On Jan 10, 2014, at 12:13 , Andreas S. wrote: > Patrick Lists wrote in post #1132735: >> On 09-01-14 22:48, Styopa Semenukha wrote: >>> Patrick, >>> >>> It's not possible, because SSL works on lower level (session layer) than HTTP >> (application layer). >> >> Thank you for your feedback. That's unfortunate. I hope to see flexible >> Sby Igor Sysoev - Nginx Mailing List - English
04.01.2014, в 23:03, Валентин Бартенев <vbart@nginx.com> написал(а): > On Saturday 04 January 2014 22:09:29 Maxim Dounin wrote: >> Hello! >> >> On Sat, Jan 04, 2014 at 06:12:25PM +0400, Валентин Бартенев wrote: >>> On Saturday 04 January 2014 15:01:16 Ксения Юрьевна Блащук wrote: >>>> Доby Igor Sysoev - Nginx Mailing List - Russian
On Dec 9, 2013, at 5:54 , Jeffrey Walton wrote: > Hi All, > > ngx_event_openssl.c hs the following around line 535: > > ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) > { > ... > /* > * -----BEGIN DH PARAMETERS----- > * MIGHAoGBALu8LcrYRnSQfEP89YDpz9vZWKP1aLQtSwju1OsPs1BMbAMCducQgAxc > * y7qokiYUxb7spWWl/fHSh6K8BJvmd4Bg6RqSp1fjby Igor Sysoev - Nginx Mailing List - English
On Dec 4, 2013, at 1:44 , Dmitry Morozovsky wrote: > On Wed, 4 Dec 2013, Nick Knutov wrote: > >> А нет ли способа сделать listen на всех ип (как *:80), кроме 127/8 (и, >> наверное, IPv6:::1) ? >> >> Контекст - на разных 127.0.0/24 висят разные бэкенды, и им надо висетby Igor Sysoev - Nginx Mailing List - Russian
On Dec 3, 2013, at 3:44 , Dean Pucsek wrote: > Hello, > > While reading through the source code for nginx I came across the following two lines in ngx_config.h > > #define NGX_INT32_LEN (sizeof("-2147483648") - 1) > #define NGX_INT64_LEN (sizeof("-9223372036854775808") - 1) > > I was wondering if someone could explain the intention of these lineby Igor Sysoev - Nginx Development
http://nginx.org/ru/docs/http/configuring_https_servers.html#name_based_https_servers -- Igor Sysoev http://nginx.com On Nov 1, 2013, at 11:12 , Nikita A Kardashin wrote: > Всем привет, > > Возникла задача: > > - На один nginx ссылаются >1 домена, при этом, для каждого из них должен быby Igor Sysoev - Nginx Mailing List - Russian
On Oct 22, 2013, at 18:32 , Manlio Perillo wrote: > As per ISO C, identifiers that begin with an underscore and an uppercase letter are always reserved for any use; however in Nginx source code such identifiers are used as macros to guard against multiple file inclusion. > > This is not a real issue, but since it is easy to fix I have reported it. I do not believe that C reserved wordsby Igor Sysoev - Nginx Development
On Oct 15, 2013, at 21:36 , Gena Makhomed wrote: > есть лучший вариант - стандартный и документированный способ > проверить, поддерживает __i386__ процессор команду cpuid или нет: > > http://wiki.osdev.org/CPUID > > такой патч был бы более универсалby Igor Sysoev - Nginx Mailing List - Russian
nginx -t nginx -s reload -- Igor Sysoev 11.10.2013, в 11:01, denis <denis@webmaster.spb.ru> написал(а): > 10.10.2013 12:03, Daniel Yavorovich пишет: >> Здравствуйте! >> >> Ошибка возникает на этапе перегенерации конфигов nginx и его жёсткого перезапуска. Решить вопрby Igor Sysoev - Nginx Mailing List - Russian
On Oct 7, 2013, at 21:31 , Илья Шипицин wrote: > Добрый день! > > приведите, пожалуйста, пример, как можно использовать X-Accel-Charset ? > не могу придумать такую ситуацию. В Рамблере использовалось. Для чего - уже не помню и из перепby Igor Sysoev - Nginx Mailing List - Russian
On Sep 24, 2013, at 1:15 , Sapherz wrote: > Hi, > Sorry if this is a but of a bumb question, but we're moving from NLB to > using Nginx as a load balancer. Whats the best way to do an equivelient of a > drain-stop to one upstram server? Would it be a graceful stop, then a quick > service restart with a new .conf that don't have the server in question in > it, or is there a nicerby Igor Sysoev - Nginx Mailing List - English
