Error upstream timed out. What is wrong with my setup? (no replies)

August 10, 2014, 2:43 am

≫ Next: auth_request own error_page (no replies)

≪ Previous: Cannot resolve error 304 in my magento Shop (no replies)

$

0

0

Hello people. New guy here.
I am experiencing massive 504 gateway timeouts and i would like to know what is wrong with my setup. I have posted my configuration here:

https://stackoverflow.com/questions/25178031/error-upstream-timed-out-what-is-wrong-with-my-setup

The initial guide i followed was this: http://www.cryptkcoding.com/2011/08/running-wordpress-with-nginx-php-fpm-apc-and-varnish/ up to the point where apc is installed although i had to switch to tcp/ip connections instead of unix sockets due to high traffic.

My website is http://allaksogolies.gr

Any help would be appreciated.
Thanks.

---

auth_request own error_page (no replies)

August 10, 2014, 3:02 am

≫ Next: Missing /etc/nginx (1 reply)

≪ Previous: Error upstream timed out. What is wrong with my setup? (no replies)

$

0

0

How to make an own error_page for auth_request?
I configurest nginx to check access for page "/something.php" (auth_request /auth). I want to return a custom error page when auth subrequest denies access (error_page 401 /unauth.html), AND I want keep the response body and headers when something.php denies access itself (php sets Status header).

Missing /etc/nginx (1 reply)

August 12, 2014, 7:22 am

≫ Next: Nginx in front of another server. How it works ? (no replies)

≪ Previous: auth_request own error_page (no replies)

$

0

0

Hello everybody,

I'am new here so hopping to do things correctly :)

I have a problem:
On Ubuntu server 14.04 I tried many times to install Nginx from differents ways (apt-get or make install) but whatever I am doing the /etc/nginx folder isn't created and (of course) when I try to launch Nginx I have a /etc/nginx/nginx.conf : no such file or directory...

Have you any idea of what I can do to have Nginx successfully installed?

Thank you in advance :),

ps: sorry maybe my english isn't so clear. If you have question don't hesitate!

Kaelung

Nginx in front of another server. How it works ? (no replies)

August 13, 2014, 10:40 am

≫ Next: What is the difference for microcache between proxy_cache_ and fastcgi_cache_? (no replies)

≪ Previous: Missing /etc/nginx (1 reply)

$

0

0

Hello, I think that I understand most of aspects related to nginx and reverse proxy mechanism itself, but I found one thing that is incomprehensible for me.
According to this schematic "http://oi61.tinypic.com/29p3zfb.jpg" when user tries to access my website i.e "website.com" the request to reverse proxy is send (in this case for nginx) and nginx return / serve static files (i.e css files,images) immediately and pass request for dynamic content i.e php script to beckend server. It sound cool but my question is how nginx knows which static file to serve without answer from backend server first ? It is impossible since script determines which page show to user and therefore which images, style sheets, js script and so on should be served.

Can you explain how it works ?


regards.

What is the difference for microcache between proxy_cache_ and fastcgi_cache_? (no replies)

August 14, 2014, 2:49 am

≫ Next: Nginx in front of Exchange 2010 / Activesync (1 reply)

≪ Previous: Nginx in front of another server. How it works ? (no replies)

$

0

0

Hello,

Sorry, but I got confused with the microcache thing.

I was searching for a simple microcache solution and I end up seeing two ways to have microcache. Some tutorials use proxy_cache, while others fastcgi_cache. What are the differences, pros and cons between these two solutions?

Thanks!

Nginx in front of Exchange 2010 / Activesync (1 reply)

August 15, 2014, 10:33 am

≫ Next: How to Block IP DDOS in nginx (no replies)

≪ Previous: What is the difference for microcache between proxy_cache_ and fastcgi_cache_? (no replies)

$

0

0

Hi guys,

i finally need some help using Nginx as reverse proxy for an Exchange 2010
OWA is working perfectly, certificates is all fine, but active sync with android devices is not working.

here is the Config
==============
server {
listen 443;
server_name owa.mydomain.de;

# Redirect from "/" to "/owa" by default
location / {return 301 https://owa.mydomain.de/owa;}


# Enable SSL
ssl on;
ssl_certificate /etc/nginx/certs/owa.crt;
ssl_certificate_key /etc/nginx/certs/privatekey.pem;
ssl_session_timeout 5m;

