How to log all sent set-cookie headers (no replies)

May 20, 2014, 10:52 pm

≫ Next: How To HTTPS/SSL Redirect/Rewrite Without Cert ? (1 reply)

≪ Previous: Xpost: Httpd LimitRequestFields variable in NGINX?? (no replies)

$

0

0

Giving $sent_http_set_cookie in log_format logs only the first cookie that is set by Set-Cookie. Is there a way to log all the cookies that are sent using Set-Cookie.

This is the exact snippet in my nginx config
log_format main '$remote_addr [$time_local] '
'"$scheme $host $request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'($request_time)'
'(($sent_http_set_cookie))';

---

How To HTTPS/SSL Redirect/Rewrite Without Cert ? (1 reply)

May 21, 2014, 2:17 pm

≫ Next: sub.domain.tld linked back to domain.tld (no replies)

≪ Previous: How to log all sent set-cookie headers (no replies)

$

0

0

I've created a new site, and purchased an EV cert for the site (www.mysite.com).

The cert is valid for WWW.mysite.com, however I know that several users are trying to get to the site via mysite.com (no WWW) - in which, the DNS name does resolve to the same host/IP.

In my config, if I listen for mysite.com on 443, without the SSL enabled, there's errors (because browser expects SSL). However if I put my cert there, or a self signed cert, the browser will throw an error saying it's an invalid site because of cert mismatch.

Is there any way in NGINX to rewrite the traffic from https://mynewsite.com to https://WWW.mynewsite.com without having to recreate the cert to include both DNS names?



#######################################
#### MYSITE.COM Server on Port 443 ####
#######################################
server {

###################################################################
##### Listen on Port:443, Listen for URL/Servername (without the WWW) #####
##### Auto rewrite the request to WWW.MYSITE.COM #####
###################################################################
listen 443;
server_name mysite.com;
rewrite ^(,*) https://www.mysite.com$1 permanent;
}

#############################################
#### WWW.MYSITE.COM SERVER on Port 443 ####
#############################################
server {

listen 443;
server_name www.mysite.com;

#########################################
##### SSL Enabling and Cert Declarations #####
#########################################
ssl on;
ssl_certificate /something/cert/mysite.crt;
ssl_certificate_key /something/cert/mysite.key;

location {
configs;
}
}

sub.domain.tld linked back to domain.tld (no replies)

May 26, 2014, 2:04 am

≫ Next: SPDY reverse proxy (3 replies)

≪ Previous: How To HTTPS/SSL Redirect/Rewrite Without Cert ? (1 reply)

$

0

0

hello,

i am new to nginx and got two enabled sites,

1) nighlander.de www.nighlander.de;

server {
listen 80;
server_name nighlander.de www.nighlander.de;
rewrite ^ https://$server_name$request_uri? permanent;
}

server {
listen 443 ssl;

ssl_certificate /etc/nginx/ssl/nighlander.de.crt;
ssl_certificate_key /etc/nginx/ssl/nighlander.de.key;

server_name nighlander.de www.nighlander.de;
index index.php index.htm index.html;

root /usr/share/nginx/nighlander.de;

access_log /var/log/nginx/nighlander.de/access.log;
error_log /var/log/nginx/nighlander.de/error.log;

location / {
}

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-nighlander.de.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}

2) analytics.nighlander.de

server {
listen 80;
server_name analytics.nighlander.de;
rewrite ^ https://$server_name$request_uri? permanent;
}

server {
listen 443 ssl;

ssl_certificate /etc/nginx/ssl/analytics.nighlander.de.crt;
ssl_certificate_key /etc/nginx/ssl/analytics.nighlander.de.key;

server_name analytics.nighlander.de;
index index.php index.htm index.html;

root /usr/share/nginx/analytics.nighlander.de;

access_log /var/log/nginx/analytics.nighlander.de/access.log;
error_log /var/log/nginx/analytics.nighlander.de/error.log;

location / {
}

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-analytics.nighlander.de.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}

My idea is, that all request regarding nighlander.de, www.nighlander.de, test123.nighlander.de (http oder https) are redirected to https://nighlander.de

My idea for analytics.nighlander.de is, that also the http request ist redirected to https://analytics.nighlander.de.

