Show all posts by user
Discussions in Spanish
Page 1 of 1 Pages: 1
Results 1 - 12 of 12
ssl_trusted_certificate $hostname.cert;
nginx: SSL_CTX_load_verify_locations("/etc/nginx/ssl/$hostname.cert") failed
But
ssl_certificate_key ssl/$hostname.key;
ssl_certificate ssl/$hostname.pem;
Both works fine.
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
# nginx -V
nginx version: nginx/1.21.4
built with OpenSSL 1.1.1f 31 Mar 2020
# openssl version
OpenSSL 1.1.1f 31 Mar 2020
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
ssl_protocols TLSv1.2 TLSv1.3;
server {
listen 443 ssl default_server;
ssl_reject_handshake on;
}
This does not allow ANY other server to be reached with TLSv1.3
server {
listen 443 ssl default_server;
ssl_certificate ssl/cert.pem;
return 444;
}
This allow ANY server to be reached with TLSv1.2 or TLSV1.3 (as configured).
See https://stackoverflow.com/ques
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
# cat /var/log/nginx/error.log
2021/12/25 03:27:20 3509876#3509876: ignore long locked inactive cache entry 896ea4afe7d75fae51aada8fb6643347, count:1
2021/12/25 07:57:02 3509876#3509876: ignore long locked inactive cache entry c4008f632b145d701271b37180818fb8, count:2
2021/12/25 11:14:15 3509876#3509876: ignore long locked inactive cache entry c5e2871d4c2314567a1960f9ad10d073, count:3
2021/
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
You are right, those lines are logged (i've forced upstreams to fail by stopping them).
But i can't see such problem using "proxy_pass http://127.0.0.1:81" instead of "proxy_pass http://http_backend" (no more 502 errors).
Strange...
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
Well, I was just assuming that no live upstreams were availbale, but this is not the case. At least, this is not logged (access or error).
Here are the lines from access_log i'm talking about (see the difference on $upstream_addr):
----
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer&quo
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
Here is my config:
-----
upstream http_backend {
server 127.0.0.1:81;
server 10.1.1.2 backup;
}
server {
...
location /http/ {
proxy_pass http://http_backend;
...
}
}
-----
As long as everything is working, $upstream_addr returns the IP (127.0.0.1:81). But when any backend returns HTTP/502, $upstream_addr returns the upstream name (http_bac
by
rjvbzeoibvpzie
-
Nginx Mailing List - English
Same error here:
2021/02/08 00:31:21 365557#0: *235975 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.207.32, server: 0.0.0.0:443
by
rjvbzeoibvpzie
-
Other discussion
Systemd claims that:
/lib/systemd/system/nginx.service:9: PIDFile= references a path below legacy directory /var/run/, updating /var/run/nginx.pid → /run/nginx.pid; please update the unit file accordingly.
nginx 1.19.2 on Ubuntu 20.04.
by
rjvbzeoibvpzie
-
Other discussion
Hi,
we are using different pools of FastCGI servers in different upstreams, with the 'least_conn' balancing method.
upstream zone_a {
zone server-pool 64k;
least_conn;
server 10.1.0.4:9001;
server 10.1.0.5:9001;
server 10.1.0.6:9001;
}
upstream zone_b {
zone server-pool;
least_conn;
server 10.1.0.4:9002;
server 10.1.0.5:9002;
se
by
rjvbzeoibvpzie
-
Other discussion