Quantcast
Channel: Nginx Forum - How to...
Viewing all 2931 articles
Browse latest View live

NGINX config for Pydio - FastCGI sent in stderr error (no replies)

November 17, 2016, 9:25 am
$
0
0
Hello,

I am really looking and asking around for my issue but not finding a real solution. I hope you can help me.

Pydio is running with NGINX on my Raspberry. I will attache my conf file here.
Syncing is done from Android to Pydio with Synchronize Ultimate and I am receiving wired actions. Files are deleted and in error log I have a lot of these kind of messages:


2016/11/16 23:11:28 [error] 1110#0: *478 FastCGI sent in stderr: “PHP message: PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
PHP message: PHP Fatal error: Call to a member function getStream() on null in /var/www/pydio/plugins/uploader.html/SimpleUpload.php on line 199” while reading response header from upstream, client: ?.16.242.46, server: MYSERVER.COM, request: “POST /pydio/api/a29da4cc38d960c30a2b7474ca0eaf9a/upload/input_stream/DCIM/Camera/Wallpapers?node%5B%5D=%2FDCIM%2FCamera%2FWallpapers&input_upload=false&auto_rename=false HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “MYSERVER.COM”

2016/11/16 23:13:58 [error] 1112#0: *500 FastCGI sent in stderr: “PHP message: PHP Fatal error: Call to a member function getStream() on null in /var/www/pydio/plugins/uploader.html/SimpleUpload.php on line 199” while reading response header from upstream, client: ?.16.242.46, server: MYSERVER.COM, request: “POST /pydio/api/a29da4cc38d960c30a2b7474ca0eaf9a/upload/input_stream/DCIM/Camera/Wallpapers?node%5B%5D=%2FDCIM%2FCamera%2FWallpapers&input_upload=false&auto_rename=false HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “MYSERVER.COM”

Thanks for your help
Search

Nginx Reverse proxy config for kodi, rewrite rules (no replies)

November 20, 2016, 12:15 pm
$
0
0
I'm having some difficulty configuring nginx reverse proxy and i think some kind of re-write rule is needed.

location /kodi {
rewrite ^/kodi$ https://home.example.com/kodi/ permanent;
rewrite ^/kodi/(.*) /$1 break;
proxy_redirect http://localhost:5555 /kodi/;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://localhost:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /image
{
proxy_pass http://localhost:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /vfs
{
proxy_pass http://localhost:5555;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
The website has links of the form

https://home.example.com/kodi/vfs/%2fmedia%2fVirtual%2fVideos%2fTV%2fexamplevideo.mp4
but this url works:

https://home.example.com/vfs/%2fmedia%2fVirtual%2fVideos%2fTV%2fexamplevideo.mp4
the correct internal url is

http://localhost:5555/vfs/%2fmedia%2fVirtual%2fVideos%2fTV%2fexamplevideo.mp4


So I think what I'm asking is how can I redirect anything with links that start https://home.example.com/kodi/vfs to http://localhost:5555/vfs

?

403 Forbidden nginx/1.6.3 (centos 7) (no replies)

November 21, 2016, 6:09 am
$
0
0
Hello, after i installed nginx/1.6.3 & php56w-fpm, i run my website in the browser with a VH listening for port 80 and it worked, but at the moment I wanted to create a VH that listens for port 443 to access via https and that's when I get error 403 Forbidden, when I go to the error log what it shows me is *1 directory index of "/var/www/PROJECT/web/" is forbidden. I set 777 to www folder and i change the owner to nginx:nginx and the same error still comes out. The configuration of my VH is as follows

server {
listen 443 ssl spdy;
server_name project.lh;
root /var/www/PROJECT/web;

server_tokens off;

ssl on;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;

ssl_session_timeout 5m;
ssl_session_cache shared:SSL:20m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
try_files $uri $uri/ /app.php$is_args$args;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}

location ~ /\.ht {
deny all;
}

location ~ \.php$ {
return 404;
}

error_log /var/log/nginx/project-ssl_error.log;
access_log /var/log/nginx/project-ssl_access.log;
}

My site is made in symfony 2.8.
Could you please help me to explain how should i check? Thanks

php for a particular html page (no replies)

November 21, 2016, 10:10 am
$
0
0
I'd like nginx to parse particular html page(s) as php

- for example, I have a php contact form I'd like to keep calling contact.html,

but don't need php on most of my other html pages.

