Allow HTTP 206 only (no replies)

March 10, 2014, 12:29 am

≫ Next: URL special characters, punycode and http (no replies)

≪ Previous: Check if NFS mount is active before serving (no replies)

$

0

0

Hello

I've got a video sharing web site and want to secure video links not to be available for direct download.

Site uses HTML5 <video> tag when available and flash plugin when it's not. We do referrer check, but various download extensions are sending same headers as website itself does. One thing I've noticed is, that when asked for a file from HTML5 and flash, nginx is returning HTTP 206 partial content, and from downloaders there is 200.

Can I somehow deny them?

Changed in default.conf

error_page 200 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}


now nginx is throwing error

nginx: [emerg] value "200" must be between 300 and 599 in /etc/nginx/conf.d/default.conf:26

What can I do?

Thanks ahead.

---

URL special characters, punycode and http (no replies)

March 13, 2014, 4:16 am

≫ Next: How to encapsulate HTTP and HTTPS together (no replies)

≪ Previous: Allow HTTP 206 only (no replies)

$

0

0

I have a URL with special carachters (nicolòzanetti.com), and I'm having problem telling nginx how to handle it to the correct site.

With a basic configuration:
server_name www.nicolòzanetti.com nicolòzanetti.com;
https://www.nicolòzanetti.com -> Default virtual host but url unchanged
https://nicolòzanetti.com -> Default virtual host but url unchanged
http://www.nicolòzanetti.com -> Default virtual host and url changed to that of default virtual host
http://nicolòzanetti.com -> Default virtual host and url changed to that of default virtual host

So i tried with PunyCode:
server_name www.xn--nicolzanetti-rhb.com xn--nicolzanetti-rhb.com www.nicolòzanetti.com nicolòzanetti.com;
https://www.nicolòzanetti.com -> Works!
https://nicolòzanetti.com -> Works!
http://www.nicolòzanetti.com -> Default virtual host and url changed to that of default virtual host
http://nicolòzanetti.com -> Default virtual host and url changed to that of default virtual host

I even tried to use regex with ~^www\.nicolòzanetti.com$ and ~^www\.nicol.zanetti\.com$, but it failed again.
I should use the encode function? If yes where can I find some examples please?

How to encapsulate HTTP and HTTPS together (no replies)

March 13, 2014, 9:58 pm

≫ Next: Optimal gcc parameters for building nginx from source (no replies)

≪ Previous: URL special characters, punycode and http (no replies)

$

0

0

Hi all,

I have an application running HTTPS, but including some HTTP traffic in an iFrame.
I'd like to be able to proxy the HTTP traffic, encapsulate it to HTTPS, so client received HTTPS sessions only.

Possible with NGINX?


Thanks
Etai

Optimal gcc parameters for building nginx from source (no replies)

March 15, 2014, 2:00 pm

≫ Next: Static files logging off + directory access restriction (no replies)

≪ Previous: How to encapsulate HTTP and HTTPS together (no replies)

$

0

0

Hi

Are there recommended gcc parameters when building nginx from source - regarding performance and security?
--with-cc-opt=parameters

I noticed that the prebuilt package on ubuntu used
--with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro'

Is this recommended?
What would make sense resp. be a best practice approach?

thx

Static files logging off + directory access restriction (no replies)

March 16, 2014, 1:21 am

≫ Next: limit rate based on body content (no replies)

≪ Previous: Optimal gcc parameters for building nginx from source (no replies)

$

0

0

Hi,

I've recently switched from apache to nginx and I'm still struggling with a few minor details:

I dont want to log any static files for a particular vhost and I want to restrict the access to a particular directory and all subdirectories within it. So I have these lines in my vhost configuration file:


# Static files logging off
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml|html|txt)$ {
access_log off;
expires max;
}


# Restrict access to admin directory
location /admin/ {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/secret/admin.secret;

....
....
}


Access restriction works if I try to access http://example.com/admin/subdir/

but my problem is that when accessing e.g. http://example.com/admin/subdir/index.html I am not asked for any password and the file is displayed directly this is also valid for e.g. http://example.com/admin/subdir/picture.jpg

As soon as I remove the html and the jpg part for the static files logging segment I am asked for a password in both cases.

