2010年3月31日星期三

apache .htaccess rewrite

hey Guys,

I cant seem to figure out why I cant properly convert this from apache
to nginx, any help would be appreciated... ive tried a dozen times but
it just will not function as expected.

---

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

# URL PATTERN for sitetown

# Main -> Category
# http://www.site.com/category-name/
RewriteRule ^([A-Za-z0-9\-]+)/([0-9]+).html$
results.php?category_id=$2&category=$1 [L]

#New and Improved witht the .html support!
RewriteRule ^([A-Za-z0-9\-]+)/([0-9]+)/([0-9]+)/([A-Za-z0-9\-]+).html$
details.php?pid=$2&pkey=$3&category=$1&title=$4 [L]

RewriteRule ^(.*).html$ $1.php


thanks in advance
payam

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Nginx+FCGI vs Nginx+Reverse Proxy, which is better when delivery big files?

Hi:
Anyone benchmark that? I need deploy a PSGI(Perl app) behind nginx, now, there's two options:

1. Perl app deployed as FastCGI application, connect to nginx.
2. Perl app deployed as standalone PSGI web server, and nginx reverse proxy to it.

Notice, the perl application is read BIG file( size > 30mb) from db and delivery to client, so I can't to cache(like proxy_cache)
the request file. So, in this case, which solution is better ? any advice?

Nginx is event based, so is the FastCGI should be non-blocking?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,70082,70082#msg-70082


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Nginx - Match Client Language

Maxim Dounin wrote:
> Hello!
>
> On Wed, Mar 31, 2010 at 01:22:56PM -0700, Payam Chychi wrote:
>
>
>> Hi Guys,
>>
>> Anyone know what variable to search for and match against
>> User/Client Browser Language?
>> Say i want to drop everyone that has browser lang set to US or something.
>>
>> Thanks in advance, i should be able to figure this out but i cant
>> recall which $var holds this data... did not work with user-agent
>> obviously heh
>>
>
> http://tools.ietf.org/html/rfc2616#section-14.4
> http://wiki.nginx.org/NginxHttpCoreModule#.24http_HEADER
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>

As always, you are awesome! thanks Maxim

-Payam


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Nginx - Match Client Language

Hello!

On Wed, Mar 31, 2010 at 01:22:56PM -0700, Payam Chychi wrote:

> Hi Guys,
>
> Anyone know what variable to search for and match against
> User/Client Browser Language?
> Say i want to drop everyone that has browser lang set to US or something.
>
> Thanks in advance, i should be able to figure this out but i cant
> recall which $var holds this data... did not work with user-agent
> obviously heh

http://tools.ietf.org/html/rfc2616#section-14.4
http://wiki.nginx.org/NginxHttpCoreModule#.24http_HEADER

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Nginx - Match Client Language

Hi Guys,

Anyone know what variable to search for and match against User/Client
Browser Language?
Say i want to drop everyone that has browser lang set to US or something.

Thanks in advance, i should be able to figure this out but i cant recall
which $var holds this data... did not work with user-agent obviously heh

Thanks
Payam


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

> I am referring to Subject II: Urls and Redirects (page no 20).

I don't see anything there that says that "www.google.com" and
"www.google.com/" are different for search engines.

> Also here is another example from Matt Cutt's blog -
> http://www.mattcutts.com/blog/seo-advice-url-canonicalization/#comment-8260
> I have seen this being mentioned on some other forums too. A quick
> google search lists a lot of discussions -
> http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=trailing+slash+seo

This is just some random stuff you can find on the Internet.
It doesn't mean that there is any science, research or knowledge behind it.

And on top of that, you're missing one important thing:
"http://www.google.com/something" translates to "/something",
"http://www.google.com/something/" translates to "/something/",
but both:
"http://www.google.com" and "http://www.google.com/" translate to "/".

Best regards,
Piotr Sikora < piotr.sikora@frickle.com >


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

Hello!

On Wed, Mar 31, 2010 at 06:17:23PM +0200, Prateek Dayal wrote:

> > What point are you exactly referring to?
>
> I am referring to Subject II: Urls and Redirects (page no 20). Also here

It's all about directories, not about root. Feel the difference.

> is another example from Matt Cutt's blog -
> http://www.mattcutts.com/blog/seo-advice-url-canonicalization/#comment-8260

It's about presentation, nothing more.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

Hello!

On Wed, Mar 31, 2010 at 03:52:22PM +0200, Prateek Dayal wrote:

> > Yes, "http://localhost" and "http://localhost/" are identical from
> > HTTP point of view. It's up to your browser to show it one or
> > another way.
>
> Thanks for the reply. I understand what you are saying but from a search
> engine point of view, they are two different urls. In fact I am making
> this change after reading this in the google reportcard -
> http://googlewebmastercentral.blogspot.com/2010/03/googles-seo-report-card.html

Again: "http://localhost" and "http://localhost/" are identical.
Always. There is no difference. It's the same as
"http://example.com:80/" and "http://example.com/". Port defaults
to 80, path defaults to "/".

I personally think that it's better to write with trailing slash
as it's in line with directory links ("http://example.com/dir" ->
"http://example.com/dir/", as they are in fact different). But
it's completely presentational, nothing more.

> So assuming that I want http://localhost to 301 redirect to
> http://localhost/, how do I go about doing it?

You can't do anything. Server don't see if there was "/" or not
in the original URL, it always get request with "/". RFC 2616
explicitly requires "/" if there are no path:

http://tools.ietf.org/html/rfc2616#section-5.1.2

: ... Note that the absolute path
: cannot be empty; if none is present in the original URI, it MUST be
: given as "/" (the server root).

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

> What point are you exactly referring to?

I am referring to Subject II: Urls and Redirects (page no 20). Also here
is another example from Matt Cutt's blog -
http://www.mattcutts.com/blog/seo-advice-url-canonicalization/#comment-8260

I have seen this being mentioned on some other forums too. A quick
google search lists a lot of discussions -
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=trailing+slash+seo

Thanks
Prateek

>
>> So assuming that I want http://localhost to 301 redirect to
>> http://localhost/, how do I go about doing it?
>
> You can't do that. Both request are for "/".
>
> Best regards,
> Piotr Sikora < piotr.sikora@frickle.com >

--
Posted via http://www.ruby-forum.com/.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Alias in Nginx

Hello!

On Wed, Mar 31, 2010 at 11:25:58AM -0400, Michel Vega Fuenzalida wrote:

> Hello List, sorry my english,
>
> I would like do like in Apache is make: "Alias /pepe /usr/share/pepe"
> Who I can do it in Nginx?

Use this:

location /pepe {
root /usr/share;
}

In case uri prefix doesn't match directory name, e.g. "Alias /pepe
/usr/share/something-else", one should use this:

location /pepe {
alias /usr/share/something-else;
}

It is possible to use "alias" in your case too, but variant with
"root" is a bit more efficient.

See here for details:

http://wiki.nginx.org/NginxHttpCoreModule#location
http://wiki.nginx.org/NginxHttpCoreModule#root
http://wiki.nginx.org/NginxHttpCoreModule#alias

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Alias in Nginx

Hello List, sorry my english,

I would like do like in Apache is make: "Alias /pepe /usr/share/pepe"
Who I can do it in Nginx?

Thank for all.

--
Usemos el Software Libre "Con todos y para el bien de todos"
José Martí, 26 de noviembre de 1891, Tampa.

Lic. Michel Vega Fuenzalida. Usuario Linux: 353763
Coordinador del Grupo Linux Pinero
Administrador de Red
Hospital General Docente "Héroes de Baire",
Nueva Gerona, Isla de la Juventud, Cuba.

