More RTMP input

November 16, 2018, 12:22 am

≫ Next: Re: More RTMP input

≪ Previous: About "an upstream response is buffered to a temporary file"

$

0

0

Hi all

I use NGINX for Window for streaming a RTMP.
Is possible using more the one input RTMP and switch between they without stop the streaming out?

Thanks in advance

---

Re: More RTMP input

November 16, 2018, 1:29 am

≫ Next: nginx http2 consistent loading of pictures

≪ Previous: More RTMP input

$

0

0

!

nginx http2 consistent loading of pictures

November 16, 2018, 2:29 am

≫ Next: Re: Content-Length and really sent bytes sometimes mismatch

≪ Previous: Re: More RTMP input

$

0

0

Hi.

Debian GNU/Linux 9
nginx/1.12.2
load_module modules/ngx_http_perl_module.so;
load_module modules/ngx_http_image_filter_module.so;
load_module modules/ngx_http_upload_module.so;

I have attached image. Please help me to understand, why images are loading consistently, but not parallelly.
How to force browser or nginx to download images in parallel mode from html page.

Here is my config:
================
location /media/ {
error_page 418 = @resize;
recursive_error_pages on;
if ( $arg_w ) {
return 418;
}
if ( $arg_h ) {
return 418;
}
if ( $arg_q ) {
return 418;
}

location @resize {
expires 90d;
proxy_cache resized;
proxy_cache_min_uses 1;
proxy_cache_lock on;
proxy_cache_valid 200 100d;
proxy_cache_valid any 1m;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;

proxy_set_body none;
proxy_redirect off;
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;

add_header X-Proxy-Cache $upstream_cache_status;
}


server {
listen 127.0.0.1:8888;
## RESIZE
location /media/ {
alias $home/media/;
## METHOD LIMIT
limit_except GET {
deny all;
}

set $w "-";
set $h "-";
set $q "85";

if ( $arg_w ) {
set $w $arg_w;
}
if ( $arg_h ) {
set $h $arg_h;
}
if ( $arg_q ) {
set $q $arg_q;
}

image_filter resize $w $h;
image_filter_jpeg_quality $q;
image_filter_buffer 20M;
image_filter_interlace on;
}
}
================

Re: Content-Length and really sent bytes sometimes mismatch

November 19, 2018, 2:28 am

≫ Next: err_connection_refused

≪ Previous: nginx http2 consistent loading of pictures

$

0

0

I've found the same problem with current stable Nginx-1.14.1 from nginx-repo on CentOS6.
There are two web-sites on this server, and problem occurs only on one of them.

Also I have many servers with nginx without this problem, so the problem may have some site-specific reasons, but I can't find any differences or strangeness in this environment.

The problem was resolved by installing Nginx-1.10.2 from epel repo.

err_connection_refused

November 22, 2018, 11:58 am

≫ Next: What are the advantages of Nginx Unit?

≪ Previous: Re: Content-Length and really sent bytes sometimes mismatch

$

0

0

Hi

I inherited a python application that uses nginx as it's web server. I wanted to setup a test server using hyper-v and ubuntu 18.04lts server. I am able to install nginx and when I go to my windows 10 machine and type in my server ip, I get the nginx welcome. I then created a small flask python application and was running it in a virtualenv and then tried going to the website using the server ip:8000 and I get connection refused, don't understand what I need to do to get this to work.

Not sure this is the right forum for this but thought I would ask

Thanks

Mitch

What are the advantages of Nginx Unit?

November 26, 2018, 3:20 pm

≫ Next: 502 bad gateway using proxy_intercept_error and error_page

≪ Previous: err_connection_refused

$

0

0

Nginx Unit has been on track after several upgrades.
But I still cannot understand why Nginx Unit.

I'm using PM2 and PHP-fpm to run PHP, Python and
Javascript server scripts easily and reliably.
What are the advantages of Nginx Unit compared to
PM2 and PHP-fpm?

502 bad gateway using proxy_intercept_error and error_page

November 29, 2018, 1:57 pm

≫ Next: 504 timeout on proxy

≪ Previous: What are the advantages of Nginx Unit?