# Set global proxy settings
proxy_read_timeout 360;
proxy_connect_timeout 360;

proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_pass_header Authorization;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";

location /owa { proxy_pass https://192.168.0.1/owa; }
location /ews { proxy_pass https://192.168.0.1/ews; }
location /rpc { proxy_pass https://192.168.0.1/rpc; }
location /exchweb { proxy_pass https://192.168.0.1/exchweb; }
location /public { proxy_pass https://192.168.0.1/public; }
location /exchange { proxy_pass https://192.168.0.1/exchange; }
location /Microsoft-Server-ActiveSync {
proxy_set_header X-Forwarded-Proto https;
proxy_pass https://192.168.0.1/Microsoft-Server-ActiveSync;
}
error_log /var/log/nginx/exchange-ssl-error.log;
access_log /var/log/nginx/exchange-ssl-access.log;
}

The error log says:

2014/08/15 17:26:31 [error] 16474#0: *239 upstream prematurely closed connection while reading response header from upstream, client: 98.122.1.31, server: owa.mydomain.de, request: "POST /Microsoft-Server-ActiveSync?Cmd=Sync&User=username%5Cda&DeviceId=androidc187814&DeviceType=Android HTTP/1.1", upstream: "https://192.168.0.1:443/Microsoft-Server-ActiveSync?Cmd=Sync&User=username%5Cda&DeviceId=androidc187814&DeviceType=Android", host: "owa.mydomain.de"

I have absolutely no idea what else i can do to fix that. Connecting with the androids directly to the exchange
server works perfectly. When nginx is between, no work :(

Please help! Thanks in advance!

How to Block IP DDOS in nginx (no replies)

August 17, 2014, 8:22 pm

≫ Next: Is it possible to combine rules? (no replies)

≪ Previous: Nginx in front of Exchange 2010 / Activesync (1 reply)

$

0

0

This is result ddos from some command
http://upanh.biz/images/2014/08/18/Untitled.jpg

Please help !

Is it possible to combine rules? (no replies)

August 18, 2014, 8:49 pm

≫ Next: Doubt: Recomendation of HW (no replies)

≪ Previous: How to Block IP DDOS in nginx (no replies)

$

0

0

Hi,

I'm trying to combine these rules into one, but it's not working. Any idea in how to do that?

From:

##
# WWW to NON-WWW
##
server {
listen 80;
server_name www.domain.com;
return 301 $scheme://domain.com$request_uri;
}

##
# Force HTTPS
##
server {
listen 80;
server_name domain.com;
return 301 https://domain.com$request_uri;
}


To:

server {
listen 80;
server_name domain.com www.domain.com;
return 301 $scheme://domain.com$request_uri;
return 301 https://domain.com$request_uri;
}

---

Doubt: Recomendation of HW (no replies)

August 19, 2014, 3:28 pm

≫ Next: my website ip is blocked by site I want to fetch data from it .. how to proxy it (no replies)

≪ Previous: Is it possible to combine rules? (no replies)

$

0

0

Hi All:
I want to know, what are the requirements of hardware for a good performance for a reverse proxy?? The sites have a peak of 10k - 20k visitors per day (maybe more), the sites are in RHEL. What do you recommend me?

Best regards.

my website ip is blocked by site I want to fetch data from it .. how to proxy it (no replies)

August 21, 2014, 8:31 am

≫ Next: redirect old .asp files to new .html files using htaccess (no replies)

≪ Previous: Doubt: Recomendation of HW (no replies)

$

0

0

hi all,

my site fetch data from site2
and site2 blocked my site ip

is there anyway to change ip address of my script to access site2 again (while I'm stay on my site ip)

another way, how to change the ip address from running script, to cross domain ip to another ip . that can access the site which is blocked my ip (without changing hosting ip address)

my nginx config


upstream backend {
server unix:/cls/php-fpm.socket;
}

server {
listen *:80;
server_name www.sub.domian.com sub.domain.com ;
rewrite_log on;
location / {
root /home/storegem/public_html/;
index index.php index.html index.htm ;
}
location ~* ^.+\.(jpg|jpeg|gif|css|html|png|js|ico|bmp|zip|rar|txt|pdf|doc)$ {
root /home/storegem/public_html/;
expires max;
access_log off;
}
location ~ ^/.+\.php {
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/storegem/public_html/$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

redirect old .asp files to new .html files using htaccess (no replies)

August 26, 2014, 11:34 am

≫ Next: convert iis rewrite to nginx (no replies)

≪ Previous: my website ip is blocked by site I want to fetch data from it .. how to proxy it (no replies)

$

0

0

I have moved my old .asp site from windows server to .html files on a linux server using nginx I dont have access to the conf file so i need to redirect the old .asp pages to the new .html.

