Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

WordPress: CSP Header

August 4, 2017, 3:16 am
$
0
0
Hi everyone,

I'm using nginx/1.6.2 on a GNU/Linux Debian (Jessie) system and hosting a WordPress site.

The 'generel' CSP header I use is:
add_header Content-Security-Policy "default-src 'self'; img-src https: 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'";

But for a specific WordPress site I want to you use a different CSP header:

Right now this is my (not workding) solution:
location = /site/ {
add_header Content-Security-Policy "default-src 'self'; img-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'";
}
This ends in a "404 Not Found" error.


But this works:
location = /site/ {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
add_header Content-Security-Policy "default-src 'self'; img-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'";
include /etc/nginx/conf/php5-ssl.conf;
}

But this means, that every site is getting the new CSP header.

Question is, how can I achieve to rewrite the CSP header only for the specific site?

Something like:
location = /site/ {
add_header Content-Security-Policy "default-src 'self'; img-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'";
try_files ???;
}

Maybe someone can help me with this one.

Cheers!
Search

auth_basic question/issue

August 3, 2017, 6:22 pm
$
0
0
I have set up the following on an Ubuntu LTS server installation, using the "default" nginx site configuration file.
From what I have found so far, this should work -- and it does, sort of. If I know the name of a file in that directory, the browser can open it, after entering the userid and password. It can't display the file listing from the directory, I get "403 Forbidden".

Am I using the wrong auth_ module? I have tried with and without the ^~ in front of the directory -- not sure what that's for anyway, found it one one of the nginx doc pages.


[code]
server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ^~ /RMS6/ {
auth_basic "closed site";
auth_basic_user_file /etc/nginx/passwd/RMS.pwd;
}

[/code]

I'm not looking for anything complicated here, just a simple password authorization for access to the raw directory.
Is that possible?

Access to AWS S3

September 5, 2017, 7:51 am
$
0
0
Hi,

I'm trying to access AWS S3 object store from NGINX. For that I'm using aws_access_key, aws_key_scope and aws_endpoint directives.
AWS S3 V4.0 requires generation of a signing key to access it. Signing building is described in http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html

When calling NGINX I get:
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
<AWSAccessKeyId>AKIAIDFAAXDZLSTALIUA</AWSAccessKeyId>
<StringToSign>AWS4-HMAC-SHA256
20170905T142136Z
20170905/eu-central-1/s3/aws4_request
12ae1791c6031cd57b85f468111089e01acd83bd81380861d105f469712c5f64</StringToSign>
<SignatureProvided>d9241ee35763220b68f890489a931317ba9ea7087e5170bb8898d138f8a87601</SignatureProvided>
<StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 31 37 30 39 30 35 54 31 34 32 31 33 36 5a 0a 32 30 31 37 30 39 30 35 2f 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 31 32 61 65 31 37 39 31 63 36 30 33 31 63 64 35 37 62 38 35 66 34 36 38 31 31 31 30 38 39 65 30 31 61 63 64 38 33 62 64 38 31 33 38 30 38 36 31 64 31 30 35 66 34 36 39 37 31 32 63 35 66 36 34</StringToSignBytes>
<CanonicalRequest>GET
/737f87dc-3fc1-47d1-aafc-2cfbb71d9e6a/rulesUI/1.0/xs-app.json

host:hcp-7973a98f-67bc-49d7-b909-8cb5acd52dcc.s3-eu-central-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20170905T142136Z

host;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest>
<CanonicalRequestBytes>47 45 54 0a 2f 37 33 37 66 38 37 64 63 2d 33 66 63 31 2d 34 37 64 31 2d 61 61 66 63 2d 32 63 66 62 62 37 31 64 39 65 36 61 2f 72 75 6c 65 73 55 49 2f 31 2e 30 2f 78 73 2d 61 70 70 2e 6a 73 6f 6e 0a 0a 68 6f 73 74 3a 68 63 70 2d 37 39 37 33 61 39 38 66 2d 36 37 62 63 2d 34 39 64 37 2d 62 39 30 39 2d 38 63 62 35 61 63 64 35 32 64 63 63 2e 73 33 2d 65 75 2d 63 65 6e 74 72 61 6c 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 31 37 30 39 30 35 54 31 34 32 31 33 36 5a 0a 0a 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes>
<RequestId>699D8417F44C5317</RequestId>
<HostId>LIP0/69lWZub7NXoBiwu7ms0aigWuz8oVy0om9P2rbgNsC3Y+NITYZre4KMgWhY20iWvobiKQ9I=</HostId>
</Error>

See attached nginx.conf file.
Can you assist with this configuration?