So if both above showed confs are active, the following situation is:

http://test123.nighlander.de (also https) is redirected to https://analytics.nighlander.de
http://analytics.nighlander.de is redirected to https://nighlander.de but
http://analytics.nighlander.de/index.php is redirected to https://analytics.nighlander.de

i want a redirect for EVERY subdomain, that is not specified with a conf file is redirected to https://nighlander.de

i want a redirect for http://analytics.nighlander.de to https://analytics.nighlander.de

maybe the confs are much buggy - does someone have a good solution?

Thanks a lot
Henning

SPDY reverse proxy (3 replies)

May 26, 2014, 12:25 pm

≫ Next: Proxy_protocol, how to check protocol or port (not only remote IP) (no replies)

≪ Previous: sub.domain.tld linked back to domain.tld (no replies)

$

0

0

Hi,

I have been experimenting with setting up nginx as a reverse proxy using SPDY SSL.
I'm using a self signed wildcard 2048 certificate in my test setup with an nginx 1.6 front end webserver and as backend webservers simple nginx setups serving plain http over port 80.

I use two nginx configurations, one for the HTML pages and one for the assets
https://test.site.com
https://assets.site.com

Everything seems to work fine until after a couple of reloads all assets from the asset server start returning empty responses. Loading these items in a separate tab always works fine. When I hit reload a couple of times, it returns to normal operation and this cycle continues.

When the assets are not being loaded successfully, cpu load on Firefox also goes through the roof. Seems some kind of infinite loop occurs.

I'm not sure if this could be configuration related or how I can avoid this. Any suggestions?

My configuration is basically:

server{
listen 443 ssl spdy;
server_name assets.site.com;
charset utf-8;
server_name_in_redirect off;
root /var/lib/tomcat7/webapps/site;
add_header Cache-Control public;

ssl_certificate /etc/ssl/site_com.crt;
ssl_certificate_key /etc/ssl/site_com.key;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_buffer_size 8k;




location / {
expires max;
try_files $uri @proxy;
}

location @proxy {
proxy_buffering on;
proxy_pass http://static;

proxy_cache STATIC;
proxy_cache_valid 200 90d;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_cache_key $host$request_uri;
proxy_hide_header Set_Cookie;
proxy_ignore_headers "Set-Cookie";

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;

proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 30;


}
}

The spdy configuration for the other webserver is basically identical

Kind regards,
Marc

Proxy_protocol, how to check protocol or port (not only remote IP) (no replies)

May 27, 2014, 3:54 am

≫ Next: Mediawiki and nginx: ".php" string in article title (no replies)

≪ Previous: SPDY reverse proxy (3 replies)

$

0

0

Hello:

I am using proxy_protocol at Nginx along with TCP/TCP-SSL ELB at AWS.

Client address specified in the PROXY protocol header is now saved in the $proxy_protocol_addr variable and can be used in the realip module. That is great.

But programmers use to check connection along with php variable $_SERVER["HTTP_X_FORWARDED_PORT"].

ELB proxy_protocol is sending this information inside the headers... I can look for it at headers using tcpdump:

...x..PD .....2P.9..W..PROXY TCP4 77.224.111.207 192.168.10.182 51449 443

At the end, you may see proxy_protocol is sending out this port information.

Is nginx suppossed to include this port information into a proxy_protocol_* variable?

I really need to know what is the original Port used at PHP... I have had a look at google/nginx and I think developers did include only the remote IP, but not the port.

Any ideas?

Thanks so much.

