Quantcast
Channel: Nginx Forum
Viewing all 53287 articles
Browse latest View live

Re: ‘ngx_libc_crypt’ error: implicit declaration of function ‘crypt’

$
0
0
thank You for the Support ... libcrypt-devel was the package missing in my
cygwin install. this is now working :-)

On Sun, Feb 9, 2020 at 10:46 AM Francis Daly <francis@daoine.org> wrote:

> On Sat, Feb 08, 2020 at 06:21:34PM +0100, Vincent Blondel wrote:
>
> Hi there,
>
> > anybody know why make nginx 1.17.8 on cygwin fails with ...
>
> > src/os/unix/ngx_user.c: In function ‘ngx_libc_crypt’:
> > src/os/unix/ngx_user.c:53:13: error: implicit declaration of function
> > ‘crypt’; did you mean ‘creat’? [-Werror=implicit-function-declaration]
>
> On a Linux system here, "man crypt" includes
>
> """
> SYNOPSIS
> #define _XOPEN_SOURCE
> #include <unistd.h>
>
> char *crypt(const char *key, const char *salt);
> """
>
> And "implicit declaration of function" means that that explicit declaration
> did not happen.
>
> So - for some reason, at this stage in your build system, that "#include"
> is not present; or the suitable "#define" is not in place; or maybe it
> is reading a different unistd.h that does not include "crypt" at all.
>
> That's not an answer; but maybe points you where to look more.
>
> Perhaps your cygwin is different from this; perhaps your "configure"
> log or output contains something interesting about unistd.h or crypt.h?
>
> Mine shows, for example,
>
> checking for crypt() ... not found
> checking for crypt() in libcrypt ... found
>
> There is more information (probably) in objs/autoconf.err
>
> Good luck with it,
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

add_header и log_format не видят часть переменных $ssl_xx

$
0
0
Имеется Nginx:

nginx version: nginx/1.17.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled

В настройках указано:

add_header X-SSLEarly $ssl_early_data always;
add_header X-SSLSerial $ssl_client_serial always;
add_header X-SSLCipher $ssl_cipher always;
add_header X-SSLVStart $ssl_client_v_start always;
add_header X-SSLProto $ssl_protocol always;
add_header X-SNIName $ssl_server_name always;
add_header X-SSLSessID $ssl_session_id always;

Однако заголовки ответа содержат не всё:

x-sslcipher: TLS_CHACHA20_POLY1305_SHA256
x-sslproto: TLSv1.3
x-sniname: www.test.lan

Во-вторых, формат логов настроен так:

log_format test "$ssl_protocol" "$ssl_server_name" "$ssl_early_data" "$ssl_session_reused" "$ssl_cipher"';

В документации написано, что $ssl_early_data содержит либо 1, либо пустую строку, однако в логи пишется "-":

"TLSv1.3" "www.test.lan" "-" "." "TLS_CHACHA20_POLY1305_SHA256"

Хотя SSL Early Data включён и работает (проверено через sslyze, количество воркеров специально уменьшено до одного).

Вопрос: почему add_header и log_format видят не все переменные, и что надо сделать, чтобы увидели?

Re: Redirect error 403

$
0
0
The solution has been to separate keycloak with other Nginx instead of using one Nginx for APP and Keycloak. Now, we have 2 Nginx's and run OK keycloak with our APP.

Re: Error 403 return keycloak

$
0
0
The solution has been to separate keycloak with other Nginx instead of using one Nginx for APP and Keycloak. Now, we have 2 Nginx's and run OK keycloak with our APP.

Re: add header и log format не видят часть переменных $ssl xx

$
0
0
Hello!

On Sun, Feb 09, 2020 at 09:31:09PM -0500, Ilya Evseev wrote:

> Имеется Nginx:
>
> nginx version: nginx/1.17.8
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
> built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with
> BoringSSL)
> TLS SNI support enabled
>
> В настройках указано:
>
> add_header X-SSLEarly $ssl_early_data always;
> add_header X-SSLSerial $ssl_client_serial always;
> add_header X-SSLCipher $ssl_cipher always;
> add_header X-SSLVStart $ssl_client_v_start always;
> add_header X-SSLProto $ssl_protocol always;
> add_header X-SNIName $ssl_server_name always;
> add_header X-SSLSessID $ssl_session_id always;
>
> Однако заголовки ответа содержат не всё:
>
> x-sslcipher: TLS_CHACHA20_POLY1305_SHA256
> x-sslproto: TLSv1.3
> x-sniname: www.test.lan

Директива add_header не добавляет заголовки с пустым содержимым.
Соответственно, в приведённом примере переменные $ssl_early_data,
$ssl_client_serial, $ssl_client_v_start и $ssl_session_id - пустые.

> Во-вторых, формат логов настроен так:
>
> log_format test "$ssl_protocol" "$ssl_server_name" "$ssl_early_data"
> "$ssl_session_reused" "$ssl_cipher"';
>
> В документации написано, что $ssl_early_data содержит либо 1, либо пустую
> строку, однако в логи пишется "-":
>
> "TLSv1.3" "www.test.lan" "-" "." "TLS_CHACHA20_POLY1305_SHA256"
>
> Хотя SSL Early Data включён и работает (проверено через sslyze, количество
> воркеров специально уменьшено до одного).

Переменная $ssl_early_data будет непустой тогда и только тогда,
когда на момент обращения к этой переменной SSL handshake не
завершён. В первую очередь она предназначена для использования
при формировании заголовка Early-Data для бэкенда (см.
http://nginx.org/r/ssl_early_data).

В момент логгирования - SSL handshake с высокой вероятностью будет
уже завершён, если только речь не идёт про совсем простые ответы
от собственно nginx'а. Соответственно нет ничего удивительного в
том, что в момент логгирования переменная пустая.

Если хочется логгировать факт использования early data в запросе
независимо от текущего статуса handshake'а - то наиболее близкое
по смыслу значение можно получить, сохраняя значение переменной
$ssl_early_data на этапе поиска конфигурации для запроса с помощью
директивы set.

Что до значения "-" вместо пустой строки при логгировании, то это
историческая особенность логгирования: "-" используется вместо
переменных, значения которых не найдены, что и происходит в случае
пустого значения $ssl_early_data.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

[njs] Improved Array object allocation after ccfa84cea2b3.

$
0
0
details: https://hg.nginx.org/njs/rev/79c14715edc2
branches:
changeset: 1323:79c14715edc2
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Mon Feb 10 17:09:53 2020 +0300
description:
Improved Array object allocation after ccfa84cea2b3.