Thanks, Sergio

Nginx access log variables not set when the header-reading times out

September 5, 2017, 10:43 am
$
0
0
Is there a way to set user-defined variables and use them in access logs before the NGINX rewrite phase?
In some error scenarios, like the one defined below, we end-up in the access log phase before any user variable is set.

The following is the access log format example I have:

log_format main '$remote_addr $server_addr $http_host $custom_destination_addr [$custom_request_time] '
' "$request" $status $body_bytes_sent "$http_user_agent" ';

The fields that start with "custom_" are user-defined variables.

When I send the following get message that has a non-terminated header; i.e., header terminated with "/r/n" instead of "/r/n/r/n":

get = "GET /Vod/mod/video16k_1.mp4 HTTP/1.1\r\nHost: 10.20.20.10:8585\r\nUser-Agent: HTTP Test Suite TestSuite/1.0.2\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nConnection: keep-alive\r\n"

I get the following info in error.log:
[info] 28875#0: *1 client timed out (110: Connection timed out) while reading client request headers, client: 10.20.20.128, server: , request: "GET /Vod/mod/video16k_1.mp4 HTTP/1.1", host: "10.20.20.10:8585"

Then, it generates an access log entry where ALL the user-defined variables are found uninitialized:

2017/09/01 10:03:07 [warn] 28875#0: *1 using uninitialized "custom_destination_addr" variable while logging request, client: 10.20.20.128, server: , request: "GET /Vod/mod/video16k_1.mp4 HTTP/1.1", host: "10.20.20.10:8585"

2017/09/01 10:03:07 [warn] 28875#0: *1 using uninitialized "custom_time" variable while logging request, client: 10.20.20.128, server: , request: "GET /Vod/mod/video16k_1.mp4 HTTP/1.1", host: "10.20.20.10:8585"

Access log entry:

10.20.20.128 10.20.20.10 10.20.20.10:8585 [] "GET /Vod/mod/video16k_1.mp4 HTTP/1.1" 408 0 "" "HTTP Test Suite TestSuite/1.0.2"

When I properly set the end of header "/r/n/r/n", then the access logs are fine.

Therefore, under the error condition above (time out when reading header), the access log variables that are user-defined will ALL get EMPTY.

Is there a known solution to this problem, or do we need a new concept/feature in NGIMX to support variable-setting before rewrite phase?

Thanks

Re: Nginx access log variables not set when the header-reading times out

September 6, 2017, 9:17 am
$
0
0
To make the question simpler:

Is it possible to set a variable per request before the NGINX rewrite phase and use that variable in the access logs?
Is this IMPOSSIBLE in NGINX?

Setting a variable requires nginx to go through the rewrite phase. If the request processing stops before that phase, this variable will never be set. This happens, for instance, when you send a request without end-of-header "/r/n/r/n".

Nagios on nginx with fcgi/fcgiwrap

September 7, 2017, 5:23 am
$
0
0
Hi All,

I am trying to set up Nagios to run with nginx using fcgi/fcgiwrap and am receiving a "connection refused" to the defined socket:

2017/09/06 17:32:12 [error] 117059#117059: *5 connect() to unix:/var/run/fcgiwrap.socket failed (111: Connection refused) while connecting to upstream, client: 10.29.14.22, server: nagios.node.com, request: "GET /nagios/cgi-bin/status.cgi?hostgroup=all&style=hostdetail HTTP/1.1", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "server.node.com:8000", referrer: "http://server.node.com:8000/side.php"

rhel 7
nginx 1.12.1
php 5.4.16
php-fpm 5.4.16
fcgi-2.4.0-25.el7.x86_64
fcgiwrap-1.1.0-1.gf.el7.x86_64

I've been trouble-shooting for a couple days now and have found some info searching around but haven't found a solution yet. I am a novice when it comes to php/fcgi*.