Mediawiki and nginx: ".php" string in article title (no replies)

May 29, 2014, 4:46 am

≫ Next: Hacking ngx_http_proxy_module (no replies)

≪ Previous: Proxy_protocol, how to check protocol or port (not only remote IP) (no replies)

$

0

0

Let's assume you have configured nginx+Mediawiki like it's described here: http://wiki.nginx.org/MediaWiki.
I've noticed that it's impossinble to open a wiki article if its title contains ".php" substring. You check this here: http://wiki.nginx.org/test.php
You don't get Mediawiki warning about not existing page, all you can see is this warning: No input file specified.
This happens because nginx tries to pass requests to not-existing test.php script.
How should I configure nginx to be able to load such articles?

Hacking ngx_http_proxy_module (no replies)

May 30, 2014, 8:59 am

≫ Next: Can't see SPDY working (no replies)

≪ Previous: Mediawiki and nginx: ".php" string in article title (no replies)

$

0

0

Hello,

I'm modifying/extending proxy_pass so that the proxy url is dynamic, not fixed in a config file. Otherwise I want the rest of proxy_pass to behave the same.

Looking at nix_http_proxy_module.c I'm not finding where the url is actually changed. I thought I'd found it in ngx_http_proxy_host_variable(), so I put code in there to change the value of the host variable to what I wanted. But... that didn't work. I ran 2 tests: one with my forced value set (in code) and one unmodified proxy_pass with the proxy host set to the same value. In both cases I see my host variable's value set to what I wanted. My unmodified proxy_pass code processed the request successfully and hit the proxied server, but my code-set version fails with an INVALID_URL error when I hit my test endpoint. In both cases the host variable is set to the same value!

So clearly just setting the host value to what I need isn't the whole story. What am I missing? I find interesting code all over the place, particularly in ngx_http_proxy_create_request() for doing things with the URI, but not the host URL. :-(

(I do see where URL is set into conf on setup--that's not what I need. I need something called from a request handler so the proxy host can be determined dynamically.)

Some sample code from nix_http_proxy_module below:

u_char launchpad[] = "launchpad.appflighter.com";

static ngx_int_t
ngx_http_proxy_host_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
ngx_http_proxy_ctx_t *ctx;

// Added hook to plcf to determine if proxy_pass enabled w/my new dynamic host code.
ngx_http_proxy_loc_conf_t *plcf;
plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);

ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);

if (ctx == NULL) {
v->not_found = 1;
return NGX_OK;
}

if( plcf->getDynamicURL == NULL ) {
// orig behavior
v->len = ctx->vars.host_header.len;
v->data = ctx->vars.host_header.data;
} else {
// normally I'd call my code here, but hard-coding for now to the same value used in unmodified test
v->len = strlen((char*)launchpad);
v->data = launchpad;
}
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;

// Generate some output to see what the value was set to
char c[256] = "";
strncat( (char*)c, (const char*)v->data, v->len);
ngx_log_error(NGX_LOG_EMERG, r->connection->log, 0, "Route URL %d: %s",v->len,c);

return NGX_OK;
}

Any guidance appreciated!
GZ

Can't see SPDY working (no replies)

June 1, 2014, 11:58 pm

≫ Next: Load balance based on location with GeoIP (no replies)

≪ Previous: Hacking ngx_http_proxy_module (no replies)

$

0

0

Hey guys,

I first had this issue under nginx 1.5.13, and I've just recompiled with 1.7.1 and confirmed the issue persists.

I'm linking against openssl 1.0.1g and building with the flags:
--with-http_ssl_module \
--with-http_spdy_module \

According to:
http://spdycheck.org/
and
https://ssllabs.com

My site is correctly running SPDY. However, under IE11, watching the network under the developer's tools, I can see the "protocol" listed as "SPDY" for the Google ads and similar, offsite links (so I know that SPDY is running in my browser when talking to Google) however, everything embedded on my site is loaded as coming over the "HTTPS" protocol.

Everything I read suggests recent nginx and IE11 should fully support SPDY, but it appears I'm missing something. Any help appreciated.