On Sep 20, 2013, at 18:43 , Anton Sayetsky wrote: > 20 сентября 2013 г., 17:38 пользователь Igor Sysoev <igor@sysoev.ru> написал: >> Нет. > Тогда можно ли краткий экскурс на тему того, почему стоит это делать > только для XFS? На XFS это не оптимизация, а вынby Igor Sysoev - Nginx Mailing List - Russian
On Sep 20, 2013, at 18:27 , Anton Sayetsky wrote: > Приветствую, > Имеет ли смысл данный параметр ставить в 4к при ФС с соответствующими > блоками на SSD? Нет. -- Igor Sysoev http://nginx.com _______________________________________________ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/by Igor Sysoev - Nginx Mailing List - Russian
On Sep 16, 2013, at 16:11 , Axel wrote: > Hi all, > > I want to build an active/active cluster and therefore configure nginx to listen on multiple IP adresses. > > I read http://nginx.org/en/doc/http/ngx_http_core_module.html#listen > but found no information if I can use multiple listen directives for ssl without activating the interface. > > Can I configure it like thby Igor Sysoev - Nginx Mailing List - English
On Aug 12, 2013, at 21:32 , offmind wrote: > And what if we are using gzip_static? > As far as I understand, we have to block gzipping page code. But what about > .js .css with no secure content? Statically gzipped files do not depend on user input so they are not subject to BREACH. -- Igor Sysoev http://nginx.com/services.html _______________________________________________ nginx mby Igor Sysoev - Nginx Mailing List - English
On Aug 19, 2013, at 9:56 , B.R. wrote: > On Mon, Aug 19, 2013 at 12:41 AM, Igor Sysoev <igor@sysoev.ru> wrote: > > These are different vulnerabilities: SSL compression is subject to > CRIME vulnerability while HTTP/SSL compression is subject to BREACH > vulnerability. > > Incorrect. > > CRIME attacks a vulnerability in the implementation of SSLv3 and TLS1.0by Igor Sysoev - Nginx Mailing List - English
On Aug 18, 2013, at 14:27 , howard chen wrote: > Hi, > > Thanks for the insight. > > Finally I solved by: > > if ($scheme = https) { > gzip off; > } This does not work on server level. And on location level it may work in wrong way. > Separating into two servers require to duplicate the rules like rewrite, which is cumbersome. I believe that dual mode serveby Igor Sysoev - Nginx Mailing List - English
On Aug 18, 2013, at 21:09 , itpp2012 wrote: > Igor Sysoev Wrote: > ------------------------------------------------------- >> Yes, modern nginx versions do not use SSL compression. > [...] >> You have to split the dual mode server section into two server server >> sections and set "gzip off" >> SSL-enabled on. There is no way to disable gzip in dual modeby Igor Sysoev - Nginx Mailing List - English
On Aug 17, 2013, at 8:59 , howard chen wrote: > Hi, > > As you know, due the breach attack (http://breachattack.com), HTTP compression is no longer safe (I assume nginx don't use SSL compression by default?), so we should disable it. Yes, modern nginx versions do not use SSL compression. > Now, We are using config like the following: > > gzip on; > .. > &gby Igor Sysoev - Nginx Mailing List - English
On Aug 7, 2013, at 1:48 , Jonathan Vanasco wrote: > are there any official recommendations from nginx to safeguard against the BREACH exploit ? > > http://breachattack.com/ > > http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/ "gzip off" от SSL-enabled sites. -- Igor Sysoev http://nginx.com/services.htby Igor Sysoev - Nginx Mailing List - English
On Aug 4, 2013, at 2:07 , justin wrote: > I am using a regular expression in a server_name: > > server_name ~^(?!web2\.)(?<account>.+)\.mydomain\.com$; > > In PHP, or any language for that matter, if I: > > echo $_SERVER['server_name']; > //~^(?!web2\.)(?.+)\.mydomain\.com$ > > I get the raw regular expression back. Is it possible to mby Igor Sysoev - Nginx Mailing List - English