Sometimes flat array alignment is desired, even if its "length" exceeds
32768. This patch introduces additional argument for njs_array_alloc()
which enforced flat allocation when it is set.

diffstat:

src/njs_array.c | 75 +++++++++++++++++++++++++++++++++++++++++++----------
src/njs_array.h | 5 ++-
src/njs_builtin.c | 2 +-
src/njs_extern.c | 2 +-
src/njs_function.c | 4 +-
src/njs_json.c | 20 ++++++++++----
src/njs_object.c | 73 ++++++++++++++++++++++++++++++---------------------
src/njs_regexp.c | 2 +-
src/njs_string.c | 4 +-
src/njs_value.c | 4 +-
src/njs_vm.c | 2 +-
src/njs_vmcode.c | 2 +-
12 files changed, 133 insertions(+), 62 deletions(-)

diffs (715 lines):

diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_array.c
--- a/src/njs_array.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_array.c Mon Feb 10 17:09:53 2020 +0300
@@ -32,7 +32,7 @@ static njs_int_t njs_array_prototype_sli


njs_array_t *
-njs_array_alloc(njs_vm_t *vm, uint64_t length, uint32_t spare)
+njs_array_alloc(njs_vm_t *vm, njs_bool_t flat, uint64_t length, uint32_t spare)
{
uint64_t size;
njs_int_t ret;
@@ -50,7 +50,7 @@ njs_array_alloc(njs_vm_t *vm, uint64_t l

size = length + spare;

- if (size <= NJS_ARRAY_LARGE_OBJECT_LENGTH) {
+ if (flat || size <= NJS_ARRAY_LARGE_OBJECT_LENGTH) {
array->data = njs_mp_align(vm->mem_pool, sizeof(njs_value_t),
size * sizeof(njs_value_t));
if (njs_slow_path(array->data == NULL)) {
@@ -102,6 +102,19 @@ overflow:
}


+void
+njs_array_destroy(njs_vm_t *vm, njs_array_t *array)
+{
+ if (array->data != NULL) {
+ njs_mp_free(vm->mem_pool, array->data);
+ }
+
+ /* TODO: destroy keys. */
+
+ njs_mp_free(vm->mem_pool, array);
+}
+
+
njs_int_t
njs_array_convert_to_slow_array(njs_vm_t *vm, njs_array_t *array)
{
@@ -195,6 +208,8 @@ njs_array_length_set(njs_vm_t *vm, njs_v
return ret;
}

+ keys = NULL;
+
if (length < prev_length) {
keys = njs_array_indices(vm, value);
if (njs_slow_path(keys == NULL)) {
@@ -210,7 +225,7 @@ njs_array_length_set(njs_vm_t *vm, njs_v
ret = njs_value_property_delete(vm, value, &keys->start[i],
NULL);
if (njs_slow_path(ret == NJS_ERROR)) {
- return ret;
+ goto done;
}
}
} while (i-- != 0);
@@ -222,7 +237,15 @@ njs_array_length_set(njs_vm_t *vm, njs_v
return ret;
}

- return NJS_OK;
+ ret = NJS_OK;
+
+done:
+
+ if (keys != NULL) {
+ njs_array_destroy(vm, keys);
+ }
+
+ return ret;
}


@@ -341,7 +364,8 @@ njs_array_constructor(njs_vm_t *vm, njs_
args = NULL;
}

- array = njs_array_alloc(vm, size, NJS_ARRAY_SPARE);
+ array = njs_array_alloc(vm, size <= NJS_ARRAY_FLAT_MAX_LENGTH,
+ size, NJS_ARRAY_SPARE);

if (njs_fast_path(array != NULL)) {

@@ -401,7 +425,7 @@ njs_array_of(njs_vm_t *vm, njs_value_t *

length = nargs > 1 ? nargs - 1 : 0;

- array = njs_array_alloc(vm, length, NJS_ARRAY_SPARE);
+ array = njs_array_alloc(vm, 0, length, NJS_ARRAY_SPARE);
if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
}
@@ -639,12 +663,14 @@ njs_array_prototype_slice_copy(njs_vm_t
njs_slice_prop_t string_slice;
njs_string_prop_t string;

- array = njs_array_alloc(vm, length, NJS_ARRAY_SPARE);
+ keys = NULL;
+ array = njs_array_alloc(vm, 0, length, NJS_ARRAY_SPARE);
if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
}

if (njs_slow_path(length == 0)) {
+ ret = NJS_OK;
goto done;
}

@@ -744,6 +770,7 @@ njs_array_prototype_slice_copy(njs_vm_t
} while (length != 0);
}

+ ret = NJS_OK;
goto done;
}

@@ -768,6 +795,7 @@ njs_array_prototype_slice_copy(njs_vm_t
length--;
} while (length != 0);

+ ret = NJS_OK;
goto done;
}

@@ -779,21 +807,27 @@ njs_array_prototype_slice_copy(njs_vm_t
for (n = 0; n < keys->length; n++) {
ret = njs_value_property(vm, this, &keys->start[n], &retval);
if (njs_slow_path(ret == NJS_ERROR)) {
- return ret;
+ goto done;
}

ret = njs_value_property_set(vm, &array_value, &keys->start[n],
&retval);
if (njs_slow_path(ret == NJS_ERROR)) {
- return ret;
+ goto done;
}
}

+ ret = NJS_OK;
+
done:

+ if (keys != NULL) {
+ njs_array_destroy(vm, keys);
+ }
+
njs_set_array(&vm->retval, array);

- return NJS_OK;
+ return ret;
}


@@ -992,6 +1026,7 @@ njs_array_prototype_unshift(njs_vm_t *vm
ret = njs_value_property_delete(vm, this, &keys->start[--from],
&entry);
if (njs_slow_path(ret == NJS_ERROR)) {
+ njs_array_destroy(vm, keys);
return ret;
}

@@ -1002,11 +1037,14 @@ njs_array_prototype_unshift(njs_vm_t *vm

ret = njs_value_property_set(vm, this, &index, &entry);
if (njs_slow_path(ret == NJS_ERROR)) {
+ njs_array_destroy(vm, keys);
return ret;
}
}
}

+ njs_array_destroy(vm, keys);
+
length += nargs - 1;

goto copy;
@@ -1208,7 +1246,7 @@ njs_array_prototype_splice(njs_vm_t *vm,
}
}

- deleted = njs_array_alloc(vm, delete, 0);
+ deleted = njs_array_alloc(vm, 0, delete, 0);
if (njs_slow_path(deleted == NULL)) {
return NJS_ERROR;
}
@@ -1711,10 +1749,13 @@ process_object:
ret = njs_array_object_handler(vm, handler, args, &keys->start[i],
idx);
if (njs_slow_path(ret != NJS_OK)) {
+ njs_array_destroy(vm, keys);
return ret;
}
}

+ njs_array_destroy(vm, keys);
+
return NJS_OK;
}

@@ -1867,10 +1908,13 @@ process_object:
ret = njs_array_object_handler(vm, handler, args, &keys->start[i],
idx);
if (njs_slow_path(ret != NJS_OK)) {
+ njs_array_destroy(vm, keys);
return ret;
}
}