Teléfono: +53 46 323012.

--

Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

> Thanks for the reply. I understand what you are saying but from a search
> engine point of view, they are two different urls. In fact I am making
> this change after reading this in the google reportcard -
> http://googlewebmastercentral.blogspot.com/2010/03/googles-seo-report-card.html

What point are you exactly referring to?

> So assuming that I want http://localhost to 301 redirect to
> http://localhost/, how do I go about doing it?

You can't do that. Both request are for "/".

Best regards,
Piotr Sikora < piotr.sikora@frickle.com >


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

>
> Yes, "http://localhost" and "http://localhost/" are identical from
> HTTP point of view. It's up to your browser to show it one or
> another way.

Thanks for the reply. I understand what you are saying but from a search
engine point of view, they are two different urls. In fact I am making
this change after reading this in the google reportcard -
http://googlewebmastercentral.blogspot.com/2010/03/googles-seo-report-card.html

So assuming that I want http://localhost to 301 redirect to
http://localhost/, how do I go about doing it?

Thanks
Prateek
--
Posted via http://www.ruby-forum.com/.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Add slash to the base url

Hello!

On Wed, Mar 31, 2010 at 03:34:51PM +0200, Prateek Dayal wrote:

[...]

> requests. Urls such as http://localhost/anything are redirected to
> http://localhost/anything/ but I am not able to redirect
> http://localhost to http://localhost/
>
> Am I missing something?

Yes, "http://localhost" and "http://localhost/" are identical from
HTTP point of view. It's up to your browser to show it one or
another way.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Add slash to the base url

Hi,

I am trying to add a trailing slash to every url and I have been able to
[almost] achieve that with this rule

if ($request_method ~* get){
rewrite ^(.*[^/])$ $1/ permanent;
}

The if condition is to prevent redirection of POST requests to GET
requests. Urls such as http://localhost/anything are redirected to
http://localhost/anything/ but I am not able to redirect
http://localhost to http://localhost/

Am I missing something?

Thanks
Prateek Dayal
--
Posted via http://www.ruby-forum.com/.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Nginx as Proxy and IP forwarding

Thank you kindly gentlemen. That what I assumed, and was really just looking for confirmation.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,68228,69780#msg-69780


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: repeat requests

On Wed, Mar 31, 2010 at 4:37 AM, Ryan Malayter <malayter@gmail.com> wrote:
On Mon, Mar 29, 2010 at 4:28 PM, matthieu Labour
<matthieu.labour@gmail.com> wrote:
> Hi
>
> I am new to nginx.
>
> Can i use nginx to repeat / duplicate incoming requests ...? I understand
> that I can use nginx to load balance ... but in my use case, i need to
> duplicate the request. The incoming request should be routed to server0 AND
> server1. Is it possible with nginx? Thank you for your help
> matt

Assuming such a thing were possible, what could you sensibly do with
two responses to the same request? Send only the first one to the
client? Compare if they are different and send an error if they are?

Or do you want to send only POSTS to multiple back-end systems to keep
them in sync somehow (not a reliable mechanism, as you will miss loads
of requests when a back-end is down)?


I tought as well the idea was pretty unusual, as it's twice the work and you usually want to do as less as possible!
Anyway, depending on load, expected availability, if it' a proof of concept or something like that, I'd work on a minimal, self rolled "duplexing proxy"... a minimal version should be < 100 lines of ruby or similar languages....but it really depends a lot on what's needed.
If the idea was instead just that of benchmarking two different versions of some service, I'd rather record the requested urls and then play them back to different backends.

Bye

Re: Rewrite module and secure download

Interesting post dude....discussion are always helpful in one way or the other. Thanks for giving out information. It's really nice and mean full.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,30777,69747#msg-69747


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: 关于nginx的proxy的疑问

Hello!

On Wed, Mar 31, 2010 at 10:28:14AM +0800, 杨廷勇 wrote:

> 大家好。
> 请问nginx的proxy有没有类似mail proxy的功能,写一个程序来查询主机名所在的后端服务器的IP,然后自动的proxy到对应的后端服务器上。
>
> 谢谢

It's English mailing list. You may want to re-post your question
in English if you want to get answer.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: how to setup nginx as reverse proxy + tomcat ssl

kaiyuan at 2010-3-31 17:40 wrote:
> hi,axim Dounin
> that is a good idea.
> thank you very much
Maybe you can use my developing nginx_tcp_proxy_module:
http://github.com/yaoweibin/nginx_tcp_proxy_module
It should be helpful.

--
Weibin Yao


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: IBM Lotus Domino - reverse proxy - do not cache if authenticated web user (based on cookie)

> What cache-control headers does the back-end domino set? You can see
> this with a tool like fiddler or Firebug... that makes all the
> difference in how you need to configure nginx to override its behavior
> if it is undesirable.

Unfortunately, Domino is sort of braind dead, no cache-control unless you make your application to give them. AFAIK.
 
> If all of the domino stuff is under a small set of URLs, you can
> simply add a location for those that does not have "proxy_cache one;"
> which is far simpler than trying to override the back-end's
> cache-control headers. This means you will need to move your
> "proxy_cache one;" from the http block to any inner location blocks
> that need caching.

Unfortunately, there is no easy way to do that, no small set, and urls are pretty dynamics, well, also application based, so one application can have very different url set than some other application. Its pretty pain, because there are no direct way to know which is application and which is admin functions, etc, because it really depends much how application is coded.

> I do not think proxy_* directives are valid inside an "if" block. Did
> you try it?

Yep, you are right, you cant have them on if-block.

Basicly currently if you have IBM Lotus Domino backends, you cant use proxy_cache, which sucks, because those applications do use lots of upstream resources, and which by using even small caches can be reduced much... Basicly you have to disable caching if you want your web pages to behave without problems.

I dont have lots of ideas how to fix, but what if it was possible to disable nginx caching based if user has some cookie set, i mean as if there was no proxy_cache variables set at all, so it always did fetch data from upstream if certain cookie is on. Is this even possible to code on nginx? Unfortunately my C coding skills are somewhat not-exists. Because Domino sets session cookie when user is authenticated, that way nginx would know if user is anonymous or some authenticated user that is prob. doing some updates, like new docs, etc. to domino application, so it whould prob. be anyway not to cache hes content...


Terveisin/Regards,
  Pekka Panula, Sofor Oy - Jatkuvat palvelut

Re: how to setup nginx as reverse proxy + tomcat ssl

hi,axim Dounin
that is a good idea.
thank you very much!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69690,69718#msg-69718


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: how to setup nginx as reverse proxy + tomcat ssl

Hello!

On Wed, Mar 31, 2010 at 04:09:42AM -0400, kaiyuan wrote:

[...]

> My questions are
> Can I have an SSL from Client to Nginx and another between
> Nginx and Tomcat ,nginx verify the client certificate,and
> also transfer the client certificate to tomcat,tomcat also
> verify the client certificate.
>
> if nginx can do this,how to setup.Can someboby give me an
> correct nginx.conf for this?

This is not possible. To "transfer" client certificate one have
to be able to access certificate's private key. Moreover, nginx
currently doesn't support using client certificates in proxy
connections at all.

