Quantcast
Channel: Nginx Forum - How to...
Viewing all 2931 articles
Browse latest View live

How to rewrite (no replies)

December 17, 2014, 7:01 am
$
0
0
Hello All

I want to rewrite my url.

ex:

alias /home/web

https://abc.com/xxx/version/yyy.html?lang=zzz --> /home/web/version/zzz_yyy.html

how to do it ??
Search

How to add a addtional .conf to nginx.conf (2 replies)

December 18, 2014, 7:00 pm
$
0
0
Hi guys,
I want to add a file call blacklist.conf into nginx.conf to block bad bot, how can I do it ? The blacklist.conf:

## Add here all user agents that are to be blocked.
map $http_user_agent $bad_bot {
default 0;
~*^Lynx 0; # Let Lynx go through
libwww-perl 1;
~*(?i)(httrack|htmlparser|libwww|JikeSpider|proximic|Sosospider|Baiduspider|msnbot|BBBike|WWWOFFLE|Widow|SuperHTTP|BlackWidow|HTTrack|^Custo|^AIBOT) 1;
}
## Add here all referrers that are to blocked.
map $http_referer $bad_referer {
default 0;
~(?i)(adult|babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica) 1;
}
## Add here all hosts that should be spared any referrer checking.
geo $bad_referer {
127.0.0.1 0;
192.168.1.0/24 0;
}

disable ipv6 bug (no replies)

December 18, 2014, 7:33 pm
$
0
0
I have set up an SSL reverse proxy and found the net.ipv6.conf.all.disable_ipv6 bug (http://trac.nginx.org/nginx/ticket/552) is still biting us in v1.6.2. (I have installed Nginx through yum on CentOS).

ipv6 is disabled:
$ sysctl -a | fgrep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

And we keep getting errors like:
2014/12/19 03:07:35 [error] 6392#0: *58764 connect() to [2607:f8b0:4001:c08::8d]:443 failed (101: Network is u
nreachable) while connecting to upstream, client: XX.XXX.XXX.XXX, ...

Is compiling from source without ipv6 option my only solution? If so, how can I make sure or varify that my build does not have ipv6 support?

Thanks.

Change the auth screen (2 replies)

December 19, 2014, 4:38 am
$
0
0
Hi all,

I am really new to nginx, so excuse my question (as stupid/simple as it may be).

Is there a way to customize the auth screen from the ngx_http_auth_request_module? Eg. have your own logo, change the style, text whatever...

Cheers,

How to block bad bot in nginx? (no replies)

December 19, 2014, 3:13 am
$
0
0
I have tried using a code from a guy in github but it didn't work for me
## Add here all user agents that are to be blocked.
map $http_user_agent $bad_bot {
default 0;
~*^Lynx 0; # Let Lynx go through
libwww-perl 1;
~*(?i)(httrack|htmlparser|libwww|JikeSpider|proximic|Sosospider|Baiduspider|msnbot|BBBike|WWWOFFLE|Widow|SuperHTTP|BlackWidow|HTTrack|Java|Pixray|CPython|Spinn3r|Abonti|MSIECrawler|Baiduspider|Yandex|Siteimprove|Aboundex|80legs|360Spider|^Java|Cogentbot|^Alexibot|^asterias|^attach|^BackDoorBot|^BackWeb|Bandit|^BatchFTP|^Bigfoot|^Black.Hole|^BlackWidow|^BlowFish|^BotALot|Buddy|^BuiltBotTough|^Bullseye|^BunnySlippers|^Cegbfeieh|^CheeseBot|^CherryPicker|^ChinaClaw|Collector|Copier|^CopyRightCheck|^cosmos|^Crescent|^Custo|^AIBOT) 1;
}


## Add here all referrers that are to blocked.
map $http_referer $bad_referer {
default 0;
~(?i)(adult|babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica) 1;
}


## Add here all hosts that should be spared any referrer checking.
geo $bad_referer {
127.0.0.1 0;
192.168.1.0/24 0;
}

Do I have to install any addon ?
Anyone have any script to block bad bot ?

Help with 147 recv() failed (104: Connection reset by peer) (no replies)

December 20, 2014, 6:05 am
$
0
0
Hello,

I am trying to setup a Linux VPS with WordPress and LEMP, but although the majority of the WordPress script works just fine, there is one error that I cannot fix. I was recommended to ask for help here on the official NGINX forum.

