Hi Team, Though we have proxy cache valid defined to cache only respective response code , nginx caching 416 response. proxy_cache_valid 200 206 10d; proxy_cache_key $uri$http_range; 416 is returned from upstream server and its getting cached on Ngnix. Even with default settings by not specifying http response behavior is same. proxy_cache_valid 10d; Sample response cachedby anish10dec - Nginx Mailing List - English
Hi Team, Intermittently there are multiple below errors reported in error.log file. 41456#41456: ignore long locked inactive cache entry efcd5613750302a2657fca63c07fc777, count:1 This comes momentarily with a spike of 50-90 K such errors in a minute time span. During this period server load and cpu utilization increases to Maximum dropping all the traffic with 0% Idle CPU and Load rby anish10dec - Nginx Mailing List - English
> Given the above, I see two possible reasons why the cache volume > is only filled at 50%: > > 1. You've run out of keys_zone size. > > 2. You've run out of resources requested frequent enough to be > cached with proxy_cache_min_uses set to 2. > > It should be easy enough to find out what happens in your case. > It seems possible reason is keys_zoneby anish10dec - Nginx Mailing List - English
With use of proxy_cache_min_uses volume of cache is getting settled up at around 50% utilization. No matter what is the volume allocated in max_size its not filling up further beyond 50%. If the proxy_cache_min_uses is removed the cache gets filled up with max_size allocated volume. No of files in cache directory is far less beyond the size allocated in key zone. Its getting capped up near 2by anish10dec - Nginx Mailing List - English
Thanks Maxim for the explanation. Is there a way to figure out how much time Nginx took to deliver the files to the end user.by anish10dec - Nginx Mailing List - English
In our case response body is of size around 4MB to 8MB and its showing 0.000. Since "request time" is for analyzing the time taken for delivering the content to client , we are not able to get the actual value or time taken . Even on slow user connection its showing 0.000 . Generally it should be much higher as it captures the total time taken for delivering last byte of the contby anish10dec - Nginx Mailing List - English
We are observing a behavior where request time and upstream response time is logged as same value when request is MISS in log file. And when there is HIT for the request , request time is logged as 0.000 for all the requests. Please help what could be the reason for this , we tried compiling from source , rpm , upgrading and downgrading the version of Nginx. But always the case remains sby anish10dec - Nginx Mailing List - English
We are observing that multiple cache object is getting created for same file in Nginx Cache which is resulting into non optimal use of cache storage. We are using proxy_cache_key as $uri. proxy_cache_key $uri; For example with file having URI /content/entry/jiomags/content/719/51/51_t_0.jpg 2 cache object has been created in cache folder. Both the files are having same KEYby anish10dec - Nginx Mailing List - English
Module is fixed now https://github.com/kaltura/nginx-akamai-token-validate-module/issues/18 Thanksby anish10dec - Nginx Mailing List - English
Thanks Maxim Will fix the module , just was looking a way around if it can be handled by just removing the null characterby anish10dec - Nginx Mailing List - English
Thanks Maxim Actually null character is not being generated by Client . We are using below module to validate the tokens https://github.com/kaltura/nginx-akamai-token-validate-module This is being caused by akamai_token_validate_strip_token directive which strips the token and forwards request to upstream server. While striping the token and passing the remaining request to upstreamby anish10dec - Nginx Mailing List - English
Nginx Upstream returning 400 Bad Request if null character is being passed in the request as part of uri or query params. Is there a way Null Character can be removed from request before proxying it to upstream. Its only known from access logs that null character is being passed in request as \x00 and causing the failure How to identify the Null Character and remove it ? Tried belowby anish10dec - Nginx Mailing List - English
We are using Nginx to deliver Widevine Streaming over Web. Website sends OPTIONS request as a preflight check with every fragment request for streaming. Since Nginx by default caches GET, HEAD, we tried including OPTIONS method to cache on Nginx. proxy_cache_methods GET HEAD OPTIONS; Gives error messsage as Invalid value. Below links says OPTIONS cannot be cached https://forum.ngiby anish10dec - Nginx Mailing List - English
We want to use Nginx as LB in a way so that Nginx can return 301 or 302 redirect to client instead of Proxying request to backend/upstream servers. It is required as Server which is configured as LB is having limited throughput of 1 Gbps while upstream servers are having throughput of 10Gbps . We want users to directly connect to Upstream Server for Data delivery. Nginx LB Server to make sby anish10dec - Nginx Mailing List - English
In both the cases , either geoip2 or ip2location we will have to compile Nginx to support . Currently we are using below two RPM's from Nginx Repository (http://nginx.org/packages/mainline/centos/7/x86_64/RPMS/) nginx-1.10.2-1.el7.ngx.x86_64 nginx-module-geoip-1.10.2-1.el7.ngx.x86_64 Is the rpm module available or is there any plan to make it available.by anish10dec - Nginx Mailing List - English