I have read that I can use systemd for fcgiwrap and am attempting to use the following for the service:

fcgiwrap.service -

[Unit]
Description=Simple CGI Server
After=nss-user-lookup.target

[Service]
ExecStart=/usr/sbin/fcgiwrap
User=nginx
Group=nginx

[Install]
Also=fcgiwrap.socket

fcgiwrap.socket -

[Unit]
Description=fcgiwrap Socket

[Socket]
SocketMode=0600
SocketUser=nginx
SocketGroup=nginx
ListenStream=/var/run/fcgiwrap.socket

[Install]
WantedBy=sockets.target

When I start the service:

# systemctl start fcgiwrap.service
# systemctl status fcgiwrap.service

fcgiwrap.service - Simple CGI Server
Loaded: loaded (/etc/systemd/system/fcgiwrap.service; indirect; vendor preset: disabled)
Active: inactive (dead)

Sep 06 16:31:33 server systemd[1]: Started Simple CGI Server.
Sep 06 16:31:33 server systemd[1]: Starting Simple CGI Server...
Sep 06 17:01:00 server systemd[1]: Started Simple CGI Server.
Sep 06 17:01:00 server systemd[1]: Starting Simple CGI Server...
Sep 06 17:08:01 server systemd[1]: Started Simple CGI Server.
Sep 06 17:08:01 server systemd[1]: Starting Simple CGI Server...
Sep 06 17:20:55 server systemd[1]: Started Simple CGI Server.
Sep 06 17:20:55 server systemd[1]: Starting Simple CGI Server...
Sep 06 17:28:16 server systemd[1]: Started Simple CGI Server.
Sep 06 17:28:16 server systemd[1]: Starting Simple CGI Server...

Here are my config files:

nginx.conf -

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;


events {

worker_connections 1024;

}


http {

include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;

}

nagios.conf -

server {

listen 8000;
server_name nagios.node.com;

access_log /var/log/nginx/nagios.access.log;
error_log /var/log/nginx/nagios.error.log;

root /usr/local/nagios/share;
index index.php index.html;

auth_basic "Protected Site";
auth_basic_user_file .nagios;

location /stylesheets {

alias /usr/local/nagios/share/stylesheets;

}

location ~ .cgi$ {

root /usr/local/nagios/sbin/;
include fastcgi_params;
rewrite ^/nagios/cgi-bin/(.*).cgi /$1.cgi break;
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/local/nagios/sbin/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;

}

location ~ .php$ {

include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/nagios.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nagios/share$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;

}

location ~ (.*.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf))$ {

root /usr/local/nagios/share/;
rewrite ^/nagios/(.*) /$1 break;
access_log off; expires max;

}

}

fastcgi_params -

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

fcgiwrap.socket -

ll /var/run/fcgiwrap.socket
-rw-rw---- 1 nginx nginx 0 Sep 6 17:27 /var/run/fcgiwrap.socket

php-fpm.d www.conf -

[www]

listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1

user = nginx
group = nginx

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35

slowlog = /var/log/php-fpm/www-slow.log

php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

php-fpm.d nagios.conf -

[nagios]

;listen 127.0.0.1:9000
listen = /var/run/php-fpm/nagios.socket
listen.owner = nginx
listen.group = nginx
listen.mode=0660
listen.allowed_clients = 127.0.0.1

user = nagios
group = nagios

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35

slowlog = /var/log/php-fpm/www-slow.log

php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/php-fpm/nagios-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session


As mentioned, I am very much a novice when it comes to php and fcgi. But it appears that the socket is not in a listening mode since a status check returns:

Active: inactive (dead)

Any guidance would be greatly appreciated, thanks in advance.

P.S. - I did not know how to format with blockquotes, etc so I apologize for running everything together..