+ njs_array_destroy(vm, keys);
+
return NJS_OK;
}

@@ -1934,7 +1978,7 @@ njs_array_prototype_concat(njs_vm_t *vm,

/* TODO: ArraySpeciesCreate(). */

- array = njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
+ array = njs_array_alloc(vm, 0, 0, NJS_ARRAY_SPARE);
if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
}
@@ -2035,11 +2079,14 @@ njs_array_prototype_concat(njs_vm_t *vm,

ret = njs_value_property_set(vm, &this, &index, &retval);
if (njs_slow_path(ret == NJS_ERROR)) {
+ njs_array_destroy(vm, keys);
return ret;
}
}
}

+ njs_array_destroy(vm, keys);
+
length += len;

continue;
@@ -2589,7 +2636,7 @@ njs_array_prototype_filter(njs_vm_t *vm,
return ret;
}

- iargs.array = njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
+ iargs.array = njs_array_alloc(vm, 0, 0, NJS_ARRAY_SPARE);
if (njs_slow_path(iargs.array == NULL)) {
return NJS_ERROR;
}
@@ -2779,7 +2826,7 @@ njs_array_prototype_map(njs_vm_t *vm, nj
goto unexpected_args;
}

- iargs.array = njs_array_alloc(vm, length, 0);
+ iargs.array = njs_array_alloc(vm, 0, length, 0);
if (njs_slow_path(iargs.array == NULL)) {
return NJS_ERROR;
}
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_array.h
--- a/src/njs_array.h Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_array.h Mon Feb 10 17:09:53 2020 +0300
@@ -16,8 +16,11 @@
#define NJS_ARRAY_MAX_LENGTH53 (0x1fffffffffffff)
#define NJS_ARRAY_FAST_OBJECT_LENGTH (128)
#define NJS_ARRAY_LARGE_OBJECT_LENGTH (32768)
+#define NJS_ARRAY_FLAT_MAX_LENGTH (1048576)

-njs_array_t *njs_array_alloc(njs_vm_t *vm, uint64_t length, uint32_t spare);
+njs_array_t *njs_array_alloc(njs_vm_t *vm, njs_bool_t flat, uint64_t length,
+ uint32_t spare);
+void njs_array_destroy(njs_vm_t *vm, njs_array_t *array);
njs_int_t njs_array_add(njs_vm_t *vm, njs_array_t *array, njs_value_t *value);
njs_int_t njs_array_convert_to_slow_array(njs_vm_t *vm, njs_array_t *array);
njs_int_t njs_array_length_redefine(njs_vm_t *vm, njs_value_t *value,
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_builtin.c
--- a/src/njs_builtin.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_builtin.c Mon Feb 10 17:09:53 2020 +0300
@@ -1511,7 +1511,7 @@ njs_process_object_argv(njs_vm_t *vm, nj

static const njs_value_t argv_string = njs_string("argv");

- argv = njs_array_alloc(vm, vm->options.argc, 0);
+ argv = njs_array_alloc(vm, 1, vm->options.argc, 0);
if (njs_slow_path(argv == NULL)) {
return NJS_ERROR;
}
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_extern.c
--- a/src/njs_extern.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_extern.c Mon Feb 10 17:09:53 2020 +0300
@@ -234,7 +234,7 @@ njs_extern_keys_array(njs_vm_t *vm, cons
keys_length++;
}

- keys = njs_array_alloc(vm, keys_length, NJS_ARRAY_SPARE);
+ keys = njs_array_alloc(vm, 1, keys_length, NJS_ARRAY_SPARE);
if (njs_slow_path(keys == NULL)) {
return NULL;
}
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_function.c
--- a/src/njs_function.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_function.c Mon Feb 10 17:09:53 2020 +0300
@@ -301,7 +301,7 @@ njs_function_rest_parameters_init(njs_vm
n = frame->function->u.lambda->nargs;
length = (nargs >= n) ? (nargs - n + 1) : 0;

- array = njs_array_alloc(vm, length, 0);
+ array = njs_array_alloc(vm, 1, length, 0);
if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
}
@@ -1125,7 +1125,7 @@ njs_function_prototype_apply(njs_vm_t *v
return ret;
}

- arr = njs_array_alloc(vm, length, NJS_ARRAY_SPARE);
+ arr = njs_array_alloc(vm, 1, length, NJS_ARRAY_SPARE);
if (njs_slow_path(arr == NULL)) {
return NJS_ERROR;
}
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_json.c
--- a/src/njs_json.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_json.c Mon Feb 10 17:09:53 2020 +0300
@@ -31,6 +31,7 @@ typedef struct {
uint32_t index;
uint32_t length;
njs_array_t *keys;
+ njs_value_t *key;
njs_object_prop_t *prop;
} njs_json_state_t;

@@ -448,7 +449,7 @@ njs_json_parse_array(njs_json_parse_ctx_
return NULL;
}

- array = njs_array_alloc(ctx->vm, 0, 0);
+ array = njs_array_alloc(ctx->vm, 0, 0, NJS_ARRAY_SPARE);
if (njs_slow_path(array == NULL)) {
return NULL;
}
@@ -1027,6 +1028,8 @@ njs_json_push_stringify_state(njs_vm_t *
state->value = *value;
state->index = 0;
state->written = 0;
+ state->keys = NULL;
+ state->key = NULL;

if (njs_is_fast_array(value)) {
state->type = NJS_JSON_ARRAY;
@@ -1069,6 +1072,12 @@ njs_json_pop_stringify_state(njs_json_st
{
njs_json_state_t *state;

+ state = &stringify->states[stringify->depth - 1];
+ if (!njs_is_array(&stringify->replacer) && state->keys != NULL) {
+ njs_array_destroy(stringify->vm, state->keys);
+ state->keys = NULL;
+ }
+
if (stringify->depth > 1) {
stringify->depth--;
state = &stringify->states[stringify->depth - 1];
@@ -1411,7 +1420,7 @@ njs_json_stringify_replacer(njs_json_str


static njs_int_t
-njs_json_stringify_array(njs_vm_t *vm, njs_json_stringify_t *stringify)
+njs_json_stringify_array(njs_vm_t *vm, njs_json_stringify_t *stringify)
{
njs_int_t ret;
uint32_t i, n, k, properties_length, array_length;
@@ -1428,7 +1437,7 @@ njs_json_stringify_array(njs_vm_t *vm, n
}
}

- properties = njs_array_alloc(vm, properties_length, NJS_ARRAY_SPARE);
+ properties = njs_array_alloc(vm, 1, properties_length, NJS_ARRAY_SPARE);
if (njs_slow_path(properties == NULL)) {
return NJS_ERROR;
}
@@ -2086,7 +2095,6 @@ njs_vm_value_dump(njs_vm_t *vm, njs_str_
goto memory_error;
}