You may want to pass results of client cert verification
($ssl_client_s_dn and so on) from nginx to tomcat in http headers
instead. See here for details:

http://wiki.nginx.org/NginxHttpSslModule#Built-in_variables
http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: hiding the identity of nginx

Hi Nuno,

Thank you for the tip on error pages, I am fairly new to nginx from
apache, and now I totally sold. I will never go back unless I have to.

regards

Huet

On Tue, 2010-03-30 at 10:11 +0100, Nuno Magalhães wrote:
> On Tue, Mar 30, 2010 at 09:42, huet bartels <hbartels@i-neda.com> wrote:
> > Dear All.
> >
> > Have managed to check the following files to change the identity of
> > nginx to another string, plus the footer section of the error pages.
>
> It would be easier (and more useful) to personalize your error pages.
> For instance:
> error_page 404 /40x.html;
> location = /40x.html {
> root /var/www/nginx-default/default;
> }
>
> > But when I looked at the headers via firefox the images where still
> > showing nginx as the server. Where else would I need to change this in
> > the source to completely hide the string nginx from the public
>
> The "Server: " header is what you're looking for. I'm not sure if
> that's mandatory by some RFC, but you'd have to dig into other files.
> If you search the archive you might find a 'patch' somewhere - whether
> it still applies for current versions i don't know.
>


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: hiding the identity of nginx

Hi Georgi,

Thanks for the pointer to the module I will give it a try.

regards

Huet
On Tue, 2010-03-30 at 21:10 +0300, Georgi Hristozov wrote:
> On 03/30/2010 11:42 AM, huet bartels wrote:
> > Dear All.
> >
> > Have managed to check the following files to change the identity of
> > nginx to another string, plus the footer section of the error pages.
> >
> > This seems to of work for the most part by changing the following files.
> >
> > src/http/ngx_http_header_filter_module.c
> > src/http/ngx_http_special_response.c
> >
> > But when I looked at the headers via firefox the images where still
> > showing nginx as the server. Where else would I need to change this in
> > the source to completely hide the string nginx from the public
> >
> > thank you in advance
> >
> > Huet
> >
> >
> >
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://nginx.org/mailman/listinfo/nginx
> >
> Hi,
>
> Try this module:
> http://wiki.nginx.org/NginxHttpHeadersMoreModule
>
> /gh
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

how to setup nginx as reverse proxy + tomcat ssl

Hey guys,

I am totally new to Nginx, I need some advice with my reverse proxy setup.

This is what i am trying to set up. Client(commit a client cert)<========>| Nginx (reverse proxy with ssl)|<========>Tomcat (with SSL and clientAuth=true)


Follow is my nginx.conf,but it don't work.The messge from nginx logs:
2010/04/01 15:18:53 23771#0: *51 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate) while SSL handshaking to upstream, client: 192.168.2.225, server: localhost, request: "GET /prepayms/ HTTP/1.1", upstream: "https://192.168.2.33:18444/prepayms/", host: "192.168.2.48:48443"

nginx.conf:

upstream backssl{
server 192.168.2.33:18444;

}# HTTPS server

server {
listen 48443 default ssl;
server_name localhost;


ssl on;

ssl_client_certificate /home/newprepay/ca/ca-cert.pem;
ssl_certificate /home/newprepay/server/server-cert.pem;
ssl_certificate_key /home/newprepay/server/server.key;
ssl_session_timeout 5m;
ssl_verify_client on;
ssl_verify_depth 12;
ssl_session_cache builtin:1000 shared:SSL:10m;


ssl_protocols TLSv1 SSLv2 SSLv3;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSlv3:+EXP;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass https://backssl;


My questions are
Can I have an SSL from Client to Nginx and another between Nginx and Tomcat ,nginx verify the client certificate,and also transfer the
client certificate to tomcat,tomcat also verify the client certificate.

if nginx can do this,how to setup.Can someboby give me an correct nginx.conf for this?

Thank You,
kaiyuan

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69690,69690#msg-69690


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

2010年3月30日星期二

Re: Reverse Proxy Cache Setup

On Mon, Mar 29, 2010 at 1:29 PM, royo <nginx-forum@nginx.us> wrote:
> The app sets "Cache-Control: private" right now for everyone,
> and with the following setup even users that are not logged in
> receive a fresh copy of the page every time. The said cookie
> is set when logging in to the domain xyz.com(not actual
> domain) as well as other cookies but when using the nginx
> proxy only the other cookies are set and the logmein cookie
> isn't visible.

If nginx can see one cookie for /, it should see them all unless it is
scoped improperly. Have you used fiddler or Firebug to be sure that
the cookie isn't ebing set and passed?

Secondly, if the back-end is setting Cache-Control: private, then
nginx will obey and not cache anything. Changing the back-end to set
"Cache-Control: public,max-age=3600" or whatever is the easiest route.

If you can't do that, you can do something like this with "if" and
rewrite, to a location that does not use the cache at all for logged
in user requests. $http_cookie_logmein should be accessible for such
requests, you can echo it back for debuggin using:

add_header "X-Logmein-Received" $http_cookie_logmein

Once again, debugging with Fiddler or Firebug will let you see these
headers and work out the kinks.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: repeat requests

On Mon, Mar 29, 2010 at 4:28 PM, matthieu Labour
<matthieu.labour@gmail.com> wrote:
> Hi
>
> I am new to nginx.
>
> Can i use nginx to repeat / duplicate incoming requests ...? I understand
> that I can use nginx to load balance ... but in my use case, i need to
> duplicate the request. The incoming request should be routed to server0 AND
> server1. Is it possible with nginx? Thank you for your help
> matt

Assuming such a thing were possible, what could you sensibly do with
two responses to the same request? Send only the first one to the
client? Compare if they are different and send an error if they are?

Or do you want to send only POSTS to multiple back-end systems to keep
them in sync somehow (not a reliable mechanism, as you will miss loads
of requests when a back-end is down)?


--
RPM

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

关于nginx的proxy的疑问

大家好。
       请问nginx的proxy有没有类似mail proxy的功能,写一个程序来查询主机名所在的后端服务器的IP,然后自动的proxy到对应的后端服务器上。

谢谢


Re: A few basic questions

On Mon, Mar 29, 2010 at 10:47 AM, David Miller <dmil.ng1nx@metheus.org> wrote:
> Hi All;
>
> The company I work for is moving to a drupal content management system.  We
> expect to install a caching reverse proxy between the drupal servers and the
> Internet.  I'm looking into nginx and varnish for that role.

nginx is generally used to speed up php with fastcgi, good idea with drupal
varnish won't speed up server performance in the same way but will
help with scale, and is excellent when combined with nginx

>
> There's no question nginx provides for at least a basic high-speed caching
> reverse proxy, but I'd appreciate input from people using it with regards to
> these features:
>
> 1) Flexible health-checks of back-end web servers.  Can I configure nginx to
> accept a 503, for example, as an acceptable return code?  Can I specify a
> different health-check page for each back-end server?

I know varnish has configurable health checks, more relevant to see
how nginx is doing.

> 2) Flexibility in load balancing.  Can I specify anything other than
> round-robin?  Least connections, lowest load, that sort of thing?

Priority is assignable, and health checks remove servers from the pool
in varnish.

> 3) Ability to purge or invalidate selected pages.  For example, a user logs
> in and updates a page that's currently cached.  Can I remove/overwrite that
> particular page in an nginx caching proxy?

nginx and varnish update on any change; varnish can be set to cache
longer to delay updates, not sure about nginx.

> 4) Any other words of wisdom regarding nginx vs varnish?

nginx is a better server; it will run your php app the best. varnish
is a better cache to override server settings and direct client
browsers better.