HB

Shard nginx-rtmp containers with nginx stream module

September 7, 2017, 7:55 am
$
0
0
I want to let people publish on one url, for example:

rtmp://domain:1935/app/stream_name

In this url the stream_name could be a username or whatsoever. The stream_name is dynamic. Now I want to load balance this as following. I have a load balancer which works like:
```
stream {
upstream publish_rtmp_backend {
hash stream_name; <----------------------- Can't find a variable with the stream_name in it for the hash
server publish-rtmp:1935; <---------- hostname to dnsrr from docker service publish-rtmp
}

server {
listen 19350;
proxy_pass publish_rtmp_backend;
}
}
```
My docker-compose.yml for nginx-rtmp container looks like:
```
...
publish-rtmp:
image: publish-rtmp
deploy:
mode: replicated
replicas: 5
endpoint_mode: dnsrr
...
```
So I have 5 containers running with nginx-rtmp. Why can't I get the uri of the rtmp://domain:1935/app/stream_name url in the upstream block of the tcp load balancer. If this isn't possible what is a best practice of handling this.

Re: Nagios on nginx with fcgi/fcgiwrap

September 8, 2017, 11:00 am
$
0
0
All,

I wanted to update status..

I have been working on this and learned a lot more on fastcgi in general. This link provided great information:

https://www.digitalocean.com/community/tutorials/understanding-and-implementing-fastcgi-proxying-in-nginx

I believe I have everything working fine with php-fpm. I (obviously) was confused with needing both php-fpm AND fcgiwrap.

My problem is my PATH_INFO variable, and I am working to figure out why.

It is unfortunate that this board isn't more active as there doesn't appear to be any other forums for nginx. I guess it is what it is...

HB
Search

Nginx - set env_var - typo3 config urls

September 12, 2017, 11:18 am
$
0
0
Hello,

Plesk Onyx, Nginx - FPM - without Apache, Typo3, realURL

I have read and googled a lot but i dont get it.
I try to set the additional nginx conf at the Plesk backend like the following, this works but things like "try_files" and so on doesnt work. Why, what i am doing wrong?

This works and i get nice URLs:
Code:
rewrite !\.(js|ico|gif|jpg|png|css|pdf|mov|mp3|eot|svg|ttf|woff|otf|txt|swf)$ /index.php break;
rewrite /typo3/$ /typo3/index.php break;
rewrite /$ /index.php break;
But things like this dont work (i get allways 404):

Code:
if (!-e $request_filename) {
set $test P;
}
if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
set $test "${test}C";
}
if ($test = PC) {
rewrite ^.*$ /index.php break;
}


OR something like:

try_files $uri $uri/ /index.php?$args;



The second and more important question is:
How can i set domain spezific enviroment variables? To use the TYPO3 Application Context?
I have read about things like the following but nothing works:
Code:
passenger_enabled on;
passenger_env_var $TYPO3_CONTEXT Development;
passenger_set_header TYPO3_CONTEXT Development;

I sit here now for days and dont get it to work, so please help me. :)
Thanks a lot.

P.S.: sry 4 my bad english. ;)

Basic nginx and rtmp setup

September 12, 2017, 5:48 pm
$
0
0
Hi,

I am trying to setup nginx server where it will take video stream as input and re stream it using rtmp. This is my first time doing it and right now I am stuck as stream is not working.

Here's my nginx.config file:

rtmp {
server {
listen 1935;
chunk_size 4000;

application live {
live on;
pull rtmp://95.211.205.206/vod/sample.f4v name=test;
allow play all;
}
}
}

Now after that I try to open following in VLC player but streaming doesn't work.
rtmp://My_Server_IP/live/test

If you open the pull URL given above in VLC then it will work. Can you please check and let me know what's wrong in my code above?

The idea is simple. Take input stream and re stream it as it is.

Re: Basic nginx and rtmp setup

September 13, 2017, 7:23 am

send / ping another server from nginx

September 14, 2017, 2:16 am
$
0
0
I need the following configuration:
when the nginx is getting a request I need to do 3 things:
1. write a log entry
2. reply with a pixel gif file
3. in some instances I need to ping a different url like this: GET http://another_domain.com?a=1&b=2

number 3 is on top of the other two, so a reply with a gif is a must. I do not need to wait for a reply from another_domain.com this can be sent and forget...

