Nginx Forum - Ideas and Feature Requests What youd like to see in nginx http://www.ldmicj.icu/list.php?10 Mon, 30 Nov 2020 05:31:28 -0500 Phorum 5.2.16 http://www.ldmicj.icu/read.php?10,289644,289644#msg-289644 constants (no replies) http://www.ldmicj.icu/read.php?10,289644,289644#msg-289644 I have almost 33 server blocks where i put the following code:

include  /home/ubuntu/www/nginx/proxy/rewrite;

what i would like to do, is:

const php_rewrite "/home/ubuntu/www/nginx/proxy/rewrite";
server {
    include  php_rewrite;
}

I know i could do that if php_rewrite is located at /etc/nginx folder, but that's not the case.
Thanks]]>
thmel Ideas and Feature Requests Sun, 04 Oct 2020 11:14:55 -0400
http://www.ldmicj.icu/read.php?10,289416,289416#msg-289416 To modify the 301 redirect HTML body of NGINX (no replies) http://www.ldmicj.icu/read.php?10,289416,289416#msg-289416

I know it sounds really presomptuous. so, let's dive into the deep.

So, when you perform the following:

jojo@DESKTOP-IRG1A6S:~$ curl http://www.ldmicj.icu
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.17.5</center>
</body>
</html>

In June 2014, RFC7231 from IETF mentionned that:

The server SHOULD generate a Location header field in the response
containing a preferred URI reference for the new permanent URI. The
user agent MAY use the Location field value for automatic
redirection. The server's response payload usually contains a short
hypertext note with a hyperlink to the new URI(s).

Reference:
https://tools.ietf.org/html/rfc7231#section-6.4.2



As you saw before the HTML body of Nginx does not mention the destination URL in the 301 redirect which should be something like <a href="https://forum.nginx">here</a> (see example of apache at the bottom)


This RFC follows another older RFC (deprecated):
https://tools.ietf.org/html/rfc2616#section-10.3.2
The new permanent URI SHOULD be given by the Location field in the
response. Unless the request method was HEAD, the entity of the
response SHOULD contain a short hypertext note with a hyperlink to
the new URI(s).


I did an experiment and I found that Googlebot has a problem with the Nginx redirections because the Googlebot code expects the destination URL in the HTML body of the 301 redirect. On the other hand, I think that if the HTML body is empty, googlebot likes it and it relies on the location field for redirection.

There are two options, either to delete the whole HTML and rely on the location field only or add the destination URL in the HTML body.

I have noticed that twitter.com and facebook.com chose to delete the HTML body of their 301 redirect.
if you perform a "curl http://twitter.com" or a "curl http://facebook.com" it does not return anything. It means that the HTML body is empty for a 301 redirect from those websites.

FOr reference, the HTML body of Apache 301 redirect is like this:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://xx/">here</a>.</p>
<hr>
<address>Apache Server at xx.com Port 80</address>
</body></html>]]>
bloupbloup Ideas and Feature Requests Mon, 14 Sep 2020 02:57:46 -0400
http://www.ldmicj.icu/read.php?10,288923,288923#msg-288923 Container-to-container proxying with NGINX for Docker (no replies) http://www.ldmicj.icu/read.php?10,288923,288923#msg-288923
http://

Here's why. When NGINX is running in a Docker container it would be cool if it could proxy to neighboring Docker containers directly.

For example, if MyCoolWebApp is the name of a container its DNS name (internally) will also be MyCoolWebApp and it will be able to be accessed (internally) by another container at http://MyCoolWebApp.

Note: Both containers must be on the same user-defined network (Docker's built-in default network doesn't have DNS enabled, I think).

If that other container is an NGINX reverse proxy I would love if it could do this...

server {
location /somevalue/ {
proxy_pass http://; # <- http:// is currently invalid and produces a startup error
}
}

Then, quite simply (in theory), an NGINX container could serve as a reverse proxy for other containers.