How do I have to change my configuration so that I do not log the files but am still asked for a password for any of those files within the access restricted folder?

Thanks for any help

limit rate based on body content (no replies)

March 18, 2014, 1:52 am

≫ Next: Multiple PHP Websites (no replies)

≪ Previous: Static files logging off + directory access restriction (no replies)

$

0

0

Hi,

I am trying to throttle (limit rate) and reverse proxy using nginx.
I am able to do that using the location or the request URL path.

But is there any way to do that using the Body Content of any request?
Thanks

Multiple PHP Websites (no replies)

March 18, 2014, 12:09 pm

≫ Next: Trouble serving html or cgi (no replies)

≪ Previous: limit rate based on body content (no replies)

$

0

0

Hi

I think I need some help configurate nginx properly.
Im running multiple php sites in /usr/share/nginx/www/<subdirectory>, which works well with the nearly default configuration of nginx.

Now I want to make a new subpage with rewrite rules. I tried this configuration in a .conf file.. but it did not work.

# nginx configuration
autoindex off;

location /mysub/ {
if (!-e $request_filename) {
rewrite ^/mysub/(.+)$ /mysub/index.php?url=$1 break;
}
}

Thanks for your help.

Trouble serving html or cgi (no replies)

March 19, 2014, 9:39 am

≫ Next: Rewrite Subdomain to URL (no replies)

≪ Previous: Multiple PHP Websites (no replies)

$

0

0

I know there's something fundamental I'm doing wrong but I'm thisclose getting nginx to work for me. I have the typical set up where I want any requests to a directory, such as 'mysite.com/pages' be served by 'index.html' and any requests for '/pages/page1' to be served by page1.html. I set up a directory called '/test' which is sent to a thttpd set up that serves a cgi generated page and this works just fine.

My problem occurs when I want /test/example where 'example' should be served by thttpd through cgi. I've gotten everything from redirect loops to 'not found' reported. I've done so many restarts that I've lost track of where I am this is what I have and I hope someone can set me straight and on the right path.

This gets the proper page served from thttpd if I just do http://mysite.com/test
location /test {
proxy_pass http://127.0.0.1:8000;
}

This will get any html files I have, such as http://mysite.com/ for index or /page will retrieve page.html
location /test {
try_files $uri.html $uri/index.html =404;
}

But I'm just thoroughly messed up on how to combine the two so the first example works with index.html and other html files while serving cgi from thttpd for paths like http://test/secondlevel

---

Rewrite Subdomain to URL (no replies)

March 19, 2014, 9:26 pm

≫ Next: Need help how to push rtmp streams to http streams (no replies)

≪ Previous: Trouble serving html or cgi (no replies)

$

0

0

I've been stuck on this problem for hours and can't seem to get it working despite trying all the various methods I've seen on here.

Basically, I just want to forward my wildcard subdomains to a URL path invisibly. I.e.

http://user1.mysite.com ---> http://www.mysite.com/index.php?user=user1

This is my nginx/sites-available/default file:

server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6

root /usr/share/nginx/www;
index index.html index.php index.htm;

server_name mysite.com www.mysite.com;

location / {
try_files $uri $uri/ /index.html;
rewrite ^/(((?!products|suppliers|member|wap))[a-z0-9_-]+)([/])?$ /index.php?user=$1;
#rewrite ^(.*)\.mysite\.com/$ $scheme://www.mysite.com/index.php?user=$1 last;

}

location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
}

server {
server_name ~^(?<subdomain>.+?)\.mysite\.com$;
rewrite ^ $scheme://www.mysite.com/index.php?user=$subdomain;
# I have also tried adding permanent, redirect, last to the line above
}


So I don't know where I'm going wrong... when I enter user1.mysite.com, it will correctly redirect me to my site.com/index.php?user=user1, but the URL in the browser will change, and I don't want to see that... What have I done wrong?

On another note, if I remove $scheme://www.mysite.com and just use /index.php?user=$subdomain; then it wouldn't even redirect...

Please assist. Many thanks in advance!

Need help how to push rtmp streams to http streams (no replies)

March 21, 2014, 12:18 am

≫ Next: Need Help setting up Nginx wit PHP-fpm (no replies)

≪ Previous: Rewrite Subdomain to URL (no replies)

$

0

0

Dears,
I want to use my Nginx server , to restream rtmp links in http streams.