We are using Nginx with DAV Module , where encoder is pushing the content. These content when being accessed is not coming with header "Transfer-Encoding : chunked" though these header is being added by Encoder. Below is version details : nginx version: nginx/1.10.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI suppby anish10dec - Nginx Mailing List - English
Thanks Maxim For Streaming with Low Latency , Harmonic Encoder is pushing media files with "Transfer-Encoding: chunked" on the Nginx Origin Server. We are able to see the same in tcpdump between Encoder and Nginx Origin. However when we try to stream content through Origin Server , "Transfer-Encoding: chunked" is missing in the header part because of which player is nby anish10dec - Nginx Mailing List - English
In order to support CMAF and Low latency for HLS streaming through Nginx, it is required change in content header. Instead of "Content-Length" in Header , expected value by player is "Transfer-Encoding : chunked" so that for a 6 sec chunk of media segment player will start streaming fetching data in 200 msec part wise and thus streaming will have low latency . This is supporby anish10dec - Nginx Mailing List - English
Hi , As of now we are using "nginx-module-geoip-1.10.0-1.el7.ngx.x86_64.rpm" available at repository https://nginx.org/packages/rhel/7/x86_64/RPMS/ Cant find rpm for geoip2 module . Please suggest from were to get the rpm package of geoip2 module as we are using nginx-1-10.2 rpm.by anish10dec - Nginx Mailing List - English
Current Configuration secure_link $arg_token,$arg_expiry; secure_link_md5 "secret$arg_expiry"; if ($secure_link = "") {return 405;} if ($secure_link = "0"){return 410;}by anish10dec - Nginx Mailing List - English
There is requirement for token authentication using two secret key i.e primary and secondary secret for location block. If token with first secret gives 405, then to generate the token with second secret to allow the request. This is required for changing the Secret Key in production on server so that partial user will be allowed with old secret and some with new secret for meanwhile till seby anish10dec - Nginx Mailing List - English
Thanks ... We need the Client IP on Server B as well for analytics . Tried by enabling the Geo IP module on Server A which looks after remote address field and successfully blocks the request. But the problem here is that it is even blocking the requests coming from our Internal Private IP Segment such as 10.0.0.0/27 which are used for monitoring . Is there a way to declare few Privateby anish10dec - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Thu, Jan 11, 2018 at 07:17:20AM -0500, anish10dec wrote: > > > GeoIP module is able to block request on basis of remote address > which is IP > > of the remote device or user but not on basis of X-Forwarded-For IP > if it > > has multiple IP address in it. &gby anish10dec - Nginx Mailing List - English
GeoIP module is able to block request on basis of remote address which is IP of the remote device or user but not on basis of X-Forwarded-For IP if it has multiple IP address in it. There is Frontend Server( Server A) which receives the request and send it to Intermediate Server (Server B) We have GeoIP module installed on Intermediate Server i.e. Server B Server B <--- Server A <--by anish10dec - Nginx Mailing List - English
Let me explain the complete implementation methodology and problem statement URL to be protected http://site.media.com/mediafiles/movie.m3u8 We are generating token on application/client side to send it along with request so that content is delivered by server only to authorized apps. Token Generation Methodology on App/Client expire = Current Epoch Time on App/Client + 600 ( 600 soby anish10dec - Nginx Mailing List - English
URL Signing by Secure Link MD5 , restricts the client from accessing the secured object for limited time using below module Exp time is sent as query parameter from client device secure_link $arg_hash,$arg_exp; secure_link_md5 "secret$arg_exp"; if ($secure_link = "") {return 405;} if ($secure_link = "0") {return 410;} Here problem is that if expiry time iby anish10dec - Nginx Mailing List - English
Any Update Please How to use two secret Keys for Secure Link Md5. Primary to be used by application which is in production and secondary for application build which has been rolled out with changed secret key i.e. secondary. So that application should work in both scenario meanwhile till the all the users update the application Please help Inside location or server block secure_linkby anish10dec - Nginx Mailing List - English
Thanks But what about the next part when actually we are in production and if there is need for change of secret Key on Nginx. " Is there a way to implement the token authentication with two secret key i.e primary and secondary So that If the first one did not work, then try the second one. This would be helpful while changing the Secret Key in production so that some user will beby anish10dec - Nginx Mailing List - English
For validating all the m3u8 , below is the configuration location ~.*.m3u8 { secure_link $arg_token,$arg_expires; secure_link_md5 "appsecret$uri$arg_expires"; if ($secure_link = "") {return 403;} if ($secure_link = "0"){return 410;} proxy_pass http://appserver:80; } What I need is the way to temporarily allow users who are not coming with tokenby anish10dec - Nginx Mailing List - English
Trying to implement the secure link md5 token check . Is there a way to verify secure link i.e. to generate token using secret key and verify the token. If it matches it should allow the request . And also to allow the request for token which doesn't matches so that while rolling out the update it may happen that some of the client request will come without token . Those request should alsby anish10dec - Nginx Mailing List - English