flexibility comes head scratching. It seems like nginx has t
On Fri, May 01, 2015 at 08:50:51PM -0400, gariac wrote:
Hi there,
> I think I failed to explain my problem correctly. It seems to me whatever I
> do for the test would be on the server side, not client side. Studying your
> reply, I think your solution maps domain.com to ipaddress (do
ot; wrote:
> I think I failed to explain my problem correctly. It seems to me whatever I
> do for the test would be on the server side, not client side. Studying your
> reply, I think your solution maps domain.com to ipaddress (dotted quad)
> from
> the client side. What I need
I think I failed to explain my problem correctly. It seems to me whatever I
do for the test would be on the server side, not client side. Studying your
reply, I think your solution maps domain.com to ipaddress (dotted quad) from
the client side. What I need to do is have the one ip address I have
On Tue, Apr 28, 2015 at 08:17:42PM -0400, gariac wrote:
Hi there,
> Iredmail puts its html in /var/www. I put a test page in /var/www2 and
> added a location line to point to it, but I'm confused on how to set this up
> since it is like hosting two websites at the same IP addres
e an ip address for the server, I am able to test the email
> service. [Only email to accounts on the server since the MX record still
> goes to the old hosting company,] Iredmail has a web based mail manager, so
> it has associated html code.
>
> Iredmail puts its html in /var/www.
I have an existing website at a hosting service. I have contracted with a
virtual server company and have installed iredmail, which in turn installs
nginx, [Oddly, Appache2 as well, though probably not relevant.]
Since I have an ip address for the server, I am able to test the email
service
I tried siege a lot, but could never get it to really use all cores on the
server, I found the tool wrk much more useful for load testing.
On Mar 18, 2015 2:31 AM, "halozen" wrote:
> 2 nginx 1.4.6 web servers - ocfs cluster, web root inside mounted LUN
> from SAN storage
> 2 MariaDB 5.5 servers -
Have you checked the socket level, and checking kernel log on all 3
servers (nginx and load balancer) meanwhile doing the test?
It could be that for some reason you reach a limit really fast (We had
an issue that we reached the nf_conntrack limit at 600 concurrent users
because we had like 170
2 nginx 1.4.6 web servers - ocfs cluster, web root inside mounted LUN
from SAN storage
2 MariaDB 5.5 servers - galera cluster, different network segment than
nginx web servers
nginx servers each two sockets quad core xeon, 128 gb ram
Load balanced via F5 load balancer (round-robin, http performanc
...@ehibbert.org.uk>>
Reply-To: "nginx@nginx.org<mailto:nginx@nginx.org>"
mailto:nginx@nginx.org>>
Date: Thursday, January 8, 2015 at 4:00 PM
To: "nginx@nginx.org<mailto:nginx@nginx.org>"
mailto:nginx@nginx.org>>
Subject: Re: HTTPS Load Test
Bombard
Bombard is a useful wrapper round siege.
I've had trouble using siege with more than a couple of thousand
connections - crashes with buffer overflow. I've not tried to debug this
yet but would be interested in other people's experiences.
On Thu, Jan 8, 2015 at 10:16 AM, basti wrote:
> You can
You can try "siege".
In the past I have take the access log to create a list of urls to be
used by siege.
Regards,
Basti
On 08.01.2015 11:06, Das, Jagannath wrote:
> Hi Folks,
>I am trying to get some performance numbers on nginx by sending
> HTTP and HTTPS requests. My aim is to check the
Hi Folks,
I am trying to get some performance numbers on nginx by sending HTTP and
HTTPS requests. My aim is to check the ratio of CPU usage, connections/sec
across HTTP and HTTPS requests.
In the process, I need to verify certain certificates/keys needed for SSL . Are
there any tools whic
Hey,
> just Checked opensslv.h, and to the different in 2.0.1 from 2.0.0:
>
> # Define LIBRESSL_VERSION_NUMBER 0x2000L
> # Define OPENSSL_VERSION_NUMBER 0x2000L
They've added this as a way to differentiate between OpenSSL and LibreSSL.
> i dont know whens Changing What Happens
> # Define
Hello!
On Tue, Jul 15, 2014 at 02:17:02AM -0700, Piotr Sikora wrote:
> Hey,
>
> > # Summary
> >
> > It works.
>
> ...only with versions older than nginx-1.7.0, you need a small patch
> (attached) in order to compile nginx-mainline against LibreSSL,
> because LibreSSL developers decided that Lib
Piotr Sikora Wrote:
---
> Hey,
>
> > # Summary
> >
> > It works.
>
> only with versions older than nginx-1.7.0, you need a small patch
> (attached) in order to compile nginx-mainline against LibreSSL,
> because LibreSSL developers decided th
Hey,
> # Summary
>
> It works.
...only with versions older than nginx-1.7.0, you need a small patch
(attached) in order to compile nginx-mainline against LibreSSL,
because LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0...
I didn't send this patch to nginx-devel@ yet, because I'm still
updated: static version and new perftests included
https://www.mare-system.de/blog/page/1405201517/
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251718,251760#msg-251760
___
nginx mailing list
nginx@nginx.org
http://mail
Hello!
On Mon, Jul 14, 2014 at 08:30:00AM -0400, mex wrote:
> >
> > Just a quick comment: OpenSSL's libs under ".openssl/" isn't a
> > result of OpenSSL's behaviour, but rather a result of "make
> > install" nginx calls (and the ".openssl" install prefix it
> > instructs OpenSSL to use).
> >
e we can have a --with-libressl=/path/to/libressl
or something more generic soon? i think
libressl/boringssl are here to stay
> > # Summary
> >
> > It works.
> >
> > While it is not recommended to substitude OpenSSL with LibreSSL in
> this
> > early stage,
(and the ".openssl" install prefix it
instructs OpenSSL to use).
> # Summary
>
> It works.
>
> While it is not recommended to substitude OpenSSL with LibreSSL in this
> early stage, i wanted to test if it is possible. And it is. There are no
> functional or perform
https://www.mare-system.de/blog/page/1405201517/
# Summary
It works.
While it is not recommended to substitude OpenSSL with LibreSSL in this
early stage, i wanted to test if it is possible. And it is. There are no
functional or performance-issues, as far as i can test, and building nginx
thanx, nice tool!
i integrated this into our ssl-guide
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#testing-ssl-setups
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,248997,249000#msg-249000
___
nginx mailing list
nginx@nginx.or
There is also cipherscan by Julien Vehent (with a bunch of patches by mzeltner
and me).
https://github.com/mzeltner/cipherscan
Original repo doesn't yet include our pull request
https://github.com/jvehent/cipherscan
It works with any *nix or *tux with OpenSSL. (Tested with Debian, OS X, Solari
web: https://testssl.sh/
repo: https://bitbucket.org/nginx-goodies/testssl.sh
testssl.sh is a free Unix command line tool which checks a server's service
on any port for the support of TLS/SSL ciphers, protocols as well as some
cryptographic flaws.
It's designed to provide clear output for a "
90 matches
Mail list logo