I've been able to parse _all_ html pages with these:

in virtual.conf -

#location ~ \.php$ {
location ~ \.(php|html|htm)$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/website$fastcgi_script_name;
include fastcgi_params;

}

in /etc/php-fpm.d/www.conf -

security.limit_extensions = .html .php .php3 .php4 .php5

but feel it's overkill and could hurt nginx performance?

Thanks,
sm

Seafile with Nginx and letsencrypt - Error 403 (no replies)

November 22, 2016, 4:07 pm
$
0
0
Hello,

I m not getting past a 403 error on my server setup and I would be grateful for some help.

Centos 7.2 VPS (Contabo)
Nginx 1.10.2
Certbot 0.9.2

I have the following working Nginx config:

server {
listen 80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
}
server {
listen 443;
ssl on;
ssl_certificate /home/ck/ssl/seafile-example-com.crt; # path to your cacert.pem
ssl_certificate_key /home/ck/ssl/seafile-exmaple-com.key; # path to your privkey.pem
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;

location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;

fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;

access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 36000;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;

fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;

client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;

# This option is only available for Nginx >= 1.8.0. See more details below.
proxy_request_buffering off;

access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /home/user/certbot-webroot;
}
}


The last location should allow a webroot access for letsencrypt.
But I always get a 403 error.

I placed a test.txt file into /home/user/certbot-webroot/.well-known/acme-challenge

But when I access the https://seafile.example.com/.well-known/acme-challenge/test.txt
then I get the 403 error.

I gave the /home/user/certbot-webroot/ a chown -R 0755 nginx:nginx

But I can't get past the 403.

Can someone help me with this issue?

Could it be a self signed certificate, that I am still using?

Help would be appreciated,

Chris

NGINX and WebServices WSDL Reverse Proxy (3 replies)

November 25, 2016, 10:08 am
$
0
0
Hello,

I have a server running Tomcat where it runs a WebService application on port 8080. To all external users, they will access the WebService on port 443 where Nginx will proxy reverse to port 8080. So, I have created the following configuration:

server {
listen 443;
server_name supermercado.cf;
ssl_certificate /.../certificate.crt;
ssl_certificate_key /.../certificate.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/supermercado.cf.access.log;
location / {
proxy_pass http://supermercado.cf:8080;
sub_filter '<a href="http://supermercado.cf:8080/' '<a href="https://$host/';
sub_filter_types text/css text/xml text/css;
sub_filter http://$host:8080 https://$host;
sub_filter_once on;
}
}

As you can see, I have used the proxy_pass directive to redirect all 443 traffic to port 8080 and I used a few sub_filter to replace the URL on the WebService page. The attached picture shows the Service URL, where the Address parameter is doing the right substitution by replacing the http://supermercado.cf:8080 URL by the https://supermercado.cf. However, the WSDL URL does not get replaced and keeps showing the URL pointing to port 8080.

Also, on the bottom of the picture you will see the same happening for the ?wsdl URL where the location also points to port 8080.

So, How can I setup NGINX to show all URLs pointing only to the HTTPS protocol?

Thanks in advanced,
Giancarlo

X-Accel-Redirect & Sendfile conf help (no replies)

November 25, 2016, 11:15 am
$
0
0
Hello,

Recently i make some website for download file ,but got some problem , maybe someone can help me here, thank you very much !

-----------------------------------------------------------------------
Server : nginx/1.11.6
PHP: FPM-FCGI / 5.3.29

i have root access.