Is this possible?
Thanks in advance

Need Help setting up Nginx wit PHP-fpm (no replies)

March 21, 2014, 8:06 am

≫ Next: Compiling nginx on Windows (2 replies)

≪ Previous: Need help how to push rtmp streams to http streams (no replies)

$

0

0

Im setting up an Nginx server with a simple wordpress installation, just to try out Nginx and see if it is better than apache.
But i can't figure out how to get the newest version running with php-fpm.
I get it working with v. 1.2.1 of Nginx but i dont want to have a version of Nginx wich is almost two years old.
As you can see in the error.log of Nginx it is trying to connect to php-fpm through the socket (as i told it to)
but is getting no response.
PHP-fpm is listening on /var/run/php-fpm.sock and its error.log is showing no errors.
As you would expect when php-fpm is'nt responding (who knows why) i get no php output.
Normal .html files do display as of that fact, im pretty sure its a problem with the communication between Nginx and php-fpm.
If you know what i have done wrong, please reply.

default.conf and Nginx error.log are attatched

Compiling nginx on Windows (2 replies)

March 24, 2014, 2:28 pm

≫ Next: Access multiple websites from one domain? (no replies)

≪ Previous: Need Help setting up Nginx wit PHP-fpm (no replies)

$

0

0

I'm attempting to follow the instructions here to compile nginx on Windows:

http://nginx.org/en/docs/howto_build_on_win32.html

First of all, when the instructions say "Start MySYS bash" I'm assuming it means "run MinGW/msys/1.0/msys.bat"?

Secondly, when I do this, I noticed that "MinGW/msys/1.0/home/JensenV/" is where Mercurial puts things I check out. This seems to be my 'home' directory. Okay, cool.

Where I get stuck is running the configuration script. First, it says to use "auto/configure" but when I do this, I get:
"sh: auto/configure: No such file or directory".

So I tried just "configure" instead which seems to be right (is it?), but then I get a Windows dialog box saying "configure.exe has stopped working" and this output is in MINGW32's bash console:

----------
License file not found in C:/MinGW/msys/1.0/home/JensenV
Enterprise modules will not be available.

QDir::readDirEntries: Cannot read the directory: C:/MinGW/msys/1.0/home/JensenV/
objs/lib/src (UTF8)
Unknown option --with-cc=cl
QMAKESPEC must either be defined as an environment variable, or specified
as an argument with -spec
QDir::readDirEntries: Cannot read the directory: C:/MinGW/msys/1.0/home/JensenV/
objs/lib/mkspecs (UTF8)
----------

At this point I'm stuck. I do recognize "QDir" as a Qt command (http://qt-project.org/)... we use Qt here at work. But I'm at a loss as to why it's looking for "objs/lib/src" or "objs/lib/mkspecs" (none of these exist) or how I'm supposed to fix this issue. Nothing was in the instructions about creating these directories or filling them with contents of some sort.

If I create empty directories for src and mkspecs, I still get the errors above for "Unknown option --with-cc=cl" and "QMAKESPEC must either be defined as an environment variable, or specified as an argument with -spec". What should this environment variable be set to, and why is -with-cc=cl unsupported?

Also, the instructions say to use "nmake" as the final step, but only "make" seems to be a valid command. Typo? Or am I using the wrong shell or something?

Access multiple websites from one domain? (no replies)

March 25, 2014, 3:50 pm

≫ Next: How to use nginx as a reverse proxy with sharepoint (no replies)

≪ Previous: Compiling nginx on Windows (2 replies)

$

0

0

Hello,

I am new to Nginx. Got to know about it when installing GitLab. I have gone through some of the configuration files and have also read the documentation here: http://nginx.org/en/docs/beginners_guide.html

However I cannot really find the answer I am looking for.

I am using nginx configuration file that comes with GitLab. Can be found here:
https://github.com/gitlabhq/gitlabhq/blob/master/lib/support/nginx/gitlab

My problem is that I can access the website (Gitlab) as follows: http://localhost

However I would like to access the website as follows: http://localhost/gitlab

Is there a way how I can do this by changing gitlan nginx configuration file?