$

0

0

So I'm reading the documentation on proxy_intercept_errors and error_page and for the life of me can't figure out why I'm getting a 502 bad gateway using the custom error page on intercepted proxy errors.

set in the http directive for global use.
error_page 500 502 503 504 /503maintenance.html;
error_page 401 403 /403access-denied.html;
error_page 404 /404filenotfound.html;


set in a separate server directive
location / {
proxy_pass https://some-backend-webserver;
proxy_intercept_errors on;
}

location ~* /*.html {
root /customerrorpages;
internal;
}

- So currently we are testing a receiving a 404 - page not found from the back end web server. if proxy_intercept_errors is off then we see the 404 from the backend web server get passed through.
- If proxy_intercept_errors is on the 404 appears to be process as a new request and turns into a 502 bad gateway. ( I do get the custom 502 error page)
- If I remove the coding for the custom error pages I see the nginx 404 error page.

Any ideas why this is happening ?

504 timeout on proxy

December 3, 2018, 12:28 pm

≫ Next: NGINX as Reverse Proxy works for HTTPS but not with HTTP

≪ Previous: 502 bad gateway using proxy_intercept_error and error_page

$

0

0

Hi everyone,

I got this legacy application that was developed in java/echo tecnology and is running on tomcat. the users used to access by the ip and port of the server. So, I tried to add a proxy using nginx. almost everything running ok, but there are some jobs that takes more than 3 hours to be completed, these old jobs are not async, so the proxy wait for them to be completed and timed out with 504 error code. I need a short term solution meanwhile I migrate those jobs to new async tech. I'm thinking in increase the timeout value to 14400 seconds (4hours), but I'm not sure if this is such a good idea. Can anyone help me out? increasing all to that value will impact the performance of the proxy?

Thanks in advance,
Eckly

---

NGINX as Reverse Proxy works for HTTPS but not with HTTP

December 11, 2018, 12:10 pm

≫ Next: 502 Bad Gateway

≪ Previous: 504 timeout on proxy

$

0

0

Guys,

I am very new to nginx and trying to use it as a reverse proxy for my apache/php application that is behind internal load balancer with IP : 10.0.1.4
I am trying to redirect traffic that comes to my NGINX reverse proxy to the internal load balancer's IP.

When i use HTTPS configuration in proxy.conf , it works fine with self signed cert errors

but when I use non SSL version of proxy.conf and try to hit nginx reverse proxy on port 80, it does not work.

following are the contents of my file. Please help me if you can. i spent a lot of time before posting the issue here. i could not get it working.

My environment : Red Hat Enterprise Linux Server release 7.6 (Maipo) on Azure
nginx version: nginx/1.15.5
Nginx.Service : Active and Running

-------------------------------------------------------------------------------------------
NGINX.CONF
-------------------------------------------------------------------------------------------

[root@webserver1 nginx]# vim nginx.conf
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;

-----------------------------------------------------------------------------
WORKING HTTPS PROXY.CONF -- THIS WORKS
-----------------------------------------------------------------------------
:[root@webserver1 nginx]# cd conf.d/
[root@webserver1 conf.d]# vim proxy.conf

server {
listen webserver1:443;


ssl on;
ssl_certificate /etc/nginx/ssl/proxy.pem;
ssl_certificate_key /etc/nginx/ssl/proxy.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 2m;

location / {
proxy_pass http://10.0.1.4:80;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}

----------------------------------------------------------------------------------------------------------
NOT WORKING PROXY.CONF for HTTP access ONLY
-------------------------------------------------------------------------------------------
server {
listen 80 default_server;
location / {
proxy_pass http://10.0.1.4:80;
}
}

---------------------------------------------------------------------

When it works i am hitting the URL : https://webserver1 or https://10.0.1.5

I am trying to get URL : http://webserver1 or http://10.0.1.5 to work.

Any help is appreciated .

