See also references: * https://www.digitalocean.com/community/questions/how-to-support-internal-traffic-with-proxy-protocol-enabled-on-a-kubernetes-loadbalancer * https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/examples/README.md#accessing-pods-over-a-managed-load-balancer-from-inside-the-cluster * https://github.com/kubernetes/kuberneby kay - Nginx Mailing List - English
Hi, If you have an nginx ingress service with a LoadBalancer type and PROXY protocol enabled in kubernetes, it is inaccessible from the local network, since kube-proxy routes the local traffic directly to the service endpoints. Thus this traffic doesn't have PROXY protocol header and the connection to nginx fails. It would be nice to have an option for nginx to not expect PROXY protocol headby kay - Nginx Mailing List - English
In my org all the traffic must be encrypted, even local. Unfortunately nginx doesn't support encrypted connections with SMTP backends. This topic relates to one of my previous questions (Dynamically resolving smtp upstream hostnames) https://forum.nginx.org/read.php?2,291890,291890#msg-291890, because in case of encryption you must validate the certificate domain.by kay - Ideas and Feature Requests
I've managed to get the desired result with a patch below: --- a/src/mail/ngx_mail_proxy_module.c +++ b/src/mail/ngx_mail_proxy_module.c @@ -574,7 +574,7 @@ cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); - line.len = sizeof("HELO ") - 1 + cscf->server_name.len + 2; + line.len = sizeof("HELO ") - 1 + s->smtp_helo.len +by kay - Nginx Mailing List - English
Hi, Currently only XCLIENT protocol supports passing "EHLO or HELO, as passed by the client" - http://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient I'm using PROXY protocol and nginx sends the hostname, specified in "server_name". Is it possible to pass the real client hostname to SMTP backend? Regards,by kay - Nginx Mailing List - English
Any clues on how to solve this? Do I need to submit a feature request to resolve SMTP hostnames the same way it is done in HTTP proxy_pass directive?by kay - Nginx Mailing List - English
I'm using a new "proxy_smtp_auth on;" option in my mail proxy server inside k8s cluster, therefore I just need to proxy_pass smtp requests to the backend. Since the backend must be set using the "auth_http" directive, I use the code below and provide the hostname instead of IP address: server { listen 127.0.0.1:8025; server_name _; access_log off; locby kay - Nginx Mailing List - English
Thanks for the hint! I haven't worked with domain names in proxy_pass before and was sure that they're resolved dynamically. I changed the config to: set $upstream_var example.com; proxy_pass https://$upstream_var;by kay - Nginx Mailing List - English
Probably I also need to mention that "example.com" has more than one IP address (in our case 2)by kay - Nginx Mailing List - English
Here is an example of the proxy_pass config, we don't use IP's proxy_pass https://example.com; When "example.com" changes the IP address, it is not reflected in nginx. We're using k8s pods. Sometime one or two pods have stale DNS cache. Other pods work fine...by kay - Nginx Mailing List - English
We tested with a default "resolver 8.8.8.8;" and "resolver 8.8.8.8 30s;" options. Both keep using the outdated IP address until you run "nginx -s reload". The upstream is AWS LoadBalancer, which changes IPs quite frequently. I'm using nginx 1.19.3. Any clue what could be wrong?by kay - Nginx Mailing List - English
> "TLS-only" might work if you use "stream" rather than "mail", so that > nginx is the TLS-termination of an otherwise-opaque stream of traffic. Thanks for the hint. I think I can omit starttls support and use only TLSby kay - Nginx Mailing List - English
I'd like to use nginx to serve TLS and/or StartTLS connections only, the rest must be "proxy passed" without a modification to the backend. Unfortunately I noticed https://www.ruby-forum.com/t/nginx-does-not-pass-smtp-auth-command-to-server/184290 topic, where Maxim Dounin mentioned that it is impossible. That was 10 years ago, probably now the situation is changed? Is there an optionby kay - Nginx Mailing List - English
