Show all posts by user
Any other nginx or tech related discussion may be entered here.
Re: Can't use $hostname with ssl_trusted_certificate - 10 months ago
Yeah I know, but it's odd to support it on all other ssl_ variables but one...by rjvbzeoibvpzie - Nginx Mailing List - English
Can't use $hostname with ssl_trusted_certificate - 11 months ago
ssl_trusted_certificate $hostname.cert; nginx: SSL_CTX_load_verify_locations("/etc/nginx/ssl/$hostname.cert") failed But ssl_certificate_key ssl/$hostname.key; ssl_certificate ssl/$hostname.pem; Both works fine.by rjvbzeoibvpzie - Nginx Mailing List - English
Re: ssl_reject_handshake disallow TLSv1.3 - 1 year ago
# nginx -V nginx version: nginx/1.21.4 built with OpenSSL 1.1.1f 31 Mar 2020 # openssl version OpenSSL 1.1.1f 31 Mar 2020by rjvbzeoibvpzie - Nginx Mailing List - English
ssl_reject_handshake disallow TLSv1.3 - 1 year ago
ssl_protocols TLSv1.2 TLSv1.3; server { listen 443 ssl default_server; ssl_reject_handshake on; } This does not allow ANY other server to be reached with TLSv1.3 server { listen 443 ssl default_server; ssl_certificate ssl/cert.pem; return 444; } This allow ANY server to be reached with TLSv1.2 or TLSV1.3 (as configured). See https://stackoverflow.com/quesby rjvbzeoibvpzie - Nginx Mailing List - English
Re: Alert: ignore long locked inactive cache entry - 1 year ago
# cat /var/log/nginx/error.log 2021/12/25 03:27:20 3509876#3509876: ignore long locked inactive cache entry 896ea4afe7d75fae51aada8fb6643347, count:1 2021/12/25 07:57:02 3509876#3509876: ignore long locked inactive cache entry c4008f632b145d701271b37180818fb8, count:2 2021/12/25 11:14:15 3509876#3509876: ignore long locked inactive cache entry c5e2871d4c2314567a1960f9ad10d073, count:3 2021/by rjvbzeoibvpzie - Nginx Mailing List - English
Re: Nginx upstream return name instead of server ip - 2 years ago
Got it! Thanks.by rjvbzeoibvpzie - Nginx Mailing List - English
Re: Nginx upstream return name instead of server ip - 2 years ago
You are right, those lines are logged (i've forced upstreams to fail by stopping them). But i can't see such problem using "proxy_pass http://127.0.0.1:81" instead of "proxy_pass http://http_backend" (no more 502 errors). Strange...by rjvbzeoibvpzie - Nginx Mailing List - English
Re: Nginx upstream return name instead of server ip - 2 years ago
Well, I was just assuming that no live upstreams were availbale, but this is not the case. At least, this is not logged (access or error). Here are the lines from access_log i'm talking about (see the difference on $upstream_addr): ---- log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer&quoby rjvbzeoibvpzie - Nginx Mailing List - English
Nginx upstream return name instead of server ip - 2 years ago
Here is my config: ----- upstream http_backend { server 127.0.0.1:81; server 10.1.1.2 backup; } server { ... location /http/ { proxy_pass http://http_backend; ... } } ----- As long as everything is working, $upstream_addr returns the IP (127.0.0.1:81). But when any backend returns HTTP/502, $upstream_addr returns the upstream name (http_bacby rjvbzeoibvpzie - Nginx Mailing List - English
Re: Nginx SSL Errors - 2 years ago
Same error here: 2021/02/08 00:31:21 365557#0: *235975 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.207.32, server: 0.0.0.0:443by rjvbzeoibvpzie - Other discussion
PIDFile= references a path below legacy directory /var/run/ - 3 years ago
Systemd claims that: /lib/systemd/system/nginx.service:9: PIDFile= references a path below legacy directory /var/run/, updating /var/run/nginx.pid → /run/nginx.pid; please update the unit file accordingly. nginx 1.19.2 on Ubuntu 20.04.by rjvbzeoibvpzie - Other discussion
Is upstream zone shared between upstreams? - 3 years ago
Hi, we are using different pools of FastCGI servers in different upstreams, with the 'least_conn' balancing method. upstream zone_a { zone server-pool 64k; least_conn; server 10.1.0.4:9001; server 10.1.0.5:9001; server 10.1.0.6:9001; } upstream zone_b { zone server-pool; least_conn; server 10.1.0.4:9002; server 10.1.0.5:9002; seby rjvbzeoibvpzie - Other discussion
 |
 |
 |
 |
|