Orig URL: http://myreverseproxy/somevalue/MyCoolWebApp
Proxy URL: http://MyCoolWebApp

Regards,

Carl T.]]>
Carl T. Ideas and Feature Requests Thu, 30 Jul 2020 12:59:00 -0400
http://www.ldmicj.icu/read.php?10,288438,288438#msg-288438 fips compliance and nginx (1 reply) http://www.ldmicj.icu/read.php?10,288438,288438#msg-288438
I am investigating FIPS compliance for our platform. nginx is one of the components and we use nginx 1.15.1. I found the documentation about nginx plus being FIPS compliant

"When NGINX Plus is executed on an operating system where a FIPS‑validated OpenSSL cryptographic module is present and FIPS mode is enabled, NGINX Plus is compliant with FIPS 140-2 with respect to the decryption and encryption of SSL/TLS and HTTP/2 traffic." Quoting from https://docs.nginx.com/nginx/fips-compliance-nginx-plus/

Does this apply to open source nginx as well? I did not find any documentation for the open source version.

Thanks in advance.

Manoj]]>
mguglani-sp Ideas and Feature Requests Mon, 22 Jun 2020 18:52:34 -0400
http://www.ldmicj.icu/read.php?10,287710,287710#msg-287710 nginx ftp alg module (no replies) http://www.ldmicj.icu/read.php?10,287710,287710#msg-287710
I developed a ftp alg module for the stream module. It works for the scenarios where the ftp alg is needed.

Welcome to have a try and any suggestions. are welcome.

Thanks.

https://github.com/pei-jikui/nginx-alg]]>
jikui Ideas and Feature Requests Sat, 18 Apr 2020 22:34:51 -0400
http://www.ldmicj.icu/read.php?10,286824,286824#msg-286824 nginx for mail proxy with oauth 2.0 (no replies) http://www.ldmicj.icu/read.php?10,286824,286824#msg-286824 sonam Ideas and Feature Requests Sun, 26 Jan 2020 23:57:44 -0500 http://www.ldmicj.icu/read.php?10,286777,286777#msg-286777 expose tls-unique value (no replies) http://www.ldmicj.icu/read.php?10,286777,286777#msg-286777
I suggest urlencoding the value.


Use case:

Implementing RFC-7030 EST requires knowledge of the TLS-unique value of the associated TLS connection. https://tools.ietf.org/html/rfc7030#section-3.5


I would like to implement this protocol behind an NGINX reverse proxy, and I want NGINX to do the TLS termination. Currently I cannot do that because while NGINX does expose the ssl client certificate, it does not yet expose the tls-unique value of the connection.]]>
rogierschouten Ideas and Feature Requests Tue, 21 Jan 2020 08:09:52 -0500
http://www.ldmicj.icu/read.php?10,286393,286393#msg-286393 Allow Certs/Key stored in Keyvals to use wildcards (no replies) http://www.ldmicj.icu/read.php?10,286393,286393#msg-286393 bauer3139 Ideas and Feature Requests Tue, 03 Dec 2019 12:40:20 -0500 http://www.ldmicj.icu/read.php?10,286373,286373#msg-286373 Sendfile for Stream Module (no replies) http://www.ldmicj.icu/read.php?10,286373,286373#msg-286373
I am building high performance reverse proxy solution and would love to tune nginx to the maximum. I can see that http module provides sendfile directive that prevents single kernel to user space jump. Is there a similar directive present for stream module as well? My reverse proxy solution is agnostic of Layer 7 protocol.