- key = NULL;
(void) njs_dump_visit(&visited, value);

for ( ;; ) {
@@ -2106,12 +2114,11 @@ njs_vm_value_dump(njs_vm_t *vm, njs_str_

njs_chb_append(&chain, state->array ? "[" : "{", 1);
njs_json_stringify_indent(stringify, &chain, 1);
-
}

if (state->index >= state->keys->length) {
njs_dump_empty(stringify, state, &chain, state->length,
- (state->index > 0) ? njs_key_to_index(key) : -1, 0);
+ (state->index > 0) ? njs_key_to_index(state->key) : -1, 0);

njs_json_stringify_indent(stringify, &chain, 0);
njs_chb_append(&chain, state->array ? "]" : "}", 1);
@@ -2127,6 +2134,7 @@ njs_vm_value_dump(njs_vm_t *vm, njs_str_
njs_property_query_init(&pq, NJS_PROPERTY_QUERY_GET, 0);

key = &state->keys->start[state->index++];
+ state->key = key;

ret = njs_property_query(vm, &pq, &state->value, key);
if (njs_slow_path(ret != NJS_OK)) {
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_object.c
--- a/src/njs_object.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_object.c Mon Feb 10 17:09:53 2020 +0300
@@ -584,16 +584,11 @@ njs_object_enumerate(njs_vm_t *vm, const

length = njs_object_enumerate_length(object, type, all);

- items = njs_array_alloc(vm, length, NJS_ARRAY_SPARE);
+ items = njs_array_alloc(vm, 1, length, NJS_ARRAY_SPARE);
if (njs_slow_path(items == NULL)) {
return NULL;
}

- if (njs_slow_path(!items->object.fast_array)) {
- njs_internal_error(vm, "njs_object_enumerate() too many keys");
- return NULL;
- }
-
ret = njs_object_enumerate_value(vm, object, items, kind, type, all);
if (njs_slow_path(ret != NJS_OK)) {
return NULL;
@@ -615,16 +610,11 @@ njs_object_own_enumerate(njs_vm_t *vm, c

length = njs_object_own_enumerate_length(object, object, type, all);

- items = njs_array_alloc(vm, length, NJS_ARRAY_SPARE);
+ items = njs_array_alloc(vm, 1, length, NJS_ARRAY_SPARE);
if (njs_slow_path(items == NULL)) {
return NULL;
}

- if (njs_slow_path(!items->object.fast_array)) {
- njs_internal_error(vm, "njs_object_own_enumerate() too many keys");
- return NULL;
- }
-
ret = njs_object_own_enumerate_value(vm, object, object, items, kind, type,
all);
if (njs_slow_path(ret != NJS_OK)) {
@@ -804,7 +794,7 @@ njs_object_enumerate_array(njs_vm_t *vm,
for (i = 0; i < array->length; i++) {
if (njs_is_valid(&array->start[i])) {

- entry = njs_array_alloc(vm, 2, 0);
+ entry = njs_array_alloc(vm, 0, 2, 0);
if (njs_slow_path(entry == NULL)) {
return NJS_ERROR;
}
@@ -857,7 +847,7 @@ njs_object_enumerate_typed_array(njs_vm_

case NJS_ENUM_BOTH:
for (i = 0; i < length; i++) {
- entry = njs_array_alloc(vm, 2, 0);
+ entry = njs_array_alloc(vm, 0, 2, 0);
if (njs_slow_path(entry == NULL)) {
return NJS_ERROR;
}
@@ -938,7 +928,7 @@ njs_object_enumerate_string(njs_vm_t *vm

for (i = 0; i < len; i++) {

- entry = njs_array_alloc(vm, 2, 0);
+ entry = njs_array_alloc(vm, 0, 2, 0);
if (njs_slow_path(entry == NULL)) {
return NJS_ERROR;
}
@@ -965,7 +955,7 @@ njs_object_enumerate_string(njs_vm_t *vm
i = 0;

do {
- entry = njs_array_alloc(vm, 2, 0);
+ entry = njs_array_alloc(vm, 0, 2, 0);
if (njs_slow_path(entry == NULL)) {
return NJS_ERROR;
}
@@ -1171,7 +1161,7 @@ njs_object_own_enumerate_object(njs_vm_t
if (ext_prop == NULL && prop->type != NJS_WHITEOUT
&& (prop->enumerable || all))
{
- entry = njs_array_alloc(vm, 2, 0);
+ entry = njs_array_alloc(vm, 0, 2, 0);
if (njs_slow_path(entry == NULL)) {
return NJS_ERROR;
}
@@ -1209,7 +1199,7 @@ njs_object_own_enumerate_object(njs_vm_t
ext_prop = njs_object_exist_in_proto(parent, object, &lhq);

if (ext_prop == NULL) {
- entry = njs_array_alloc(vm, 2, 0);
+ entry = njs_array_alloc(vm, 0, 2, 0);
if (njs_slow_path(entry == NULL)) {
return NJS_ERROR;
}
@@ -1442,7 +1432,7 @@ njs_object_define_properties(njs_vm_t *v
for (i = 0; i < length; i++) {
ret = njs_property_query(vm, &pq, descs, &keys->start[i]);
if (njs_slow_path(ret == NJS_ERROR)) {
- return ret;
+ goto done;
}

prop = pq.lhq.value;
@@ -1453,19 +1443,24 @@ njs_object_define_properties(njs_vm_t *v

ret = njs_value_property(vm, descs, &keys->start[i], &desc);
if (njs_slow_path(ret == NJS_ERROR)) {
- return ret;
+ goto done;
}

ret = njs_object_prop_define(vm, value, &keys->start[i], &desc,
NJS_OBJECT_PROP_DESCRIPTOR);
if (njs_slow_path(ret != NJS_OK)) {
- return NJS_ERROR;
+ goto done;
}
}

+ ret = NJS_OK;
vm->retval = *value;

- return NJS_OK;
+done:
+
+ njs_array_destroy(vm, keys);
+
+ return ret;
}


@@ -1520,7 +1515,8 @@ njs_object_get_own_property_descriptors(

descriptors = njs_object_alloc(vm);
if (njs_slow_path(descriptors == NULL)) {
- return NJS_ERROR;
+ ret = NJS_ERROR;
+ goto done;
}

lhq.replace = 0;
@@ -1531,12 +1527,14 @@ njs_object_get_own_property_descriptors(
key = &names->start[i];
ret = njs_object_prop_descriptor(vm, &descriptor, value, key);
if (njs_slow_path(ret != NJS_OK)) {
- return ret;
+ ret = NJS_ERROR;
+ goto done;
}

pr = njs_object_prop_alloc(vm, key, &descriptor, 1);
if (njs_slow_path(pr == NULL)) {
- return NJS_ERROR;
+ ret = NJS_ERROR;
+ goto done;
}

njs_object_property_key_set(&lhq, key, 0);
@@ -1545,13 +1543,18 @@ njs_object_get_own_property_descriptors(
ret = njs_lvlhsh_insert(&descriptors->hash, &lhq);
if (njs_slow_path(ret != NJS_OK)) {
njs_internal_error(vm, "lvlhsh insert failed");
- return NJS_ERROR;
+ goto done;
}
}