Thanks

502 Bad Gateway

January 7, 2019, 1:21 am

≫ Next: no response from server (website not loading)

≪ Previous: NGINX as Reverse Proxy works for HTTPS but not with HTTP

$

0

0

I have installed NGINX on Ubuntu 18.04. After installation, i ran the command: "nginx -t" and i got the messages that the configuration syntax is OK and the test is also successful. The service is also running which I tested using the command "service nginx status".

However, when i typed my IP in a web browser to check wether nginx is really up and running, I got the error "502 Bad Gateway".

Please help me resolve this issue. Thank you in advance.

no response from server (website not loading)

January 30, 2019, 2:43 am

≫ Next: nginx not restarting ...

≪ Previous: 502 Bad Gateway

$

0

0

i have just installed nginx, and when i try to load http://<server_IP_address>/index.nginx-debian.html. it says connection has timed out after like 3-4 minutes.

nginx not restarting ...

February 6, 2019, 2:52 am

≫ Next: Re: Nginx autoindex not working - 404 error

≪ Previous: no response from server (website not loading)

$

0

0

Hi all.
straight to the topic - i have installed https://gist.github.com/silentbreaksec/00ef80b38a54c01846a501f9732e81f7 this and automatically nginx get installed and while installing it shows error message " nginx cannot be restarted error code :1"
Then i use the " sudo systemctl status nginx.service to see a detail status of the error im having.
The above word document shows the screenshots of the error im getting while trying to run nginx.

Re: Nginx autoindex not working - 404 error

February 8, 2019, 5:50 am

≫ Next: Nginx reverse proxy microcaching not working

≪ Previous: nginx not restarting ...

$

0

0

Thanks, @archer72 friend for sharing your experience with us hope it really works for us also.

Nginx reverse proxy microcaching not working

February 19, 2019, 1:24 pm

≫ Next: Let nginx do retry on other upstream if fail or not?

≪ Previous: Re: Nginx autoindex not working - 404 error

$

0

0

My current config is Nginx webserver as a reverse proxy with Apache at backend for dynamic pages and Apache is configured with PHP-FPM.

My dynamic pages don't change often so I am trying to use Nginx microcaching but can't seem to get working.

Here is my nginx.conf (possible unnecessary stuff excluded):

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 10s;
client_body_timeout 10s;
client_max_body_size 200k;
client_header_buffer_size 2k;
client_body_buffer_size 200k;
large_client_header_buffers 3 1k;
send_timeout 3m;
keepalive_timeout 60 60;
reset_timedout_connection on;
ignore_invalid_headers on;
connection_pool_size 256;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;

include mime.types;
default_type application/octet-stream;

# Compression gzip
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_min_length 512;
gzip_comp_level 6;
gzip_buffers 8 64k;
gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application$

# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass_header Set-Cookie;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
#proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
#proxy_cache_key "$host$request_uri $cookie_user";
#proxy_temp_path /var/cache/nginx/temp;
#proxy_ignore_headers Expires Cache-Control;
#proxy_cache_use_stale error timeout invalid_header http_502;
#proxy_cache_valid any 1d;

#open_file_cache max=50000 inactive=60s;
#open_file_cache_valid 120s;
#open_file_cache_min_uses 2;
#open_file_cache_errors off;
#open_log_file_cache max=10000 inactive=30s min_uses=2;

# SSL Settings
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS";

# Logs
#log_format main '$remote_addr - $remote_user [$time_local] $request '
# '"$status" $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
log_format bytes '$body_bytes_sent';
#access_log /var/log/nginx/access.log main;
access_log off;

## Advanced microcaching
## set cache dir, hierarchy, max key size and total size
fastcgi_cache_path /dev/shm/microcache levels=1:2 keys_zone=microcache:50M max_size=2000M inactive=2h;

## set cache log location, so you can evaluate hits
log_format cache '$remote_addr - $remote_user [$time_local] "$request" '
'$status $upstream_cache_status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

## Set a cache_uid variable for authenticated users.
map $http_cookie $cache_uid {
default nil;
~SESS[[:alnum:]]+=(?<session_id>[[:alnum:]]+) $session_id;
}

## mapping cache to request method
map $request_method $no_cache {
default 1; # by default do not cache
HEAD 0; # cache HEAD requests
GET 0; # cache GET requests
}

