Show all posts by user
Introduce yourselves
Page 1 of 4
Pages: 1234
Results 1 - 30 of 109
Shouldn't the warning message for meant to say http2 parameter being deprecated not http2 directive?
nginx: the "listen ... http2" directive is deprecated, use the "http2" directive instead in
should be
nginx: the "listen ... http2" parameter is deprecated, use the "http2" directive instead in
by
George
-
Nginx Mailing List - English
Nginx 1.25 has macros -DNGX_QUIC_DEBUG_PACKETS -DNGX_QUIC_DEBUG_FRAMES -DNGX_QUIC_DEBUG_CRYPTO but do they adhere to debug_connections directive from https://nginx.org/en/docs/debugging_log.html when Nginx is compiled with --with-debug ?
I set debug_connections to specific IPs but i still see QUIC delated debug info in error log set with debug flag from requests other than the specific IP set
by
George
-
Nginx Mailing List - English
Ok fixed the patch and yup working now! No more socket() 0.0.0.0:80 failed (94: Socket type not supported) errors when listen directive is not specifically set.
Thanks Roman!
by
George
-
Nginx Mailing List - English
That was a quick reply, was about to pop on Nginx slack channel :)
Tried the patch but getting
patching file src/http/ngx_http_core_module.c
patch: **** malformed patch at line 18: lsopt.socklen = sizeof(struct sockaddr_in);
by
George
-
Nginx Mailing List - English
I tested nginx-quic https://quic.nginx.org/README for HTTP/3 over QUIC using quictls openssl 1.1.1q forked library and ran into an interesting error for non-HTTPS nginx vhost configurations. If non-HTTPS nginx vhost doesn't specifically list the listen directive for port 80, I get this error when running nginx -t config check
nginx: socket() 0.0.0.0:80 failed (94: Socket type not supported)
by
George
-
Nginx Mailing List - English
I see. I am currently trying to use the $pool assigned variable for PHP-FPM though as in
fastcgi_pass $pool;
and not proxy_pass
by
George
-
Nginx Mailing List - English
I am trying use a Nginx map assigned variable in an upstream but it doesn't seem to work?
The map is concatenated $uri$args assigning a PHP-FPM fastcgi PHP pool to variable $pool and then setting the $pool variable in an upstream.
map $uri$args $pool {
default 127.0.0.1:9000;
"~/index.php/args" 127.0.0.1:9002;
}
upstream php {
zone php_zone 64
by
George
-
Nginx Mailing List - English
Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
>
> On Wed, Dec 29, 2021 at 11:30:04PM -0500, George wrote:
>
> > Thanks for PCRE2 support!
> >
> > From what I read Nginx 1.21.5 will default to PCRE2 if found or
> fallback to
> > PCRE if not
> >
> > You can disable PCRE2 default by passing --wit
by
George
-
Nginx Mailing List - English
Thanks for PCRE2 support!
From what I read Nginx 1.21.5 will default to PCRE2 if found or fallback to PCRE if not
You can disable PCRE2 default by passing --without-pcre2 flag - which works fine and
ldd $(which nginx)
shows
libpcre.so.1 => /usr/local/nginx-dep/lib/libpcre.so.1 (0x00007f86c7445000)
But is the same true, if you set --without-pcre flag with PCRE2 library installe
by
George
-
Nginx Mailing List - English
I am trying to troubleshoot a duplicate listen options error that only happens on one server and not the other.
From docs at http://nginx.org/en/docs/http/ngx_http_core_module.html backlog listen directive works for each ip:port pair so I should be able to set backlog directive on listen directive once on port 80 and once on port 443. But on one server I am not able to and can't see where the p
by
George
-
Nginx Mailing List - English
Roadmap suggests it is in Nginx 1.17 mainline QUIC = HTTP/3 https://trac.nginx.org/nginx/roadmap :)
by
George
-
Nginx Mailing List - English
yeah updated mercurial works https://forum.nginx.org/read.php?2,283686,283694#msg-283694 though centos 7 still will use non-SNI supported mercurial 2.6.2 so folks doing hg clone for njs repo will always have this issue.
by
George
-
Nginx Mailing List - English
okay part of the problem is centos 7 uses mercurial 2.6.2 and fix is to update to mercurial >2.7.9 for SNI support
hg --version
Mercurial Distributed SCM (version 2.6.2)
(see http://mercurial.selenic.com for more information)
Copyright (C) 2005-2012 Matt Mackall and others
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY
by
George
-
Nginx Mailing List - English
looks like hg clone is a non-SNI request so looked up pubserv.nginx.com's SSL cert *.nginx.com common name so maybe best to add *.nginx.org as well to pubserv.nginx.com server's SSL cert ?
by
George
-
Nginx Mailing List - English
testssl 3.0rc4 output for
testssl hg.nginx.org:443
Testing server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172" "application layer protocol negotiation/#16"
Session Ticket RFC 5077
by
George
-
Nginx Mailing List - English
for that i get
echo -n | openssl s_client -connect hg.nginx.org:443 -servername hg.nginx.org
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mailman.nginx.org
verify return:1
---
Certificate chain
0 s:/CN=mailman.nginx.org
i:/C=US/O=Let'
by
George
-
Nginx Mailing List - English
Hi when I try to clone njs repo I am getting the error below
hg clone https://hg.nginx.org/njs/
abort: hg.nginx.org certificate error: certificate is for *.nginx.com, nginx.com
(configure hostfingerprint bd:90:5e:95:b4:51:d8:0b:b0:36:41:6f:99:a7:80:01:4e:cf:ee:c2 or use --insecure to connect insecurely)
and
echo -n | openssl s_client -connect hg.nginx.org:443
CONNECTED(0000000
by
George
-
Nginx Mailing List - English
Nginx supports BoringSSL too and it already has ESNI support apparently https://www.theregister.co.uk/2018/07/17/encrypted_server_names/
by
George
-
Nginx Mailing List - English
correct meant vhost #1
'but if i had the 3 nginx vhosts where reuseport was used on vhost #3 instead of vhost #1, i get error '
by
George
-
Nginx Mailing List - English
I know that nginx reuseport is only usable per ip:port pair so I am confused about this error.
I have 3 nginx vhosts
vhost #1
server {
listen 443 ssl http2 default_server backlog=2048 reuseport;
}
vhost #2
server {
listen 80 default_server backlog=2048 reuseport fastopen=256;
}
vhost #3
server {
listen 443 ssl http2;
}
This configuration works and I see socket s
by
George
-
Nginx Mailing List - English
thanks Ruslan just tested your committed fixes for this in master branch and working nicely https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/page-2#post-59602 :)
by
George
-
Nginx Mailing List - English
thanks Ruslan for the update appreciate all your work and looking forward to playing with HTTP/2 Push finally ! :)
by
George
-
Nginx Mailing List - English
Hi compiled Nginx 1.13.9 from master branch to try out HTTP/2 Server Push but noticed the pushed assets loose their gzip compression and are served as non-compressed assets ? Is that as intended ? I posted my findings at https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/#post-59411
http2_push_preload on;
add_header Link "</css/bootstrap.min.css&
by
George
-
Nginx Mailing List - English
yeah just use nginx open source free version if you need compile support - updated guide at https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/
by
George
-
Nginx Mailing List - English
Page 1 of 4
Pages: 1234