I've got these errors from NGINX

2014/12/19 14:29:14 [error] 901#0: *147 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 62.45.149.13, server: bloggingwithdani.com, request: "GET /wp-admin/themes.php?action=delete&stylesheet=boot_strap&_wpnonce=89c8625570 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "188.166.61.119", referrer: "http://188.166.61.119/wp-admin/themes.php?theme=boot_strap"

2014/12/20 14:49:28 [error] 2110#0: *33 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 62.45.149.13, server: bloggingwithdani.com, request: "GET$166.61.119/wp-admin/themes.php?theme=bizkit"

The errors happens every time I try to remove either a Theme or a Plugin and it only happens on the remove function. I can install Themes and Plugins without any problem. I've notice that even though the error occurs, the themes, in this case, successfully removed. On the browser window I get a 502: Bad Gateway whenever this happens.

WordPress is using SSH2 to connect to the server.

Here is a screen shot of the server block for this website.
http://www.evernote.com/shard/s264/sh/926cf423-08c9-4f4c-bf85-34fb5b959441/58e9d814e68855a4fe0ca39645183f56

When I dig a little deeper and enable slow debug I find this error.
2014/12/20 10:45:43 [debug] 3899#0: *23 malloc: 0000000002154910:1024
2014/12/20 10:45:43 [debug] 3899#0: *23 recv: fd:3 -1 of 1024
2014/12/20 10:45:43 [debug] 3899#0: *23 recv() not ready (11: Resource temporarily unavailable)
2014/12/20 10:45:43 [debug] 3899#0: *23 free: 0000000002154910
2014/12/20 10:46:16 [debug] 3899#0: *29 event timer del: 12: 1419068776823
2014/12/20 10:46:16 [debug] 3899#0: *29 http keepalive handler
2014/12/20 10:46:16 [debug] 3899#0: *29 close http connection: 12
2014/12/20 10:46:16 [debug] 3899#0: *29 reusable connection: 0
2014/12/20 10:46:16 [debug] 3899#0: *29 free: 0000000000000000
2014/12/20 10:46:16 [debug] 3899#0: *29 free: 0000000002183E20, unused: 0
2014/12/20 10:46:16 [debug] 3899#0: *29 free: 0000000002156140, unused: 112
2014/12/20 10:46:44 [debug] 3899#0: *23 event timer del: 3: 1419068803976
2014/12/20 10:46:44 [debug] 3899#0: *23 http keepalive handler
2014/12/20 10:46:44 [debug] 3899#0: *23 close http connection: 3
2014/12/20 10:46:44 [debug] 3899#0: *23 reusable connection: 0
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000000000000
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000000000000
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000002146EF0, unused: 0
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000002183B70, unused: 0
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000002183C80, unused: 64
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000002155D30, unused: 64
2014/12/20 10:46:44 [debug] 3899#0: *23 free: 0000000002155E40, unused: 64

especially this one
2014/12/20 10:45:43 [debug] 3899#0: *23 recv() not ready (11: Resource temporarily unavailable)

I am really new to hosting my websites with a VPS and relatively new to Ubuntu. Always used shared hosting plans until now. What could be the reason for this problem?

- Dani

how to setup qmailadmin with Nginx (no replies)

December 23, 2014, 8:45 pm
$
0
0
Dear All,

I need Help to setup qmailadmin with nginx.It is working with httpd but not able to configure in nginx.Thanks in advance

Tunneling request through a different socket connection? (no replies)

December 28, 2014, 3:13 pm
$
0
0
Hi, I am not sure if this is possible somehow (either by using out-of-the box Nginx or by writing some Nginx module).
I did not managed do find yet a problem description similar to mine on the net or in the Nginx Module Extension book.
(But this does not mean the info might not be available somewhere.. )

Anyways, here is my scenario. (The scenario might sound strange, but C1 below is part of a private API and C2 is part of a public API. C1 and C2 are bridged through Nginx.)
C1 is a client socket connecting over a TCP/IP connection to Nginx. Over C1 are mostly async messages sent over the same "persistent" socket connection. These async messages are received by Nginx, transformed and then dropped in a DB.