# Include additional configuration
include /etc/nginx/cloudflare.inc;
include /etc/nginx/conf.d/*.conf;
}

My vhost config (relevant stuff only) is:

location / {
include /etc/nginx/ddos.d/http1.1_blocker.conf;
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
root /home/xtrefish/public_html;
expires max;
try_files $uri @backend;
}

error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
proxy_pass http://134.0.118.72:8181;
include proxy.inc;
}

location @backend {
internal;
proxy_pass http://134.0.118.72:8181;
include proxy.inc;
}

location @custom {
internal;
proxy_pass http://134.0.118.72:8181;
include proxy.inc;

location @custom {
internal;
proxy_pass http://134.0.118.72:8181;
include proxy.inc;
}

location ~ .*\.(php|jsp|cgi|pl|py)?$ {

## Caching stuff is here
# Setup var defaults
set $no_cache "";
# If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
if ($request_method !~ ^(GET|HEAD)$) {
set $no_cache "1";
}
# Drop no cache cookie if need be
# (for some reason, add_header fails if included in prior if-block)
if ($no_cache = "1") {
add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
add_header X-Microcachable "0";
}
# Bypass cache if no-cache cookie is set
if ($http_cookie ~* "_mcnc") {
set $no_cache "1";
}

# Bypass cache if flag is set
fastcgi_no_cache $no_cache;
fastcgi_cache_bypass $no_cache;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid 200 301 302 10m;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

proxy_pass http://134.0.118.72:8181;
include proxy.inc;
}

I can confirm I am using PHP-FPM as info.php responds

Server API FPM/FastCGI

To test this, I have a microcache_test.php containing

<?php
/**
* Display microtime
* Requires PHP 5, preferably PHP 5.4+
* This function is only available on operating systems that
* support the gettimeofday() system call.
*
* Returns float in format seconds.microseconds
*/
echo ' Current microtime: ' . microtime(true);


And /microcache_test.php responds:

Request URL: https://example.com/mictest.php
Request Method: GET
Status Code: 200
Remote Address: 82.102.16.22:443
Referrer Policy: no-referrer-when-downgrade
cache-control: public
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 19 Feb 2019 09:13:58 GMT
server: nginx/1.15.8
status: 200
vary: Accept-Encoding
:authority: example.com
:method: GET
:path: /mictest.php
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: PHPSESSID=864e0ajkc6l1rbhepr651dp1t2
save-data: on
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36

So caching is certainly not working. My caching directories are 777 and I tried setting cache in htaccess in apache as well but to no avail (Nginx is set to ignore the headers anyway).

Any ideas what am I missing?

Let nginx do retry on other upstream if fail or not?

August 24, 2018, 4:44 pm

≫ Next: Nginx won't serve svg files

≪ Previous: Nginx reverse proxy microcaching not working

$

0

0

Is it good in general to let nginx do retry on other upstream if one fail, timeout and etc?
There is a setting "proxy_next_upstream" and "proxy_next_upstream_tries" for configuring that, and even if we can configure the behavior for "non_idempotent" to not be retried, but is it good to assume that no one will use a GET request for non_idempotent behavior?

---

Nginx won't serve svg files

February 23, 2019, 11:47 am

≫ Next: nginx: [emerg] “if” directive is not allowed here

≪ Previous: Let nginx do retry on other upstream if fail or not?

$

0

0

I'm fairly new to nginx, and am just trying to set up a simple static content example on my raspberry pi 3A+ but I can't get it to serve svg files. In the example below, the png image shows fine, but the svg files all show the alt text only. I have reviewed the documentation and all the forums I can find and I have tried everything - no luck. I tried browsing this from localhost and two other pc's on my LAN - same result.