I have only one domain and I would like to use it as follows if possible:

http://domain/gitlab
http://domain/webapp2
http://domain/webapp3
etc...

How to use nginx as a reverse proxy with sharepoint (no replies)

March 25, 2014, 4:41 pm

≫ Next: How to make nginx start/reload if it encounters dns error while looking up fqdn in server directive (no replies)

≪ Previous: Access multiple websites from one domain? (no replies)

$

0

0

Hello everyone!

I'm sorry for my english, I'm french so I hope you will understand my problem.


I have a big problem about ntlm authentication with sharepoint applications and nginx reverse proxy.

I have sharepoint applications using ntlm authentication, and I can't change the authentication method (no Basic, or digest...).
When the client want to connect to sharepoint, requests pass throught a nginx reverse proxy as below:

Client ----------->nginx Reverse Proxy -------------> Sharepoint

When I connect to sharepoint (threw the reverse proxy), it ask me credential again and again and again... and after I can access to the application.

I put a "keepalive 1024 " in the upstream configuration (ntlm authentication require the same tcp connection, otherwise it doesn't work)

I used Wireshark to see what happen, and I saw that several tcp connections are created by the client (each time that a tcp connection is establish an ntlm authentication happen), but when the reverse proxy "forward" packets, it establishes its own tcp connection with sharepoint but mix packets from different tcp connection coming from client. And because of that, sharepoint ask me credentials several time.


It's hard to explain so see below, it can hep you:

View Layer 4 (TCP):
Client1--packet1A---packet2A----packet3A--->RP--->packet1A----packet2B-----packet3A---->Sharepoint
Client1--packet1B---packet2B----packet3B--->RP--->packet1B----packet2A-----packet3B---->Sharepoint

View Layer 7(http):
Client1-------http1--------http2----------http3------->RP------>http1----------http2------------http3-------->Sharepoint


RP is Reverse Proxy
http? is a http request

The probleme is that nginx can see the layer 7 but can't see layer 4. In consequence, http requests will be receive in the good order by sharepoint but with different tcp connection.

Is there a parameter in nginx configuration which allow to forward packets to upstream in keeping same tcp connection from downstream?

I hope you can help me.

Best Regard,

Jon

How to make nginx start/reload if it encounters dns error while looking up fqdn in server directive (no replies)

March 26, 2014, 12:10 pm

≫ Next: Nginx module development question (no replies)

≪ Previous: How to use nginx as a reverse proxy with sharepoint (no replies)

$

0

0

I have several nginx services configured on my system. Suppose one of these services is configured with upstream block and with server directive pointing to fqdn.

With this configuration files, when nginx starts up or reloads config file and if it's not able to resolve fqdn, then it wouldn't even start or reload rest of the configuration data. As a result, all my services are down just because one service encounters an error.

With set directive and using a variable in proxy_pass directive, you can make nginx to resolve the fqdn only during request proxying. But in my case, I have a upstream block and using server directive to specify fqdn. So that solution will not work for me. So is there a way to make nginx still go ahead with the configuration and start even when it encounters DNS error or make nginx delay DNS resolution only when the http request arrives?


As an example, here is the sample block inside a conf file

upstream ustreamtest{

server test-server.com:80 ;
}

server {
server_name test ;
listen 192.168.150.89:802 ;
resolver 10.0.0.5 ;
proxy_bind 192.168.150.87;

location / {
set $test "ustreamtest";
proxy_pass HTTP://$test;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

include /usr/local/nginx/conf/proxy.conf ;
proxy_redirect off;
}
}

---

Nginx module development question (no replies)

March 28, 2014, 5:13 pm

≫ Next: limit_req error (2 replies)

≪ Previous: How to make nginx start/reload if it encounters dns error while looking up fqdn in server directive (no replies)

$

0

0

I'm starting to get my feet wet with nginx module development. I've looked over Evan Miller's guide, as well as a few articles on nginxguts.com, and have plugged in one of the Hello World examples (from yet another site) and it works fine.