-----------------------------------------------------------------------
Download path:

/home/users/domains/myweb.com/public_html/downloads

-----------------------------------------------------------------------
Here is the php code:

/**
* downloadXFile()
*
* @return
*/
function downloadXFile($fileLocation, $fileName, $maxSpeed = 1024)
{
if (connection_status() != 0)
return (false);
$extension = strtolower(substr($fileName, strrpos($fileName, '.') + 1));

/* List of File Types */
$fileTypes['swf'] = 'application/x-shockwave-flash';
$fileTypes['pdf'] = 'application/pdf';
$fileTypes['exe'] = 'application/octet-stream';
$fileTypes['zip'] = 'application/zip';
$fileTypes['doc'] = 'application/msword';
$fileTypes['xls'] = 'application/vnd.ms-excel';
$fileTypes['ppt'] = 'application/vnd.ms-powerpoint';
$fileTypes['gif'] = 'image/gif';
$fileTypes['png'] = 'image/png';
$fileTypes['jpeg'] = 'image/jpg';
$fileTypes['jpg'] = 'image/jpg';
$fileTypes['rar'] = 'application/rar';
$fileTypes['ra'] = 'audio/x-pn-realaudio';
$fileTypes['ram'] = 'audio/x-pn-realaudio';
$fileTypes['ogg'] = 'audio/x-pn-realaudio';
$fileTypes['wav'] = 'video/x-msvideo';
$fileTypes['wmv'] = 'video/x-msvideo';
$fileTypes['avi'] = 'video/x-msvideo';
$fileTypes['asf'] = 'video/x-msvideo';
$fileTypes['divx'] = 'video/x-msvideo';
$fileTypes['mp3'] = 'audio/mpeg';
$fileTypes['mp4'] = 'audio/mpeg';
$fileTypes['mpeg'] = 'video/mpeg';
$fileTypes['mpg'] = 'video/mpeg';
$fileTypes['mpe'] = 'video/mpeg';
$fileTypes['mov'] = 'video/quicktime';
$fileTypes['swf'] = 'video/quicktime';
$fileTypes['3gp'] = 'video/quicktime';
$fileTypes['m4a'] = 'video/quicktime';
$fileTypes['aac'] = 'video/quicktime';
$fileTypes['m3u'] = 'video/quicktime';

$contentType = $fileTypes[$extension];
header('X-Accel-Redirect: '. $fileLocation);
header("Content-Transfer-Encoding: binary\n");
header('Content-Type: $contentType');
$contentDisposition = 'attachment';


if (strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) {
$fileName = preg_replace('/\./', '%2e', $fileName, substr_count($fileName, '.') - 1);
header("Content-Disposition: $contentDisposition;filename=\"$fileName\"");
} else {
header("Content-Disposition: $contentDisposition;filename=\"$fileName\"");
}

header("Accept-Ranges: bytes");
$range = 0;
$size = filesize($fileLocation);

if (isset($_SERVER['HTTP_RANGE'])) {
list($a, $range) = explode("=", $_SERVER['HTTP_RANGE']);
str_replace($range, "-", $range);
$size2 = $size - 1;
$new_length = $size - $range;
header("HTTP/1.1 206 Partial Content");
header("Content-Range: bytes $range$size2/$size");
} else {
$size2 = $size - 1;
header("Content-Range: bytes 0-$size2/$size");
}

if ($size == 0) {
die('Zero byte file! Aborting download');
}
exit;

return ((connection_status() == 0) and !connection_aborted());
}

-----------------------------------------------------------------------

nginx.conf

location /downloads/ {
alias /home/users/domains/myweb.com/public_html;
}

-----------------------------------------------------------------------

My problem:

When i download the file via php , i always get 404 page error. looks the fileLocation did not get correctly.


My question:

A. how can i know my server already support X-Accel-Redirect & Sendfile or not ?
B. how to fix above issue.

Br.,

Denis

Directory listing is not working with directory outside the server root (no replies)

November 25, 2016, 8:09 pm
$
0
0
I have a directory that i want to turn into a file hosting page, which is outside the server root.

Here's the server root:
/var/server/nginx

And here's the directory that i want to host my files:
/root/Downloads/dl

The funny thing is, when i enable autoindex on the root location it worked fine, but when i put it on the "dl/" location, it either shows a 404 when requesting /dl or 403 when requesting /dl/
Any ideas?

