Show all posts by user
Any other nginx or tech related discussion may be entered here.
Re: NGINX on windows - 3 years ago
Look at this version, per-compiled, high performance http://nginx-win.ecsds.eu/by itpp2012 - Nginx Mailing List - English
Re: SSL_read() failed on Nginx built with new OpenSSL 1.1.1e - 3 years ago
See https://forum.nginx.org/read.php?2,287377 Revert back to 1.1.1dby itpp2012 - Nginx Mailing List - English
Re: Install http_charset_module - 3 years ago
Not all components are modules, using a viewer in hex-mode you could view the binary and search for the options. Or just try to use it and run -T to see if this feature is giving an error or not.by itpp2012 - How to...
Re: Install http_charset_module - 3 years ago
It's added by default, see also http://nginx.org/en/docs/configure.htmlby itpp2012 - How to...
Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n - 3 years ago
It doesn't and there are a few more for which this doesn't work either, it needs a lot more work and testing. I had a new concept patch but today decided to roll back to 1.1.1d and back port 1.1.1e (de) patches only. Only NGX_ERROR mitigates a truncation attack, not NGX_DONE (which is open for debate).by itpp2012 - Nginx Mailing List - English
Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n - 3 years ago
How about this as this catches all 3 while conditions: +++ src/event/ngx_event_openssl.c @@ -2318, c->ssl->no_wait_shutdown = 1; c->ssl->no_send_shutdown = 1; if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "peer shutdown SSL cleanly"); return NGXby itpp2012 - Nginx Mailing List - English
Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n - 3 years ago
Others not as often as the primary but all related to 1.1.1e: All : SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading) while processing HTTP/2 connection SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reby itpp2012 - Nginx Mailing List - English
Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n - 3 years ago
Maxim Dounin Wrote: ------------------------------------------------------- > On Fri, Mar 20, 2020 at 10:41:32AM +0300, Sergey Kandaurov wrote: > > > On 18 Mar 2020, at 14:17, itpp2012 <nginx-forum@forum.nginx.org> wrote: > > > Question: does this need to resolved in openssl or nginx ? > > So, they deliberately changed existing behaviour, known since > &by itpp2012 - Nginx Mailing List - English
Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n - 3 years ago
After using 1.1.1e, see also the commit where an explicit entry has been added. nginx just reports back what openssl passes, if this was unexpected (none critical) nginx needs to be patched, if not this openssl workaround (10880) needs to be changed.by itpp2012 - Nginx Mailing List - English
openssl 1.1.1e 14095126:SSL routines:ssl3_read_n - 3 years ago
Logging getting swamped with: 1808#2740: *20747 SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive Related to: https://github.com/openssl/openssl/issues/10880 and this commit: https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a Question: does this need to be resolved in openssl or nginx ? 22-3-2by itpp2012 - Nginx Mailing List - English
Re: Accessing local servers using local IP as sufix to public IP - 3 years ago
Use a local DNS (or hosts file).by itpp2012 - Ideas and Feature Requests
Re: Connections to AWS - 3 years ago
nginx is NOT connecting to anything, its incoming traffic, someone using AWS is attempting a Minerva (and others) attack on your instance. If your running the latest version there is nothing to worry about.by itpp2012 - Other discussion
Re: log/list IP Address accessing folder - 3 years ago
Yes while its running, locking has no bearing as a FD uses a link not a name while its open. FOR %%G IN (*.log) DO ren "%%G" "%datename%_%%G" nginx -s reopen sleep 5 move /y %datename%_*.* databy itpp2012 - How to...
Re: log/list IP Address accessing folder - 3 years ago
I do it all the time, rename, reopen and move renamed files, works for all log files. Look at access rights who does the rename.by itpp2012 - How to...
Re: log/list IP Address accessing folder - 3 years ago
Try it and see, run it once a day and see how big/small the logs are.by itpp2012 - How to...
Re: log/list IP Address accessing folder - 3 years ago
Rename the logfile and signal nginx to reopen logs (nginx -s reopen) I think, check the options.by itpp2012 - How to...
Re: log/list IP Address accessing folder - 3 years ago
Its a flat file which gets appended, there is no size regulation.by itpp2012 - How to...
Re: log/list IP Address accessing folder - 3 years ago
If you are referring to ' open_log_file_cache', open_log_file_cache max=1000 inactive=20s valid=1m min_uses=2; Others, open_file_cache max=1000 inactive=20s; open_file_cache_errors on; open_file_cache_min_uses 3; open_file_cache_valid 20s;by itpp2012 - How to...
Re: log/list IP Address accessing folder - 3 years ago
Look in the /log folder.by itpp2012 - How to...
Re: Nginx / bokeh load balancing issue - 3 years ago
Do you see them rotating in the nginx log ? (backend) "when multiple users are trying to access the webapp at the same time they have to wait until the bokeh server process their request. " With more than one backend it should work with more than one user but if the backend takes 'a long' time to respond you need to make the backend faster. Or implement a javascript which blocks submby itpp2012 - Other discussion
Re: Nginx / bokeh load balancing issue - 3 years ago
Nothing much, you need to add more backend servers to handle more requests, for example php-cgi is a single thread backend, if requests are handled fast one will suffice if not you add more backends. If 1 request takes 10 seconds you need 10 backends to handle that load for a 10 users, etc. Or get the backend to handle requests via a pipe asynchronously, tcp handling has its limits.by itpp2012 - Other discussion
Re: Nginx / bokeh load balancing issue - 3 years ago
You might think your running as asynchronous processing but it does not sound like it is: https://www.codemag.com/Article/0102091/Handling-long-Web-Requests-with-Asynchronous-Request-Processingby itpp2012 - Other discussion
Proxy stream pop3 110 to secure 995 - 3 years ago
Considering this example https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/ How would you stream plain unsecured pop3 traffic to a secure endpoint elsewhere ? (without the backend certificates) ea. stream { listen 110; proxy_ssl on; proxy_pass site.com:995; }by itpp2012 - Nginx Mailing List - English
Re: Proxy Caching ignore path - 3 years ago
Above not below.by itpp2012 - Nginx Mailing List - English
Re: Proxy Caching ignore path - 3 years ago
The first location match is the active one, add another location before this one to change its caching behavior.by itpp2012 - Nginx Mailing List - English
Re: non-www to www only - 3 years ago
Simple, server_name www.domain.nl domain.nl;by itpp2012 - How to...
Re: proxy_timeout valid values - 3 years ago
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeoutby itpp2012 - How to...
Re: SMTP proxy with "STARTTLS only" accepts unencrypted mail - 3 years ago
You might be better of with nginx stream to offload (ssl/tls), all of it is then encrypted. stream { upstream backendsmtp { server 192.168.3.32:25; } server { listen 1234 ssl; ssl_certificate /nginx/crts/global1.cert; ssl_certificate_key /nginx/crts/global1.key; include /nginx/conf/sslciphers.conf; proxy_pass backendsmtp; ....................by itpp2012 - Nginx Mailing List - English
Re: Correct path for data folder in nginx.conf - 4 years ago
Try root 'C:/nginx-1.16.0/data/www';by itpp2012 - How to...
Re: Cannot stop nginx service on windows. - 4 years ago
TASKKILL /F /IM "nginx*"by itpp2012 - How to...
 |
 |
 |
 |
|