---

Load balance based on location with GeoIP (no replies)

June 2, 2014, 12:43 am

≫ Next: How to use secure link module with IP (no replies)

≪ Previous: Can't see SPDY working (no replies)

$

0

0

Hello,

I have configured nginx load balacer default round robin method, works fine. Now i wanted to configure load balancing based on region. say request coming from US then serve pages from server A and Request coming from Asia then serve pages from different servers.

Can someone send me how to URL or steps to follow to setup requirement, here is my config file,

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;

geo $geo {
default default;
include geo.conf;
}
upstream default.backend {
server 1.2.3.4:8080 weight=2;
server 5.6.7.8:8080;
}
upstream UK.backend {
server 1.2.3.4:8080;
}
upstream DE.backend {
server 5.6.7.8:8080;
}

server {
listen 80;
server_name serversreview.net;
location / {
proxy_pass http://$geo.backend;
}
}
}

Thanks,
Ramesh

How to use secure link module with IP (no replies)

June 2, 2014, 5:40 am

≫ Next: Rewrite Rules nginx/1.2.1 index.php?go=XXX to XXX.php (1 reply)

≪ Previous: Load balance based on location with GeoIP (no replies)

$

0

0

Hello all,

I searched all forums but could not find a good result.
I am streaming some MP4 files and i am using ngx_http_mp4_module for this.
I also implemented secure_link module too. But I could not find a way to implement IP based secure link.
I am creating secured links with PHP.
Could someone point me to a tutorial or show me how to config an IP based secure linked mp4 streaming server ?

Best Regards

Rewrite Rules nginx/1.2.1 index.php?go=XXX to XXX.php (1 reply)

June 5, 2014, 3:03 am

≫ Next: kill -USR2 apparently not working (1 reply)

≪ Previous: How to use secure link module with IP (no replies)

$

0

0

Hello,


I want to rewrite http://www.forExample.org/index.php?go=download to http://www.forExample.org/download.php
Execpt the index.php all file-extentions are .inc like download.inc.

"
index.php contains

<?
while (list ($var, $value) = each ($_REQUEST))
$$var = $value;


if(!isset($go))
$go = "index";
if(file_exists("$go.inc"))
include("$go.inc");
else
include("index.inc");
"

So I tried the the following line without success (vhost.conf):

rewrite ^/.php/([^/\.]+)/?$ /index.php?page=$1 break;
rewrite ^/(.*)\.php$ /?go=$1 redirect;
rewrite ^/(.*).php$ /?go=$1;
rewrite ([^index]+)\.php /index.php?go=$1 break;
rewrite ('/^([^index]+)\.php$ /?go=$1 break;
rewrite ([^index]+)\.php /index.php?go=$1 break;

then I tried a new location-Block

location ~ \index.php?go=$ {
if (!-f $request_filename) {
rewrite ^(.*)\?go=$ $1.php permanent; }
}

Also with no success.


Maybe someone can help me ;)

I want to do enter .php to get my content ;)

kill -USR2 apparently not working (1 reply)

June 4, 2014, 3:05 pm

≫ Next: Changing Root folder (no replies)

≪ Previous: Rewrite Rules nginx/1.2.1 index.php?go=XXX to XXX.php (1 reply)

$

0

0

Hey All,

I'm running on Ubuntu 12.04 and nginx 1.5.12 compiled from source. I'm attempting to upgrade nginx to 1.6.0 on my production servers without incurring any downtime. Ideally, I'd like to:

1) Replace the binary
2) send the master PID a kill -USR2 (kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`)
3) WINCH the old master PID (kill -WINCH `cat /usr/local/nginx/logs/nginx.pid.oldbin`)

Recompiling from source works great. However, when I send the USR2 to the current master PID nothing seems to happen. The process list (`ps aux | grep nginx | grep -v grep`) does not change at all; I would expect to see a new master PID. I am also not seeing a nginx.pid.oldbin file in /usr/local/nginx/logs. I've tried sending both a USR2 and INT (even though they are apparently the same signal). I don't believe `kill` has verbose output or any way to tell me what is actually happening when I send the signal. My next step is to attach to the process with strace to see what syscalls get made when I send USR2 but am not entirely sure how far that will really get me.

