Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

CentOS 7.3.x + NGINX Build from Source using PageSpeed & Roboo (Configure error on Roboo)

March 5, 2017, 6:43 pm
$
0
0
CentOS 7.3.x + NGINX Build from Source using PageSpeed & Roboo (Configure error on Roboo)

/etc/nginx
/etc/nginx/nginx-1.11.10
/etc/nginx/modules/

ngx_pagespeed
Roboo-master (pulled from GitHub) https://github.com/yuri-gushin/Roboo (It say's to copy the Roboo.pm file) but it doesn't say where to copy it to... so I was unfamiliar with that.

Using the following configure ... I end with a config error on roboo as follows the configure line.

[code]
./configure --add-module=/etc/nginx/modules/ngx_pagespeed --add-module=/etc/nginx/modules/Roboo-master --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-file-aio --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-mail --with-mail_ssl_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'[/code]

Output with Error:

[code]
configuring additional modules
adding module in /etc/nginx/modules/ngx_pagespeed
mod_pagespeed_dir=/etc/nginx/modules/ngx_pagespeed/psol/include
build_from_source=false
checking for psol ... found
List of modules (in reverse order of applicability): ngx_http_write_filter_module ngx_http_header_filter_module ngx_http_chunked_filter_module ngx_http_range_header_filter_module ngx_pagespeed_etag_filter ngx_http_gzip_filter_module ngx_pagespeed ngx_http_postpone_filter_module ngx_http_ssi_filter_module ngx_http_charset_filter_module ngx_http_sub_filter_module ngx_http_addition_filter_module ngx_http_gunzip_filter_module ngx_http_userid_filter_module ngx_http_headers_filter_module
checking for psol-compiler-compat ... found
+ ngx_pagespeed was configured
adding module in /etc/nginx/modules/Roboo-master
./configure: error: no /etc/nginx/modules/Roboo-master/config was found
[/code]

I've installed all the required Perl Modules as noted on GitHub Readme. All without error.

Any tips would be super helpful! Thanks a bunch!
Search

Subdomain and ssl how to have two different settings.

March 8, 2017, 12:34 am
$
0
0
Got the main domain setup to enforce ssl with the following conf file

server {
listen 80;
listen [::]:80 default_server;
proxy_cache_valid 301 1m;
server_name kenyabuzz.com www.kenyabuzz.com;
return 301 https://$host$request_uri;
}

which then if http is redirected to https and the main ssl conf received the request. However the subdomain awards.kenyabuzz.com is affected.

so the subdomain ends up with enforced ssl.

what would be the best way without affecting the main domain prevent the subdomain from being caught by this.

How to achieve my below requirement

March 9, 2017, 12:18 am
$
0
0
Hi Guys,

I have this requirement and let me know if that can be acheived using nginx reverse proxy? I have this site https://community.blueliv.com/map/

Which actually show the live thrat map, can I use Reverse Proxy and use customized hostname to display the portal? that is let proxy_pass https://community.blueliv.com/map/ while server_name would be map.xyz.com?

And can we strip off certain headers on reverse proxy? As in same example if I dont want to display blueliv logo and top band can I remove that in reverse proxy?

Please advise

Deny User Agents

March 10, 2017, 8:51 am
$
0
0
I am new to ngnix, new as in I have never heard of it until 2 weeks ago.
I am trying to deny certain user agents access.
I have following code in the sites-available/default file.

set $block_user_agents 0;
if ($http_user_agent ~ "Wget") {
set $block_user_agents 1;
}
if ($block_user_agents = 1) {
return 404;
}
When I try to reload nginx it fails. when I comment out the code it works. My question is how do you block user agents and is my code in the correct file?

Thanks for any help.

I have found the answer.
if ($http_user_agent ~* (Wget) ) {
return 403;
}
Where is the link that shows you how to write if statements in nginx?

Re: Deny User Agents

March 10, 2017, 10:20 am
$
0
0
http://www.queryadmin.com/1214/block-user-agents-referrers-nginx-map/

Re: Deny User Agents

March 10, 2017, 10:30 am

Post an event to the event queue from another thread

March 13, 2017, 7:13 am
$
0
0
I am writing a native module.
Is it possible to post events to the event queue in a thread safe way? It looks like the ngx_post_event function is not thread safe. ngx_add_timer seems also not to be thread safe.