Here's the /etc/nginx/nginx.conf file

user pi;
events{}
http {
server {
listen 80;
server_name localhost;
root /home/pi/DigitalClock/dcvenv;
index /static/index.html;
location / {
autoindex on;
}
}
}

The entry in the /etc/nginx/mime.types file is (i did not alter the file at all)
image/svg+xml svg svgz;

here's my /static/index.html

<html>
<img src="/static/admin/img/pic01.png" alt="Search"></label>
<img src="/static/admin/img/icon-yes.svg" alt="icon yes"></label>
<img src="/static/admin/img/search.svg" alt="icon yes"></label>
<img src="/static/admin/img/sorting-icons-yes.svg" alt="icon yes"></label>
</html>

all the files are present in the specified directory and permissions are set the same from root on downward as owner=rwx, group=x, other=x

nginx start command: sudo service nginx start

nginx: [emerg] “if” directive is not allowed here

February 24, 2019, 12:47 pm

≫ Next: Question about H2 WINDOW_UPDATE

≪ Previous: Nginx won't serve svg files

$

0

0

Can you help me? I'm trying to block all requests outside my domain, and allow the request if a specified parameter exists

location ~* \.(mp4|vtt|mp3|mkv|avi)$ {
if ( $http_referer !~* 'mywebsite.com' ) { # check http_referer
if ($arg_78up = '') { #check if parameter 78up is empty
return 404; # then redirect to 404 page
}
}
}

And I'm getting this error when nginx starts:
nginx: [emerg] "if" directive is not allowed here in /etc/nginx/sites-enabled/default:17

What should I do to fix this issue? Thank you!

Question about H2 WINDOW_UPDATE

February 24, 2019, 8:54 pm

≫ Next: Re: Question about H2 WINDOW_UPDATE

≪ Previous: nginx: [emerg] “if” directive is not allowed here

$

0

0

I find an weird action of Nginx that it send WINDOWS_UPDATE frame by using a closed stream_id (see wp.pcap).
The client which using hyper(python) will throw exception.

Re: Question about H2 WINDOW_UPDATE

February 24, 2019, 10:46 pm

≫ Next: Most secure multi-site Nginx setup

≪ Previous: Question about H2 WINDOW_UPDATE

$

0

0

I find the root cause
(1) client :
send post with data(HEADER frame without END_STREAM flag and DATA frame with END_STREAM flag)
(2) server config
location {
return 200 "simple return";
}
(3) Once the Nginx receives the HEADER frame, it call http rewrite module to process request and then the call ngx_http_finalize_connection->ngx_http_v2_close_stream to close stream before DATA frame is processed.

Thus, for client it has send the END_STREAM flag but for server it hasn't received it. So function ngx_http_v2_send_window_update will be called in function ngx_http_v2_close_stream.

Most secure multi-site Nginx setup

February 25, 2019, 2:39 am

≫ Next: Nginx Consistent Hashing with Service Discovery

≪ Previous: Re: Question about H2 WINDOW_UPDATE

$

0

0

Hi all

I've some experience with NGINX but am really an IIS guy (sorry!) and am looking to make the jump on our servers from IIS to NGINX as I've been very impressed with its speed and flexibility. However, I have some (probably quite basic) questions regarding securing the setup:

1. IIS runs each site in its own pool which is great for isolation. If one bad PHP script ruins a site, it can't get access to any other sites on the server. I presume there's a similar way to set NGINX up but, from what I can currently see, all sites run under the NGINX user (www-data) and could, theoretically, traverse up beyond the site's root and access other sites to perform malicious actions? I'm sure I've got this wrong so perhaps someone can point me to a way to isolate each site in a way that's scalable?

2. Permissions – it seems NGINX requires fairly lax permissions to operate. The majority of the sites we host are WordPress and, even with the wp-content folder set to 775 and owned by the www-data group, sometimes WordPress still can't write its files and asks for FTP access. Obviously not going to set 777 so am having to use the FS_DIRECT method to ensure WordPress can write but this isn't ideal.

3. I'm using PHP FPM – is there anything in particular I should be doing to ensure a script running through FPM can't access system files / other websites? From what I've found, it looks as though the only way to achieve this is to set up individual users for each website (well over 100) which would require a significant amount more administration than IIS.

By the way, I'm aware all of this is due to my inexperience with NGINX and fully expect it is at least as capable as IIS so really grateful for pointers and assistance in filling in the gaps in my knowledge!