+ ret = NJS_OK;
njs_set_object(&vm->retval, descriptors);

- return NJS_OK;
+done:
+
+ njs_array_destroy(vm, names);
+
+ return ret;
}


@@ -1912,6 +1915,8 @@ njs_object_assign(njs_vm_t *vm, njs_valu
return ret;
}

+ names = NULL;
+
for (i = 2; i < nargs; i++) {
source = &args[i];

@@ -1930,7 +1935,7 @@ njs_object_assign(njs_vm_t *vm, njs_valu

ret = njs_property_query(vm, &pq, source, key);
if (njs_slow_path(ret != NJS_OK)) {
- return NJS_ERROR;
+ goto exception;
}

prop = pq.lhq.value;
@@ -1940,19 +1945,27 @@ njs_object_assign(njs_vm_t *vm, njs_valu

ret = njs_value_property(vm, source, key, &setval);
if (njs_slow_path(ret != NJS_OK)) {
- return NJS_ERROR;
+ goto exception;
}

ret = njs_value_property_set(vm, value, key, &setval);
if (njs_slow_path(ret != NJS_OK)) {
- return NJS_ERROR;
+ goto exception;
}
}
+
+ njs_array_destroy(vm, names);
}

vm->retval = *value;

return NJS_OK;
+
+exception:
+
+ njs_array_destroy(vm, names);
+
+ return NJS_ERROR;
}


diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_regexp.c
--- a/src/njs_regexp.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_regexp.c Mon Feb 10 17:09:53 2020 +0300
@@ -1072,7 +1072,7 @@ njs_regexp_exec_result(njs_vm_t *vm, njs
static const njs_value_t string_input = njs_string("input");
static const njs_value_t string_groups = njs_string("groups");

- array = njs_array_alloc(vm, regexp->pattern->ncaptures, 0);
+ array = njs_array_alloc(vm, 0, regexp->pattern->ncaptures, 0);
if (njs_slow_path(array == NULL)) {
goto fail;
}
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_string.c
--- a/src/njs_string.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_string.c Mon Feb 10 17:09:53 2020 +0300
@@ -3237,7 +3237,7 @@ njs_string_match_multiple(njs_vm_t *vm,

if (njs_regex_is_valid(&pattern->regex[type])) {

- array = njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
+ array = njs_array_alloc(vm, 0, 0, NJS_ARRAY_SPARE);
if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
}
@@ -3330,7 +3330,7 @@ njs_string_prototype_split(njs_vm_t *vm,
return ret;
}

- array = njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
+ array = njs_array_alloc(vm, 0, 0, NJS_ARRAY_SPARE);
if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
}
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_value.c
--- a/src/njs_value.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_value.c Mon Feb 10 17:09:53 2020 +0300
@@ -228,7 +228,7 @@ njs_value_enumerate(njs_vm_t *vm, const
return njs_extern_keys_array(vm, ext_proto);
}

- return njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
+ return njs_array_alloc(vm, 1, 0, NJS_ARRAY_SPARE);
}

obj_val.object = vm->string_object;
@@ -273,7 +273,7 @@ njs_value_own_enumerate(njs_vm_t *vm, co
return njs_extern_keys_array(vm, ext_proto);
}

- return njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
+ return njs_array_alloc(vm, 1, 0, NJS_ARRAY_SPARE);
}

obj_val.object = vm->string_object;
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_vm.c
--- a/src/njs_vm.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_vm.c Mon Feb 10 17:09:53 2020 +0300
@@ -805,7 +805,7 @@ njs_vm_array_alloc(njs_vm_t *vm, njs_val
{
njs_array_t *array;

- array = njs_array_alloc(vm, 0, spare);
+ array = njs_array_alloc(vm, 0, 0, spare);

if (njs_slow_path(array == NULL)) {
return NJS_ERROR;
diff -r 1f3e045ea017 -r 79c14715edc2 src/njs_vmcode.c
--- a/src/njs_vmcode.c Sun Jan 26 21:56:23 2020 +0300
+++ b/src/njs_vmcode.c Mon Feb 10 17:09:53 2020 +0300
@@ -966,7 +966,7 @@ njs_vmcode_array(njs_vm_t *vm, u_char *p

code = (njs_vmcode_array_t *) pc;

- array = njs_array_alloc(vm, code->length, NJS_ARRAY_SPARE);
+ array = njs_array_alloc(vm, 0, code->length, NJS_ARRAY_SPARE);

if (njs_fast_path(array != NULL)) {

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Filtering out integer indices in njs_object_completions().

$
0
0
details: https://hg.nginx.org/njs/rev/5bd15bd3766c
branches:
changeset: 1324:5bd15bd3766c
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Mon Feb 10 17:39:41 2020 +0300
description:
Filtering out integer indices in njs_object_completions().

This closes #285 issue on Github.

diffstat:

src/njs_builtin.c | 123 +++++++++++++---------------------------------
test/njs_expect_test.exp | 21 ++++++++
2 files changed, 57 insertions(+), 87 deletions(-)

diffs (189 lines):

diff -r 79c14715edc2 -r 5bd15bd3766c src/njs_builtin.c
--- a/src/njs_builtin.c Mon Feb 10 17:09:53 2020 +0300
+++ b/src/njs_builtin.c Mon Feb 10 17:39:41 2020 +0300
@@ -24,7 +24,7 @@ typedef struct {

static njs_arr_t *njs_vm_expression_completions(njs_vm_t *vm,
njs_str_t *expression);
-static njs_arr_t *njs_object_completions(njs_vm_t *vm, njs_object_t *object);
+static njs_arr_t *njs_object_completions(njs_vm_t *vm, njs_value_t *object);
static njs_int_t njs_env_hash_init(njs_vm_t *vm, njs_lvlhsh_t *hash,
char **environment);

@@ -633,110 +633,59 @@ njs_vm_expression_completions(njs_vm_t *
value = &prop->value;
}

- return njs_object_completions(vm, njs_object(value));
+ return njs_object_completions(vm, value);
}


static njs_arr_t *
-njs_object_completions(njs_vm_t *vm, njs_object_t *object)
+njs_object_completions(njs_vm_t *vm, njs_value_t *object)
{
- size_t size;
- njs_str_t *compl;
- njs_arr_t *completions;
- njs_uint_t n, k;
- njs_object_t *o;
- njs_object_prop_t *prop;
- njs_lvlhsh_each_t lhe;
-
- size = 0;
- o = object;
-
- do {
- njs_lvlhsh_each_init(&lhe, &njs_object_hash_proto);
-
- for ( ;; ) {
- prop = njs_lvlhsh_each(&o->hash, &lhe);
- if (prop == NULL) {
- break;
- }
+ double num;
+ njs_arr_t *array;
+ njs_str_t *completion;
+ njs_uint_t n;
+ njs_array_t *keys;
+ njs_value_type_t type;