Stef

---
Stefan Caunter
toll-free: +1 800 224 0192
Skype: stefan.caunter

http://mapguy.ca

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: hiding the identity of nginx

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuyPocACgkQ4cs+z0WlFzXWfgCgwVF2ig0VyF63dQhTkSNe44Ej
ITUAn0AmnNbnyGQkp0ut0Cn0MTrHUdIp
=CmnJ
-----END PGP SIGNATURE-----
On 03/30/2010 11:42 AM, huet bartels wrote:
> Dear All.
>
> Have managed to check the following files to change the identity of
> nginx to another string, plus the footer section of the error pages.
>
> This seems to of work for the most part by changing the following files.
>
> src/http/ngx_http_header_filter_module.c
> src/http/ngx_http_special_response.c
>
> But when I looked at the headers via firefox the images where still
> showing nginx as the server. Where else would I need to change this in
> the source to completely hide the string nginx from the public
>
> thank you in advance
>
> Huet
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
Hi,

Try this module:
http://wiki.nginx.org/NginxHttpHeadersMoreModule

/gh

Re: IBM Lotus Domino - reverse proxy - do not cache if authenticated web user (based on cookie)

On Tue, Mar 30, 2010 at 2:58 AM, <Pekka.Panula@sofor.fi> wrote:
> Hi
>
> My backend is IBM Lotus Domino and its HTTP task. I have application that
> has admin panel thats been used with end-user's browser.
> Currently i am using cache but that admin panel goes crazy because of
> caching. So, goal is to prevent caching if user is authenticated.
> IBM Lotus Domino uses Cookie named DomAuthSessId which has session id.
>
> So on global level i have configured:


What cache-control headers does the back-end domino set? You can see
this with a tool like fiddler or Firebug... that makes all the
difference in how you need to configure nginx to override its behavior
if it is undesirable.

If all of the domino stuff is under a small set of URLs, you can
simply add a location for those that does not have "proxy_cache one;"
which is far simpler than trying to override the back-end's
cache-control headers. This means you will need to move your
"proxy_cache one;" from the http block to any inner location blocks
that need caching.

Also, this line "proxy_cache_valid any 1m;" looks like it could be
problematic if the back-end isn't setting cache-control headers at
all. You're basically saying "cache everything for at least a minute"
with that line, which you clearly do not want.

> Would this work if i do something like this?
>
>   location / {
>       # if authenticated domino user, disable cache
>       if ($http_cookie ~* "DomAuthSessId") {
>          proxy_cache_valid  200 302 304 none;
>          proxy_cache_valid  301 none;
>       }
>       proxy_pass http://some.ip.add.ress
>  }
>

I do not think proxy_* directives are valid inside an "if" block. Did
you try it?


--
RPM

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling (wiki broken)

Okay, it is fixed.

Cliff

On Tue, 2010-03-30 at 14:43 +0400, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 30, 2010 at 02:06:51AM -0700, Mark Maunder wrote:
>
> > I tried to update the documentation to add an explanation of the
> > 'updating' parameter of proxy_cache_use_stale but it appears to have
> > broken the entire documentation page on the proxy module after I
> > saved my changes to the wiki. It's now blank:
> >
> > http://wiki.nginx.org/NginxHttpProxyModule
> >
> > When I hit save the wiki server sent me an index.php file that my
> > browser wanted to save to disk (incorrect mime type set). I tried
> > several times to re-save or cancel my edit but same result.
>
> Cliff, could you please take a look what's going wrong? Wiki just
> closes connection on some pages (including the mentioned one).
>
> Maxim Dounin
--
http://www.google.com/search?q=vonage+sucks


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling (wiki broken)

On Tue, 2010-03-30 at 14:43 +0400, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 30, 2010 at 02:06:51AM -0700, Mark Maunder wrote:
>
> > I tried to update the documentation to add an explanation of the
> > 'updating' parameter of proxy_cache_use_stale but it appears to have
> > broken the entire documentation page on the proxy module after I
> > saved my changes to the wiki. It's now blank:
> >
> > http://wiki.nginx.org/NginxHttpProxyModule
> >
> > When I hit save the wiki server sent me an index.php file that my
> > browser wanted to save to disk (incorrect mime type set). I tried
> > several times to re-save or cancel my edit but same result.
>
> Cliff, could you please take a look what's going wrong? Wiki just
> closes connection on some pages (including the mentioned one).

Hm, I stand corrected, there's still an issue. I'll report back when
it's resolved.

Cliff

> Maxim Dounin
--
http://www.google.com/search?q=vonage+sucks


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling (wiki broken)

On Tue, 2010-03-30 at 14:43 +0400, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 30, 2010 at 02:06:51AM -0700, Mark Maunder wrote:
>
> > I tried to update the documentation to add an explanation of the
> > 'updating' parameter of proxy_cache_use_stale but it appears to have
> > broken the entire documentation page on the proxy module after I
> > saved my changes to the wiki. It's now blank:
> >
> > http://wiki.nginx.org/NginxHttpProxyModule
> >
> > When I hit save the wiki server sent me an index.php file that my
> > browser wanted to save to disk (incorrect mime type set). I tried
> > several times to re-save or cancel my edit but same result.
>
> Cliff, could you please take a look what's going wrong? Wiki just
> closes connection on some pages (including the mentioned one).

It should be fixed now. The VE was running out of tcp sockets.

Regards,
Cliff

> Maxim Dounin
--
http://www.google.com/search?q=vonage+sucks


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Webdav upload and wrong modify time stamp (0.7.65, 0.8.34)

Dnia 2010-03-30, wto o godzinie 15:34 +0400, Maxim Dounin pisze:
> > I noticed that uploading file (webdav) when client_body_temp_path and
> > document root are on different partitions sets access and modify time
> > stamps to 1970-01-01 instead of valid time. It works fine if
> > client_body_temp_path and document root are on the same partition.
> Try the attached patch.
Works great!


Best regards,
--
Marcin Engelmann

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Webdav upload and wrong modify time stamp (0.7.65, 0.8.34)

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1269948739 -14400
# Node ID a2efd44b2c85c90e88a8470f33a9da4fe21c7b85
# Parent 175b534ae706140c4b8581aac8a9c04493c6cb8d
Core: fix file time on ngx_copy_file().

Don't try to set file time if we don't have it.

diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c
--- a/src/core/ngx_file.c
+++ b/src/core/ngx_file.c
@@ -762,10 +762,12 @@ ngx_copy_file(u_char *from, u_char *to,
size -= n;
}

- if (ngx_set_file_time(to, nfd, cf->time) != NGX_OK) {
- ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
- ngx_set_file_time_n " \"%s\" failed", to);
- goto failed;
+ if (cf->time != -1) {
+ if (ngx_set_file_time(to, nfd, cf->time) != NGX_OK) {
+ ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
+ ngx_set_file_time_n " \"%s\" failed", to);
+ goto failed;
+ }
}

rc = NGX_OK;
Hello!

On Tue, Mar 30, 2010 at 01:16:00PM +0200, Marcin Engelmann wrote:

> I noticed that uploading file (webdav) when client_body_temp_path and
> document root are on different partitions sets access and modify time
> stamps to 1970-01-01 instead of valid time. It works fine if
> client_body_temp_path and document root are on the same partition.

Try the attached patch.

Maxim Dounin

Webdav upload and wrong modify time stamp (0.7.65, 0.8.34)

Hello,

I noticed that uploading file (webdav) when client_body_temp_path and
document root are on different partitions sets access and modify time
stamps to 1970-01-01 instead of valid time. It works fine if
client_body_temp_path and document root are on the same partition.

I tested nginx 0.7.65 and 0.8.34, both on Debian lenny.


1. Test partition: ext3, default mount options
# mount -o defaults -t ext3 /dev/sda3 /home/nginx-test


2. client_body_temp_path and document root on different partitions
root /home/nginx-test/upload
client_body_temp_path /tmp

# curl -T test.txt http://127.0.0.1:8080/test.txt
# stat /home/nginx-test/upload/test.txt
File: `/home/nginx-test/upload/test.txt'
Size: 5 Blocks: 8 IO Block: 4096 regular file
Device: 803h/2051d Inode: 22896642 Links: 1
Access: (0640/-rw-r-----) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 1970-01-01 00:59:59.000000000 +0100
Modify: 1970-01-01 00:59:59.000000000 +0100
Change: 2010-03-30 10:53:22.000000000 +0200

Wrong access and modify.