I've posted this question in the IRC channel to no avail thus far, so hopefully someone on the forums will be able to assist!

Thanks for reading!

Jaryd

Changing Root folder (no replies)

June 5, 2014, 5:57 am

≫ Next: arch linux , swf dir and forbidden error (no replies)

≪ Previous: kill -USR2 apparently not working (1 reply)

$

0

0

Hi guys,

I would like to use nginx to access files on my computer from another device.

My default file in sites-available looks like this:

# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {
listen 80 default_server;

root /usr/share/nginx/html;
index index.html index.htm;


# Make site accessible from http://localhost/
server_name localhost;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules;
}

# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}


# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}





I have tried to change the root folder in the server { } part and changed it from

root /usr/share/nginx/html;
index index.html index.htm;

to:

root /home/nickname;
index index.html index.htm;


However, when I now reload nginx and check localhost in my browser, I get the "403 Forbidden" error. Can anyone help me out? What I would like to find at localhost are all folders at /home/nickname.

Thanks in advance for your help!

arch linux , swf dir and forbidden error (no replies)

June 6, 2014, 2:38 am

≫ Next: Figuring out how to make nginx store information. (1 reply)

≪ Previous: Changing Root folder (no replies)

$

0

0

I use arch linux and install nginx from arch repo , every thing is OK, I want use nginx for use play flash game and swf game , i download many swf files and make swf directory in
/usr/share/nginx/html
and put all swf files in swf directory and after that I set 755 for swf directory and set 644 for all swf files , but when I type in browser like firefox type
http://127.0.0.1/swf
I see this error
403 Forbidden
and I can not play sw game
but when I type
http://127.0.0.1/swf/pacman.swf
every thing is good and I can flash game
what is problem ?
I set 777 ,for folder and all swf but I see that problem again and I see
403 Forbidden

Figuring out how to make nginx store information. (1 reply)

June 7, 2014, 1:52 pm

≫ Next: How to log proxies IP (no replies)

≪ Previous: arch linux , swf dir and forbidden error (no replies)

$

0

0

Heres what im doing. A site created a code for catching steam games blizzard games and smite. What i'm trying to do is add on to it. As far as iv'e got im trying tera and wildstar. I can make the data pass through the proxy but, its not storeing the data. League also doesnt work but, If I can have someone inform me how they can fix this I can understand and add more games to this list and pass this file around to more lan centers.


# LANCache By Matt Hohman November 2013
# http://churchnerd.net/2013/11/introducing-lancache/
#
#
# Based on "Valve Steam Pipe Reverse Proxy Configuration by Brian Astrolox Wojtczak"
# http://www.astrolox.com/2013/05/31/valve-steampipe-reverse-proxy/
# AND
# Steven Hartland at Multiplay
# http://blog.multiplay.co.uk/2013/04/caching-steam-downloads-lans/
#
#######################################################################
#
#YOU WILL NEED TO CONSULT THE MOST RECENT DNS CONFIGURATION AT
# http://churchnerd.net/2013/11/introducing-lancache/
#
#######################################################################


user www-data;
#This should be 2*CPU Cores
worker_processes 8;
pid /var/run/nginx.pid;

events {
worker_connections 19000;
multi_accept on;

# kqueue (FreeBSD 4.1+), epoll (Linux 2.6+), rt signals (Linux 2.2.19+)
# /dev/poll (Solaris 7 11/99+), event ports (Solaris 10), select, and poll
use epoll;
#use kqueue;
}

http {
include mime.types;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
keepalive_timeout 65;