The .asp files exist on the new server but in htaccess i have this entry :

AddType application/x-httpd-php .asp Redirect index.asp http://dvmark.com/index.html

it doesn't work. When youtype in dvmark.com/index.asp all you get is the html text display of the index.asp page. I have tried several different ways to redirect and no luck. If I delete the .asp pages I get sent to my 404 page which is OK but I would really want the redirect to work so the user doesn't have to find the page they are looking for in the sitemap.

convert iis rewrite to nginx (no replies)

August 26, 2014, 1:55 pm

≫ Next: fastcgi_cache_key cache only the part afther "?" (no replies)

≪ Previous: redirect old .asp files to new .html files using htaccess (no replies)

$

0

0

New to nginx, totally confused.

How to convert this URL rewrite to nginx?
<rule name="Redirect1" stopProcessing="true">
<match url="^(about-us|sites\/company.com|item1|item2|item3)/.*$" ignoreCase="false" />
<action type="Redirect" redirectType="Permanent" url="https://backend.com/<which ever link they decide to click on>" />
</rule>


Do I need to add one locations for each item (ie. location /item1..... location /item2... etc)? Can I use one location directive for all items?

Thanks and I appreciate it!

fastcgi_cache_key cache only the part afther "?" (no replies)

August 26, 2014, 11:54 pm

≫ Next: HTTP 0.9 and automatic connection closing with Nginx (no replies)

≪ Previous: convert iis rewrite to nginx (no replies)

$

0

0

Hallo community
I have a question abot the fastcgi_cache_key parameter. I have the uri:

http://domain.com/tex_that_can_change/?640x2048/3/90/custom/323/2600323/0.jpg

Can nginx cache only the part after “?”, because the part before the ? can change and i wont to prevent that the same Image is cached twice?

My Configuration:

fastcgi_cache_path /ramdisk levels=1:2
keys_zone=CDN:2048m
inactive=2d
max_size=100G;

fastcgi_cache_key "$scheme$request_method$host$request_uri";

HTTP 0.9 and automatic connection closing with Nginx (no replies)

August 28, 2014, 2:16 pm

≫ Next: nginx ip_hash loadbalancing issue (no replies)

≪ Previous: fastcgi_cache_key cache only the part afther "?" (no replies)

$

0

0

Hi
I am using a GSM modem as client and want to treat the requests as HTTP 0.9. This is a resource constrained device and I just want to push some data.= online.

Earlier I was working with Glassfish V4 and if you just send a GET without headers, e,g,
GET /api/endpoint?from=gl868&data=....
Then the request is treated as HTTP 0.9 and I get a 200 OK response.

However when I try the same thing with Nginx, without the HTTP version, I get a 404. Then I also have to include a Host header to get 200 OK. is there a way to configure Nginx to treat such requests as HTTP 0.9? what are my other options for closing the connection automatically after each request without keep-alives?

Thanks

/rajeev

nginx ip_hash loadbalancing issue (no replies)

August 29, 2014, 9:48 am

≫ Next: OCSP stapling via web proxy (no replies)

≪ Previous: HTTP 0.9 and automatic connection closing with Nginx (no replies)

$

0

0

Hello Fellas,

We are using 2 nginx servers for both proxy and load balancer in our environment.
Both two nginx are running in different places. Lets say nginx1 and nginx2
Nginx1 is accepting traffic and simply passing the traffic to nginx2
nginx2 is using ip_hash for loadbalancing and distributing the traffic our application servers.
Problem here is, all the traffic coming from nginx2 distributes to one specific application server. It is probably hashing one IP(nginx1) internally.
I hope I clearly define my problem here and also you have an idea about that.

Thanks for your help in advance.