C2 is a client socket connecting over HTTP to Nginx. Over C2, REST request are intended to be sent/tunneled (via Nginx) to C1. C1, after receiving & processing the REST request, would reply (via Nginx) to C2.
So the question would be: can Nginx be configured / programmed in such a way, that certain (or all) HTTP requests to be tunneled through specific & existing Nginx socket connections (such as C1)?
I would appreciate any help and/or pointers to further documentation which I did not found so far.

Kind regards,
M.
Search

Proxying with multiple "tiers" of sources (no replies)

December 28, 2014, 4:21 pm
$
0
0
Hello all!

I work with a group of nonprofits collaborating on a project to make educational resources available to places with little or no bandwidth by hosting things like wikipedia content, MOOCs, etc on a small local server that can act as a WAP, content server, etc with or without (or with unreliable) access to the outside world.

I'm completely new to nginx, but from what I've read, I think it could help us add some much-needed flexibility to our setup (more on that below). In addition to the nginx docs, I've searched this forum and the wiki and have found evidence that what I want to do might be possible, but nothing as concrete as I'd like, so I'm hoping I can appeal to the more experienced folks on this list to take a few minutes for a good cause and help me out with a sanity check and advice before I dive headlong into implementation.

Here's some background and a quick sketch of what I'd like to do:

In a 100% offline scenario, things are pretty straightforward: create a portal page with links to the available content and have iptables redirect all requests that would normally go through the WAP to the web service hosting the portal page instead.

Things get more complicated if you have sporadic net access, or expensive bandwidth such that you just need to favor locally-hosted alternatives. My dream setup is one where all http(s) requests that go through the WAP are redirected to one of the following, in order of preference:
1. The corresponding local content, if present
2. The requested remote content, if present and there is internet access
- bonus points for caching along the way
- ...and also for having a switch we can flip to not bother with this step if we know there's no Internet
3. A default catch-all page if all else fails

I've sketched out what I'm trying to do in a bit more detail in the flowchart at the bottom of this page on one of our project wikis: https://github.com/tunapanda/provision/wiki/%22smart-proxy%22-proposal-and-brainstorming

As noted there, my current thinking is that I could create a site in nginx for each of the fallback "tiers" described above, with tiers 1 and 2 configured with proxy_intercept_errors and error_page settings to redirect to the next tier down.

So, to sum up... does this sound sane? Is what I'm trying to do possible? If so, is it covered in any documentation? If not, am I at least on the right track?

Any assistance folks can offer would be greatly appreciated!

Proxying a remote munin server (no replies)

December 29, 2014, 1:24 am
$
0
0
Hi NGINX comunity!

Has anyone ever tried (or succeeded!) on proxying a remote munin server?

What I'm trying to do is to create a location on my nginx server vhost (let's say "/graphs").
Then, under /graphs, I want to let nginx to proxy the graphs structure from a remote munin (CGI driven) server (let's say http://my-munin-server/munin) ...
Obviously, this still sound no tricky (even me, I have succedded on doing this) unless the las thing I really want:
I do not want the whole /munin graphs structure to be proxied under /graphs , but I only want a portion (for privacy reasons) of the munin graphs structure to appear under /graphs (let's say I want to proxy just http://my-munin-server/munin/my-domain.com).

I have even succeded on doing this, but the results are partial, and from this endpoint I habe been several days googling with no success:
The problem is that I got the site proxied with no css, no static contents, no images ... so it all is useless
By reading the code I see plenty of ../ ../.. ../../../ on the original munin server code, so I guess I have a relative path problem, but I have not succeeded on solving it using rewriting / proxy_pass stuff.
munin server itself is nginx driven, and uses the widely / googlely available "munin over nginx setup"

Nobody at the munin comunity seems to have ever tried or succeeded on this, so they expect someone to be the first and let it be documented... but it is beyond my knowledge

So... I thought we may got a chance hitting directly on the hornet's nest (NGINX comuninty!)

Anyhow, thank you very much for your curiosity!
Best regards!

owncloud nginx directive for ispconfig (no replies)

December 29, 2014, 11:34 am
$
0
0
Hello Together,

We are running a LEMP stack with ispconfig (http://www.ispconfig.org) as administration software for our websites. I installed owncloud 7 (http://owncloud.org/) (subdomain cloud.domain.org) without any problems (all dependencies are in place and ok). However, I could not really get owncloud running most likely due to some issues with the NGINX configuration: After entering the login credentials a 404 page appears. Since I don't have access to our server's root directory I am wondering wether it is possible to add a NGINX directive in ispconfig instead of changing the NGINX root config file as suggested on the owncloud webpage (http://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html.)