#Set this to a reginal DNS server (NOT THE DNS FORWARD)
resolver 8.8.8.8;
resolver_timeout 30s;



proxy_cache_path /var/www/cache/CS levels=1:2 keys_zone=CS:10m
inactive=72h max_size=1g;

proxy_cache_path /var/www/cache/L3 levels=1:2 keys_zone=L3:10m
inactive=72h max_size=1g;

proxy_cache_path /var/www/cache/OTHER levels=2:2 keys_zone=OTHER:100m
inactive=72h max_size=1g;

proxy_cache_key "$scheme$host$request_uri$cookie_user";

# Prevent steam crash logs from being submitted to valve .
server {
listen *:80;
server_name 192.168.70.99 crash.steampowered.com;

location / {
satisfy all;
deny all;

access_log /var/log/nginx/crash.steampowered.com-access.log;
error_log /var/log/nginx/crash.steampowered.com-error.log;
}
}

# Cache the main steam content servers - this is the important bit
server {
listen *:80;
server_name 192.168.70.99 *.cs.steampowered.com;

access_log /var/log/nginx/cs.steampowered.com-access.log;
error_log /var/log/nginx/cs.steampowered.com-error.log;

root /var/www/cs.steampowered.com/;

location /depot/ {
try_files $uri @mirror1;
access_log /var/log/nginx/cs.steampowered.com-access-depot-local.log;
}

location / {
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/cs.steampowered.com-access-other.log;
}

location @mirror1 {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/cs.steampowered.com-access-depot-remote.log;
}
}

# All non game content server content can be cached here,
# as long as DNS is pointing at this nginx server.
server {
listen *:80;
server_name 192.168.70.99 *.steampowered.com;

access_log /var/log/nginx/steampowered.com-access.log;
error_log /var/log/nginx/steampowered.com-error.log;

location / {
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_cache OTHER;
proxy_cache_valid 200 301 302 10m;
proxy_cache_valid any 1m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;
}
}




#
#Cache Riotgames CDN
#
server {
listen *:80;
server_name 192.168.70.99 l3cdn.riotgames.com;

access_log /var/log/nginx/l3cdn.riotgames.com-access.log;
error_log /var/log/nginx/l3cdn.riotgames.com-error.log;

root /var/www/l3cdn.riotgames.com/;

location / {
try_files $uri @l3cdn;
access_log /var/log/nginx/l3cdn.riotgames.com-access-local.log;
}




location @l3cdn {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/l3cdn.riotgames.com-access-remote.log;
}
}

#Create a limit zone for blizzard based on requested file name
limit_zone one $uri 10m;

#Cache Blizzards Edgesuite CDN
#Note: First request for each file will be cached
#Additional range requests for each file will be passed to oringinal server until first request is fully downloaded

server {
listen *:80;
server_name 192.168.70.99 dist.blizzard.com.edgesuite.net;

access_log /var/log/nginx/dist.blizzard.com.edgesuite.net-access.log;
error_log /var/log/nginx/dist.blizzard.com.edgesuite.net-error.log;

root /var/www/blizzard.com/;
location / {
try_files $uri @es-cache;
access_log /var/log/nginx/blizzard.com-local.log;
}


location @es-cache {
limit_conn one 1;
error_page 503 = @es-pass;
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;
proxy_pass_request_headers off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/blizzard.com-cache-remote.log;


}

location @es-pass {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/blizzard.com-pass-remote.log;


}






}

#Cache Blizzards llnw CDN
#Note: First request for each file will be cached
#Additional range requests for each file will be passed to oringinal server until first request is fully downloaded
server {
listen *:80;
server_name 192.168.70.99 llnw.blizzard.com;

access_log /var/log/nginx/llnw.blizzard.com-access.log;
error_log /var/log/nginx/llnw.blizzard.com-error.log;




root /var/www/blizzard.com/;
location / {
try_files $uri @llnw-cache;
access_log /var/log/nginx/blizzard.com-local.log;
}



location @llnw-cache {
limit_conn one 1;
error_page 503 = @llnw-pass;
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;
proxy_pass_request_headers off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/blizzard.com-cache-remote.log;