Is the best approach to handle concurrency myself, schedule an event with ngx_add_timer from the event handling thread and check each time if the work is done in the event handler?

Location Problem

March 14, 2017, 3:47 am
$
0
0
Hi all,
I'm wondering what I'm doing wrong, hope someone will help me.

In a Wordpress configuration, I tried to allow access to admin page from the inside, denying it from outside my lan. It works fine.
In the same way, I'm trying to apply the same logic to WP-JSON, but it doesn't works as expected : I get 403 from outside, but 404 from the inside (while I'm expecting it to works fin from the inside).

Not clear if this is related to the fact that wp-json is a "virtual" path.

Thanks in advance for Your time.
FabioG

location /wp-admin
{
allow x.x.x.0/24;
allow y.y.y.0/24;
deny all;
}

location ~ wp-json
{
allow x.x.x.0/24;
allow y.y.y.0/24;
deny all;
}
Search

limit_except per ad group?

March 15, 2017, 3:21 am
$
0
0
Hello,
I want to limit access to a server via nginx. Therefore I want to have 2 AD groups: one with user allowed to read (use GET) and one with people to write (POST and PUT )
What I already found is the limit_except directive, but I see only a way to enable basic authentication.
Is this possible with a kerberos authentication user? (authentication in general is already working)

What I thin about is something like:
limit_except POST PUT HEAD GET{
allow auth_gss_authorized_group group1 ;
deny all;
};
limit_except HEAD GET {

allow auth_gss_authorized_group group2 ;
deny all;
};

CORS with location rewrite

March 16, 2017, 6:14 am
$
0
0
Hi guys,

please help me to realize why nginx 1.8 returns 404 to subdomain page proxy_pass'ed to localhost:8088 when I try to enable CORS.


...

# main site conf
# commenting the following block makes subdomain page to be accessible again.
location / {
add_header 'Access-Control-Allow-Origin' https://subdomain.domain.extention;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}

if ($host ~* ^domain\.extention$) {
rewrite ^/subpage/ https://domain.extention/ permanent;
break;
}

...

#subdomain proxied by localhost:8088
location / {
proxy_pass https://127.0.0.1:8088/subpage/;
proxy_redirect https://127.0.0.1:8088/subpage/ /;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_session_reuse off;
}

Thanks in advance,
JB

Rewrite Help

March 20, 2017, 3:24 am
$
0
0
Hi. I'm configuring nginx as reverse proxy.

I need to change (rewrite?) the URLs, example: if the request (to nginx Reverse Proxy) is "http://domain.com/test/?username=test1;password=passwdtest1" it will must "modified" to the main server as "http://domain.com/test/?username=production;password=passwdproduction1".

Consider that in the original request the fields "username=test1;password=passwdtest1" are not always the same (they changes), instead the "modified" to the main server are always the same.

Others example to be more clear:

"http://domain.com/test/?username=test1;password=passwdtest1" -> "http://domain.com/test/?username=production;password=passwdproduction1"

"http://domain.com/test/?username=test1876;password=somepasswd" -> "http://domain.com/test/?username=production;password=passwdproduction1"

"http://domain.com/test/?username=somevalues;password=somepasswdvalue" -> "http://domain.com/test/?username=production;password=passwdproduction1"


Thanks!

Get Country Code according to first IP (Maxming)

March 20, 2017, 1:37 pm
$
0
0
I am using maxmind module in nginx to get country code of visiters IP. Below are my some configuration part of nginx.config file,

geoip_country /etc/nginx/geo_ip/GeoIP.dat;

location ~ \.php$ {
root /home/app;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
}

In php $_SERVER['HTTP_X_FORWARDED_FOR'], I am getting 2 (two) IPs and these are comma separated. So nginx maxmind module giving me country code according to second IP. So I want to get country Code according to first IP. Can anyone please help me in this issue?

Scalability question

March 20, 2017, 3:56 pm
$
0
0
A thread-based http server is limited by the number of threads it supports (either with a static maximum or with the possibility of dynamic increments of thread count), particularly when each request is synchronously long-running (e.g., long delay times in accessing databases and remote/cloud storages).