So for my question: in the handler, the Hello World examples set the Content Type using:

r->headers_out.content_type_len = sizeof("text/html") - 1;
r->headers_out.content_type.len = sizeof("text/html") - 1;
r->headers_out.content_type.data = (u_char *) "text/html";

I'm wondering, if I were to use a dynamically allocated C string (using calloc) instead of the static "text/html", would it be safe to release this string after calling

rc = ngx_http_send_header(r);

near the end of my handler? Or is this field possibly used at some later point, even after you call ngx_http_send_header?

limit_req error (2 replies)

March 30, 2014, 8:31 am

≫ Next: rewrite specific file (no replies)

≪ Previous: Nginx module development question (no replies)

$

0

0

Hello.

Well, i try to add limit_req to my server, but when i add the limit_req_zone it is have a error in the log, and the nginx server don't work, in my error logs appear this:

2014/03/30 05:11:22 [emerg] 3012#2180: shared zone "limit" has no equal addresses: 02C00000 vs 02DC0000
2014/03/30 05:11:22 [alert] 3004#284: worker process 3012 exited with code 1

what can i do?

Thank you.

rewrite specific file (no replies)

March 31, 2014, 12:14 am

≫ Next: Nginx with tomcat (nginx_ajp_module) different webapps (no replies)

≪ Previous: limit_req error (2 replies)

$

0

0

Добрый день.

Есть приложение: клиент написан на actionScript, сервер на php. Так как приложение стало популярным, загрузка клиентской части начала нагружать нашу сеть. Мы решили переложить файлы клиентской части приложения на другой сервер ( ширина канала там больше и трафик в месяц практически неограничен ). Чтобы перенаправлять запросы на другой сервер я изменил настройки nginx:

rewrite ^/app\.php/?(.*)$ /$1 permanent;

location / {
root /home/user/html/web;
index app.php;

### вот эту строчку я добавил для перенаправления
rewrite "/stat/game.swf" http://another_server/stat/game.swf permanent;

try_files $uri @rewriteapp;
}

location @rewriteapp {
root /home/user/html/web;
rewrite ^(.*)$ /app.php/$1 last;
}

на сколько правильно делать перенаправление так?

p.s. в настройке nginx я новичек.

Nginx with tomcat (nginx_ajp_module) different webapps (no replies)

March 31, 2014, 2:26 am

≫ Next: Nginx is not accepting range of bytes (no replies)

≪ Previous: rewrite specific file (no replies)

$

0

0

Hello there ;),

I'm currently trying to switch from "apache <-> tomcat" to "nginx <-> tomcat" with nginx_ajp_module,
this works, but not like intended

APACHE2.conf:
-------------------------------

ProxyPass / ajp://10.0.0.49:8009/myAPP

-------------------------------

NGINX.conf:
-------------------------------
location / {
ajp_pass 10.0.0.49:8009/myAPP
}
------------------------------

Apache is forwarding "ajp://10.0.0.49:8009/myAPP" to "http://127.0.0.1/" like expected, but Nginx is forwarding "ajp://10.0.0.49:8009/" to "http://127.0.0.1/" and "ajp://10.0.0.49:8009/myAPP" to "http://127.0.0.1/myAPP".

So does anybody knows how i can make nginx forwarding an specific tomcat app "/myAPP" to the nginx "root" (/)?

Thanks for your help, :)

cddm

Nginx is not accepting range of bytes (no replies)

April 2, 2014, 11:52 pm

≫ Next: How to make nginx to redirect multiple subdomains? (no replies)

≪ Previous: Nginx with tomcat (nginx_ajp_module) different webapps (no replies)

$

0

0

I am using nginx to serve videos from the file system. I would like to enable range request.

Currently this is the result returned for my file

curl -I fileurl
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 29 Mar 2014 06:41:41 GMT
Content-Type: video/mp4
Content-Length: 15603963
Last-Modified: Sat, 04 Jan 2014 15:02:26 GMT
Connection: keep-alive
Keep-Alive: timeout=300
Accept-Ranges: bytes

But if I send curl --header "Range: bytes=0-50" fileurl

the whole file is downloaded while I expect only the first 50 bytes.

This is the server in nginx config:

server {
listen 80;
server_name myserver;
error_log logs/myserver.error.log;
access_log logs/myserver.access.log;

root /srv/myserver;

#add_header Accept-Ranges;
add_header Accept-Ranges bytes;
}

Do I have to enable anything else? How could I allow range requests for the files?