3. client_body_temp_path and document root on the same partition
root /home/nginx-test/upload
client_body_temp_path /home/nginx-test/tmp

# curl -T test.txt http://127.0.0.1:8080/test2.txt
# stat /home/nginx-test/upload/test2.txt
File: `/home/nginx-test/upload/test2.txt'
Size: 5 Blocks: 8 IO Block: 4096 regular file
Device: 803h/2051d Inode: 15564807 Links: 1
Access: (0640/-rw-r-----) Uid: ( 33/www-data) Gid: ( 33/www-data)
Access: 2010-03-30 10:57:28.000000000 +0200
Modify: 2010-03-30 10:57:28.000000000 +0200
Change: 2010-03-30 10:57:28.000000000 +0200

Access and modify are OK.


4. My nginx.conf
user www-data;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log;

events {
}

http {
server {
listen 127.0.0.1:8080;
access_log /var/log/nginx/access.log;
root /home/nginx-test/upload;

client_max_body_size 4g;
create_full_put_path on;
client_body_temp_path /home/nginx-test/tmp;
# client_body_temp_path /tmp;
dav_methods PUT DELETE MKCOL MOVE;
dav_access user:rw group:r;
}
}


Best regards,
--
Marcin Engelmann

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling (wiki broken)

Hello!

On Tue, Mar 30, 2010 at 02:06:51AM -0700, Mark Maunder wrote:

> I tried to update the documentation to add an explanation of the
> 'updating' parameter of proxy_cache_use_stale but it appears to have
> broken the entire documentation page on the proxy module after I
> saved my changes to the wiki. It's now blank:
>
> http://wiki.nginx.org/NginxHttpProxyModule
>
> When I hit save the wiki server sent me an index.php file that my
> browser wanted to save to disk (incorrect mime type set). I tried
> several times to re-save or cancel my edit but same result.

Cliff, could you please take a look what's going wrong? Wiki just
closes connection on some pages (including the mentioned one).

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Limit to IP, redirect all others to alternate site?

Actually, just saw that error_page can take a URL as an argument.
Changed to the following:

server {
error_page 403 http://foo.com;
location / {
allow 1.1.1.1;
deny all;
}
}

Works perfectly.

Thanks!


On 30/03/2010 10:36, Phillip Oldham wrote:
> How would I limit a virtual host to a single IP and redirect all other
> IPs to an alternate domain/website? I'm using the http_access module
> to limit IPs which returns a 403, but I'd prefer that nginx return a
> "location" header to bounce visitors to http://foo.com.
>
> At the moment I've got this:
>
> server {
> if ( $remote_addr != 1.1.1.1 ) {
> rewrite ^ http://foo.com last;
> }
>
> location / {
> allow 1.1.1.1;
> deny all;
> }
> }
>
> but that feels quite "hacky". Is there a better format?
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Limit to IP, redirect all others to alternate site?

How would I limit a virtual host to a single IP and redirect all other
IPs to an alternate domain/website? I'm using the http_access module to
limit IPs which returns a 403, but I'd prefer that nginx return a
"location" header to bounce visitors to http://foo.com.

At the moment I've got this:

server {
if ( $remote_addr != 1.1.1.1 ) {
rewrite ^ http://foo.com last;
}

location / {
allow 1.1.1.1;
deny all;
}
}

but that feels quite "hacky". Is there a better format?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: hiding the identity of nginx

On Tue, Mar 30, 2010 at 09:42, huet bartels <hbartels@i-neda.com> wrote:
> Dear All.
>
> Have managed to check the following files to change the identity of
> nginx to another string, plus the footer section of the error pages.

It would be easier (and more useful) to personalize your error pages.
For instance:
error_page 404 /40x.html;
location = /40x.html {
root /var/www/nginx-default/default;
}

> But when I looked at the headers via firefox the images where still
> showing nginx as the server.  Where else would I need to change this in
> the source to completely hide the string nginx from the public

The "Server: " header is what you're looking for. I'm not sure if
that's mandatory by some RFC, but you'd have to dig into other files.
If you search the archive you might find a 'patch' somewhere - whether
it still applies for current versions i don't know.

--
() ascii-rubanda kampajno - kontraŭ html-a retpoŝto
/\ ascii ribbon campaign - against html e-mail

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling (wiki broken)

I tried to update the documentation to add an explanation of the
'updating' parameter of proxy_cache_use_stale but it appears to have
broken the entire documentation page on the proxy module after I saved
my changes to the wiki. It's now blank:

http://wiki.nginx.org/NginxHttpProxyModule

When I hit save the wiki server sent me an index.php file that my
browser wanted to save to disk (incorrect mime type set). I tried
several times to re-save or cancel my edit but same result.

Mark.


Piotr Sikora wrote:
>> He's referring to a cache stampede, when an item in the proxy cache
>> expires and multiple threads simultaneously try to repopulate it
>> causing load spikes and possible locking conditions.
>
> nginx changes status of expired cache items to "UPDATING" for the period
> of time when it fetches new copies. Combine this with
> "proxy_cache_use_stale updating" and "dogpiling" shouldn't be a problem.
>
> Best regards,
> Piotr Sikora < piotr.sikora@frickle.com >
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

hiding the identity of nginx

Dear All.

Have managed to check the following files to change the identity of
nginx to another string, plus the footer section of the error pages.

This seems to of work for the most part by changing the following files.

src/http/ngx_http_header_filter_module.c
src/http/ngx_http_special_response.c

But when I looked at the headers via firefox the images where still
showing nginx as the server. Where else would I need to change this in
the source to completely hide the string nginx from the public

thank you in advance

Huet


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

IBM Lotus Domino - reverse proxy - do not cache if authenticated web user (based on cookie)

Hi

My backend is IBM Lotus Domino and its HTTP task. I have application that has admin panel thats been used with end-user's browser.
Currently i am using cache but that admin panel goes crazy because of caching. So, goal is to prevent caching if user is authenticated.
IBM Lotus Domino uses Cookie named DomAuthSessId which has session id.

So on global level i have configured:

.....
http {

    proxy_cache_path  /usr/share/nginx/cache  levels=1:2   keys_zone=one:10m max_size=1G;
    proxy_temp_path   /usr/share/nginx/tmp;
    proxy_cache_key   "$scheme$host$request_uri";

    proxy_cache_valid 200 302 5m;
    proxy_cache_valid 301 1h;
    proxy_cache_valid any 1m;

     proxy_cache one;

.... and so on

and on virtual server level

server {
   server_name  www.somedomain.fi;
   default_type text/html;
   root         /some/directory;
   location / {
      proxy_pass http://some.ip.add.ress;
   }
.....
}

Would this work if i do something like this?

  location / {
      # if authenticated domino user, disable cache
      if ($http_cookie ~* "DomAuthSessId") {
         proxy_cache_valid  200 302 304 none;
         proxy_cache_valid  301 none;
      }
      proxy_pass http://some.ip.add.ress
 }


Or any ideas how it should be done?



Terveisin/Regards,
  Pekka Panula, Sofor Oy - Jatkuvat palvelut

2010年3月29日星期一

Re: dogpiling

> He's referring to a cache stampede, when an item in the proxy cache
> expires and multiple threads simultaneously try to repopulate it causing
> load spikes and possible locking conditions.

nginx changes status of expired cache items to "UPDATING" for the period of
time when it fetches new copies. Combine this with "proxy_cache_use_stale
updating" and "dogpiling" shouldn't be a problem.