So if I migrate the same code over to nginx, how does it handle the long-running nature of the code in an nginx module's handler, if it is to handle ~10k requests simultaneously using a single (or a few) thread(s) as nginx's architecture claims?

avoid sensitive GET request parameter's data in the access logs

March 21, 2017, 1:14 am
$
0
0
I require access logs enabled, but for compliance reasons, cannot log a sensitive GET request parameter's data in the access logs. While I know, I could parse the logs (after-the-fact) and sanitize them, this is not an acceptable solution -- because for compliance reasons logs can't be tampered with.

I tried setting if statement in Location directive
if ($request_uri~ (.)password=[^&](.*)) { set $request_uri$1password=XXXXX$2; }

but here i read that 'if' is not safe in Location.
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

can you suggest alternative, may be in server directive

Re: avoid sensitive GET request parameter's data in the access logs

March 21, 2017, 2:17 am
$
0
0
https://www.bjornjohansen.no/exclude-requests-from-nginx-access-log
Search

Re: Subdomain and ssl how to have two different settings.

March 21, 2017, 3:42 am
$
0
0
don't use $host in redirect statement.
just explicitly redirect to https://kenyabuzz.com$request_uri;

Re: avoid sensitive GET request parameter's data in the access logs

March 21, 2017, 7:26 am
$
0
0
Thanks for the reply. But i dont want to exclude these entries in log but wanted to mask the values of these credential parameters from the request.

Basic nginx configuration problem

March 21, 2017, 7:43 am
$
0
0
Hi!

I'm new to whole nginx thing and trying to figure out how to get this thing work. Here's the what:

- 1 DNS
- 2 nginx servers
- 1 app server

and why:

Nginx is supposed to be used to load balance traffic coming from internet and redirect it to app server. At this moment there is only 1 app server because I wanted to simplify things and get things to work first. Later there are supposed to be 2 app servers.

Anyway, app server name is advertised(not sure if correct word) to DNS. DNS record points to nginx load balancers. Load balancer points to app server and to a specific port.

- I've made sure that DNS setting is correct. Using nslookup to query DNS name of app server I get 2 different IPs (=nginx server IPs).

- Nginx config is very simple, here's the code (same in both nginx servers):
--- BEGIN ---
upstream SERVER_NAME {
server IP:PORT;
}

server {
listen 80;

location / {
proxy_pass http://SERVER_NAME;
}
}
--- END ---
^ that server IP is the app servers IP

- I've tried telnetting from nginx servers to app server port and established successfully connection.

- I've checked that the app is running in the app server.

So all in all, everything seems to be working OK, except it is not. When I try to use browser (Chrome, Firefox, Edge) and navigate to servers page I get "site not found" error. I really can't figure out where I went wrong. Also when checked nginx log files I get no indication of successful connection to server.

Any and all help would be GREATLY appreciated. Thanks in advance!

Nginx reverse proxy with gitlab docker container backend

March 22, 2017, 5:20 am
$
0
0
Want to access my gitlab instance (docker container)

running on internal server: http://192.168.1.8:30000,
through nginx reverse proxy via external url

https://mydomain/git/

GitLab instance works fine and without any problem from internal

http://192.168.1.8:30000

Current "problem" behaviour is like:

When I access

https://mydomain/git/

The url is directed to

https://mydomain/users/sign_in.

The right url should be (for my unterstanding)

https://mydomain/git/users/sign_in.

There must be something incorrect with my reverse proxy config (see below):

Nginx reverse proxy config:

location ^~ /git/ {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://192.168.1.8:30000;
proxy_read_timeout 90;

proxy_redirect http://192.168.1.8:30000 https://mydomain/git;
}

I sounds like my proxy_redirect ist not working the right way.

Nginx test output says ok:

sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Nginx start without any errors.

Could anybody give me a hint, what's wrong in my reverse proxy configuration.

Thanks in advance brx

Re: Basic nginx configuration problem

March 23, 2017, 4:44 am
$
0
0
Hi,is that an http upstream,yes?
How do you usually call your application?(uri,parameters,or ip?)
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>