}
location @llnw-pass {


proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/blizzard.com-pass-remote.log;


}





}
#Cache Blizzards Game Installers


server {
listen *:80;
server_name 192.168.70.99 dist.blizzard.com;

access_log /var/log/nginx/dist.blizzard.com-access.log;
error_log /var/log/nginx/dist.blizzard.com-error.log;

root /var/www/dist.blizzard.com/;
location / {
#first try local then download the file 1x from original server then pass through the 206 chunks
try_files $uri @blizzard-install;
access_log /var/log/nginx/dist.blizzard.com-local.log;
}

location @blizzard-install {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;
}


}







#
#Cache wildstar
#
server {
listen *:80;
server_name 192.168.70.99 wildstar.patcher.ncsoft.com;

access_log /var/log/nginx/wildstar.patcher.ncsoft.com-access.log;
error_log /var/log/nginx/wildstar.patcher.ncsoft.com-error.log;

root /var/www/wildstar.patcher.ncsoft.com/;

location / {
try_files $uri @wildstar;
access_log /var/log/nginx/wildstar.patcher.ncsoft.com-access-local.log;
}




location @wildstar {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;

access_log /var/log/nginx/wildstar.patcher.ncsoft.com-access-remote.log;
}
}



#Cache tera Studios internap
server {
listen *:80;
server_name 192.168.70.99 patch.tera.enmasse-game.com;

access_log /var/log/nginx/patch.tera.enmasse-game.com;
error_log /var/log/nginx/patch.tera.enmasse-game.com;

root /var/www/patch.tera.enmasse-game.com;
location / {

try_files $uri @internap;
access_log /var/log/nginx/patch.tera.enmasse-game.com-local.log;
}

location @internap {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;
access_log /var/log/nginx/patch.tera.enmasse-game.com-remote.log;
}


}



#Cache Hi-Rez Studios hwcdn
server {
listen *:80;
server_name 192.168.70.99 *.hwcdn.net;

access_log /var/log/nginx/hwcdn.net-access.log;
error_log /var/log/nginx/hwcdn.net-error.log;

root /var/www/hi-rez;
location / {

try_files $uri @hwcdn;
access_log /var/log/nginx/hwcdn.net-local.log;
}

location @hwcdn {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;
access_log /var/log/nginx/hwcdn.net-remote.log;
}


}












#Cache Hi-Rez Studios internap
server {
listen *:80;
server_name 192.168.70.99 hirez.http.internapcdn.net;

access_log /var/log/nginx/hirez.http.internapcdn.net-access.log;
error_log /var/log/nginx/hirez.http.internapcdn.net-error.log;

root /var/www/hi-rez;
location / {

try_files $uri @internap;
access_log /var/log/nginx/hirez.http.internapcdn.net-local.log;
}

location @internap {
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$uri;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header Host $host;
add_header X-Mirror-Upstream-Status $upstream_status;
add_header X-Mirror-Upstream-Response-Time $upstream_response_time;
add_header X-Mirror-Status $upstream_cache_status;
access_log /var/log/nginx/hirez.http.internapcdn.net-remote.log;
}


}





# Serve up default web root folder for unrecognised hosts, you
# should put something informative here, such as an error message.
server {
listen *:80 default;

location / {
root /var/www/;

add_header Host $host;
}
}









}

---

How to log proxies IP (no replies)

June 8, 2014, 8:01 am

≫ Next: Log and suppress proxy header (no replies)

≪ Previous: Figuring out how to make nginx store information. (1 reply)

$

0

0

Hi,
Some of my clients use Proxies (like Squid).
I want to log their real ip and the proxy ip.