Best regards,
Piotr Sikora < piotr.sikora@frickle.com >


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: nginx recycles workers too often

I believe you should tweak PHP_FCGI_MAX_REQUESTS. You can try 5000 for instance. In order to get this working you need to kill all (stop nginx, pcp_cgi and killall nginx, the same with php_cgi or whatever you called the init.d script) the processes running and start php_cgi and nginx again. I'm saying this because I just read your other thread where it does nothing PHP_FCGI_MAX_REQUESTS on your server.

I also run a wp blog and vb forum on my site. I'm getting over 170k uniques per day. I run mysqld on a separate server. I have 8 workers. 15 children. I'm currently tweaking PHP_FCGI_MAX_REQUESTS.1000 seems to be too low for me since php-cgi processes get restarted too often.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,58646,69289#msg-69289


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

nginx 0.7.65 rewrite url with querystring problem?

Hi, all

Recently, I altered my web server lighty to nginx. And now, Struggling with some problems.

First, I have a site in nginx which only rewrites urls and redircts them to a new domain, and this site has exactly no file in its root directory.
I put some rewrite rules (just string rules, no querystring) in my nginx.conf

list 1
rewrite ^/index_([0-9]+)(.*)$ /forum-$1-1.html last;
rewrite ^/dispbbs_([0-9]+)_([0-9]+)\.html$ /thread-$2-1-1.html last;

Those rules work perfect till now.

However, some rules that used to rewrite url with querystring do not work as hoped.

list 2
location /index.asp {
if ($arg_boardid ~ "^([0-9]+)") {
rewrite ^ /forum-$arg_boardid-1.html break;
}
rewrite ^ /index.php break;
}
location /dispbbs.asp {
rewrite ^ /thread-$arg_id-1-1.html break;
}


And, these rules are converted from rules under httpd server,

list 3
^/dispbbs\.asp\?boardID=([0-9]+)&ID=([0-9]+).*$ /thread-$2-1-1.html;
^/dispbbs\.asp\?(.*)&id=([0-9]+)(.*)$ /thread-$2-1-1.html;
^/index\.asp\?boardid=([0-9]+)(.*)$ /forum-$1-1.html;
^/index\.asp\?boardid=([0-9]+)$ /forum-$1-1.html;
^/index\.asp$ /index.php;


So, what's the matter with rules listed in the list 2? and how could I make it woking.

V/R,

gavin

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69281,69281#msg-69281


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling

He's referring to a cache stampede, when an item in the proxy cache
expires and multiple threads simultaneously try to repopulate it causing
load spikes and possible locking conditions. The item below from
memcache's faq has a few suggestions of how to avoid this for memcached.

http://code.google.com/p/memcached/wiki/FAQ#How_to_prevent_clobbering_updates,_stampeding_requests

After a quick look I didn't see any options to avoid stampede's in
nginx's proxy caching nor in the memcached module. Does nginx have this
built in? Or when a item in the proxy cache expires, is there a rush of
requests to the back-end to refresh it?

A useful method (if it isn't already built in) might be to block threads
that have requested the resource being refreshed until the thread doing
the refreshing completes. A configurable timeout might be helpful.

Mark.

Kiswono Prayogo wrote:
> Hi, could you explain more about dogpiling? i don't understand and
> haven't found any term related to web except for search engine named
> 'dogpile'
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: dogpiling

Hi, could you explain more about dogpiling? i don't understand and
haven't found any term related to web except for search engine named
'dogpile'

--
Regards,
Kiswono P
GB

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

repeat requests

Hi

I am new to nginx.

Can i use nginx to repeat / duplicate incoming requests ...? I understand that I can use nginx to load balance ... but in my use case, i need to duplicate the request. The incoming request should be routed to server0 AND server1. Is it possible with nginx? Thank you for your help
matt

Bigger chunk size

Hi,

We have many large files (~700mb) and the problem is the disk (raid-0).
Is there a chance to change the chunk size in nginx, i.e. read bigger blocks
from the disk?

Lighttpd gained much performance from a bigger chunk size:
http://blog.lighttpd.net/articles/2006/11/14/linux-aio-and-large-files

Thank you very much
Pio

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69210,69210#msg-69210


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Reverse Proxy Cache Setup

Ryan Malayter Wrote:
-------------------------------------------------------
> On Mon, Mar 29, 2010 at 11:44 AM, royo wrote:
> >
> > Thanks Ryan. I don't have much control over the
> application itself, so I guess I'd need to enforce
> the caching somehow for users that are logged in
> and disable it for those that aren't from nginx.
> >
>
> If you include a unique string in your nginx
> proxy_cache_key, then
> logged-in user requests should never be in cache
> (again, assuming the
> back-end sets cache-control headers).
>
> So, assuming you have "proxy_cache_key
> $http_host$request_uri$http_cookie_logmein" in
> your nginx config:
>
> A request for http://mine.example.com/foo from an
> anonymous user would
> get nginx cache key:
> http://mine.example.com/foo <-- logmein is
> empty
> This result could be served from cache for future
> anonymous requests
>
> A request for http://mine.example.com/foo from a a
> logged in user user
> would get nginx cache key:
> http://mine.example.com/fooAB324494354CD43254DC
> <-- logmein
> contains user's session ID
> In this case, there would not be a cache hit on
> the nginx side, and a
> logged in user's request is passed to the back-end
> and they get a
> customized version of the page. No anonymous users
> would ever see that
> because they don't have that session ID.
> Presumably, the back-end must
> set "Cache-Control: private" or "Cache-Control:
> no-cache" for
> logged-in users. If it doesn't, you're really
> going to have problems.
>
> I do not think that nginx proxy directives are
> allowed inside an "if"
> block. You might be able to use "if
> $http_cookie_logmein" to redirect
> internally to a named nginx location that does not
> have any caching.
>
> Can you post your nginx configuration?
>
>
> --
> RPM
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx


The app sets "Cache-Control: private" right now for everyone, and with the following setup even users that are not logged in receive a fresh copy of the page every time. The said cookie is set when logging in to the domain xyz.com(not actual domain) as well as other cookies but when using the nginx proxy only the other cookies are set and the logmein cookie isn't visible.


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

client_body_buffer_size 128K;
client_header_buffer_size 128K;
client_max_body_size 1M;
large_client_header_buffers 1 1k;

client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 60 60;
send_timeout 60;

ignore_invalid_headers on;
keepalive_requests 100;
limit_zone gulag $binary_remote_addr 5m;
recursive_error_pages on;

sendfile on;

server_name_in_redirect off;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;

gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_min_length 0;
gzip_types text/plain text/css image/x-icon application/x-perl application/x-httpd-cgi;
gzip_vary on;


proxy_buffering on;
proxy_cache_path /optimum/nginx/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
proxy_temp_path /optimum/nginx/cache/tmp;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_cache_valid any 10m;


server {
listen 80;
server_name localhost;

location / {

proxy_pass http://xyz.com;
proxy_cache my-cache;
proxy_pass_header Set-Cookie;

proxy_cache_key $host$request_uri$http_cookie_logmein;

proxy_cache_valid 404 1m;

index index.php index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69049,69144#msg-69144


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Reverse Proxy Cache Setup

On Mon, Mar 29, 2010 at 11:44 AM, royo <nginx-forum@nginx.us> wrote:
>
> Thanks Ryan. I don't have much control over the application itself, so I guess I'd need to enforce the caching somehow for users that are logged in and disable it for those that aren't from nginx.
>

If you include a unique string in your nginx proxy_cache_key, then
logged-in user requests should never be in cache (again, assuming the
back-end sets cache-control headers).