Thanks,
Nalin]]>
nalgoel Ideas and Feature Requests Fri, 29 Nov 2019 22:32:07 -0500
http://www.ldmicj.icu/read.php?10,286154,286154#msg-286154 Accessing local servers using local IP as sufix to public IP (2 replies) http://www.ldmicj.icu/read.php?10,286154,286154#msg-286154
So let's say if my public IP is 111.111.111.111 and I have a webserver at home with a local ip 192.168.1.5, I could access the port 80 by typing:

http://111.111.111.111/192.168.1.5
or
http://111.111.111.111/192_168_1_5]]>
ahakobyan Ideas and Feature Requests Sat, 16 Nov 2019 04:32:34 -0500
http://www.ldmicj.icu/read.php?10,286147,286147#msg-286147 SSR module (no replies) http://www.ldmicj.icu/read.php?10,286147,286147#msg-286147
Recently, nginx is becoming the gold standard for running static websites (and reverse-proxy)...

And, the frontend frameworks and technologies like Vue / React, as you know, are focusing on CSR (client-side rendering).

I'm sure all frontend developers are struggling to add SSR (server-side rendering) feature for SEO and faster loading in their applications.

It would be so great to have an easy to use nginx module that supports SSR out-of-the-box.]]>
Yaser Ideas and Feature Requests Fri, 08 Nov 2019 07:13:12 -0500
http://www.ldmicj.icu/read.php?10,285425,285425#msg-285425 r.variables and r.headersIn not iterable (no replies) http://www.ldmicj.icu/read.php?10,285425,285425#msg-285425
I would appreciate if Object.entries() would work on those "external" objects that basically present themselves as arrays.
Alternatively, some form of iteration (enumerating the keys) would also suffice.

Cheers,
--j.]]>
j94305 Ideas and Feature Requests Wed, 28 Aug 2019 08:51:34 -0400
http://www.ldmicj.icu/read.php?10,285397,285397#msg-285397 Inconvenience with complete keyval zone updates (no replies) http://www.ldmicj.icu/read.php?10,285397,285397#msg-285397
The POST operation only allows a list of entries to be specified if the map is empty.

In order to simplify updates of complete mappings, one would have to either use DELETE to clear the map and then POST with multiple entries to upload the desired list, or use a Javascript handler to run through the list of pairs to set, and then remove any items that were in the original map, but are not supposed to be there in the new map.

This creates unnecessary complexity in my opinion - apart from that, there are issues with race conditions or with the map being temporarily empty between the steps of DELETE and POST. An atomic update of maps should be supported independent of whether they are empty or now. When such updates occur, they should also immediately be propagated if "sync" is specified.

Therefore, I suggest to drop the limitation of only supporting single tuples in POST requests if the map is not empty.

Cheers,
--j.]]>
j94305 Ideas and Feature Requests Sun, 25 Aug 2019 10:03:52 -0400
http://www.ldmicj.icu/read.php?10,285396,285396#msg-285396 Bug with keyvals and Javascript? (no replies) http://www.ldmicj.icu/read.php?10,285396,285396#msg-285396
keyval_zone zone=session:2m timeout=1d sync state=/var/run/nginx/state/session.json;
keyval $user_id $map_session zone=session;

I can read entries in Javascript functions, provided $user_id is set, like this:

var value = r.variables.map_session;

and assign new values:

r.variables.map_session = newValue;

However, while usually one can also write variable references r.variables.foo as r.variables["foo"], this does not work for references handled by keyval mappings.

I am not sure whether this is a bug or intentional, but if you want to create a function that takes the name of a map and updates its entries (e.g., from a file or a sub-request), it would certainly come handy to be able to refer to an entry by specifying

var key = "map_" + mappingName;
r.variables[key] = newValue;

This does not work in nginx/1.15.10 (nginx-plus-r18-p1).

Cheers,
--j.]]>
j94305 Ideas and Feature Requests Sun, 25 Aug 2019 09:56:45 -0400
http://www.ldmicj.icu/read.php?10,284888,284888#msg-284888 proxy_ssl_verify on for raw IP (no replies) http://www.ldmicj.icu/read.php?10,284888,284888#msg-284888
Unbound dns server is quite slow for forwarding dns over tls to public DNS.
I think it lacks tls connection reuse function.

I am trying to use nginx as DoT accelerator.
client -> (udp/tcp 53) -> unbound -> (tcp 10053) -> nginx -> (tls 853) -> Cloudflare/Google public DNS
Below configuration runs well with 'proxy_ssl_verify off' :
---
stream {
upstream public_dns_over_tls {
server [2606:4700:4700::1111]:853; # CloudFlare primary
server [2606:4700:4700::1001]:853; # CloudFlare secondary
server [2001:4860:4860::8888]:853; # Google primary
server [2001:4860:4860::8844]:853; # Google secondary
server 1.1.1.1:853 backup; # CloudFlare primary
server 1.0.0.1:853 backup; # CloudFlare secondary
server 8.8.8.8:853 backup; # Google primary
server 8.8.4.4:853 backup; # Google secondary
}
server {
listen 10053;
proxy_pass public_dns_over_tls;
proxy_ssl on;
proxy_ssl_session_reuse on;
proxy_ssl_verify off;
# proxy_ssl_verify on;
# proxy_ssl_verify_depth 2;
# proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
# error_log /var/log/nginx/dns-error.log debug;
}
}
---

But above configuration does not work with 'proxy_ssl_verify on'.
It seems that nginx check proxy certificate by x509_check_host() only.
I think nginx should use X509_check_ip()
when 'proxy_ssl_veriy on' and proxied server address is designated by IP address.

Thank you.]]>
yusk Ideas and Feature Requests Wed, 17 Jul 2019 11:31:13 -0400
http://www.ldmicj.icu/read.php?10,284854,284854#msg-284854 how to restart quickly in /etc/init.d (no replies) http://www.ldmicj.icu/read.php?10,284854,284854#msg-284854
Actually, I need to restart my nginx (/etc/init.d/nginx restart) for my own web-development work. I'm using ubuntu 16.04, nginx web-server, php7-fpm system. When I change any modification in php prg files, I need to restart nginx service command by running php ../../file_name.php (or) sh -x shell.sh.

But I cant restart the nginx within php / sh files except terminal / cron job. Could anyone suggest me how to restart nginx quickly within php / sh / any way without interrupting nginx.conf and php files.



Lot of Thanks in advance..





Regards
Marimuthu A
Developer]]>
marimuthu Ideas and Feature Requests Mon, 15 Jul 2019 10:04:16 -0400
http://www.ldmicj.icu/read.php?10,284759,284759#msg-284759 limit_req per upstream server (1 reply) http://www.ldmicj.icu/read.php?10,284759,284759#msg-284759
i already use limit_req location based with a long burst, so the connection doesnt get dropped. But if you have a pool of backends (proxy, fastcgi, ..), it would be useful to limit the requests per upstream server, to avoid building strange configurations with multiple locations or servers.

Thanks!]]>
FreakaZ Ideas and Feature Requests Thu, 04 Jul 2019 16:18:34 -0400
http://www.ldmicj.icu/read.php?10,284678,284678#msg-284678 allow `error_page 200` to avoid the need for a teapot (1 reply) http://www.ldmicj.icu/read.php?10,284678,284678#msg-284678
```
[emerg] value "200" must be between 300 and 599
```

I made a workaround using a teapot. I'm explaining myself:

In the past we had our website available on both HTTP and HTTPs, and the website domain name was www.unvanquished.net, but we now switched to HTTPs only (with a redirect from HTTP to HTTPs) and switched the domain name to unvanquished.net (with a redirect from www prefix).

But, we have some software out there that fetches http://www.unvanquished.net/?json=get_recent_posts
This page now redirects to https://unvanquished.net/?json=get_recent_posts instead but the bad thing is that the software does not handle redirects so it fails to fetch the data. Basically it's like using curl without -L option.

Since the data is fetched using a GET query on a non-specific location I can't use a location block. I have to use the `if` instruction which is evil according to https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ which says “The only 100% safe things which may be done inside if in a location context are: return ...; rewrite ... last;?

So, since rewrite was not an option (client does not handle redirects) I had to use return. Since all pages but the one we talk about are redirected with a 301 redirect I had the idea to return the 200 HTTP code and tell NGINX to use a special location block when 200 is raised.

But then I got the “[emerg] value "200" must be between 300 and 599?error. So I used another error code instead, and to be sure to not use an error code that may be raised by the server without having to serve a file, I used the 418 “I'm a teapot?error code. I also used some trick to be sure the client get the 200 code in fine.

This is an abstract of the NGINX configuration file:

```
# Serve the website itself
server {
listen 443 ssl;
listen [::]:443 ssl;

server_name unvanquished.net;

root /path/to/the/website;

index index.php index.html index.htm default.html default.htm;

# more specific configuration
# php-fpm stuff etc.
}

# Redirect HTTP to HTTPs
server {
listen 80;
listen [::]:80;

server_name unvanquished.net;

location / {
rewrite ^(.*)$ https://unvanquished.net$1 permanent;
}
}

# Redirect www.unvanquished.net to unvanquished.net
server {
listen 80;
listen 443 ssl;
listen [::]:80;
listen [::]:443 ssl;

server_name www.unvanquished.net;

location / {
# updater does not support redirect
# but we now redirect HTTP to HTTPs
# and www.server_name to server_name
# by default, so we have to serve
# this content with a teapot
if ($arg_json = get_recent_posts) {
return 418;
}

rewrite ^(.*)$ https://unvanquished.net$1 permanent;
}

error_page 418 =200 @teapot;

location @teapot {
proxy_set_header Host unvanquished.net;
proxy_pass https://localhost:443;
}
}

```

Note that I used a proxy_pass on this NGINX instance as a hack to not have to duplicate the complex configuration the website has (php stuff etc.) but it would have worked if I duplicated the website config instead of that proxy hack.

It's ugly, but it works. Thanks to the =200 syntax the returned error code is 200 even if I use the 418 to branch to that given location. Our software was able to fetch the content even with a 418 error code but I used the =200 syntax to be sure to return 200 and be compliant with HTTP protocol.

Why can't we use 200-299 codes in NGINX? In my case it would have been legit.

Thanks to RFC 2324 I was able to not hijack an error code NGINX would legitimately use, and used a teapot instead.]]>
illwieckz Ideas and Feature Requests Wed, 28 Aug 2019 08:59:22 -0400
http://www.ldmicj.icu/read.php?10,284123,284123#msg-284123 Implement brotli static module natively (no replies) http://www.ldmicj.icu/read.php?10,284123,284123#msg-284123 It serves best for text-based static resources compression.
Brotli is now widely available in our browsers, and I think it's relevant for nginx to provide the static support ( https://trac.nginx.org/nginx/ticket/798 ).
The http_brotli_static module could be a great addition in the official nginx binaires.

Thanks]]>
BillyBobBaker Ideas and Feature Requests Fri, 10 May 2019 14:10:41 -0400
http://www.ldmicj.icu/read.php?10,283436,283436#msg-283436 Add Secure flag to cookies (no replies) http://www.ldmicj.icu/read.php?10,283436,283436#msg-283436
```
proxy_cookie_set_flags JSESSIONID Secure HttpOnly;
```

This is very useful. For example, when we use NGINX as HTTP terminal, the backend shall not set the Secure flag, or it won’t work in development environment. (Development environment typically don’t have TLS certificates.) Current work-around is described in

https://unix.stackexchange.com/questions/306463/nginx-add-secure-flag-to-cookies-from-proxied-server

which is unfortunate. The number of upvotes and comments in that question explains how useful this feature is.]]>
Franklin Yu Ideas and Feature Requests Tue, 19 Mar 2019 23:00:18 -0400
http://www.ldmicj.icu/read.php?10,282877,282877#msg-282877 Client Authentication - do not validate client certificate flags, only it's CA... (no replies) http://www.ldmicj.icu/read.php?10,282877,282877#msg-282877
I'm using Nginx with client auth (auth-tls-verify-client: on) and a ca client client list (auth-tls-secret: ca.crt)

Nginx ask my for my client smartcard certificate, I can send the certificate, but then:
400 Bad Request
No required SSL certificate was sent

What's the problem: my smartcard certificate is from "carta nazionale dei servizi" is an italian procedure, and the certificate format in Italy have legal value, but it cannot be validated by Nginx.

All works on Apache, but well, It's not the same :-) :PPP
So if in the future this check could be removed it could be useful for a whole nation :-D

thanks..]]>
naarani Ideas and Feature Requests Thu, 31 Jan 2019 14:24:32 -0500
http://www.ldmicj.icu/read.php?10,282644,282644#msg-282644 Need NGINX Configuration Rule (1 reply) http://www.ldmicj.icu/read.php?10,282644,282644#msg-282644
I am very new to the NGINX so , some of you may find my query very basic, but please do help me .

We have 2 boxes

1. Gateway - where NGINX is running and which is exposed to public INTERNET and where we want to setup reverse proxy.

2. Application Server where my web server is running and its with PrivateIP only exposed to NGINX

So any request, which comes to NGINX should be routed to my Web Application. So I wanted to setup reverse proxy
in such a way that if someone hits

<Gateway_URL>/proxypath/xxxx/yyyy

it should get translated to <private_web_server_URL>/xxxx/yyyy

So please help me to find the reverse proxy configuration rule in NGINX, which should be dynamic for any request which come with <Gateway_URL>/proxypath/anypattern get translated to <private_web_server_URL>/anypattern,
In short part '<Gateway_URL>/proxypath/' in the URL should replace with '<private_web_server_URL>/' by keeping other part same.]]>
DeepakIngwale Ideas and Feature Requests Tue, 19 Mar 2019 22:51:30 -0400
http://www.ldmicj.icu/read.php?10,280905,280905#msg-280905 One-Packet Scheduler (1 reply) http://www.ldmicj.icu/read.php?10,280905,280905#msg-280905
we are using Nginx to load-balance UDP-based DNS queries to a number of upstream servers. The client side, which is not under our control, often uses fixed UDP source ports to avoid overloading stateful firewalls.

Before version 1.15 of Nginx every query packet was usually forwarded to a different upstream, but with version 1.15 of Nginx this no longer seems to be possible because of this feature:

" *) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session."

While we understand, that it is a great improvement for many UDP based applications, for us it is causing uneven distribution of DNS queries/work load to upstreams.

Our request would be to add a possibility to retain to the former behaviour. LVS/Ipvadm calls it "one-packet scheduler". The suggestion would be a configuration switch to modify the session behaviour, so that every request packet could be forwarded to a different upstream.

Thank you for providing this excellent software!

Best Regards,
Patrick Beckmann

tyntec GmbH, Germany]]>
patrickb Ideas and Feature Requests Wed, 15 Jan 2020 05:37:17 -0500
http://www.ldmicj.icu/read.php?10,280171,280171#msg-280171 Request timeout (no replies) http://www.ldmicj.icu/read.php?10,280171,280171#msg-280171
I haven't tried yet, but I'm looking for feature to limit whole request time. Currently I see only between-bytes timeouts, which is not enough. nginx is now vulnerable to slowloris attacks (attacker "only" need to open worker_connections * worker_processes connections).

Is anyone working or will work in near future (3-6 months) on such feature?]]>
misiek Ideas and Feature Requests Mon, 18 Jun 2018 15:09:41 -0400
http://www.ldmicj.icu/read.php?10,280068,280068#msg-280068 RPM repository for Fedora (no replies) http://www.ldmicj.icu/read.php?10,280068,280068#msg-280068 Could you, please, also provide repository for Fedora, in addition to the CentOS and RH?
Currently, the latest version in official Fedora 28 repo is 1.12, that is pretty old.]]>
zdm Ideas and Feature Requests Wed, 06 Jun 2018 14:12:47 -0400
http://www.ldmicj.icu/read.php?10,278818,278818#msg-278818 Nginx documentation in french / Documentation Nginx en français (no replies) http://www.ldmicj.icu/read.php?10,278818,278818#msg-278818 I'm discovering nginx those days using the website nginx.org and its documentation.
I've noticed that there is no french version of it and I'm wondering if there is such a version somewhere (that I didn't find), if a french version is currently on its way but not finished or if the job needs to be done.
In the case that some help is needed, I'd be glad to know where I can help translate the documentation (at least).
Thanks a lot,

Léo

/

Bonjour !
Je découvre nginx ces jours-ci via le site nginx.org et sa documentation.
J'ai remarqué que ce dernier n'existe pas en version française et me demande donc si une telle version existe quelque part (auquel cas, je ne l'ai pas trouvée), si la version en question est en chantier ou si rien n'a été fait pour le moment.
Dans les cas où il y a besoin d'un coup de main, je serais ravi de savoir où je pourrais aider à la traduction de la documentation (au moins).
Merci bien !

Léo]]>
leoboudet Ideas and Feature Requests Tue, 27 Feb 2018 19:26:43 -0500
http://www.ldmicj.icu/read.php?10,278801,278801#msg-278801 Transcode - Package - NGINX Origin (no replies) http://www.ldmicj.icu/read.php?10,278801,278801#msg-278801
I have a transcoder and my intention is to stream VOD ad Live stream coming through the transcoder to be delivered in Intranet using NGINX.

Here Do I need Wowza kind of packager in between the transcoder and nginx for live stream delivery.

Regards

VJ]]>
vijaykishan Ideas and Feature Requests Tue, 27 Feb 2018 09:46:55 -0500
http://www.ldmicj.icu/read.php?10,276610,276610#msg-276610 Option to allow start with DNS upstream issue (no replies) http://www.ldmicj.icu/read.php?10,276610,276610#msg-276610 mblancett Ideas and Feature Requests Thu, 28 Sep 2017 15:44:08 -0400 http://www.ldmicj.icu/read.php?10,276519,276519#msg-276519 "variables" in configuration (2 replies) http://www.ldmicj.icu/read.php?10,276519,276519#msg-276519 First off, I'm very new to nginx. I've been using Apache for many years (since 1997 I think), but started moving to nginx a few days ago.

I had a go at it around a month ago, but due to too many difficulties, I gave up.
Since a friend convinced med that nginx is the way to go, I tried again and got it working with Perl CGI scripts, so I can move my servers.

The suggestion ...
As I'm new, I think it's important to catch my first-time experience.
Since I have many sites on Apache, I'd like to simplify configuration and make it short.
Fortunately, nginx is made in such a way that normal configuration is real short.
-But if you have 60 web-sites that is configured in almost the same way (apart from the subdomain or domain name and a few environment variables), then it's cumbersome to create a configuration file for each site.
Generating configurations for each site also introduces a lot of redundancy; now you have two configuration files per site; one to feed to the script for defining the actual configuration and one output from the script, which is fed into the server.
The configuration files that are fed into the server are of course 'expanded' and thus use a little more space than the templates. Also it's confusing having two configuration files per site. Debugging and fixing errors is a little more complicated than just having one file, which is expanded using the built-in 'include' directive.

As many others, I started looking at using 'set' for shortening the configurations.
I know that at this moment you're thinking: "This is wrong", and you're perfectly right.
Variables are evaluated at runtime, which means they'll slow down the performance of the server.

-But what if we had something similar to variables.
-Something close to '#undef + #define' in the C-pre-processor.

Such 'macros' need only be processed whenever nginx is reloading the configuration.
They would need to be applied for each 'include' directive (treating the configuration itself as an include file).
-Thus they would be applied before any actual parsing of the configuration occur (as I expect that include is; I haven't looked at the sources, though).

The directive could be named 'macro', 'string', 'const', 'constant', 'absolute', 'replace' or whatever else you'd like.
Personally I think that 'string' would be the best name, because it would be a string, but it would be allowed to re-define it after first time it's defined.
It could have almost the same syntax as the 'set' directive, but the way it would work is quite different.
The directive searches through the text and replaces any occurrences of the found 'name' by the parameter given as 'value'.
Let's say the chosen name for the directive is 'string' and that it has the following syntax:
string name value;

Each time such a 'string' directive is encountered, the macro-expander is applied on the value.
After that, the value is placed in a key-value dictionary (and of course ... name is the key, the expanded value is the value).
Whenever a '$' is encountered, the name would be looked up in the dictionary. If it's found, it'll be replaced with the corresponding value.

Pseudo-code (sorry, the indentation didn't make it):
for all lines {
current = here; /* save current position */
(token, name, value) = nextToken(here);
if(token == "}")
{
dictionary = pop();
}
else if(token == "{")
{
push(dictionary); /* duplicates it */
}
else if(token == "include")
{
insertFile(name, here); /* oversimplified for this example. */
}
else if(token[0] == '$')
{
value = dictionary.lookup(token);
if(value)
{
here = replace(current, name, value); /* replace the found token by the value and point 'here' after the inserted string */
}
}
else if(token == "string")
{
value = macroExpand(dictionary, value);
dictionary.add(name, value);
}
}

The example given below is using the '$' prefix; I am aware that this is probably not a good prefix; I've done this for making it easy to see where I'm going. The prefix could be anything that is 'available' as prefix.

in http section:
# The server root; I'm calling it $home; as it would make sense to set it to nginx's home directory.
string $home "/www";

in server section:
string $domain example.com;
include /etc/nginx/snippets/each-site.conf;

in snippets/each-site.conf:

string $site $home/$domain;
string $cgi_root $site/CGI-Executables;
string $cgi_data $site/CGI-Data;
string $cgi_data $site/Sites;

server {
server_name $domain www.$domain;
access_log $site/Logs/access.log;
error_log $site/Logs/error.log;
...
... other settings ...
...
}

I would of course very much like a 'string' directive like mentioned above. I do not know if it's possible or if there are things, that would make it difficult to implement in nginx.

Another solution could be to add parameters/arguments to the include directive:
include /etc/nginx/snippets/each-site.conf /www example.com Sites CGI-Executables CGI-Data;
... and define "macros" using $1, $2, $3, $4 ... like in Bash. It would get the job done, but I think it would be less elegant.
The advantage would be that it reduces the configuration per site to one line each.

I know there's been many people asking about how to use variables for the configuration (for instance in server_name), and I know that it's not over; there will be many more as time passes.
I believe the solution is to have something that's parsed once only during loading the configuration - like a simple 'find' / 'replace' feature.
The suggested macro-expander is simple, light-weight and yet quite powerful. I'm using a similar one in some of my own applications and have grown quite fond of using it.]]>
pacman Ideas and Feature Requests Wed, 27 Sep 2017 00:44:40 -0400
http://www.ldmicj.icu/read.php?10,276490,276490#msg-276490 auth_request_module разрешить больше кодов ответа (no replies) http://www.ldmicj.icu/read.php?10,276490,276490#msg-276490 Было бы неплохо разрешить дополнительные коды ответа, чтобы можно было в зависимости от них, используя error_page, передавать обработку запроса на разные location.]]> Alexey Koscheev Ideas and Feature Requests Sat, 23 Sep 2017 15:40:36 -0400
Žɳ1005app