Burak

---

OCSP stapling via web proxy (no replies)

September 2, 2014, 9:58 pm

≫ Next: change domain to use SSL everywhere problem (no replies)

≪ Previous: nginx ip_hash loadbalancing issue (no replies)

$

0

0

Hi,

I'm trying to set up OCSP stapling but our firewall currently does not allow outbound port 80 unless its via a squid proxy server. OCSP stapling requests are ignoring the OS (Centos) proxy setting. Is there a way to tell NGINX to get its OCSP things via the proxy, or is the only way out to open up the firewall to the OCSP servers?

NGINX 1.6.0
Centos 6.4

Thanks.

change domain to use SSL everywhere problem (no replies)

September 3, 2014, 6:57 am

≫ Next: nginx user apache (no replies)

≪ Previous: OCSP stapling via web proxy (no replies)

$

0

0

I'm running nginx 1.6 on a debain squeeze machine. For almost 20 years I've had mail.blah.net hosting my own webmail using SSL. Here's its config file:

server {
listen 80;
server_name mail.blah.net;
location / { if ($http_host ~ "^mail\.blah\.net"){ rewrite ^(.*)$ https://mail.blah.net/$1 redirect; } rewrite ^(.*)$ https://mail.blah.net/ redirect; }
}

server {
listen 443 ssl;
server_name mail.blah.net mail.blah.nl "";
root /usr/share/squirrelmail;

ssl on;
ssl_certificate /etc/nginx/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/nginx/dhparam_4096.pem;

location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
}

location ~ ^/(.+.php)$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param HTTPS on;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}

location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}

add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\.ht { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
location ~ \.(yml|db)$ { return 410; }

location /webmail { rewrite ^/* / last; }

access_log /var/log/nginx/mail.access.log gzip buffer=32k;
error_log /var/log/nginx/mail.error.log notice;


Now I'd like to run the entire domain blah.net, so with all subdomains and no subdomain, over SSL, so: https://*.blah.net
Since the domain has enjoyed a lot of config quirks over the years, it turns out not being as easy to switch to SSL everywhere as I thought. Here's the current config that could apply;


server {
listen 80 default_server;
server_name _;
return 301 http://blah.net$request_uri;
}

server {
server_name www.blah.net;
return 301 $scheme://blah.net$request_uri;
}

server {
listen 80;
server_name blah.net "" 91.228.53.46 ;
root /w/blah;
try_files $uri $uri/ $uri/index.html $uri.htm $uri.html;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
access_log /var/log/nginx/blah.net.access.log gzip buffer=32k;
error_log /var/log/nginx/blah.net.error.log notice;

add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\.ht { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
location ~ \.(yml|db)$ { return 410; }

# serve static files directly
location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}

# php5-fpm ready
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}

location /mail { rewrite ^(.*)$ https://mail.blah.net redirect; }
location /webmail { rewrite ^(.*)$ https://mail.blah.net redirect; }

}

server {
server_name www.blah.nl;
return 301 $scheme://blah.nl$request_uri;
}
server {
listen 80;
server_name blah.nl;
root /w/blah;
try_files $uri $uri/ $uri/index.html $uri.htm $uri.html;
include /etc/nginx/security;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;

access_log /var/log/nginx/blah.access.log gzip buffer=32k;
error_log /var/log/nginx/blah.error.log notice;

# serve static files directly
location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}


location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}

server {
listen 80;
server_name secure.blah.nl;
location ^~ / {
root /w/x;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpass;
include /etc/nginx/security;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}

access_log /var/log/nginx/secure.access.log gzip buffer=32k;
error_log /var/log/nginx/secure.error.log notice;

# serve static files directly
location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}

The main issue causing trouble is that I used to redirect all SSL requests to use mail.blah.net. If I try to change all to SSL I still get redirected to the mail doc-root. Could someone experienced in nginx help me out a little and see where that was once set to do so?

Also, I want *.blah.nl to change to *.blah.net everywhere, since I only have one domain with a valid SSL cert.

And everything else that might seem out of whack for SSL everywhere is welcome to be corrected.
Thanks in advance!

nginx user apache (no replies)

September 3, 2014, 1:04 pm

≫ Next: Redirect traffic via campus connection (no replies)

≪ Previous: change domain to use SSL everywhere problem (no replies)

$

0

0

nginx.conf user apache;

some websites owner group are root.root and permissions are 755.

owners=7 group=5 and other=5

Do these websites work because "other" has read access ?