I tried to do so with this log_format:
log_format compression '$remote_addr - $http_x_forwarded_for - $proxy_protocol_addr - "$request" - $status';

without sucess.

the $remote_adrr contains the proxy ip.
$http_x_forwarded_for is empty.
and $proxy_protocol_addr is empty too.

How can I log the *Real* client IP? (in case that the proxy server sends the X-Forwarded-For header)

Thank you.

Log and suppress proxy header (no replies)

June 9, 2014, 6:56 am

≫ Next: How to use auth_basic authentication if ssl_client_certificate is not provided? (no replies)

≪ Previous: How to log proxies IP (no replies)

$

0

0

I'd like to log a header from a proxied (via X-Accel) server with $sent_http_<header> before suppressing it with proxy_hide_header <header>.

Both of these work alone but, as expected proxy_hide_header erases $sent_http_<header>.

Any pointers on how to make this work? I've tried various combinations of variables and sequences of directives without success.

Thanks,

Alex

How to use auth_basic authentication if ssl_client_certificate is not provided? (no replies)

June 9, 2014, 10:12 am

≫ Next: How to run .pl under nginx with fcgiwrap. (no replies)

≪ Previous: Log and suppress proxy header (no replies)

$

0

0

Hello,

I looked for any help with this kind of configuration, but I was unable to find any. The only link related to this, is another question in stackoverflow (https://stackoverflow.com/questions/23716588/nginx-config-how-to-use-auth-basic-authentication-if-ssl-client-certificate-non#)

I want to config Nginx with "ssl_verify_client optional;", giving two options:

1.- If you send a valid client certificate, allow access
2.- If don't, login through auth_basic form.

Is it possible to configure Nginx this way?

I tested it using the same procedure than stackoverflow's user, but... it does not work.

if ($ssl_client_verify != SUCCESS) {
auth_basic "Please login";
auth_basic_user_file .passfile;
}

The error shown is the following one:

"auth_basic" directive is not allowed here in .../ssl.conf:19

Thanks!!

How to run .pl under nginx with fcgiwrap. (no replies)

June 10, 2014, 4:40 am

≫ Next: Add headers and then forward to other domain Apache? (1 reply)

≪ Previous: How to use auth_basic authentication if ssl_client_certificate is not provided? (no replies)

$

0

0

Hello nginx community.
Today i had installed and tried to configure fcgiwrap with nginx.

Here are the examples :

/etc/nginx/server/server.cfg

location ~ \.pl$ {
gzip off;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:8999;
fastcgi_index index.pl;
fastcgi_param DOCUMENT_ROOT /var/nginx/domain_com/folder;
fastcgi_param SCRIPT_FILENAME /var/nginx/domain_com/folder/$fastcgi_script_name;
}

And

/etc/init.d/fcgiwrap

# FCGI_APP Variables
FCGI_CHILDREN="1"
FCGI_PORT="8999"
FCGI_ADDR="127.0.0.1"
FCGI_USER="nginx"
FCGI_GROUP="nginx"

Saved and restarted without errors but when i try to open domain.tld/folder/file.pl i get a blank page with number 403 . it seems that fcgiwrap can't find the pl file . Where i go wrong on this ?

Add headers and then forward to other domain Apache? (1 reply)

June 12, 2014, 2:35 pm

≫ Next: Drupal Infrastructure load balancer latency issue (1 reply)

≪ Previous: How to run .pl under nginx with fcgiwrap. (no replies)

$

0

0

Hello.

I am currently building a gps fleet management application and I have made the gps devices send its location messages to my Apache server.

It receives the messages, but, because of my Incapsula DDoS protection, it discards them or something similar. Basically, it can only receive messages/requests with http headers, if I'm not mistaken.

So, I have installed a nginx server in another domain/location , not localhost, and now I want to:

-Receive the messages on this nginx server
-Add http headers (to make Apache accept the messages/requests)
-Forward it to the Apache server.

Do you think that's possible? Can anyone help me on that? I am new to Nginx, unfortunately.

Thank you in advance, cheers!