Hello, I plan to set up two servers for a training purpose : one frontend, one database. I created a tcp server but I need to be sure of the idea : Be F the frontend and B the backend. when a client will make a request, it will hit F first (nginx + https involved) then will ask B to process the query with adding a x-forward-for header not to lose the real client ip and port. Then myby Larry - Nginx Mailing List - English
Thanks Maxim, I will investigate it and get my results here.by Larry - Nginx Mailing List - English
I will try to code something. Should I put it back here if successful or not ? Anyway, thanks for your knowledge Maxim. Larryby Larry - Nginx Mailing List - English
Yep, Missed that -big- one. Failed idea. Many example show how to loadbalance ssl without problems like lvs, haproxy http://virtuallyhyper.com/2013/05/configure-haproxy-to-load-balance-sites-with-ssl/ So, Am I basically creating an imaginary problem ? And if so, why ssl ticket (rfc 5077) even exists ?by Larry - Nginx Mailing List - English
Hello, I would like to know if we could replicate the shared memory over multiple servers. One cannot reliably use the new ticket system since not all webbrowsers support this. My idea is to modify the ngx_shared_memory_add function to add a rpc stack to it. We would write down the upstream servers we want to make aware of the modification and send them the cache value. The only remby Larry - Nginx Mailing List - English
Hello ! I tried but cannot trust myself (and what I tried) : when streaming / playing video in the client browser, does the client's port ($remote_port) may change ? in the logs when configuring remote_port I believe that if the connection is dropped, another port will be assigned, but in case everything is okay, then the port should remain the same. Am I right ? My tests and nginx loby Larry - Nginx Mailing List - English
Many thanks I will dig into it :) See youby Larry - Nginx Mailing List - English
Hello ! I am not sure that I understood this sentence from http://www.aosabook.org/en/nginx.html : "However, nginx goes further—not only can filters perform multiple subrequests and combine the outputs into a single response, but subrequests can also be nested and hierarchical" It is pretty clear by itself, not the question, but how can one "stack" a response from muby Larry - Nginx Mailing List - English
Maybe this will make it : https://github.com/agentzh/lua-resty-dns anyone ? Thanksby Larry - Nginx Mailing List - English
Hello, I just read that nginx has a resolver. Will it be able to replace our powerdns which just enables the basics ds stuffs ? (lookup + ttl as usual) I rather prefer the nginx syntax and it would simplify the stack if we could throw out powerdns (which is good, that is not the question). Any clue/experience would be welcome :) Thanks, Larryby Larry - Nginx Mailing List - English
Thanks, I changed my strategy : one file programmatically modified and added to the site-enabled folder like that everything runs fine and I keep being able to meet my requirement of one root ca per client. Many thanks all of you Byeby Larry - Nginx Mailing List - English
Thanks, I left the cookies out of this context right now I understand. But since there is a http request first why doesn't nginx is able to switch to the right certificate accordingly ? Without obliging me to create a new entry for each (which is the route I am going to take)?by Larry - Nginx Mailing List - English
Hello, Here is my current conf server { listen 443; server_name ~^(.*)\.sub\.domain\.com$ ssl on; ssl_certificate $cookie_ident/$1.crt; ssl_certificate_key $cookie_ident/$1.key; server_tokens off; ssl_protocols TLSv1.2 TLSv1.1 TLSv1 SSLv3; ssl_prefer_server_ciphers on; ssl_session_timeout 5m; ssl_session_cache builtin:1000 shared:SSL:10m;by Larry - Nginx Mailing List - English
Makes sense Thanksby Larry - Nginx Mailing List - English
Ok, Now I get it right :) @Maxim : when you say faster memory storage, doesn't nginx get the result cached by the os itself ? And so in the ram ? What could be faster than that ? Thanksby Larry - Nginx Mailing List - English
Did i understand something wrong ? Thanksby Larry - Nginx Mailing List - English
Hello, I don't quite understand what I could get from caching with proxy_cache vs serving static files directly. Everywhere people tend to say that it is better to cache, but isn't caching the same as serving directly from static file ? Say that I serve home.html from a plain static html file, would I get any benefit to use reverse proxy + cache to serve it ? Thanks,by Larry - Nginx Mailing List - English
Hello, I wish I could send a notification to nginx to dynamically limit the request rate per second. Say I use the request rate module, i would like to be able to override dynamically this setting. How would I do that ? I read about the zone but not sure if i can interfere in this way. Any clue ? thanks Larryby Larry - Nginx Mailing List - English
Maybe I miss something : Is the proxy useful if I intend to cache the images from another of my servers ? Eg : files : www.example.com images : www.example2.com I would like www.example.com to cache the files from www.example2.com, so that the webserver can serve it directly. I am a bit lost there.. Should I benefit from proxy-cache files that are already on example.com ? (selfby Larry - Nginx Mailing List - English
Hello Maxim, Maybe, but it seems normal since I looked all the major websites having the same issue. So if everybody has this issue, it is not an issue anymore per se. I tried this configuration : proxy_cache_path /srv/http/mysite/proxy levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; in the http and : location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {by Larry - Nginx Mailing List - English
Hello, I have a 15k rpm server 16g ram on which is fiercely installed nginx 1.5.1 on a debian 7 machine (no apache installed). I read a lot (up to crunching my head) about caching strategy. I would like to reduce the latency of file serving. currently, my webpage (static html) loads in 43-70 ms but then 44ms are spent doing nothing then load the images. The total for a 120k page isby Larry - Nginx Mailing List - English
Hello, I would like to know how nginx could deal with this situation the most comfortable way to serve static files : 1) Is tree traversing fast on xfs/ext4 filesystems ? aaa/bbb/ccc number of files inside the last subfolder is approx 2000. 2) Will nginx prefer another strategy ? It is a bit a out-of-any-other-factors-involved question. Many thanks ! Larryby Larry - Nginx Mailing List - English
Thank you both of you, I admit I started worrying on the basis of wrong information/comprehension. Now it is ok, and I can keep up my nginx config with the x-accel variables. Thanks again, and sincerely sorry I bothered you for such thing. Regards, Larryby Larry - Nginx Mailing List - English
Reassuring but everywhere on the web, you can see wireshark sniffing in/out packet to any server. Hence, they are not connected to the server to sniff packets. That is why I started worrying actually !by Larry - Nginx Mailing List - English
My concern is that a hacker is able to know my other ips over europe. My host is not a problem. The real deal is the outgoing packets I don't want external people to know where they are going to. It would defeat the whole purpose of reverse proxy..by Larry - Nginx Mailing List - English
Hello, I am suddenly worrying about something simple : I have a box that send some traffic with proxy_pass to get files from another of my box faking the url. Hence acting as a reverse proxy. All the connections are ssl covered. Right. But is the whole reverse proxy broken if one listen with wireshark to the traffic of that proxy server ? Will it tell in the clear that I get the filby Larry - Nginx Mailing List - English
You are right Reinis, It first seemed tough to me but yeah, it works :) Thanks, Larryby Larry - Nginx Mailing List - English
Will you keep us in touch Reinis ?by Larry - Nginx Mailing List - English
yeah but it works when you have multiple words. In my case, there is only one which is 1234567890...DEF (md5 -> 32 chars) And I would need the possibility to do m=1234567890...DEF m[1] = 1 m[2] = 2 .. m[32] = F A mere rewrite is impossible here.. It seems indeed, Larryby Larry - Nginx Mailing List - English