- size++;
- }
-
- njs_lvlhsh_each_init(&lhe, &njs_object_hash_proto);
-
- for ( ;; ) {
- prop = njs_lvlhsh_each(&o->shared_hash, &lhe);
- if (prop == NULL) {
- break;
- }
+ array = NULL;
+ type = object->type;

- size++;
- }
-
- o = o->__proto__;
+ if (type == NJS_ARRAY || type == NJS_TYPED_ARRAY) {
+ object->type = NJS_OBJECT;
+ }

- } while (o != NULL);
-
- completions = njs_arr_create(vm->mem_pool, size, sizeof(njs_str_t));
- if (njs_slow_path(completions == NULL)) {
- return NULL;
+ keys = njs_value_enumerate(vm, object, NJS_ENUM_KEYS, NJS_ENUM_STRING, 1);
+ if (njs_slow_path(keys == NULL)) {
+ goto done;
}

- n = 0;
- o = object;
- compl = completions->start;
-
- do {
- njs_lvlhsh_each_init(&lhe, &njs_object_hash_proto);
+ array = njs_arr_create(vm->mem_pool, 8, sizeof(njs_str_t));
+ if (njs_slow_path(array == NULL)) {
+ goto done;
+ }

- for ( ;; ) {
- prop = njs_lvlhsh_each(&o->hash, &lhe);
- if (prop == NULL) {
- break;
- }
+ for (n = 0; n < keys->length; n++) {
+ num = njs_key_to_index(&keys->start[n]);

- njs_string_get(&prop->name, &compl[n]);
-
- for (k = 0; k < n; k++) {
- if (njs_strstr_eq(&compl[k], &compl[n])) {
- break;
- }
+ if (!njs_key_is_integer_index(num, &keys->start[n])) {
+ completion = njs_arr_add(array);
+ if (njs_slow_path(completion == NULL)) {
+ njs_arr_destroy(array);
+ array = NULL;
+ goto done;
}

- if (k == n) {
- n++;
- }
+ njs_string_get(&keys->start[n], completion);
}
-
- njs_lvlhsh_each_init(&lhe, &njs_object_hash_proto);
+ }

- for ( ;; ) {
- prop = njs_lvlhsh_each(&o->shared_hash, &lhe);
- if (prop == NULL) {
- break;
- }
-
- njs_string_get(&prop->name, &compl[n]);
+done:

- for (k = 0; k < n; k++) {
- if (njs_strstr_eq(&compl[k], &compl[n])) {
- break;
- }
- }
+ if (type == NJS_ARRAY || type == NJS_TYPED_ARRAY) {
+ object->type = type;
+ }

- if (k == n) {
- n++;
- }
- }
-
- o = o->__proto__;
-
- } while (o != NULL);
-
- completions->items = n;
-
- return completions;
+ return array;
}


diff -r 79c14715edc2 -r 5bd15bd3766c test/njs_expect_test.exp
--- a/test/njs_expect_test.exp Mon Feb 10 17:09:53 2020 +0300
+++ b/test/njs_expect_test.exp Mon Feb 10 17:39:41 2020 +0300
@@ -192,6 +192,27 @@ njs_test {
"o.a.toDateString*o.a.toLocaleDateString*o.a.toString"}
}

+njs_test {
+ {"var o = {a:1,b:2,333:'t'}\r\n"
+ "var o = {a:1,b:2,333:'t'}\r\nundefined\r\n>> "}
+ {"o.3\t\t"
+ "o.3"}
+}
+
+njs_test {
+ {"var a = Array(5000000); a.aab = 1; a.aac = 2\r\n"
+ "var a = Array(5000000); a.aab = 1; a.aac = 2\r\n2\r\n>> "}
+ {"a.\t\t"
+ "a.aab*"}
+}
+
+njs_test {
+ {"var a = new Uint8Array([5,6,7,8,8]); a.aab = 1; a.aac = 2\r\n"
+ "var a = new Uint8Array(\\\[5,6,7,8,8]); a.aab = 1; a.aac = 2\r\n2\r\n>> "}
+ {"a.\t\t"
+ "a.aab*"}
+}
+
# function declarations in interactive mode
njs_test {
{"function a() { return 1; }\r\n"
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

500 Internal Server Error

$
0
0
I am a Linux and Nginx novice, but have learnt enough to get it installed and running and acting as a reverse proxy for two (very quiet) internal webservers. This has been running fine for months, but I recently started getting 500 errors.

Here is the output of var/log/nginx/error.log (I have replaced our company name with "companyname.com")

I am a Linux and Nginx novice, but have learnt enough to get it installed and running and web2ing as a reverse proxy for two internal webservers. This has been running fine for months, but I recently started getting 500 errors.

Here is the recent output of var/log/nginx/error.log
(I have replaced our company name with "companyname.com" and replaced our public WAN IP address with <WANIP>

2020/02/10 15:17:49 [alert] 1069#1069: *1011 socket() failed (24: Too many open files) while connecting to upstream, client: 10.10.10.1, server: web1.companyname.com, request: "GET / HTTP/1.0", upstream: "https://<WANIP>:443/", host: "web1.companyname.com"
2020/02/10 15:21:41 [alert] 1069#1069: *2022 socket() failed (24: Too many open files) while connecting to upstream, client: 10.10.10.1, server: web2.companyname.com, request: "GET / HTTP/1.0", upstream: "https://<WANIP>:443/", host: "web2.companyname.com"
2020/02/10 15:33:28 [alert] 1084#1084: *19987 socket() failed (24: Too many open files) while connecting to upstream, client: 10.10.10.1, server: web2.companyname.com, request: "GET / HTTP/1.0", upstream: "https://<WANIP>:443/", host: "web2.companyname.com"
2020/02/10 15:34:16 [alert] 1084#1084: *39974 socket() failed (24: Too many open files) while connecting to upstream, client: 10.10.10.1, server: web1.companyname.com, request: "GET / HTTP/1.0", upstream: "https://<WANIP>:443/", host: "web1.companyname.com"
2020/02/10 15:50:30 [error] 1086#1086: *1 client intended to send too large body: 4294967295 bytes, client: 176.58.124.134, server: london.companyname.com, request: "GET /msdn.cpp HTTP/1.1", host: "<WANIP>"
2020/02/10 16:32:56 [alert] 1086#1086: *19989 socket() failed (24: Too many open files) while connecting to upstream, client: 10.10.10.1, server: web1.companyname.com, request: "GET / HTTP/1.0", upstream: "https://<WANIP>:443/", host: "web1.companyname.com"

I have added the following the end of /etc/security/limits.conf

nginx soft nofile 10000
nginx hard nofile 30000

I have added the following to /etc/sysctl.conf

fs.file-max=70000

...And rebooted. However, I'm getting the same problem every time.