At the moment I do it using php, but it takes to long and I want a way to do it directly from nginx.

Thanks

Reverse proxy to application

September 14, 2017, 2:11 pm
$
0
0
Hi everybody

I have a synology and I want to link a subdomain to one on this application. This is the url I usually use to acces to this service :

192.168.0.17:5001//index.cgi?launchApp=SYNO.SDS.App.FileStation3.Instance&launchParam=openfile%3D%252FOliver%252F

But this i too long and I want to acces it directly this mydomaine.com

How should I configure the server ?

Thanks a lot for your help !

nginx+ mod_zip configuration

September 15, 2017, 8:26 am
$
0
0
If mod_zip gets such lines:
- 56320 /form1.doc form1.doc
- 55296 /form2.doc form2.doc
it works fine, but if (subdir added):
- 56320 /upload/form1.doc form1.doc
- 55296 /upload/form2.doc form2.doc
returns error: mod_zip: invalid file list from upstream while sending to client

Please help to fix that issue

nginx error during make

September 16, 2017, 12:50 pm
$
0
0
I'm running fedora 25 32bit and I've downloaded nginx-1.10.1. I . I need the rtmp module working too so I also downloaded nginx-ts-module-master and I ran:

# ./configure --add-module=/home/packages/nginx-ts-module-master
the configure went ok but when I run make it stops with this error:

/home/packages/nginx-ts-module-master/src/ngx_ts_hls.c
/home/packages/nginx-ts-module-master/src/ngx_ts_hls.c: In function ‘ngx_ts_hls_set_slot’:
/home/packages/nginx-ts-module-master/src/ngx_ts_hls.c:988:28: error: assignment from incompatible pointer type [-Werror=incompatible-pointer-types]
hls->path->manager = ngx_ts_hls_file_manager;
^
cc1: all warnings being treated as errors
objs/Makefile:1175: recipe for target 'objs/addon/src/ngx_ts_hls.o' failed
make[1]: *** [objs/addon/src/ngx_ts_hls.o] Error 1
make[1]: Leaving directory '/home/packages/nginx-1.10.1'
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2

I'm new to nginx so I don't know where to go from here. Thanks for any help.
Search

RServe connection

September 19, 2017, 8:58 am
$
0
0
I have my Rserve server connected and trying to connect it via API (node js) to redistribute connections as a load balancer with nginx. The issue is that I am able to redirect the node port, but not the load balancer with Rserve. Below you can see the codes...

Many thanks!

Rserve.conf

remote enable port 1234

Nginx.conf

#user nginx;
worker_processes 5;

events {
worker_connections 1024; ## Default: 1024
use epoll;
multi_accept on;
}

http {
include mime.types;
index index.html index.htm index.php;

default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128;

upstream Rserve {
server http://xx.xxx.xxx.xxx:1234;
server http://xx.xxx.xxx.xxx:1235;
}

server {
listen 6870;

location / {
proxy_pass http://Rserve;
}
}
server {
listen 6070;

location / {
proxy_pass http://xx.xxx.xxx.xxx:6060;
proxy_redirect http://xx.xxx.xxx.xxx:6060;
$scheme://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}


}
nginx version 1.8.1
Rserve_1.7-3
R version 3.4.1

Streaming To Wordpress

September 20, 2017, 10:51 pm
$
0
0
Hi,

Newbie here. I'm using OBS and Nginx, streaming from my own server. Works great on Youtube, but I don't want to stream to Youtube, I want to stream from my own server to my own website (live mp4 stream). I can't seem to get my brains around first; what player other than jwplayer or flowplayer can I use to embed on a page in my self hosted wordpress site, Secondly: how do I tell nginx and/or the player to pick up the live stream itself? How do I connect the two (nginx and player)?

THANK you!