On Jul 25, 2013, at 11:23 , drook wrote: > Hi. > > I've noticed that in configuratuion like > > http { > server { > server_name some.domain.tld; > listen 1.1.1.1; > } > server { > server_name another.domain.tld; > listen 1.1.1.1; > } > server { > server_name one_more.domain.tld *.domain.tld; >by Igor Sysoev - Nginx Mailing List - English
On Jul 20, 2013, at 11:52 , momyc wrote: >> it is useless to buffer a long polling connection in a file. > > For Nginx there is no any difference between long-polling or other request. > It would't even know. All it should care is how much to buffer and for how > long to keep those buffers until droping them and aborting request. I do not > see any technical problem here. Tby Igor Sysoev - Nginx Mailing List - English
On Jul 20, 2013, at 9:23 , momyc wrote: > What do you mean by "stop readning"? Oh, you just stop checking if anything > is ready for reading. I see. Well, this is rude flow control I'd say. > Proxied server could unexpectedly drop connection because it would think > Nginx is dead. TCP will say to backend that nginx is alive. It can drop only after some timeout. > Thereby Igor Sysoev - Nginx Mailing List - English
On Jul 20, 2013, at 9:05 , momyc wrote: > What proxy module does in that case? You said earlier HTTP lacks flow conrol > too. So what is the difference? The proxy module stops reading from backend, but it does not close backend connection. It reads again from backend when some buffers will send to the slow client. -- Igor Sysoev http://nginx.com/services.html __________________________by Igor Sysoev - Nginx Mailing List - English
On Jul 20, 2013, at 8:41 , momyc wrote: > OK, it probably closes connection to backend server. Well, in case of > multiplexed FastCGI Nginx should do two things: > 1) send FCGI_ABORT_REQUEST to backend for given request > 2) start dropping records for given request if it still receives records > from backend for given request Suppose a slow client. Since nginx receives data quicklby Igor Sysoev - Nginx Mailing List - English
On Jul 20, 2013, at 8:36 , momyc wrote: >> The main issue with FastCGI connection multiplexing is lack of flow > control. > Suppose a client stalls but a FastCGI backend continues to send data to it. > At some point nginx should say the backend to stop sending to the client > but the only way to do it is just to close all multiplexed connections > > The FastCGI spec has sby Igor Sysoev - Nginx Mailing List - English
On Jul 20, 2013, at 5:02 , momyc wrote: > You clearly do not understand what the biggest FastCGI connection > multiplexing advantage is. It makes it possible to use much less TCP > connections (read "less ports"). Each TCP connection requires separate port > and "local" TCP connection requires two ports. Add ports used by > browser-to-Web-server connections andby Igor Sysoev - Nginx Mailing List - English
On Jul 10, 2013, at 11:40 , Jannik Zschiesche wrote: > Hi everyone, > > I have a rather strange issue. > > I have a server with 3 configured urls: > > example.com (+ ssl) > shop.example.com (+ ssl) > example2.com (- ssl) > > If I now open https://example2.com the server of https://shop.example.com is used. http://nginx.org/en/docs/http/configuring_https_serveby Igor Sysoev - Nginx Mailing List - English
On Jul 4, 2013, at 4:57 , badtzhou wrote: > We have several hundred Gs of file cached using nginx. Every time we > restarted nginx, the cache loader process will appear and server load will > go super high and respond very slowly. > > Looks like cache loader process is very I/O intensive and take a long time > to finish. Is there anyway to get around the problem? What nginx veby Igor Sysoev - Nginx Mailing List - English
![]() |
![]() |
![]() |
![]() |
|