Does somebody have experience with this setup?

Thanks.
Markus

Issues Adding SSL Certificate & Couple of Questions (9 replies)

December 29, 2014, 3:56 pm
$
0
0
Hey Guys -

I've been wanting to set up a Reverse Proxy for my hosted apps for a while now and after reading an article about Nginx yesterday; decided to give it a shot. The only part I have questions about & am getting errors with is adding my own purchased SSL cert.

I purchased my SSL from GoDaddy based on a key I generated on the host computer and it has the same domain name as what I'd use with Nginx. I have even added a record in my router to forward local requests for my domain name to the server's local IP. I know the SSL crt / key combination works as I'm currently using it for many hosted services on the system.

I added the SSL cert by copying the two files (crt & key) to the nginx folder, then adding 3 lines below the "listen" line in the conf file. Below are the added lines plus the lines that come before & after them:
-----------------------------------------------------------------
listen 443;

ssl on;
ssl_certificate C:\nginx-1.6.2\kelnet.crt;
ssl_certificate_key C:\nginx-1.6.2\myserver.key;

server_name mydomain.com, 192.168.0.25;
-----------------------------------------------------------------

After saving the conf file, I started Nginx, but it didn't work. i checked the logs and the error.log lists these 3 lines:
-----------------------------------------------------------------
2014/12/29 14:57:00 [emerg] 53236#50624: BIO_new_file("C:
ginx-1.6.2\kelnet.crt") failed (SSL: error:0200107B:system library:fopen:Unknown error:fopen('C:
ginx-1.6.2\kelnet.crt','r') error:2006D002:BIO routines:BIO_new_file:system lib)
-----------------------------------------------------------------

After getting the error, I installed OpenSSL (Win32 OpenSSL v1.0.1j Light specifially) but still got the same error. I'm running everything on Windows 8.1 x64 (Fully Patched.)

[b]Questions[/b]
1. What am I doing incorrectly / what's causing the error?

2. Since the sites I'm redirecting to use SSL and require a logon, does that change the way I configure their redirection in the conf file? I'm currently using the below code:
-----------------------------------------------------------------
location /myapp {
proxy_pass https://mynetwork.com:9898;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-----------------------------------------------------------------

3. If I wanted to use a port other than 443 when using SSL, would it be as easy as changing it on the listening line or is further config required?

Any help would be greatly appreciated - Thanks!!

[Q] General configuration, subdomain, multiple web services (no replies)

December 30, 2014, 2:39 am
$
0
0
Hello!
I'm a beginner in setting up a webserver and I'm struggling with the different configuration files.
My first question is:
What is the difference of a config-file that is located in /etc/nginx/conf.d compared to a config-file in /etc/nginx/sites-enabled?

Second question:
What's the best practice for setting up multiple "web services" on a single webserver?
My intention is to run
- Owncloud
- Piwigo
- Adminer
and I assume the configuration of a subdomain, e.g. cloud.domain.local, should work best.

Any recommendation and best practice is highly appreciated.

THX

Nginx configuration test (out of the box/in non-production env.) (1 reply)

December 31, 2014, 2:26 am
$
0
0
Hey Guys
I'm looking for a way to test nginx configuration syntax in the non-production environment..
I found there is reliable way - "nginx -t -c $configfile". But this tests more things than syntax(hostnames, linked files, etc).

Q:: Is there any way to test just the syntax(if is useable for nginx or not) ???

-----------------------
The goal/reason:
Database containing all configuration file names, types , etc..
I have the configfiles repository containing all configuraton files from all servers.. (10000 files).
And I would like to find type of each one file..

I want to run test function for all types for each one file. And write result (FALSE/TRUE) for each test to DB..
(cfg_httpd=FALSE, cfg_nginx=TRUE, cfg_ini=FALSE, etc..)

This DB will be used to decide which config parser will be used for further processing..

-----------------------
Any help would be greatly appreciated :-)
Thanks!