So, assuming you have "proxy_cache_key
$http_host$request_uri$http_cookie_logmein" in your nginx config:

A request for http://mine.example.com/foo from an anonymous user would
get nginx cache key:
http://mine.example.com/foo <-- logmein is empty
This result could be served from cache for future anonymous requests

A request for http://mine.example.com/foo from a a logged in user user
would get nginx cache key:
http://mine.example.com/fooAB324494354CD43254DC <-- logmein
contains user's session ID
In this case, there would not be a cache hit on the nginx side, and a
logged in user's request is passed to the back-end and they get a
customized version of the page. No anonymous users would ever see that
because they don't have that session ID. Presumably, the back-end must
set "Cache-Control: private" or "Cache-Control: no-cache" for
logged-in users. If it doesn't, you're really going to have problems.

I do not think that nginx proxy directives are allowed inside an "if"
block. You might be able to use "if $http_cookie_logmein" to redirect
internally to a named nginx location that does not have any caching.

Can you post your nginx configuration?


--
RPM

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Maximum number of backends to try

Hello!

On Mon, Mar 29, 2010 at 02:39:38PM +0100, Avleen Vig wrote:

> I thought I saw a setting, which told nginx how many backend servers
> to try before giving up.
>
> I have an upstream with 10+ servers, and I only want to try queries on
> two or three servers before giving up.
>
> Anyone remember how to do this? Or am I going mad?

There is unofficial patch for this, something like
upstream_count_limit in google will help.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: proxy_redirect and variables

Hello!

On Mon, Mar 29, 2010 at 05:30:19PM +0200, Tobia Conforto wrote:

> Does anybody know anything about this?

Yes.

> > Does anybody know why proxy_redirect won't interpolate variables in its first argument?

Because it doesn't. If you think you are brave enough to change
it - submit patches.

> > I'm trying to setup a reverse proxy to a backend that uses
> > name-based virtual hosts, so I need to change both the
> > incoming Host header and the outgoing Location headers:
> >
> > server {
> > server_name public.hostname.com;
> >
> > set $proxy_to private.hostname.com
> >
> > location / {
> > proxy_pass http://backend;
> > proxy_redirect http://$proxy_to/ http://$host/;
> > proxy_set_header Host $proxy_to;
> > }
> > }
> >
> > This doesn't work, unless I expand $proxy_to in proxy_redirect
> > by hand.
> >
> > Am I supposed to write it in another way?

For the above config you shouldn't use variables at all, use
literal strings instead (and/or some config generator if you want
to save typing). Variables are evaluated at run time and should
be used only when they have to be different for different
requests.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Reverse Proxy Cache Setup

Ryan Malayter Wrote:
-------------------------------------------------------
> On Mon, Mar 29, 2010 at 8:41 AM, royo wrote:
> > I'm trying to use nginx as a reverse cahce for
> my website which may require people to be logged
> in. I'm trying to figure out how to configure it
> so that users that don't have a certain cookie set
> receive cached pages while others will receive
> non-cached responses, assuming the cookie is
> "logmein".
>
> Use $http_cookie_$logmein appended to whatever
> you're using for
> proxy_cache_key, so that you get a unique cache
> key for each user.
> This assumes that $logmein has a different value
> for every logged-in
> user (i.e. it is a session ID).
>
> You can also have the back-end explicitly set
> "Cache-Control:
> no-cache" for logged in pages, so they don't get
> stored by nginx at
> all.
>
> --
> RPM
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx


Thanks Ryan. I don't have much control over the application itself, so I guess I'd need to enforce the caching somehow for users that are logged in and disable it for those that aren't from nginx.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69049,69127#msg-69127


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Reverse Proxy Cache Setup

On Mon, Mar 29, 2010 at 8:41 AM, royo <nginx-forum@nginx.us> wrote:
> I'm trying to use nginx as a reverse cahce for my website which may require people to be logged in. I'm trying to figure out how to configure it so that users that don't have a certain cookie set receive cached pages while others will receive non-cached responses, assuming the cookie is "logmein".

Use $http_cookie_$logmein appended to whatever you're using for
proxy_cache_key, so that you get a unique cache key for each user.
This assumes that $logmein has a different value for every logged-in
user (i.e. it is a session ID).

You can also have the back-end explicitly set "Cache-Control:
no-cache" for logged in pages, so they don't get stored by nginx at
all.

--
RPM

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: proxy_redirect and variables

Hello

Does anybody know anything about this?


> Hi
>
> Does anybody know why proxy_redirect won't interpolate variables in its first argument?
>
> I'm trying to setup a reverse proxy to a backend that uses name-based virtual hosts, so I need to change both the incoming Host header and the outgoing Location headers:
>
> server {
> server_name public.hostname.com;
>
> set $proxy_to private.hostname.com
>
> location / {
> proxy_pass http://backend;
> proxy_redirect http://$proxy_to/ http://$host/;
> proxy_set_header Host $proxy_to;
> }
> }
>
> This doesn't work, unless I expand $proxy_to in proxy_redirect by hand.
>
> Am I supposed to write it in another way?
>
> I'm using 0.8.32 on Linux amd64.
>
> Tobia

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

dogpiling

Hey folks,

Can I use nginx for anti-dogpiling?

We have been using Varnish cause it has antidogpiling options, but its so limited in terms of what it does as to what we need, that id love to use nginx.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69088,69088#msg-69088


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

A few basic questions

Hi All;

The company I work for is moving to a drupal content management system.
We expect to install a caching reverse proxy between the drupal servers
and the Internet. I'm looking into nginx and varnish for that role.

There's no question nginx provides for at least a basic high-speed
caching reverse proxy, but I'd appreciate input from people using it
with regards to these features:

1) Flexible health-checks of back-end web servers. Can I configure
nginx to accept a 503, for example, as an acceptable return code? Can I
specify a different health-check page for each back-end server?

2) Flexibility in load balancing. Can I specify anything other than
round-robin? Least connections, lowest load, that sort of thing?

3) Ability to purge or invalidate selected pages. For example, a user
logs in and updates a page that's currently cached. Can I
remove/overwrite that particular page in an nginx caching proxy?

4) Any other words of wisdom regarding nginx vs varnish?

Thanks in Advance,

--- David

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reverse Proxy Cache Setup

I'm trying to use nginx as a reverse cahce for my website which may require people to be logged in. I'm trying to figure out how to configure it so that users that don't have a certain cookie set receive cached pages while others will receive non-cached responses, assuming the cookie is "logmein".

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,69049,69049#msg-69049


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Maximum number of backends to try

Hi guys,

I thought I saw a setting, which told nginx how many backend servers
to try before giving up.

I have an upstream with 10+ servers, and I only want to try queries on
two or three servers before giving up.

Anyone remember how to do this? Or am I going mad?

This is on nginx 0.7.63.

Thanks :)

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Can auth_basic restrict files in certain folder?

BTW, I should read tips in http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration first.