Here's my nginx.conf:
https://0bin.net/paste/yld56HmmlAFZid8G#6tR24VNwHFTlqM5u2+RY5+SiFoNCN+n2M-wXQOb/

The permissions are all set to 755 so it won't be the probem.

Otherwise, how would you configure the nginx server for this purpose? -- your own nginx.conf files are welcomed plz paste it here: https://0bin.net

Also same post on serverfault.com if u prefer that: http://serverfault.com/q/817087/387551
Search

How to Serve static content from cookie less domain with nginx (no replies)

November 26, 2016, 3:17 pm
$
0
0
Cany anyone help me configure nginx to serve static content from a cookie less subdomain ?

How to serve every wordpress post as a subdomain in nginx (no replies)

November 26, 2016, 3:22 pm
$
0
0
I searched google a lot about this topic but could not find the right solution. Can anyone tell me how to configure this scinerio with nginx?

I have a site with domain name: softwarescube.com
I want the configuration so that when i publish a wordpress post for example "Test Post", it should be served at:

test_post.softwarescube.com

How to configure http secure link module? (no replies)

November 26, 2016, 3:24 pm
$
0
0
Is anyone here to help regarding configuration of http secure link module?

server side configuration: how to configure the server block in nginx?
client side configuration: how to send md5 hash and expiry in the request?

Dynamic Proxy_pass based on subdirectory (no replies)

November 28, 2016, 4:01 am
$
0
0
hello people

been slamming my head off a wall for some time with this config... i have more of an apache background but persevering with NGINX for this project!

basically, I have created a simple reverse proxy to serve http sites as https, and it works very well using the following config

location /subdirectory/ {
sub_filter '=/"' '="'; #remove /
sub_filter_once off;
proxy_pass http://subdirectory.domain.com/;
}

what i was hoping to do was expand this with regex

location ~* ^/(.*)/$ {
sub_filter '=/"' '="'; #remove /
sub_filter_once off;
proxy_pass http://$1.domain.com/;
}

but this returns 502 bad gateway.

have tried various configs, and cannot get this to resolve properly at all...

fingers crossed for some insight :)

browser cache expiry is missing (no replies)

November 29, 2016, 11:56 am
$
0
0
for google pagespeed i need browser cache expiry dates for the pictures.

all pictures i want to cache are in the directory:
https://www.rittinghaus-invest.de/media/image/*/*/*/picturename.jpg

i have directive:
## All static files will be served directly.
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|ico|png|html)$ {
## Defining rewrite rules
rewrite files/documents/.* /engine last;
rewrite backend/media/(.*) /media/$1 last;

expires 1w;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";

tried also this one without success:

# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}

nginx rtmp securelink (no replies)

November 29, 2016, 12:16 pm
$
0
0
hello is anybody here who could help me to configure rtmp secure link?


Thanks

Nginx using two cached zone based cookie (no replies)

November 29, 2016, 9:28 pm
$
0
0
i have two cache zone on my nginx configuration , I want when request or response body have cookie , then cache zone2 (for example) used , Is it possible with if-regx setting ?
Search

Conditionally removing Set-Cookie (no replies)

December 1, 2016, 2:06 am
$
0
0
I'm trying to implement page caching over WordPress/Woocommerce. It's mostly working. I'm using this as a location block;

location ~ \.php$ {
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_hide_header Set-Cookie;
}

$skip_cache is set to bypass cache on POSTs and some URLs (ie; checkout, my-account, etc). This works as expected.

My problem is that I'm trying to allow Set-Cookie to pass through on non-cached pages. I've tried using an IF statement (I have read that using IFs can be bad), but I get an error stating that the directive fastcgi_hide_header can't exist here. I've also tried setting a variable an using that instead of hard-coding "Set-Cookie", but it doesn't work either.

How can I conditionally remove Set-Cookie?

$local_time variable doubt! (no replies)

December 1, 2016, 6:36 am
$
0
0
Hello guys,

From what I understood $local_time variable shows the timestamp when NGINX record on log which means that it includes the response from the other server, I'm currently on a middle of a problem and I need the actual timestamp NGINX receive the message. Is there any way for me to do it?