Ngnix with upstream to uWSGI in AWS vpc is not responding (no replies)

December 31, 2014, 5:34 am
$
0
0
Hi,

I have an AWS EC2 instance running Nginx with an upstream to uWSGI. Nginx listening to port 8000 and uWSGi listen to port 3031. This server is running inside a private subnet of an AWS VPC. If I try to send request by curl from another server that is in a public subnet of the VPC to this Nginx the connection is timed out with error 504. Requests to other ports (that the Nginx is not listening to) are working OK and also requests to port 80 of the Nginx are working good. So I assume it has something to do with the Nginx configuration or the upstream configuration to the uWSGI.
The Nginx.conf file is following. Nothing is configured yet in the sites-available or sites-enabled.
The AWS security groups are configured with the relevant port opened (port 8000 is opened for inbound traffic).

Does anyone has some experience with the kind of system setup and can help with the configuration?
Thanks,
Yoav

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
upstream uwsgicluster{
server 127.0.0.1:3031;
}

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
# gzip_comp_level 6;
# gzip_buffers 16 8k;
gzip_http_version 1.0;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml appl$

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

server {
listen 8000;

location / {
include /home/ubuntu/uwsgi_params;
uwsgi_pass uwsgicluster;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
#running port
listen 80;

index index.nginx-debian.html;
root /var/www/html;
}
}
Search

proxy_protocol + SNI ??? (1 reply)

January 6, 2015, 11:13 am
$
0
0
Hi Everyone,

I first setup one nginx server with a couple server {} and had them listen 443 ssl spdy; they all had separate server_name's

this all worked perfect...I could access each domain via HTTPS and they worked perfectly.

Then I wanted to put a load balancer in front of all of this on Amazon so I created an ELB (elastic load balancer).

I was reading everything I could find and it sounded like the way to do this was turn on proxy_protocol on the ELB and then turn it on on nginx and boom everything would work and I would still be able to access the client's IP addr etc.

Turns out from what I'm experiencing, when you use proxy_protocol some how SNI no longer works and it basically always uses the default_server for 443 and no longer takes into consideration the server_name.

Basically, I need it to be able to read different ssl_certificate's for different domains that I host and I will be hosting 100's+.

What is the best way to go about this?

Thank you so much for your time in advance and if you have any questions please please please ask.

Thank you

Nginx config for the server as SSL proxy (no replies)

January 7, 2015, 10:40 pm
$
0
0
Hi!

I have several web interfaces, running on my Debian server (Deluge, BitTorrent Sync, Ajenti etc.) on different ports on localhost. To enable access from the web I setup nginx as a proxy and everything works fine for HTTP. And now I want to enable SSL to make secure access and faced with issue that my configs not working and error logs are empty.

My config template listed below. Could someone look into that?

server {
listen 80;
server_name {cp.domain.com};
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name {cp.domain.com};
client_max_body_size 20m;
access_log /var/log/nginx/{domain}.access.log;
error_log /var/log/nginx/{domain}.error.log;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_set_header Host $host;
proxy_redirect http://127.0.0.1:8000/ https://{cp.domain.com}/;
}
}

Streaming remote files/Printing out chunks (no replies)

January 8, 2015, 5:23 am
$
0
0
I'm trying to stream a file from a remote server (outputting smaller chunks) to the client. But it seems as though the buffers are messing with something causing the download speed to be much higher than the download speed.

When I ran the script on an Apache server it was working perfectly with a 1:1 ratio (e.g. downloading at 1 MB/s from the remote server and at the same time uploading at 1 MB/s to the client).

The script downloads chunks using cURL and prints them out to the user.

Remote server -> Nginx server -> Client

How can I have Nginx stream the remote file in a 1:1 ratio like Apache?

Setting up a reverse proxy (no replies)

January 8, 2015, 6:21 pm
$
0
0
I got a business comcast router, behind that I have a physical server with Centos 7 installed and NGiNX, I got several virtualbox vm's running on that physical server with bridged network adapter setting.

how can I setup NGiNX to be a reverse proxy to direct domain to the proper VM?

How to call web from sub folder (no replies)

January 8, 2015, 8:56 pm
$
0
0
Hi folks
Please help me to configure my web on sub folder.

My web work good from main domain folder like http://www.mydomain.com
But when I call from http://www.mydomain.com/en/index.php - home page is ok, but next pages (http://www.mydomain.com/en/post/more/2015/01/09/126) could not open.
it gives me "404 Page not found " error page.

Also "http://www.mydomain.com/post/more/2015/01/09/126" , (from main folder) its could open.

We are developing PHP with Codegnator framework.
Viewing all 2931 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>