Thanks again. :)

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,68890,68929#msg-68929


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Editing headers in both directions

Hello Maxim,

On Mon, 29.03.2010 at 15:09:42 +0400, Maxim Dounin <mdounin@mdounin.ru> wrote:
> On Mon, Mar 29, 2010 at 12:23:56PM +0200, Toni Mueller wrote:
> > I'd like to say something like
> >
> > rewrite_header <headername> <direction> ...
> >
> > where "..." is the same stuff as in the "rewrite" directive.
> >
> > I've started taking a close look at ngx_http_rewrite_module.c, but
> > after reading some here
> > http://www.evanmiller.org/nginx-modules-guide.html, I found that I'm
> > most likely going down the wrong path. At least, I don't see how the
> > functionality I want fits into Evan's taxonomy of "handler", "filter",
> > and "upstream" modules.
> >
> > Some guidance would be MUCH appreciated!
>
> You have to implement:
>
> 1. Rewriting of outgoing headers via header filter. This should
> be more or less trivial, see various header filters for examples,
> e.g. src/http/modules/ngx_http_headers_filter_module.c.
>
> 2. Rewriting of incoming headers. This may be done via variable
> and something like
>
> proxy_set_header Cookie $your_variable_with_rewritten_cookie;
>
> in config (like it's done with X-Forwarded-For and
> $proxy_add_x_forwarded_for variable).

thanks for the idea. This clears some dust up for me, but I'm still not
sure about how to do this because I need the full expressional power of
the "rewrite" module, only on arbitrary headers. That's why I initially
looked at "rewrite". I'll see whether I can meld the functionality of
these two modules.

Btw, this feature has been requested somewhere in 2008, but by someone
else.

Kind regards,
--Toni++

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Editing headers in both directions

Hello!

On Mon, Mar 29, 2010 at 12:23:56PM +0200, Toni Mueller wrote:

> after digging deeper into my Domino problem, I found that I should be
> able to edit both incoming and outgoing headers, eg. to cut out the
> domain part of said cookie (reconfiguring the server is a no-go), and
> adding the part back in later when the client sends the modified cookie
> back, so the Domino server can properly recognize the cookie.
>
> I'd like to say something like
>
> rewrite_header <headername> <direction> ...
>
> where "..." is the same stuff as in the "rewrite" directive.
>
> I've started taking a close look at ngx_http_rewrite_module.c, but
> after reading some here
> http://www.evanmiller.org/nginx-modules-guide.html, I found that I'm
> most likely going down the wrong path. At least, I don't see how the
> functionality I want fits into Evan's taxonomy of "handler", "filter",
> and "upstream" modules.
>
> Some guidance would be MUCH appreciated!

You have to implement:

1. Rewriting of outgoing headers via header filter. This should
be more or less trivial, see various header filters for examples,
e.g. src/http/modules/ngx_http_headers_filter_module.c.

2. Rewriting of incoming headers. This may be done via variable
and something like

proxy_set_header Cookie $your_variable_with_rewritten_cookie;

in config (like it's done with X-Forwarded-For and
$proxy_add_x_forwarded_for variable).

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Editing headers in both directions

Hi,

after digging deeper into my Domino problem, I found that I should be
able to edit both incoming and outgoing headers, eg. to cut out the
domain part of said cookie (reconfiguring the server is a no-go), and
adding the part back in later when the client sends the modified cookie
back, so the Domino server can properly recognize the cookie.

I'd like to say something like

rewrite_header <headername> <direction> ...

where "..." is the same stuff as in the "rewrite" directive.

I've started taking a close look at ngx_http_rewrite_module.c, but
after reading some here
http://www.evanmiller.org/nginx-modules-guide.html, I found that I'm
most likely going down the wrong path. At least, I don't see how the
functionality I want fits into Evan's taxonomy of "handler", "filter",
and "upstream" modules.

Some guidance would be MUCH appreciated!

TIA!


Kind regards,
--Toni++

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Can auth_basic restrict files in certain folder?

Rob Schultz Wrote:
-------------------------------------------------------
> Hi Gavin,
>
> > I have some problem with my nginx
> > I just could not restrict files in certain
> floder, as follows, i put the settings to
> nginx.conf
> >
> > location ~ ^/restrict/
> > {
> > auth_basic "STATISTIC";
> > auth_basic_user_file
> /usr/local/nginx/conf/pwfornginx
> > }
> >
> >
> > the folder /restrict/ is restricted perfect,
> however, files in the folder can still be
> accessed,
> > /restrict/somefile.php
> >
> > What's the matter? any ideas?
>
> The problem is you somewhat have to rethink how
> NginX process the request. read here for more
> details
> http://nginx.org/en/docs/http/request_processing.h
> tml#simple_php_site_configuration but to sum it up
> you probably have a something like
> location ~ .*\.php${
> }
> in your config which actually handles the
> /restrict/somefile.php instead of
> location ~ ^/restrict/ { }
> there is two ways to remidy this. you can do
> something like
>
> location ~ ^/restrict/.*\.php$ {
> #rest of auth config
> }
>
> or you can do sub-locations *note* this is the
> only instance that i have read where it is safe to
> do nested locations. YMMV
>
> location ~ ^/restrict/
> {
> auth_basic "STATISTIC";
> auth_basic_user_file
> /usr/local/nginx/conf/pwfornginx
> location ~ .*\.php$ {
> #include your php config for processing ie
> proxy_pass or fastcgi_pass
> }
> }
>
> v/r,
> Rob
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx


Hi, Rob

Great thanks for your quick reply. I have tried your suggestion out, and add the following config:

location ~ ^/restrict/
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}
location ~ ^/restrict/.*\.php$
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}


However, it is still not working. No authorization is required when I try to get access to a certain page in the restricted folder.

V/R,

gavin

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,68890,68944#msg-68944


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

2010年3月28日星期日

Re: Can auth_basic restrict files in certain folder?

Hi, Rob

Great thanks for your quick reply. I have tried your suggestion out, and add the following config:
location ~ ^/restrict/
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}
location ~ ^/restrict/.*\.php$
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}


However, it is still not working. No authorization is required when I try to get access to a certain page in the restricted folder.

V/R,

gavin

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,68890,68928#msg-68928


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: client ip address using proxy_pass and issues

Hello!

On Mon, Mar 29, 2010 at 07:18:30AM +0530, kevin wrote:

> i am trying to move from nginx->fastcgi to nginx->apache->fastcgi
>
> this how i have configured proxy_pass to my apache running on 2080.
> my app gets the client ip address as 127.0.0.1. how to make it see the
> correct real ip address.
>
> location / {
> root /home/live/work/apps;
> proxy_pass http://127.0.0.1:2080/$host$request_uri;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $host;
> proxy_set_header IP_GEO $geo;
> }
>
> i get the server address as this 'SERVER_ADDR': '127.0.0.1', how to fix
> this?

You should use mod_realip/mod_rpaf2 on Apache side.

> the IP_GEO header gets converted to HTTP_IP_GEO, is there anyway to avoid
> this as my python app uses IP_GEO everywhere.

Again, you should handle this on Apache side. nginx just passes
headers with information, nothing more.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Re: Can auth_basic restrict files in certain folder?

Hi Gavin,

> I have some problem with my nginx
> I just could not restrict files in certain floder, as follows, i put the settings to nginx.conf
>
> location ~ ^/restrict/
> {
> auth_basic "STATISTIC";
> auth_basic_user_file /usr/local/nginx/conf/pwfornginx
> }
>
>
> the folder /restrict/ is restricted perfect, however, files in the folder can still be accessed,
> /restrict/somefile.php
>
> What's the matter? any ideas?

The problem is you somewhat have to rethink how NginX process the request. read here for more details http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration but to sum it up you probably have a something like
location ~ .*\.php${
}
in your config which actually handles the /restrict/somefile.php instead of
location ~ ^/restrict/ { }
there is two ways to remidy this. you can do something like

location ~ ^/restrict/.*\.php$ {
#rest of auth config
}

or you can do sub-locations *note* this is the only instance that i have read where it is safe to do nested locations. YMMV

location ~ ^/restrict/
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
location ~ .*\.php$ {
#include your php config for processing ie proxy_pass or fastcgi_pass
}
}

v/r,
Rob
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx