Quantcast
Channel: Nginx Forum
Viewing all 53287 articles
Browse latest View live

Re: net::ERR_SSL_PROTOCOL_ERROR

February 12, 2020, 1:28 am
$
0
0
Solved the problem thanks to Francis Daly who pointed me to the right direction:
https://forum.vuejs.org/t/vue-with-nginx/26843/3

// vue.config.js
module.exports = {
// options...
publicPath: '',
devServer: {
host: '0.0.0.0',
port: 8080,
public: 'ggc.world'
},
}

Now it works fine: https://drive.google.com/open?id=1PUctgdYLoVmJRvYyG040BFNGOev2yhRX

Besides to Francis, whose contribution was resolutive, I thank J.S. and Reinis for their kind help.
Search

Re: nginx for Windows - WSASend() socket error 10057

February 12, 2020, 4:40 am
$
0
0
It looks like your service defined in auth_http doesn't answer (or no
listener on 127.0.0.1 port 9000?)...

try netstat (in cmd as admin):

netstat /nabo
netstat /nabo | grep -A 1 ":9000b"

and check whether the listener on port 9000 is bound to 127.0.0.1 (or it
is 0.0.0.0 only?) and it is the process you expect to see there (can be
"reserved" by some other windows-service).

additionally try to telnet or curl it:

curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H
"Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i
http://127.0.0.1:9000/cgi-bin/nginxauth.cgi

if it does not answer, make another attempt by replace 127.0.0.1 with
0.0.0.0 (or a host-name).

If it answers - see whether it is the expected response (some examples
of good and bad responses are described in
http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html [7]).

But I guess if WSASend fails, it would probably (unexpected) reject the
connection during the send (or even connect) process.
It can be also invalid (unexpected) content-length in keep-alive connect
to auth-upstream - so send but still receive is expected (or vice
versa).

Also follow this forum topic addressing similar issue:
https://forum.nginx.org/read.php?2,257206,257207#msg-257207 [8]

Anyway it doesn't look to me like an issue of nginx (regardless windows
or not), but you can also try some other ready build (for example on my
GH [9] - nginx.zip [10], where it works well).

Regards,
Sergey

12.02.2020 03:01, Yury Shpakov wrote:

> Hi there,
>
> Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to:
> http://nginx.org/en/docs/howto_build_on_win32.html [2]
>
> But excluded (don't care about SSL at this point so don't want to install/configure Perl now):
> --with-openssl=objs/lib/openssl-master
>
> --with-openssl-opt=no-asm
> --with-http_ssl_module
> And added:
> --with-mail
>
> nmake was successful and nginx.exe was created.
>
> However nginx.exe keeps failing with the error:
> WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025
>
> Windows API says the following about this error:
>
> WSAENOTCONN10057
> Socket is not connected.A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using SENDTO [3]) no address was supplied. Any other type of operation might also return this error--for example, SETSOCKOPT [4] setting SO_KEEPALIVE [5] if the connection has been reset.
>
> https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2 [6]
>
> Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docs [6]
> Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid.
> docs.microsoft.com
>
> Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values.
>
> Any recommendation for me to make it work?
>
> Tried to play with config (commenting/uncommenting):
>
> #user nobody;
> worker_processes 1;
>
> #error_log logs/error.log;
> #error_log logs/error.log notice;
> #error_log logs/error.log info;
>
> #pid logs/nginx.pid;
>
> events {
> worker_connections 1024;
> }
>
> mail {
> server_name localhost;
> auth_http localhost:9000/cgi-bin/nginxauth.cgi;
> # auth_http none;
>
> smtp_auth none;
> # smtp_auth login plain cram-md5;
> # smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
> xclient off;
>
> server {
> listen 8025;
> protocol smtp;
> proxy on;
> proxy_pass_error_message on;
> }
> }
> Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports.
>
> Thank you,
> Yury
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel [1]


Links:
------
[1] http://mailman.nginx.org/mailman/listinfo/nginx-devel
[2] http://nginx.org/en/docs/howto_build_on_win32.html
[3]
https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sendto
[4]
https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-setsockopt
[5]
https://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive
[6]
https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
[7] http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html
[8] https://forum.nginx.org/read.php?2,257206,257207#msg-257207
[9] https://github.com/sebres/nginx/releases/tag/release-1.13.0
[10] https://github.com/sebres/nginx/files/2246440/nginx.zip
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Nginx php reverse proxy problem

February 12, 2020, 4:43 am
$
0
0
Hi,
I'm running a reverse proxy with nginx and using certbot for ssl. It's been working great but recently with an php server installation it's been giving me problems.
I get access to the index but any other page I get a 404 error from nginx.

404 Not Found
nginx/1.14.0 (Ubuntu)

This is my conf file
server {

root /var/www/YOUR_DIRECTORY;
index index.php index.html index.htm;

###################################################
# Change "yoururl.com" to your host name

server_name my-domain;

# location / {
# try_files $uri $uri/ /index.php?q=$uri&$args;
# }

location /site/ {
if (!-e $request_filename){
rewrite ^/site/(.*)$ /site/index.php break;
}
}location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param PATH_TO_FRAMEWORKS /var/www/frameworks/;
fastcgi_param CORE_TYPE frameworks;
fastcgi_param IS_DEV true;
include fastcgi_params;
}

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ /\. {
deny all;
}

location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}location / {
proxy_pass http://my-server-ip/;
}





listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-domain/fullchain.pem; #$
ssl_certificate_key /etc/letsencrypt/live/my-domain/privkey.pem;$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = my-domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;

server_name my-domain;
return 404; # managed by Certbot


}


Any had similar problems? It's nginx having a different configuration for php?
Just in case I have tried commenting the last lines which appears to send the 404, but it did the same thing.

AutoFS + Windows (Samba 1.0) down + NGINX = Freeze

February 12, 2020, 7:08 am
$
0
0
We've got auto-fs installed on a CentOS Linux release 7.5.1804 (Core). The config is as follows (comments omitted):

/etc/autofs.conf
[ autofs ]
timeout = 500
browse_mode = no
mount_nfs_default_protocol = 4
[ amd ]
dismount_interval = 300

/etc/auto.master
/misc /etc/auto.misc
/net -hosts
+dir:/etc/auto.master.d
+auto.master

/etc/auto.master.d/fs1.autofs
/mnt/fs1 /etc/auto.conf.d/auto.fs1

/etc/auto.conf.d/auto.fs1
* -fstype=cifs,echo_interval=15,cache=none,ro,noserverino,user=nginx,pass=mypassword ://192.168.0.1/myfs

/etc/auto.master.d/fs2.autofs
/mnt/fs2 /etc/auto.conf.d/auto.fs2

/etc/auto.conf.d/auto.fs2
* -fstype=cifs,echo_interval=15,cache=none,ro,noserverino,user=nginx,pass=mypassword ://192.168.0.2/myfs

On top of that we run NGINX:
root@localhost ~> nginx -V
nginx version: nginx/1.16.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

with the following (internal) site:

user nginx;
worker_processes auto;
error_log /mnt/nginx-cache/var/log/nginx/error.log warn;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
# include /usr/share/nginx/modules/*.conf;
load_module /etc/nginx/modules/ngx_http_cache_purge_module.so;

events {
worker_connections 1024;
}

http {
log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status kk=$scheme$proxy_host$uri$is_args$args';

access_log /mnt/nginx-cache/var/log/nginx/access.log main_ext buffer=64k flush=2s;
log_format upstream '$remote_addr - $upstream_addr - $request - $upstream_response_time - $request_time - $upstream_cache_status';
log_not_found off;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

http2_max_requests 4294967295;

server_names_hash_max_size 256;
server_names_hash_bucket_size 256;

include /etc/nginx/mime.types;
default_type application/octet-stream;

proxy_cache_key $scheme$proxy_host$uri$is_args$args;

aio threads;
directio 512;

client_max_body_size 512m;

server {
# Note that it's listening on port 9000
listen 127.0.0.1:9000 default_server;
root /mnt;

server_name myorigin.mydomain.com;

aio on;
sendfile on;
directio 1;
location /{
try_files /fs1/myfs$uri /fs2/myfs$uri =404;
}
}
}

This normally works fine. However, as soon as (e.g.) FS2 is down and we request a file that is on there multiple times, NGINX will hang. We've got other servers in the NGINX config too, some of which are only serving as proxy pass. Even those servers hang. This to me would indicate that all worker processes are hanging. Shouldn't this be remedied by having turned on AIO and forcing it to always use directio?

When the physical CentOS server is rebooted while one of the file servers is down, NGINX runs fine. Can auto-fs be configured to, if a file server is down, simply disconnect the mount instead of hanging on any file operation?

How do I make sure NGINX keeps serving even if a mount goes down / hangs?

Failed disk + proxy_intercept_errors

February 12, 2020, 7:36 am
$
0
0
Hi,
In our deployment we do have configuration of proxy cache with multiple hard drives. Because of performance we don't have any RAID on these devices. That means we have to handle even a situation when drive dies, sometime.

After disk failure of proxy_cache_path device nginx usually starts serving users with http500. So I've had an idea we may use proxy_intercept_errors but I end up with inconsistent state: ~60 files are handled as expected, but after that every connection is terminated prematurely without a single byte sent. In access.log there is http 200.

I broke just ext4 FS (dd if=/dev/zero of=/dev/sdc bs=1k count=$((1024*100))) and I'm using nginx 1.17.7 on Linux

Relevant snippet from my configuration:
```
location ~ ^/mylocation/ {
set $spindle_bucket cache_01;
include "snippets/spindle_cache_locations_uspinclude";
proxy_cache DISK_$spindle_bucket;

proxy_pass $backend;
proxy_cache_key $uri;
proxy_cache_revalidate on;
proxy_cache_use_stale off;

recursive_error_pages on;
proxy_intercept_errors on;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 = @myotherlocation;
error_page 500 501 502 503 504 505 506 507 508 510 511 = @myotherlocation;
}

# same as ^/mylocation/ but without proxy_intercept_errors and with a single spare drive only
location @myotherlocation {
include "snippets/spindle_cache_locations_uspinclude";
set $spindle_bucket "spare_01";
proxy_cache DISK_$spindle_bucket;

proxy_pass $backend;
proxy_cache_key $uri;
proxy_cache_revalidate on;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
}
```

In snippets/spindle_cache_locations_uspinclude I do have:
```
proxy_buffers 64 8k;

proxy_set_header Host our.akamaized.net;

proxy_cache_valid 200 720d;
proxy_cache_valid 206 720d;
#proxy_cache_valid 301 1d;
#proxy_cache_valid 302 10m;
#proxy_cache_valid any 1s;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

```
```
$ curl -v http://myserver/mylocation/66666666-1111-1111-0000-01234567/2ab5355f-5508-438d-acfc-686469877fb3.ism/2ab5355f-5508-438d-acfc-686469877fb3-video_2=1481000-177.m4s
* Trying myipv6...
* TCP_NODELAY set
* Connected to myserver (myipv6) port 80 (#0)
> GET /mylocation/66666666-1111-1111-0000-01234567/2ab5355f-5508-438d-acfc-686469877fb3.ism/2ab5355f-55$
8-438d-acfc-686469877fb3-video_2=1481000-177.m4s HTTP/1.1
> Host: myserver
> User-Agent: curl/7.52.1
> Accept: */*
>
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host myserver left intact
curl: (52) Empty reply from server
```

Am I doing something wrong or is this a bug? Because of the inconsistency I tend to the 2nd. But I'm not sure at all :-)

[nginx] Made ngx_http_get_forwarded_addr_internal() non-recursive.

February 12, 2020, 8:04 am
$
0
0
details: https://hg.nginx.org/nginx/rev/1055e43e4fab
branches:
changeset: 7624:1055e43e4fab
user: Vladimir Homutov <vl@nginx.com>
date: Tue Feb 11 13:22:44 2020 +0300
description:
Made ngx_http_get_forwarded_addr_internal() non-recursive.

diffstat:

src/http/ngx_http_core_module.c | 62 +++++++++++++++++++---------------------
1 files changed, 30 insertions(+), 32 deletions(-)

diffs (77 lines):

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -2667,43 +2667,41 @@ ngx_http_get_forwarded_addr_internal(ngx
u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive)
{
u_char *p;
- ngx_int_t rc;
ngx_addr_t paddr;
-
- if (ngx_cidr_match(addr->sockaddr, proxies) != NGX_OK) {
- return NGX_DECLINED;
- }
-
- for (p = xff + xfflen - 1; p > xff; p--, xfflen--) {
- if (*p != ' ' && *p != ',') {
- break;
+ ngx_uint_t found;
+
+ found = 0;
+
+ do {
+
+ if (ngx_cidr_match(addr->sockaddr, proxies) != NGX_OK) {
+ return found ? NGX_DONE : NGX_DECLINED;
}
- }
-
- for ( /* void */ ; p > xff; p--) {
- if (*p == ' ' || *p == ',') {
- p++;
- break;
+
+ for (p = xff + xfflen - 1; p > xff; p--, xfflen--) {
+ if (*p != ' ' && *p != ',') {
+ break;
+ }
}
- }
-
- if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) {
- return NGX_DECLINED;
- }
-
- *addr = paddr;
-
- if (recursive && p > xff) {
- rc = ngx_http_get_forwarded_addr_internal(r, addr, xff, p - 1 - xff,
- proxies, 1);
-
- if (rc == NGX_DECLINED) {
- return NGX_DONE;
+
+ for ( /* void */ ; p > xff; p--) {
+ if (*p == ' ' || *p == ',') {
+ p++;
+ break;
+ }
}

- /* rc == NGX_OK || rc == NGX_DONE */
- return rc;
- }
+ if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff))
+ != NGX_OK)
+ {
+ return found ? NGX_DONE : NGX_DECLINED;
+ }
+
+ *addr = paddr;
+ found = 1;
+ xfflen = p - 1 - xff;
+
+ } while (recursive && p > xff);

return NGX_OK;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: nginx for Windows - WSASend() socket error 10057

February 12, 2020, 10:00 am
$
0
0
Hi Sergey,


Thank you for you response.

I tried netstat /nabo and I don't see any reference to port 9000 at all.
So a problem is to make nginx to listen on port 9000 (as server)?
Or nginx is not listening on port 9000 but rather sending requests to port 9000 (as client)?

Maybe it's easier not to use auth_http at all? I was trying to remove it from configuration file but nginx was not happy.
At this point I don't need any authentication. I was told by my boss to use nginx for load testing of our service sending emails (SMTP client). I've got some SMTP Server and nginx would be used as SMTP proxy because it allows to set up delays.

And take into account that I REMOVED "--with-http_ssl_module" from parameters when I was building nginx.

And you advised to download some nginx.exe files but I believe they were built without "--with-mail" parameter (which I need).


Thank you,
Yury
________________________________
From: Sergey Brester <serg.brester@sebres.de>
Sent: Wednesday, February 12, 2020 7:38 AM
To: nginx-devel@nginx.org <nginx-devel@nginx.org>
Cc: Yury Shpakov <yshpakov@hotmail.com>
Subject: Re: nginx for Windows - WSASend() socket error 10057


It looks like your service defined in auth_http doesn't answer (or no listener on 127.0.0.1 port 9000?)...

try netstat (in cmd as admin):

netstat /nabo
netstat /nabo | grep -A 1 ":9000\b"

and check whether the listener on port 9000 is bound to 127.0.0.1 (or it is 0.0.0.0 only?) and it is the process you expect to see there (can be "reserved" by some other windows-service).

additionally try to telnet or curl it:

curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H "Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i http://127.0.0.1:9000/cgi-bin/nginxauth.cgi

if it does not answer, make another attempt by replace 127.0.0.1 with 0.0.0..0 (or a host-name).

If it answers - see whether it is the expected response (some examples of good and bad responses are described in http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html).

But I guess if WSASend fails, it would probably (unexpected) reject the connection during the send (or even connect) process.
It can be also invalid (unexpected) content-length in keep-alive connect to auth-upstream - so send but still receive is expected (or vice versa).

Also follow this forum topic addressing similar issue: https://forum.nginx.org/read.php?2,257206,257207#msg-257207

Anyway it doesn't look to me like an issue of nginx (regardless windows or not), but you can also try some other ready build (for example on my GHhttps://github.com/sebres/nginx/releases/tag/release-1.13.0 - nginx.ziphttps://github.com/sebres/nginx/files/2246440/nginx.zip, where it works well).

Regards,
Sergey

12.02.2020 03:01, Yury Shpakov wrote:

Hi there,


Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to:
http://nginx.org/en/docs/howto_build_on_win32.html

But excluded (don't care about SSL at this point so don't want to install/configure Perl now):
--with-openssl=objs/lib/openssl-master \
--with-openssl-opt=no-asm \
--with-http_ssl_module \
And added:
--with-mail
nmake was successful and nginx.exe was created.

However nginx.exe keeps failing with the error:
WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025

Windows API says the following about this error:


WSAENOTCONN
10057

Socket is not connected.
A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using sendtohttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sendto) no address was supplied. Any other type of operation might also return this error—for example, setsockopthttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-setsockopt setting SO_KEEPALIVEhttps://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive if the connection has been reset.
https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docshttps://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid.
docs.microsoft.com

Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values.

Any recommendation for me to make it work?

Tried to play with config (commenting/uncommenting):

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


mail {
server_name localhost;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
# auth_http none;

smtp_auth none;
# smtp_auth login plain cram-md5;
# smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
xclient off;

server {
listen 8025;
protocol smtp;
proxy on;
proxy_pass_error_message on;
}
}

Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports.


Thank you,
Yury


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org<mailto:nginx-devel@nginx.org>
http://mailman.nginx.org/mailman/listinfo/nginx-devel

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: nginx for Windows - WSASend() socket error 10057

February 12, 2020, 10:52 am
$
0
0
I answered inline...

12.02.2020 18:59, Yury Shpakov wrote:

> Hi Sergey,
>
> Thank you for you response.
>
> I tried netstat /nabo and I don't see any reference to port 9000 at all.
> So a problem is to make nginx to listen on port 9000 (as server)?
> Or nginx is not listening on port 9000 but rather sending requests to port 9000 (as client)?

With setting of `auth_http`, you are defining an URL to the service
responsible for authentication (and upstream choice).
Of course then you should have something that would response to the
auth-requests (your own upstream, or some nginx location, or some
"foreign" http-server).

See https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ [11]
for more examples.

> Maybe it's easier not to use auth_http at all? I was trying to remove it from configuration file but nginx was not happy.

I have my own auth-module so I don't know how it can be solved in
stock-nginx without this directive.

Take a look here -
https://serverfault.com/questions/594962/nginx-understanding-the-purpose-of-auth-http-imap-proxy
[12] - you can use some nginx location (and internal URL to same nginx
instance) to specify that.

Anyway it is recommended to use some auth (on nginx side), because it'd
preserve the resources of mail-servers, allow you to authenticate email
clients with same user/password for all mail-servers (smtp, imap, pop3,
etc) as well as the same user/pwd as for some other http-services. And
it is used to choose an upstream server (if multiple) for the email
processing.

> At this point I don't need any authentication. I was told by my boss to use nginx for load testing of our service sending emails (SMTP client). I've got some SMTP Server and nginx would be used as SMTP proxy because it allows to set up delays.

Well, an auth request to some nginx-location would allow you to set up
delays even on authentication phase.

> And take into account that I REMOVED "--with-http_ssl_module" from parameters when I was building nginx.
>
> And you advised to download some nginx.exe files but I believe they were built without "--with-mail" parameter (which I need).

Although, it was compiled with "--with-mail" (you can see all parameters
in provided GH-link [9])
But it would not help, because basically your issue seems to be the
configuration (not the nginx.exe).

> Thank you,
> Yury
>
> -------------------------
>
> FROM: Sergey Brester <serg.brester@sebres.de>
> SENT: Wednesday, February 12, 2020 7:38 AM
> TO: nginx-devel@nginx.org <nginx-devel@nginx.org>
> CC: Yury Shpakov <yshpakov@hotmail.com>
> SUBJECT: Re: nginx for Windows - WSASend() socket error 10057
>
> It looks like your service defined in auth_http doesn't answer (or no listener on 127.0.0.1 port 9000?)...
>
> try netstat (in cmd as admin):
>
> netstat /nabo
> netstat /nabo | grep -A 1 ":9000b"
>
> and check whether the listener on port 9000 is bound to 127.0.0.1 (or it is 0.0.0.0 only?) and it is the process you expect to see there (can be "reserved" by some other windows-service).
>
> additionally try to telnet or curl it:
>
> curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H "Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i http://127.0.0.1:9000/cgi-bin/nginxauth.cgi
>
> if it does not answer, make another attempt by replace 127.0.0.1 with 0.0.0.0 (or a host-name).
>
> If it answers - see whether it is the expected response (some examples of good and bad responses are described in http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html [7]).
>
> But I guess if WSASend fails, it would probably (unexpected) reject the connection during the send (or even connect) process.
> It can be also invalid (unexpected) content-length in keep-alive connect to auth-upstream - so send but still receive is expected (or vice versa).
>
> Also follow this forum topic addressing similar issue: https://forum.nginx.org/read.php?2,257206,257207#msg-257207 [8]
>
> Anyway it doesn't look to me like an issue of nginx (regardless windows or not), but you can also try some other ready build (for example on my GH [9] - nginx.zip [10], where it works well).
>
> Regards,
> Sergey
>
> 12.02.2020 03:01, Yury Shpakov wrote:
>
>> Hi there,
>>
>> Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to:
>> http://nginx.org/en/docs/howto_build_on_win32.html [2]
>> But excluded (don't care about SSL at this point so don't want to install/configure Perl now):
>> --with-openssl=objs/lib/openssl-master
>>
>> --with-openssl-opt=no-asm
>> --with-http_ssl_module
>> And added:
>> --with-mail
>>
>> nmake was successful and nginx.exe was created.
>> However nginx.exe keeps failing with the error:
>> WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025
>> Windows API says the following about this error:
>>
>> WSAENOTCONN10057
>> Socket is not connected.A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using SENDTO [3]) no address was supplied. Any other type of operation might also return this error--for example, SETSOCKOPT [4] setting SO_KEEPALIVE [5] if the connection has been reset.
>>
>> https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2 [6]
>>
>> Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docs [6]
>> Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid.
>> docs.microsoft.com
>>
>> Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values.
>> Any recommendation for me to make it work?
>> Tried to play with config (commenting/uncommenting):
>>
>> #user nobody;
>> worker_processes 1;
>> #error_log logs/error.log;
>> #error_log logs/error.log notice;
>> #error_log logs/error.log info;
>> #pid logs/nginx.pid;
>> events {
>> worker_connections 1024;
>> }
>> mail {
>> server_name localhost;
>> auth_http localhost:9000/cgi-bin/nginxauth.cgi;
>> # auth_http none;
>> smtp_auth none;
>> # smtp_auth login plain cram-md5;
>> # smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
>> xclient off;
>> server {
>> listen 8025;
>> protocol smtp;
>> proxy on;
>> proxy_pass_error_message on;
>> }
>> } Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports.
>> Thank you,
>> Yury
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx-devel [1]


Links:
------
[1] http://mailman.nginx.org/mailman/listinfo/nginx-devel
[2] http://nginx.org/en/docs/howto_build_on_win32.html
[3]
https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sendto
[4]
https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-setsockopt
[5]
https://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive
[6]
https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
[7] http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html
[8] https://forum.nginx.org/read.php?2,257206,257207#msg-257207
[9] https://github.com/sebres/nginx/releases/tag/release-1.13.0
[10] https://github.com/sebres/nginx/files/2246440/nginx.zip
[11] https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
[12]
https://serverfault.com/questions/594962/nginx-understanding-the-purpose-of-auth-http-imap-proxy_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Search

A More Automated Way to Restream to Facebook Live & YouTube?

February 12, 2020, 2:45 pm
$
0
0
I have created an nginx server to push rtmp streams to Facebook Live (which I also use stunnel) and YouTube. Is there a more automated way to push the streams to these platforms? I use OBS, and am hoping to figure out a way so that when I click "Start Streaming," it will automatically create a Title and new live stream for each platform. Is this even possible? Need API or something?

Nginx tail module

February 12, 2020, 6:50 pm
$
0
0
Hello

What would be the best way to write a Nginx module that would essentially
tail a file?

Thanks
Max
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

RE: Nginx tail module

February 12, 2020, 11:08 pm
$
0
0
I don’t know what you’re trying to solve… but maybe you can just send a range request relative to the end,
without any custom module.
For example, ‘Range: bytes=-1024’ will return the last 1k of the resource.

Eran

From: nginx-devel <nginx-devel-bounces@nginx.org> On Behalf Of Maksim Yevmenkin
Sent: Thursday, February 13, 2020 4:49 AM
To: nginx-devel@nginx.org
Subject: Nginx tail module

Hello

What would be the best way to write a Nginx module that would essentially tail a file?

Thanks
Max




_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Nginx tail module

February 13, 2020, 5:20 am
$
0
0
On Wed, Feb 12, 2020, 11:07 PM Eran Kornblau <eran.kornblau@kaltura.com>
wrote:

> I don’t know what you’re trying to solve… but maybe you can just send a
> range request relative to the end,
> without any custom module.
> For example, ‘Range: bytes=-1024’ will return the last 1k of the resource.
>

Thanks but this is not what I was hoping for. The idea is to have Nginx
return new data as soon as it is available in the tailed file.

A client would issue one request and simply wait for the data to arrive in
chunked transfer encoding.


> What would be the best way to write a Nginx module that would essentially
> tail a file?
>

Thanks
Max
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Fixed Object.getOwnPropertySymbols().

February 13, 2020, 5:28 am
$
0
0
details: https://hg.nginx.org/njs/rev/974e6c195410
branches:
changeset: 1325:974e6c195410
user: Alexander Borisov <alexander.borisov@nginx.com>
date: Thu Feb 13 16:25:37 2020 +0300
description:
Fixed Object.getOwnPropertySymbols().

This closes #291 issue on GitHub.

diffstat:

src/njs_object.c | 4 ++--
src/test/njs_unit_test.c | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)

diffs (34 lines):

diff -r 5bd15bd3766c -r 974e6c195410 src/njs_object.c
--- a/src/njs_object.c Mon Feb 10 17:39:41 2020 +0300
+++ b/src/njs_object.c Thu Feb 13 16:25:37 2020 +0300
@@ -397,8 +397,6 @@ njs_object_exist_in_proto(const njs_obje
njs_int_t ret;
njs_object_prop_t *prop;

- lhq->proto = &njs_object_hash_proto;
-
while (object != end) {
ret = njs_lvlhsh_find(&object->hash, lhq);

@@ -701,6 +699,8 @@ njs_object_own_enumerate_object_length(c
njs_lvlhsh_each_init(&lhe, &njs_object_hash_proto);
hash = &object->hash;

+ lhq.proto = &njs_object_hash_proto;
+
length = 0;

for ( ;; ) {
diff -r 5bd15bd3766c -r 974e6c195410 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c Mon Feb 10 17:39:41 2020 +0300
+++ b/src/test/njs_unit_test.c Thu Feb 13 16:25:37 2020 +0300
@@ -11206,6 +11206,9 @@ static njs_unit_test_t njs_test[] =
"delete obj[symA]"),
njs_str("TypeError: Cannot delete property \"Symbol(A)\" of object") },

+ { njs_str("typeof Object.getOwnPropertySymbols(globalThis);"),
+ njs_str("object") },
+
{ njs_str("["
" Object.prototype,"
" Symbol.prototype,"
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Failed disk + proxy_intercept_errors

February 13, 2020, 7:00 am
$
0
0
Hello!

On Wed, Feb 12, 2020 at 10:36:54AM -0500, chocholo3 wrote:

> Hi,
> In our deployment we do have configuration of proxy cache with multiple hard
> drives. Because of performance we don't have any RAID on these devices. That
> means we have to handle even a situation when drive dies, sometime.
>
> After disk failure of proxy_cache_path device nginx usually starts serving
> users with http500. So I've had an idea we may use proxy_intercept_errors
> but I end up with inconsistent state: ~60 files are handled as expected, but
> after that every connection is terminated prematurely without a single byte
> sent. In access.log there is http 200.
>
> I broke just ext4 FS (dd if=/dev/zero of=/dev/sdc bs=1k count=$((1024*100)))
> and I'm using nginx 1.17.7 on Linux

[...]

> Am I doing something wrong or is this a bug? Because of the inconsistency I
> tend to the 2nd. But I'm not sure at all :-)

First of all, the proxy_intercept_errors directive is only
relevant to errors returned by upstream servers. As long as the
error is generated by nginx itself, only the error_page directives
are relevant - as long as you have error_page 500 configured,
nginx will appropriately redirect processing of errors with code
500.

As for the inconsistency you observe, this depends on the exact
moment the error happens. For some errors nginx might be able to
generate friendly 500, for some it won't and will close the
connection as long as an error happens.

For example, if an error happens when reading cache header, nginx
should be able to return 500. But if an error happens later, when
reading the response body from the cache file, when the response
headers are already processed (and either sent to the client or
buffered due to postpone_output), it certainly won't be possible
to return a friendly error page, so nginx will close the
connection.

Given the nature of your test, I suspect that the inconsistency
you observe is due to errors happening at different moments.

In the real life, using "error_page 500" is certainly not enough
to protect users from broken responses due to failing disks.
Further, I don't think there is way to fully protect users, except
by providing redundancy at the disk level. For example, consider
an error when reading some response body data from disk, with 1GB
of the response body already sent to the client. There is more or
less nothing to be done here, and the only option is to close the
connection.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

How to query current configuration ?

February 13, 2020, 10:40 am
$
0
0
I am automating a script for collecting some info, given a specific URL and returning all the server in the upstream Pool for that URL in a running NGINX+ instance.

My goal is to have something that I can query on web, or a script that I can run hourly basis and create an HTML with it that I can query later with my script.

I was planning to extract the info from the dashboard upstreams, but unfortunately the zones aren't descriptive enough and couldn't show all the matching URL in the regex definition for server_name on the config files.

From this running config :

server {
listen 443 ssl http2;
listen[::]:443 ssl http2;
server_name ~^(www|www2|www3).mycompany.com$;
status_zone www.mycompany.com;
.... ....

}

upstream www {
least_time header; zone area1 128k;
server server1.mycompany.com:443 max_fails=3 fail_timeout=30s;
server server2.mycompany.com:443 max_fails=3 fail_timeout=30s;
server server3.mycompany.com:443 max_fails=3 fail_timeout=30s;

}

Want to get from this Input URL : www2.mycompany.com

these Output Servers: server1, server2, server3


any thoughts?
Search

Need help on the deny directive - not denying the first time but on reload

February 13, 2020, 11:14 am
$
0
0
Hi,

I'm using nginx to reverse-proxy a web app written in Javascript. For access control, I'm using the deny directive to deny users from accessing the menu items under the system menu; however, it does not deny it at the first time it loads but only at reloading. Can someone please help?

The config is as followed:
location ^~ /system/ {
deny all;
}

And the testcase is as followed:
1) Use a browser to go to '/'
2) Click on the "System" menu and click "Overview", and it will load '/system/overview' with no denial (should 403 instead)
3) Hit the reload button
4) It shows 403 this time

fast-cgi Oddness

February 13, 2020, 12:48 pm
$
0
0
I am running with Nginx 1.16. I have a really simple configuration for
wordpress, seen below.

I have one test case:
curl -H "Host: x.com" "http://127.0.0.1/wp-admin/"
Which succeeds - I can see in the php-fpm log that it does "GET
/wp-admin/index.php"

I have a second test case:
curl -H "Host: x.com" "http://127.0.0.1/wp-admin/load-styles.php"
Which unexpectedly returns a 404 error, even though the file does exist at
wp-admin/load-styles.php, but in the php-fpm log I am seeing GET
/load-styles.php

I can not figure out why the path is altered for the failing test case and
not the passing one.

If I hard code SCRIPT_NAME to $request_uri and SCRIPT_FILENAME
to $document_root$request_uri then failing test case works which I think
shows the script would work if the path were set correctly, but the first
test case fails because index.html doesn't get added to $request_uri.

I can't find anything similar searching Google, does anyone have a solution
or workaround?


server {
listen 80;
server_name x.com;
index index.php;

if (!-e $request_filename) {
rewrite ^/[_0-9a-zA-Z-]+(/wp-(content|admin|includes).*) $1 break;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 break;
}

location ~* (.*\.(js|css|svg|png|gif|ttf|woff|woff2))$ {
root /x/wordpress;
index index.html index.htm index.php;
}

location / {
rewrite ^/wp-admin$ /wp-admin/ permanent;
root /x;
index index.php;
try_files $uri @wordpress;
}

location @wordpress {
root /x/wordpress;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param aetn_env devtest;
}
}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx for Windows - WSASend() socket error 10057

February 13, 2020, 1:46 pm
$
0
0
Hi Sergey,


I reconfigured the config file as follows:

=== === ===
#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


mail {
server_name localhost;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
# auth_http none;

smtp_auth none;
# smtp_auth login plain cram-md5;
# smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
xclient off;

server {
listen 8025;
protocol smtp;
proxy on;
proxy_pass_error_message on;
}
}

http {
server {
listen 9000;

location /cgi-bin/nginxauth.cgi {
add_header Auth-Status OK;
add_header Auth-Server 127.0.0.2; # backend ip
add_header Auth-Port 143; # backend port
return 204;
}
}
}
=== === ===

And now it's responding on port 9000 as expected:

=== === ===
C:\WINDOWS\system32>curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H "Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i http://127.0.0.1:9000/cgi-bin/nginxauth.cgi
HTTP/1.1 204 No Content
Server: nginx/1.17.9
Date: Thu, 13 Feb 2020 21:30:54 GMT
Connection: keep-alive
Auth-Status: OK
Auth-Server: 127.0.0.2
Auth-Port: 143
=== === ===

However I'm still experiencing the same issue (in log file):

=== === ===
2020/02/13 16:29:24 [notice] 35048#26192: signal process started
2020/02/13 16:29:34 [error] 31732#22720: *1 WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025
=== === ===

Tried under both admin and regular user.

Any further ideas how to get it fixed please?


Thank you,
Yury
________________________________
From: Sergey Brester <serg.brester@sebres.de>
Sent: Wednesday, February 12, 2020 1:51 PM
To: Yury Shpakov <yshpakov@hotmail.com>
Cc: nginx-devel@nginx.org <nginx-devel@nginx.org>
Subject: Re: nginx for Windows - WSASend() socket error 10057


I answered inline...

12.02.2020 18:59, Yury Shpakov wrote:

Hi Sergey,


Thank you for you response.

I tried netstat /nabo and I don't see any reference to port 9000 at all.
So a problem is to make nginx to listen on port 9000 (as server)?
Or nginx is not listening on port 9000 but rather sending requests to port 9000 (as client)?
With setting of `auth_http`, you are defining an URL to the service responsible for authentication (and upstream choice).
Of course then you should have something that would response to the auth-requests (your own upstream, or some nginx location, or some "foreign" http-server).

See https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ for more examples.
Maybe it's easier not to use auth_http at all? I was trying to remove it from configuration file but nginx was not happy.

I have my own auth-module so I don't know how it can be solved in stock-nginx without this directive.

Take a look here - https://serverfault.com/questions/594962/nginx-understanding-the-purpose-of-auth-http-imap-proxy - you can use some nginx location (and internal URL to same nginx instance) to specify that.

Anyway it is recommended to use some auth (on nginx side), because it'd preserve the resources of mail-servers, allow you to authenticate email clients with same user/password for all mail-servers (smtp, imap, pop3, etc) as well as the same user/pwd as for some other http-services. And it is used to choose an upstream server (if multiple) for the email processing.

At this point I don't need any authentication. I was told by my boss to use nginx for load testing of our service sending emails (SMTP client). I've got some SMTP Server and nginx would be used as SMTP proxy because it allows to set up delays.
Well, an auth request to some nginx-location would allow you to set up delays even on authentication phase.
And take into account that I REMOVED "--with-http_ssl_module" from parameters when I was building nginx.

And you advised to download some nginx.exe files but I believe they were built without "--with-mail" parameter (which I need).
Although, it was compiled with "--with-mail" (you can see all parameters in provided GH-linkhttps://github.com/sebres/nginx/releases/tag/release-1.13..0)
But it would not help, because basically your issue seems to be the configuration (not the nginx.exe).

Thank you,
Yury

________________________________
From: Sergey Brester <serg.brester@sebres.de>
Sent: Wednesday, February 12, 2020 7:38 AM
To: nginx-devel@nginx.org <nginx-devel@nginx.org>
Cc: Yury Shpakov <yshpakov@hotmail.com>
Subject: Re: nginx for Windows - WSASend() socket error 10057

It looks like your service defined in auth_http doesn't answer (or no listener on 127.0.0.1 port 9000?)...

try netstat (in cmd as admin):

netstat /nabo
netstat /nabo | grep -A 1 ":9000\b"

and check whether the listener on port 9000 is bound to 127.0.0.1 (or it is 0.0.0.0 only?) and it is the process you expect to see there (can be "reserved" by some other windows-service).

additionally try to telnet or curl it:

curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H "Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i http://127.0.0.1:9000/cgi-bin/nginxauth.cgi

if it does not answer, make another attempt by replace 127.0.0.1 with 0.0.0..0 (or a host-name).

If it answers - see whether it is the expected response (some examples of good and bad responses are described in http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html).

But I guess if WSASend fails, it would probably (unexpected) reject the connection during the send (or even connect) process.
It can be also invalid (unexpected) content-length in keep-alive connect to auth-upstream - so send but still receive is expected (or vice versa).

Also follow this forum topic addressing similar issue: https://forum.nginx.org/read.php?2,257206,257207#msg-257207

Anyway it doesn't look to me like an issue of nginx (regardless windows or not), but you can also try some other ready build (for example on my GHhttps://github.com/sebres/nginx/releases/tag/release-1.13.0 - nginx.ziphttps://github.com/sebres/nginx/files/2246440/nginx.zip, where it works well).

Regards,
Sergey

12.02.2020 03:01, Yury Shpakov wrote:

Hi there,
Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to:
http://nginx.org/en/docs/howto_build_on_win32.html
But excluded (don't care about SSL at this point so don't want to install/configure Perl now):
--with-openssl=objs/lib/openssl-master \
--with-openssl-opt=no-asm \
--with-http_ssl_module \
And added:
--with-mail
nmake was successful and nginx.exe was created.
However nginx.exe keeps failing with the error:
WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025
Windows API says the following about this error:

WSAENOTCONN
10057

Socket is not connected.
A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using sendtohttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sendto) no address was supplied. Any other type of operation might also return this error—for example, setsockopthttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-setsockopt setting SO_KEEPALIVEhttps://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive if the connection has been reset.
https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docshttps://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid.
docs.microsoft.com
Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values.
Any recommendation for me to make it work?
Tried to play with config (commenting/uncommenting):
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
mail {
server_name localhost;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
# auth_http none;
smtp_auth none;
# smtp_auth login plain cram-md5;
# smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
xclient off;
server {
listen 8025;
protocol smtp;
proxy on;
proxy_pass_error_message on;
}
}
Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports.
Thank you,
Yury


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org<mailto:nginx-devel@nginx.org>http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: nginx for Windows - WSASend() socket error 10057

February 13, 2020, 1:50 pm
$
0
0
Extra info:

C:\WINDOWS\system32>netstat /nabo | grep -A 1 ":9000\b"
TCP 0.0.0.0:9000 0.0.0.0:0 LISTENING 34540
[nginx.exe]

________________________________
From: nginx-devel <nginx-devel-bounces@nginx.org> on behalf of Yury Shpakov <yshpakov@hotmail.com>
Sent: Thursday, February 13, 2020 4:45 PM
To: Sergey Brester <serg.brester@sebres.de>
Cc: nginx-devel@nginx.org <nginx-devel@nginx.org>
Subject: Re: nginx for Windows - WSASend() socket error 10057

Hi Sergey,


I reconfigured the config file as follows:

=== === ===
#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


mail {
server_name localhost;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
# auth_http none;

smtp_auth none;
# smtp_auth login plain cram-md5;
# smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
xclient off;

server {
listen 8025;
protocol smtp;
proxy on;
proxy_pass_error_message on;
}
}

http {
server {
listen 9000;

location /cgi-bin/nginxauth.cgi {
add_header Auth-Status OK;
add_header Auth-Server 127.0.0.2; # backend ip
add_header Auth-Port 143; # backend port
return 204;
}
}
}
=== === ===

And now it's responding on port 9000 as expected:

=== === ===
C:\WINDOWS\system32>curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H "Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i http://127.0.0.1:9000/cgi-bin/nginxauth.cgi
HTTP/1.1 204 No Content
Server: nginx/1.17.9
Date: Thu, 13 Feb 2020 21:30:54 GMT
Connection: keep-alive
Auth-Status: OK
Auth-Server: 127.0.0.2
Auth-Port: 143
=== === ===

However I'm still experiencing the same issue (in log file):

=== === ===
2020/02/13 16:29:24 [notice] 35048#26192: signal process started
2020/02/13 16:29:34 [error] 31732#22720: *1 WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025
=== === ===

Tried under both admin and regular user.

Any further ideas how to get it fixed please?


Thank you,
Yury
________________________________
From: Sergey Brester <serg.brester@sebres.de>
Sent: Wednesday, February 12, 2020 1:51 PM
To: Yury Shpakov <yshpakov@hotmail.com>
Cc: nginx-devel@nginx.org <nginx-devel@nginx.org>
Subject: Re: nginx for Windows - WSASend() socket error 10057


I answered inline...

12.02.2020 18:59, Yury Shpakov wrote:

Hi Sergey,


Thank you for you response.

I tried netstat /nabo and I don't see any reference to port 9000 at all.
So a problem is to make nginx to listen on port 9000 (as server)?
Or nginx is not listening on port 9000 but rather sending requests to port 9000 (as client)?
With setting of `auth_http`, you are defining an URL to the service responsible for authentication (and upstream choice).
Of course then you should have something that would response to the auth-requests (your own upstream, or some nginx location, or some "foreign" http-server).

See https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ for more examples.
Maybe it's easier not to use auth_http at all? I was trying to remove it from configuration file but nginx was not happy.

I have my own auth-module so I don't know how it can be solved in stock-nginx without this directive.

Take a look here - https://serverfault.com/questions/594962/nginx-understanding-the-purpose-of-auth-http-imap-proxy - you can use some nginx location (and internal URL to same nginx instance) to specify that.

Anyway it is recommended to use some auth (on nginx side), because it'd preserve the resources of mail-servers, allow you to authenticate email clients with same user/password for all mail-servers (smtp, imap, pop3, etc) as well as the same user/pwd as for some other http-services. And it is used to choose an upstream server (if multiple) for the email processing.

At this point I don't need any authentication. I was told by my boss to use nginx for load testing of our service sending emails (SMTP client). I've got some SMTP Server and nginx would be used as SMTP proxy because it allows to set up delays.
Well, an auth request to some nginx-location would allow you to set up delays even on authentication phase.
And take into account that I REMOVED "--with-http_ssl_module" from parameters when I was building nginx.

And you advised to download some nginx.exe files but I believe they were built without "--with-mail" parameter (which I need).
Although, it was compiled with "--with-mail" (you can see all parameters in provided GH-linkhttps://github.com/sebres/nginx/releases/tag/release-1.13..0)
But it would not help, because basically your issue seems to be the configuration (not the nginx.exe).

Thank you,
Yury

________________________________
From: Sergey Brester <serg.brester@sebres.de>
Sent: Wednesday, February 12, 2020 7:38 AM
To: nginx-devel@nginx.org <nginx-devel@nginx.org>
Cc: Yury Shpakov <yshpakov@hotmail.com>
Subject: Re: nginx for Windows - WSASend() socket error 10057

It looks like your service defined in auth_http doesn't answer (or no listener on 127.0.0.1 port 9000?)...

try netstat (in cmd as admin):

netstat /nabo
netstat /nabo | grep -A 1 ":9000\b"

and check whether the listener on port 9000 is bound to 127.0.0.1 (or it is 0.0.0.0 only?) and it is the process you expect to see there (can be "reserved" by some other windows-service).

additionally try to telnet or curl it:

curl -H "Auth-Method: plain" -H "Auth-User: user" -H "Auth-Pass: pwd" -H "Auth-Protocol: imap" -H "Auth-Login-Attempt: 1" -i http://127.0.0.1:9000/cgi-bin/nginxauth.cgi

if it does not answer, make another attempt by replace 127.0.0.1 with 0.0.0..0 (or a host-name).

If it answers - see whether it is the expected response (some examples of good and bad responses are described in http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html).

But I guess if WSASend fails, it would probably (unexpected) reject the connection during the send (or even connect) process.
It can be also invalid (unexpected) content-length in keep-alive connect to auth-upstream - so send but still receive is expected (or vice versa).

Also follow this forum topic addressing similar issue: https://forum.nginx.org/read.php?2,257206,257207#msg-257207

Anyway it doesn't look to me like an issue of nginx (regardless windows or not), but you can also try some other ready build (for example on my GHhttps://github.com/sebres/nginx/releases/tag/release-1.13.0 - nginx.ziphttps://github.com/sebres/nginx/files/2246440/nginx.zip, where it works well).

Regards,
Sergey

12.02.2020 03:01, Yury Shpakov wrote:

Hi there,
Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to:
http://nginx.org/en/docs/howto_build_on_win32.html
But excluded (don't care about SSL at this point so don't want to install/configure Perl now):
--with-openssl=objs/lib/openssl-master \
--with-openssl-opt=no-asm \
--with-http_ssl_module \
And added:
--with-mail
nmake was successful and nginx.exe was created.
However nginx.exe keeps failing with the error:
WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025
Windows API says the following about this error:

WSAENOTCONN
10057

Socket is not connected.
A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using sendtohttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sendto) no address was supplied. Any other type of operation might also return this error—for example, setsockopthttps://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-setsockopt setting SO_KEEPALIVEhttps://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive if the connection has been reset.
https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docshttps://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid.
docs.microsoft.com
Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values.
Any recommendation for me to make it work?
Tried to play with config (commenting/uncommenting):
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
mail {
server_name localhost;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
# auth_http none;
smtp_auth none;
# smtp_auth login plain cram-md5;
# smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
xclient off;
server {
listen 8025;
protocol smtp;
proxy on;
proxy_pass_error_message on;
}
}
Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports.
Thank you,
Yury


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org<mailto:nginx-devel@nginx.org>http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Failed disk + proxy_intercept_errors

February 14, 2020, 1:14 am
$
0
0
Thanks a lot for your response.
From what you are saying I understand another option:

current server section - Server A
copy the same configuration and use some other spare drive as a proxy_cache_path configure that as - Server B

Configure both server sections to listen on unix socket instead of network.

Create a third server C configuration that will listen on network and will proxy_path to Server A with proxy_intercept_errors on and error_page served from location that will proxy_path to Server B.

Is something like this supposed to work? Or it would be better to have the there completely independent configuration (like to use some other software for server C).

(I'm asking because I did something like that i the past and it broke a bad way. It started serving 500 to everyone. I kind of fear to try it in production again.)
Viewing all 53287 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>