Below you may find an example on what I mean.

NGINX LOG.:

timestamp="30/Nov/2016:17:26:43 -0200" client=%Client IP addr% request="GET %SOME DATA%' HTTP/1.1" request_length=255 bytes_sent=848 body_bytes_sent=470 referer=- user_agent="Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" upstream_addr=%IP_ADDR%:8080 upstream_status=200 request_time=3.053 upstream_response_time=3.053 upstream_connect_time=0.000 upstream_header_time=3.052

APPS LOG

[30/11/2016:17:26:40 -0300] "GET %SOME DATA%' HTTP/1.0" - - 0.00-1


As you can see, application received the data @ 17:26:40 but NGINX recorded everything which means 17:26:43, I need to know when request was received by NGINX because APP and NGINX runs on the same machine. which doesn´t make much sense when I put all those data on my spreadsheet. So is it possible to log the entry of the request?

I´m running.: nginx version: nginx/1.10.1


Forgot to mention that I´ve found this patch here.: https://gist.github.com/rkbodenner/318681 but it works for older versions of NGINX


Thanks a lot for your help

Load balancing syslog with UDP (no replies)

December 1, 2016, 9:32 am
$
0
0
I am trying to use nginx as a load balancer for syslog, to be able to send logs to several downstream Graylog ingestors in order to help improve performance of the Graylog cluster.

I'm having trouble with the config, as I'm getting the error:
[error] 2813#2813: *210329 no live upstreams while connecting to upstream, udp client: 10.0.X.X, server: 0.0.0.0:11016, upstream: "port_11016_stream_backend", bytes from/to client:937/0, bytes from/to upstream:0/0

As a small example of my conf file, it looks like this:

stream {
server {
listen 11016 udp;
proxy_pass port_11016_stream_backend;
}

upstream port_11016_stream_backend {
server 10.0.X.Y:11016;
}
}

It's not going to receive any bytes back from the server because I want this to be UDP proxying, and ergo there will be no reply. How can I eliminate this error?

proxy server (no replies)

December 1, 2016, 11:13 pm
$
0
0
Hi guys,

I have a webmail service running on a Debian virtual server (iRedmail and roundcube) which is working fine, but I have been unable to get nginx to play nicely whilst adding other subdomains.
So I setup another Debian host on the same machine which is serving my main website and another subdomain through apache2.
What I would like to do, which is now half working, is setup a proxy using apache as the front end with a subdomain pointing to the nginx webmail server. I have configured apache and it now redirects traffic to the nginx server, but either something needs changing in nginx or the config from iRedmail isn't allowing it.

Listening on port 80 and getting a request the config tells it to rewrite if not secure:
# Redirect webmail/SOGo/iredadmin to HTTPS
location ~ ^/mail { rewrite ^ https://$host$request_uri?; }

Listening on port 443 and getting a request the config points to the mail directory:
# Roundcube webmail
location ~ ^/mail(.*)\.php$ {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /opt/www/roundcubemail$1.php;
}

location ~ ^/mail(.*) {
alias /opt/www/roundcubemail$1;
index index.php;
}

Locally using the machine ip address I can open the webmail page and all works well. But if I try using the external address I get "This site cannot be reached", and I know it has reached the nginx server because the address has been rewritten from mail.example.com to https:mail.example.com/mail.

Can anyone help me?

conditional ssl_verify_client (no replies)

December 4, 2016, 3:42 pm
$
0
0
Hi,

Could someone to help me to understand how to enable `ssl_verify_client` conditionally? Is it possible to do this? I need to enable client certificate verification only for requests from outside of our intranet and no need to do verification for request from, for example, 192.168.0.0/24.

I tried use geo module to define variable for internal subnet

geo $intranet {
default 0;
192.168.0.0/24 1;
}

if ($intranet != 1) {
ssl_verify_client on;
}

but it is impossible to use `ssl_verify_client` directive inside 'if' statement. I get an error:

"ssl_verify_client" directive is not allowed here

Is there other way to do this?

Thanks.
Viewing all 2931 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>