Redirect traffic via campus connection (no replies)

September 3, 2014, 9:50 pm

≫ Next: Problem with partial content 1.7.4 (no replies)

≪ Previous: nginx user apache (no replies)

$

0

0

HI Guys

I am very new to reverse proxy or proxy in general. I know this is what I need but am not sure where to start.
I do support for a collage that has full access to a website without having to login first. The site obviously checks what IP the traffic is cumming from and if it is there site/IP, full access is granted. The public needs to specify username and password to get full access to this site. The problem is most students are distant learners so they never go onsite. Students need access to this site from home without needing to login.
The site they are trying to access is an external website.

I have created a dns account website.mydomain.com and point it to my reverse proxy onsite.
So when clients go to website.mydomain.com this does redirect client to the correct site but the site picks up the clients public IP and not my sites ip and requests login details.

How can I set NGINX to keep the connection and stream the trafic threw the campus connection and not just forward the connection on.

This is my setup in NGINX

/etc/nginx/sites-enabled/default

server {
listen 192.168.1.18;
server_name website.mydomain.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.informationsite.com;
}
}

Problem with partial content 1.7.4 (no replies)

September 4, 2014, 6:56 am

≫ Next: Closing NGINX processes from another program (no replies)

≪ Previous: Redirect traffic via campus connection (no replies)

$

0

0

I was having trouble loading partial content after upgrading nginx to 1.7.4. I didn't realize it might be nginx until I compared the headers on my dev system which uses nginx 1.6.0 and my production system which uses 1.7.4 (I know, they should be equal).

Behind nginx there is a Tomcat 7/Spring MVC server

On 1.7.4 it looks like only the first partial receives the accept-ranges:bytes but subsequent do not

On the same pdf file that is requested I see the following

1.6.0
Initial request
Status code: 200

accept-ranges:bytes
content-disposition:inline;filename="Nova-Zemblastraat-20140904.pdf"
content-length:49447
content-range:bytes 196608-246054/246055
content-type:application/octet-stream
date:Thu, 04 Sep 2014 13:32:44 GMT
etag:"03d959a9213a185458c6eaea13ad5ced1"
expires:Thu, 11 Sep 2014 13:32:44 GMT
last-modified:Thu, 04 Sep 2014 13:32:20 GMT
server:nginx/1.6.0
status:206 Partial Content
version:HTTP/1.1

Initial partial
Status code: 206

accept-ranges:bytes
content-disposition:inline;filename="Nova-Zemblastraat-20140904.pdf"
content-length:65536
content-range:bytes 0-65535/246055
content-type:application/octet-stream
date:Thu, 04 Sep 2014 13:32:44 GMT
etag:"065e6b73b8235022c952e2c9043709ef3"
expires:Thu, 11 Sep 2014 13:32:44 GMT
last-modified:Thu, 04 Sep 2014 13:32:20 GMT
server:nginx/1.6.0
status:206 Partial Content
version:HTTP/1.1

1.7.4
Initial request
Status code: 200

Accept-Ranges:bytes
Cache-Control:public
Connection:keep-alive
Content-Disposition:inline;filename="Nova-Zemblastraat-20140903.pdf"
Content-Length:246055
Content-Range:bytes 0-246054/246055
Content-Type:application/octet-stream
Date:Thu, 04 Sep 2014 13:34:19 GMT
ETag:"0ad073935f7b24d50f4ee5eec06e3b21f"
Expires:Thu, 11 Sep 2014 13:34:35 GMT
Last-Modified:Wed, 03 Sep 2014 14:57:48 GMT
Server:nginx/1.7.4

Initial partial
Status code: 206

Cache-Control:public
Connection:keep-alive
Content-Disposition:inline;filename="Nova-Zemblastraat-20140903.pdf"
Content-Length:65536
Content-Range:bytes 0-65535/246055
Content-Range:bytes 0-246054/246055
Content-Type:application/octet-stream
Date:Thu, 04 Sep 2014 13:34:19 GMT
ETag:"0ad073935f7b24d50f4ee5eec06e3b21f"
Expires:Thu, 11 Sep 2014 13:34:35 GMT
Last-Modified:Wed, 03 Sep 2014 14:57:48 GMT
Server:nginx/1.7.4

I would also like to reference this discussion
https://www.ruby-forum.com/topic/5024940

Is this a bug or is it something I might be related to the Spring/Tomcat setup?

Marc