Shouldn't the warning message for meant to say http2 parameter being deprecated not http2 directive? nginx: the "listen ... http2" directive is deprecated, use the "http2" directive instead in should be nginx: the "listen ... http2" parameter is deprecated, use the "http2" directive instead inby George - Nginx Mailing List - English
Nginx 1.25 has macros -DNGX_QUIC_DEBUG_PACKETS -DNGX_QUIC_DEBUG_FRAMES -DNGX_QUIC_DEBUG_CRYPTO but do they adhere to debug_connections directive from https://nginx.org/en/docs/debugging_log.html when Nginx is compiled with --with-debug ? I set debug_connections to specific IPs but i still see QUIC delated debug info in error log set with debug flag from requests other than the specific IP setby George - Nginx Mailing List - English
Ok fixed the patch and yup working now! No more socket() 0.0.0.0:80 failed (94: Socket type not supported) errors when listen directive is not specifically set. Thanks Roman!by George - Nginx Mailing List - English
That was a quick reply, was about to pop on Nginx slack channel :) Tried the patch but getting patching file src/http/ngx_http_core_module.c patch: **** malformed patch at line 18: lsopt.socklen = sizeof(struct sockaddr_in);by George - Nginx Mailing List - English
I tested nginx-quic https://quic.nginx.org/README for HTTP/3 over QUIC using quictls openssl 1.1.1q forked library and ran into an interesting error for non-HTTPS nginx vhost configurations. If non-HTTPS nginx vhost doesn't specifically list the listen directive for port 80, I get this error when running nginx -t config check nginx: socket() 0.0.0.0:80 failed (94: Socket type not supported)by George - Nginx Mailing List - English
I see. I am currently trying to use the $pool assigned variable for PHP-FPM though as in fastcgi_pass $pool; and not proxy_passby George - Nginx Mailing List - English
I am trying use a Nginx map assigned variable in an upstream but it doesn't seem to work? The map is concatenated $uri$args assigning a PHP-FPM fastcgi PHP pool to variable $pool and then setting the $pool variable in an upstream. map $uri$args $pool { default 127.0.0.1:9000; "~/index.php/args" 127.0.0.1:9002; } upstream php { zone php_zone 64by George - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Wed, Dec 29, 2021 at 11:30:04PM -0500, George wrote: > > > Thanks for PCRE2 support! > > > > From what I read Nginx 1.21.5 will default to PCRE2 if found or > fallback to > > PCRE if not > > > > You can disable PCRE2 default by passing --witby George - Nginx Mailing List - English
Thanks for PCRE2 support! From what I read Nginx 1.21.5 will default to PCRE2 if found or fallback to PCRE if not You can disable PCRE2 default by passing --without-pcre2 flag - which works fine and ldd $(which nginx) shows libpcre.so.1 => /usr/local/nginx-dep/lib/libpcre.so.1 (0x00007f86c7445000) But is the same true, if you set --without-pcre flag with PCRE2 library installeby George - Nginx Mailing List - English
I see. Thanks Maxim for the clarification. Much appreciated :)by George - Nginx Mailing List - English
I am trying to troubleshoot a duplicate listen options error that only happens on one server and not the other. From docs at http://nginx.org/en/docs/http/ngx_http_core_module.html backlog listen directive works for each ip:port pair so I should be able to set backlog directive on listen directive once on port 80 and once on port 443. But on one server I am not able to and can't see where the pby George - Nginx Mailing List - English
Roadmap suggests it is in Nginx 1.17 mainline QUIC = HTTP/3 https://trac.nginx.org/nginx/roadmap :)by George - Nginx Mailing List - English
yeah updated mercurial works https://forum.nginx.org/read.php?2,283686,283694#msg-283694 though centos 7 still will use non-SNI supported mercurial 2.6.2 so folks doing hg clone for njs repo will always have this issue.by George - Nginx Mailing List - English
okay part of the problem is centos 7 uses mercurial 2.6.2 and fix is to update to mercurial >2.7.9 for SNI support hg --version Mercurial Distributed SCM (version 2.6.2) (see http://mercurial.selenic.com for more information) Copyright (C) 2005-2012 Matt Mackall and others This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITYby George - Nginx Mailing List - English
looks like hg clone is a non-SNI request so looked up pubserv.nginx.com's SSL cert *.nginx.com common name so maybe best to add *.nginx.org as well to pubserv.nginx.com server's SSL cert ?by George - Nginx Mailing List - English
testssl 3.0rc4 output for testssl hg.nginx.org:443 Testing server defaults (Server Hello) TLS extensions (standard) "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16" Session Ticket RFC 5077by George - Nginx Mailing List - English
for that i get echo -n | openssl s_client -connect hg.nginx.org:443 -servername hg.nginx.org CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = mailman.nginx.org verify return:1 --- Certificate chain 0 s:/CN=mailman.nginx.org i:/C=US/O=Let'by George - Nginx Mailing List - English
Hi when I try to clone njs repo I am getting the error below hg clone https://hg.nginx.org/njs/ abort: hg.nginx.org certificate error: certificate is for *.nginx.com, nginx.com (configure hostfingerprint bd:90:5e:95:b4:51:d8:0b:b0:36:41:6f:99:a7:80:01:4e:cf:ee:c2 or use --insecure to connect insecurely) and echo -n | openssl s_client -connect hg.nginx.org:443 CONNECTED(0000000by George - Nginx Mailing List - English
Thanks Maxim. Guess we just need to wait :)by George - Nginx Mailing List - English
Nginx supports BoringSSL too and it already has ESNI support apparently https://www.theregister.co.uk/2018/07/17/encrypted_server_names/by George - Nginx Mailing List - English
correct meant vhost #1 'but if i had the 3 nginx vhosts where reuseport was used on vhost #3 instead of vhost #1, i get error 'by George - Nginx Mailing List - English
I know that nginx reuseport is only usable per ip:port pair so I am confused about this error. I have 3 nginx vhosts vhost #1 server { listen 443 ssl http2 default_server backlog=2048 reuseport; } vhost #2 server { listen 80 default_server backlog=2048 reuseport fastopen=256; } vhost #3 server { listen 443 ssl http2; } This configuration works and I see socket sby George - Nginx Mailing List - English
thanks Ruslan just tested your committed fixes for this in master branch and working nicely https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/page-2#post-59602 :)by George - Nginx Mailing List - English
Thanks for that video link :)by George - Nginx Mailing List - English
thanks Ruslan for the update appreciate all your work and looking forward to playing with HTTP/2 Push finally ! :)by George - Nginx Mailing List - English
Reported bug at https://trac.nginx.org/nginx/ticket/1478by George - Nginx Mailing List - English
Hi compiled Nginx 1.13.9 from master branch to try out HTTP/2 Server Push but noticed the pushed assets loose their gzip compression and are served as non-compressed assets ? Is that as intended ? I posted my findings at https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/#post-59411 http2_push_preload on; add_header Link "</css/bootstrap.min.css&by George - Nginx Mailing List - English
yeah just use nginx open source free version if you need compile support - updated guide at https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/by George - Nginx Mailing List - English
thanks for sharing. Is it necessary to compile with --with-debug ?by George - Nginx Mailing List - English