Interestingly the IP address that appears in the log "176.58.124.134" I don't recognise and a quick google search suggests this is an abusive IP address.

Any tips, suggestions are grealy appreciated. Thanks.

Re: add header и log format не видят часть переменных $ssl xx

$
0
0
Maxim Dounin Wrote:
-------------------------------------------------------
> Если хочется логгировать факт использования early data в запросе
> независимо от текущего статуса handshake'а - то наиболее близкое
> по смыслу значение можно получить, сохраняя значение переменной
> $ssl_early_data на этапе поиска конфигурации для запроса с помощью
> директивы set.

Добрый день! Подскажите, а как это будет работать с внутренним редиректом? Если я все верно понимаю, то при внутреннем редиректе rewrite-phase отработает еще раз, после чего мы получим не совсем верное значение. Или это не совсем верно?

Re: add header и log format не видят часть переменных $ssl xx

$
0
0
Hello!

On Tue, Feb 11, 2020 at 05:15:24AM -0500, yanda.a wrote:

> Maxim Dounin Wrote:
> -------------------------------------------------------
> > Если хочется логгировать факт использования early data в запросе
> > независимо от текущего статуса handshake'а - то наиболее близкое
> > по смыслу значение можно получить, сохраняя значение переменной
> > $ssl_early_data на этапе поиска конфигурации для запроса с помощью
> > директивы set.
>
> Добрый день! Подскажите, а как это будет работать с внутренним редиректом?
> Если я все верно понимаю, то при внутреннем редиректе rewrite-phase
> отработает еще раз, после чего мы получим не совсем верное значение. Или это
> не совсем верно?

Если речь идёт о внутренних перенаправлениях в рамках исходной
обработки запроса, без ожидания внешних событий (e.g., в рамках
директивы index) - то разницы нет, так как значение
$ssl_early_data будет тем же самым.

Если речь про перенаправления после общения с бэкендом (e.g., с
помощью X-Accel-Redirect), то может потребоваться чуть более
сложная логика, чем просто set. Скажем, какая-то такая
конструкция будет сохранять значение 1, если оно единожды
встретилось:

uninitialized_variable_warn off;

if ($early = "") {
set $early $ssl_early_data;
}

Либо можно использовать map, воспользовавшись тем, что он кэширует
результат при первом обращении:

map $ssl_early_data $early {
default 0;
1 1;
}

server {
...

set $dummy $early;

...
}

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

net::ERR_SSL_PROTOCOL_ERROR

$
0
0
Today I issued and installed SSL certificates for my website.
This is the rating assigned by https://www.ssllabs.com/ssltest/analyze.html :
https://drive.google.com/open?id=1-Fb4h1dmdJ8kN68JxKROWwu4ezGmjm6R
This is the result of https://check-your-website.server-daten.de/ which indicates "only" content problems: mixed, content, missing files, but nothing related to SSL_PROTOCOL
https://drive.google.com/open?id=19i-AwXwgf8tBY9p0srfHX5scN5Q0j-UH

When I connect to the local IP address, everything goes smoothly with no errors:
- after stopping nginx server: https://drive.google.com/open?id=1k4hmYpgRwCW6NyhK7ZoK39-giF9MfPAY
and
- also after restarting nginx server:

(base) marco@pc01:~$ sudo systemctl start nginx
(base) marco@pc01:~$ sudo systemctl reload nginx
(base) marco@pc01:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: active (running) since Tue 2020-02-11 19:06:58 CET; 10s ago
Docs: man:nginx(8)
Process: 6124 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 -
Process: 8843 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s r
Process: 8779 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code
Process: 8770 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
Main PID: 8784 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─8784 nginx: master process /usr/sbin/nginx -g daemon on; master_pro
├─8844 nginx: worker process
├─8846 nginx: worker process
├─8847 nginx: worker process
├─8849 nginx: worker process
├─8850 nginx: worker process
├─8851 nginx: worker process
├─8852 nginx: worker process
└─8853 nginx: worker process

the output is fine: https://drive.google.com/open?id=1-Sz1udhZfrM9bGaIhImORRnwRznXihK7

But when I connect to my website's through website name I get net::ERR_SSL_PROTOCOL_ERROR :
https://drive.google.com/open?id=10MYySDKhPx9L-QucqzxN5NTratJEOJZR


This is my /etc/nginx/nginx.conf :

user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss
text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}


And this is my /etc/nginx/conf.d/default.conf :

server {
listen 443 ssl http2 default_server;
server_name ggc.world;

ssl_certificate /etc/letsencrypt/live/ggc.world/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ggc.world/privkey.pem; # managed by Certbot

ssl_trusted_certificate /etc/letsencrypt/live/ggc.world/chain.pem;

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-
draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;

access_log /var/log/nginx/ggcworld-access.log combined;

add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }

location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

server {
listen 80 default_server;
listen [::]:80 default_server;
error_page 497 https://$host:$server_port$request_uri;
server_name www.ggc.world;
return 301 https://$server_name$request_uri;

access_log /var/log/nginx/ggcworld-access.log combined;

add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }

location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

upstream websocket {
ip_hash;
server localhost:3000;
}

server {
listen 81;
server_name ggc.world www.ggc.world;

#location / {
location ~ ^/(websocket|websocket\/socket-io) {
proxy_pass http://127.0.0.1:4201;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwared-For $remote_addr;
proxy_set_header Host $host;

proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
}
}


What is going on? What might be the causes of this SSL_PROTOCOL?
How to solve it? What do I have to modify in /etc/nginx/conf.d/default.conf?

Looking forward to your kind help.
Marco

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

$
0
0
Hi Francis,

I "solved" this problem installing the Desktop version of Ubuntu 18.04, as I described here: https://askubuntu.com/questions/1207812/webapp-fails-with-neterr-connection-refused-with-ubuntu-18-04-4-server-edition

Now I have a different, but may be, similar, problem, which I described in this post:
https://forum.nginx.org/read.php?2,286991

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

$
0
0
Hi Francis,
I "solved" this problem installing the Desktop version of Ubuntu 18.04 as I described here:
https://askubuntu.com/questions/1207812/webapp-fails-with-neterr-connection-refused-with-ubuntu-18-04-4-server-edition

Now I've got a different, but may be, similar, problem, which I described in this post in the Nginx Forum:
https://forum.nginx.org/read.php?2,286991

Marco

Re: net::ERR_SSL_PROTOCOL_ERROR

$
0
0
> But when I connect to my website's through website name I get
> net::ERR_SSL_PROTOCOL_ERROR :

Guessing based on the "Certificate Common Name Invalid" is because you
are connecting with "localhost" and "129.168.1.7" whereas your
certificate has the actual DNS hostname...
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx for Windows - WSASend() socket error 10057

$
0
0
Hi there,


Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to:
http://nginx.org/en/docs/howto_build_on_win32.html

But excluded (don't care about SSL at this point so don't want to install/configure Perl now):
--with-openssl=objs/lib/openssl-master \
--with-openssl-opt=no-asm \
--with-http_ssl_module \

And added:
--with-mail

nmake was successful and nginx.exe was created.