Hi, I'd like to implement proxy server for internet radio streaming. And I'd like to reuse existing established connection to the upstream for all clients which listen the same "radio station"/"url". Right now every listener creates a new connection on nginx side. Is it even possible to reuse one connection for everyone? Thanks in advance.by kay - Nginx Mailing List - English
I have a problem with nginx and websockets proxy. Here is the message I receive: 20999#0: *1997296 send() failed (32: Broken pipe) while proxying upgraded connection, client: 10.0.25.47, server: example.com, request: "GET /xmpp/ HTTP/1.1", upstream: "http://192.168.122.8:5280/xmpp/", host: "example.com" Here is my config: location /xmpp {by kay - Nginx Mailing List - English
I've done the patch for nginx 1.6.2 Now if you use this config: access_log logs/access.log main json; Additional backslash for backslash should appear in log. And it will not break JSON format. Can someone review my changes? https://github.com/kayrus/nginx/commit/682f3684ea331e089aa124fe7fce8409e13c1870by kay - Nginx Mailing List - English
I would like to add "json" option for additional escape for backslash character. So it will be: access_log path format json; The initial patch for 1.6.2 looks like: --- ./src/http/modules/ngx_http_log_module.c.orig +++ ./src/http/modules/ngx_http_log_module.c @@ -67,6 +67,7 @@ time_t disk_full_time; time_t error_log_time;by kay - Nginx Mailing List - English
Thanks. Is it necessary to use ngx_pfree(str) at the end of my function? Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Mon, Nov 17, 2014 at 09:09:34AM -0500, kay wrote: > > > For example I've allocated memory for char *str: > > > > str = ngx_pnalloc(r->pool, len1); > > > > Then I've addedby kay - Nginx Mailing List - English
P.S. len2 > len1by kay - Nginx Mailing List - English
For example I've allocated memory for char *str: str = ngx_pnalloc(r->pool, len1); Then I've added some data to "str": ngx_sprintf(str, "abc"); How should I reallocate this memory? Should I use: str = ngx_pnalloc(r->pool, len2); ? And I would like to keep the str's "abc" data as well.by kay - Nginx Mailing List - English
Thanks!by kay - Nginx Mailing List - English
How can "if in location" influence productivity?by kay - Nginx Mailing List - English
It is not possible to set custom error page. For example /usr/share/nginx/404.html contains "test": server { error_page 404 /404.html; if ($request_method = "GET") return 404; } location / { proxy_pass http://localhost:8080; } location /404.html { /usr/share/nginx/404.html; } } curl -v 127.0.0.1 * About to connect() to 127.0.0.1 port 80 (#0) * Tryiby kay - Nginx Mailing List - English
И чем мне это поможет? Если я уберу из proxy_next_upstream timeout, то nginx даже и не попытается отправить запрос на следующий upstream.by kay - Nginx Mailing List - Russian
Как настроить nginx считать proxy_read_timeout на все upstream'ы сразу. Т.е. если все upstream'ы отвечают дольше 5-х секунд, а proxy_read_timeout установлен в 4 секунды, то nginx не должен ходить на каждый upstream и опрашивать их. Таким образом, если у насby kay - Nginx Mailing List - Russian
I would like to enable /123 location only for locahost, but it doesn't work, nginx return 302 redirect with header. It seems rewrite directive has higher priority than access module. location /123 { satisfy all; allow 127.0.0.1/32; deny all; add_header Set-Cookie "cookie=123; Domain=localhost";by kay - Nginx Mailing List - English
I mean that I know how to avoid these errors, but I think that a better way to fix the issue is to fix it in low level.by kay - Nginx Mailing List - English
Don't you think this is a bug?by kay - Nginx Mailing List - English
Here is nginx version: nginx -V nginx version: nginx/1.6.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) TLS SNI support enabled configure arguments: --add-module=ngx_devel_kit-0.2.19 --add-module=lua-nginx-module-0.9.7 --add-module=memc-nginx-module-0.14 --user=apache --group=apache --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-patby kay - Nginx Mailing List - English
Yichun Zhang (agentzh) Wrote: ------------------------------------------------------- > Hello! > > On Wed, May 7, 2014 at 8:59 PM, kay wrote: > >> 1. It is not recommended to use the rewrite_by_lua directive > directly > > > > You can do the same with access_by_lua > > > > Please do not cut my original sentence and just pick the first half.by kay - Nginx Mailing List - English