How to implement +FakeBasicAuth on nginx

September 24, 2017, 8:44 am
$
0
0
Hi All,

lately I have switched from apache to nginx and I am having some troubles configuring basic authentication with client ssl certificates. In my apache configuration I have:

<Location /mylocation>
AuthType Basic
AuthName "Client Certificate Required"
AuthUserFile /path/to/user/file
SSLCACertificateFile "/path/to/ca"
Require valid-user
SSLVerifyClient require
SSLVerifyDepth 5
SSLRequireSSL
SSLOptions +FakeBasicAuth
</Location>

and I want to configure the same using nginx but no success. Below is the configuration I am using on nginx:


server {
listen *:443 ssl;
ssl on;
ssl_certificate /path/to.crt;
ssl_certificate_key /path/to.key;
ssl_client_certificate /path/to.pem;
ssl_verify_client optional;
ssl_verify_depth 5;

##kept out other configuration as its non-relevant

location /mylocation {
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include /etc/nginx/fastcgi_params;
if ($ssl_client_verify != SUCCESS) {
return 403;
}
}
##kept out other configuration as its non-relevant
}



I am calling /mylocation using PAW (REST Client) and have provided the client certificate accordingly but keep getting always HTTP 403


The site is configured ok, and if I remove the check I get the response as expected.

Any response is much appreciated.

P.s:
nginx/1.10.3 (Ubuntu)
PHP 5.6 with FPM

Best,
Gezim.

nginx error "location" directive is not allowed here in

September 25, 2017, 2:29 am
$
0
0
Hello,

at reset of nginx after change of a configuration the mistake began to arise. Help, please!!!

nginx [43482]: nginx: [emerg] of "location" directive is not allowed here in/etc/nginx/sites-enabled/nextcloud:57
nginx [43482]: nginx: configuration file/etc/nginx/nginx.conf test failed

nextcloud.conf

upstream php-handler {
server unix:/var/run/php7-fpm.sock;
}

server {
listen 80;
server_name domain.ru;
if ($uri !~* ^/(mailview|msd|separator)) {
return 301 https://$server_name$request_uri;
}
}
server {
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 256;
gzip_buffers 16 8k;
gzip_types text/plain text/json text/css text/javascript text/xml application/octet-stream application/msword application/rtf application/x-7z-compressed application/vnd.ms-excel application/zip application/pdf application/x-rar-compressed application/font-woff application/font-woff2 font/ttf application/atom+xml application/javascript application/x-javascript application/json application/ld+json application/manifest+json image/svg+xml image/bmp image/gif image/jpeg video/mp2t video/mp4 video/x-m4v video/mpeg video/x-matroska video/x-msvideo application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image;
gzip_disable "msie6";
gzip_proxied any;
gzip_http_version 1.1;
expires 365d;
add_header Cache-Control private;
listen 443 ssl http2;
server_name mail.domain.ru;
rewrite ^/(mailview|msd|separator) http://$server_name$request_uri permanent;
}
root /var/www/nextcloud;

ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_ciphers "EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES256:!AES128";

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8;

add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Proxy-Cache "EXPIRED" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;


proxy_connect_timeout 7200;
proxy_send_timeout 7200;
proxy_read_timeout 7200;
send_timeout 7200;

location = /robots.txt {
allow all;
root /var/www/nextcloud;
log_not_found off;
access_log off;
}

location ^~ /.well-known/acme-challenge { allow all; }

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

client_max_body_size 20G;
fastcgi_buffers 64 4K;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 7200;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}

location ~ /.ht {
deny all;
}

location ~* ^.+.(jpg|jpeg|gif|png|ico|css|mp3|ogg|mpeg|avi|mp4|mkv|m4v|zip|pdf|doc|docx|xls|xlsx|ppt|woff|ttf|txt|svg|bmp|rtf|js)$ {
root /var/www/nextcloud;
expires 365d;

}

}

Re: nginx error "location" directive is not allowed here in

September 25, 2017, 4:11 am
$
0
0
chillywilly Wrote:
-------------------------------------------------------

> location = /robots.txt {
> allow all;
> root /var/www/nextcloud;
> log_not_found off;
> access_log off;

Gives an error message on this parameter
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>