However nginx.exe keeps failing with the error:
WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025

Windows API says the following about this error:


WSAENOTCONN
10057

Socket is not connected.
A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using sendtohttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sendto) no address was supplied. Any other type of operation might also return this error—for example, setsockopthttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-setsockopt setting SO_KEEPALIVEhttps://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive if the connection has been reset.
https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docshttps://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid.
docs.microsoft.com

Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values.

Any recommendation for me to make it work?

Tried to play with config (commenting/uncommenting):

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


mail {
server_name localhost;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
# auth_http none;

smtp_auth none;
# smtp_auth login plain cram-md5;
# smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
xclient off;

server {
listen 8025;
protocol smtp;
proxy on;
proxy_pass_error_message on;
}
}

Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports.


Thank you,
Yury
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: net::ERR_SSL_PROTOCOL_ERROR

$
0
0
Hi!,
I do not understand what should I modify.

If I should use ggc,world when connecting with the browser, this is what I already do:
https://drive.google.com/open?id=10MYySDKhPx9L-QucqzxN5NTratJEOJZR

If instead I should put ggc.world instead of local (127.0.0.1) in /etc/nginx/conf.d/default.conf , this is the result of my trial:

/etc/nginx/conf.d/default.conf :


server {
listen 443 ssl http2 default_server;
server_name ggc.world;

ssl_certificate /etc/letsencrypt/live/ggc.world/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ggc.world/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ggc.world/chain.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-
draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
#ssl_stapling on;
#ssl_stapling_verify on;

access_log /var/log/nginx/ggcworld-access.log combined;

add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }

location / {
#proxy_pass http://127.0.0.1:8080;
proxy_pass http://ggc.world:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

server {
listen 80 default_server;
listen [::]:80 default_server;
error_page 497 https://$host:$server_port$request_uri;
server_name www.ggc.world;
return 301 https://$server_name$request_uri;

access_log /var/log/nginx/ggcworld-access.log combined;

add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }

location / {
#proxy_pass http://127.0.0.1:8080;
proxy_pass http://ggc.world:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

upstream websocket {
ip_hash;
#server localhost:3000;
server ggc.world:3000;
}

server {
listen 81;
server_name ggc.world www.ggc.world;

#location / {
location ~ ^/(websocket|websocket\/socket-io) {
#proxy_pass http://127.0.0.1:4201;
proxy_pass http://ggc.world:4201;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwared-For $remote_addr;
proxy_set_header Host $host;

proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
}
}

I get this output:
https://drive.google.com/open?id=1zUSN9wP6h9svizahMjhhFFbY0CLN71Aw

Can you please explain me?
Thank you for your kind help
Marco

RE: net::ERR_SSL_PROTOCOL_ERROR

$
0
0
> Hi!,
> I do not understand what should I modify.

The problem is your backend application (I assume node app) which listens on the 8080 port. While nginx is doing everything right the app responds and constructs the urls using internal ip and/or 'localhost'.

Depending on what the app uses for the urls you could try to add:

proxy_set_header Host $host;

in the location / { proxy_pass ... } block (for some reason you have it only in the server block which listens on port 81).


rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

$
0
0
On Tue, Feb 11, 2020 at 02:28:45PM -0500, MarcoI wrote:

Hi there,

> I "solved" this problem installing the Desktop version of Ubuntu 18.04, as I
> described here:
> https://askubuntu.com/questions/1207812/webapp-fails-with-neterr-connection-refused-with-ubuntu-18-04-4-server-edition

I don't think that's a solution; but if you now have a working system,
then it's all good.

> Now I have a different, but may be, similar, problem, which I described in
> this post:
> https://forum.nginx.org/read.php?2,286991

That looks like the same problem to me.

Change your vue config so that it can work.

Perhaps the "public" piece at
https://forum.vuejs.org/t/vue-with-nginx/26843/3 is relevant.

See also https://webpack.js.org/configuration/dev-server/#devserver-public
and maybe "publicPath" there too.

I see no nginx issue here, or there, other than what was previously
mentioned.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: RE: net::ERR_SSL_PROTOCOL_ERROR

$
0
0
Hi Reinis,

setting in /etc/nginx/conf.d/default.conf proxy_set_header Host $host in the location / as follows:

server {
listen 443 ssl http2 default_server;
server_name ggc.world;

ssl_certificate /etc/letsencrypt/live/ggc.world/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ggc.world/privkey.pem; # managed by Certbot

ssl_trusted_certificate /etc/letsencrypt/live/ggc.world/chain.pem;

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-
draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
#ssl_stapling on;
#ssl_stapling_verify on;

access_log /var/log/nginx/ggcworld-access.log combined;

add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }

location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}

server {
listen 80 default_server;
listen [::]:80 default_server;
error_page 497 https://$host:$server_port$request_uri;
server_name www.ggc.world;
return 301 https://$server_name$request_uri;

access_log /var/log/nginx/ggcworld-access.log combined;

add_header Strict-Transport-Security "max-age=31536000";
location = /favicon.ico { access_log off; log_not_found off; }

location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}

upstream websocket {
ip_hash;
server localhost:3000;
}

server {
listen 81;
server_name ggc.world www.ggc.world;

#location / {
location ~ ^/(websocket|websocket\/socket-io) {
proxy_pass http://127.0.0.1:4201;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwared-For $remote_addr;
proxy_set_header Host $host;

proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
}
}

I get "Invalid Host header" :
https://drive.google.com/open?id=1Y8-PsrB7QdTD--TtTHxnYW_dzaxrRKuc

Re: net::ERR_CONNECTION_REFUSED . How to correctly configure Nginx with Socket.io?

$
0
0
Thank you very much Francis!!! Your indications solved this problem:
with vue.config.js :

// vue.config.js
module.exports = {
// options...
publicPath: '',
devServer: {
host: '0.0.0.0',
port: 8080,
public: 'ggc.world'
},
}

now it works fine: https://drive.google.com/open?id=1PUctgdYLoVmJRvYyG040BFNGOev2yhRX

The previous problem looked similar but I guess it was somewhat different, because it disappeared once moving from Server Edition to Desktop edition of Ubuntu 18.04.4 .

Thank you very much again for your kind help.

Marco
Viewing all 53287 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>