Nginx Forum - How to... Need help setting up WordPress? Using cgi? Something else? Post it here. http://www.ldmicj.icu/list.php?11 Sun, 22 Nov 2020 12:20:36 -0500 Phorum 5.2.16 http://www.ldmicj.icu/read.php?11,290007,290007#msg-290007 nginx can't create virtual host on port 8080 (no replies) http://www.ldmicj.icu/read.php?11,290007,290007#msg-290007
I've set a virtual host for my domain on port 8080 , below is how the virtual host looks like

server {
listen 8080;
#listen example.com:8080;
server_name example.com www.example.com *.example.com;

location / {
root /var/www/example.com;
index index.html index.htm;
}
}

i've defined the virtual host inside the main nginx configuration file i.e. `nginx.conf`

When i try to access example.com:8080 , the page returns 522 timeout status

8080 is allowed in firewall, i've tried almost everything, i even built nginx from source but still no luck.

When i tail error logs after the page times out, nothing gets logged. N.B i compiled nginx with the `--with-debug` flag to enable logging of almost everything, but still nothing shows up on the logs.

What am i doing wrong ?]]>
salimsaid How to... Thu, 19 Nov 2020 04:34:20 -0500
http://www.ldmicj.icu/read.php?11,289990,289990#msg-289990 New wordpress theme under main subdirectory (no replies) http://www.ldmicj.icu/read.php?11,289990,289990#msg-289990 we try to install another wordpress under subdirectory, but once we click on the tab on new wordpres under subdirectory it will redirect to the root wordpress. please help =(]]> kianyong How to... Mon, 16 Nov 2020 20:10:03 -0500 http://www.ldmicj.icu/read.php?11,289986,289986#msg-289986 how to Remove access_log prefix in syslog (json format) (1 reply) http://www.ldmicj.icu/read.php?11,289986,289986#msg-289986 I wanna try to send access_log via syslog in json format!
this is my configuration!

log_format graylog_format escape=json $request_final_log;
access_log syslog:server=w.x.y.z:port,tag=,nohostname graylog_format;


$request_final_log is a nginx variable which contains my json data at log phase but at final step, I can capture output data which has : character at start of json and I can't remove it. so my json parsing won't be successful and all of double quotation are escaped like : {\"id\":\"a2356\"}
can I remove prefix : character using nginx logs_format or ...?
thanks a lot...
Best,
Hadi]]>
HadiAbbasiProgrammer How to... Tue, 17 Nov 2020 05:18:51 -0500
http://www.ldmicj.icu/read.php?11,289985,289985#msg-289985 sub filter path (no replies) http://www.ldmicj.icu/read.php?11,289985,289985#msg-289985
server {

server_name abc.domain;

location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}


location / {
#subfilter
sub_filter_types text/css text/javascript;
sub_filter path /; //this should send abc.domain/path to abc.domain until user authenticates
sub_filter_once on;]]>
tusill12 How to... Sun, 15 Nov 2020 12:55:21 -0500
http://www.ldmicj.icu/read.php?11,289879,289879#msg-289879 Wordpress - Permanent Redirect for custom post type (no replies) http://www.ldmicj.icu/read.php?11,289879,289879#msg-289879
https://www.domain.com/nightlife/my-same-custom-title1/

to

https://www.domain.com/socialize/my-same-custom-title1/

However, wordpress does not redirect the old custom slug to the new custom slug. How could I write an NGINX to do this?

many thanks!]]>
neodjandre How to... Thu, 05 Nov 2020 13:07:52 -0500
http://www.ldmicj.icu/read.php?11,289875,289875#msg-289875 Chunking Encoding (no replies) http://www.ldmicj.icu/read.php?11,289875,289875#msg-289875
What is the proper way to return an empty chunk for a middle sub-request when chunking encoding is enabled for a NGINX filter?

Suppose a website is encoded into multiple chunks such that our http header/body filter is invoked like this:

Sub-request 1: static ngx_int_t HeaderFilter(ngx_http_request_t *r)
Sub-request 1: static ngx_int_t BodyFilter(ngx_http_request_t *r, ngx_chain_t *in)

Sub-request 2: static ngx_int_t BodyFilter(ngx_http_request_t *r, ngx_chain_t *in)

Sub-request 3: static ngx_int_t BodyFilter(ngx_http_request_t *r, ngx_chain_t *in)

Sub-request 4: static ngx_int_t BodyFilter(ngx_http_request_t *r, ngx_chain_t *in)

If we want Sub-request 2 to return nothing (e.g: We only want to store the input chain of Sub-request 2 to use together during sub-request 3), then what do we return as the output at the end of serving Sub-request 2?

Many thanks!]]>
nhng@ucdavis.edu How to... Tue, 03 Nov 2020 18:12:30 -0500
http://www.ldmicj.icu/read.php?11,289869,289869#msg-289869 Setting up Reverse Proxy Nginx - Plesk (no replies) http://www.ldmicj.icu/read.php?11,289869,289869#msg-289869 For the same subdomain sub.example.com I would like a Node JS application to be served when accessed on port 5683 and a PHP/Laravel Application on all other ports (80 usually for http). Can someone properly guide me how to do so? Setting up additional nginx directives did not work well. In my subdirectory folder I would like to have a folder named 'nodejs' and another folder named 'php' where to host the two different applications.]]> lukegalea16 How to... Tue, 03 Nov 2020 06:37:37 -0500 http://www.ldmicj.icu/read.php?11,289812,289812#msg-289812 Balance load between 2 Nginx reverse proxy (no replies) http://www.ldmicj.icu/read.php?11,289812,289812#msg-289812
i would like to balance incoming requests across 2 or more nginx used as reverse proxy only.

For this reason i am using, in nginx.conf on both nodes, stream directive in this way:

stream {
upstream cluster_nginx {

server 192.168.101.101:8080 max_fails=3 fail_timeout=5s;
server 192.168.101.102:8080 max_fails=3 fail_timeout=5s;
}
server {
listen 8080;
proxy_pass cluster_nginx;
}
}

This not seems to work at all. All request are always served by one nginx.

I do not need zone or zone_sync available on nginx plus.

Any help is appreciated]]>
nagaraja How to... Tue, 27 Oct 2020 13:52:38 -0400
http://www.ldmicj.icu/read.php?11,289805,289805#msg-289805 Redirecting from one URL to another within the same domain (no replies) http://www.ldmicj.icu/read.php?11,289805,289805#msg-289805
I'm trying to test redirects and I've been going through the rewrite documentation but not able to wrap my head around it. I wanted to redirect this URL: https://classbproject.com/contact to this URL: https://classbproject.com/category/guides/. I wrapped my rewrite within a location block but that does not work. What am I missing?

My server config is as shown below:

server {
## Your website name goes here.
server_name classbproject.com;
## Your only path reference.
root /var/www/classbproject;
## This should be in your http block and if it is, it's not needed here.
index index.php index.html index.htm;

error_log /var/log/classbproject_error_log;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}

location /contact/ {
rewrite \/contact\/ \/category\/guides\/ last;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 1d;
log_not_found off;
}

location ~ /\.ht {
deny all;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/classbproject.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/classbproject.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = classbproject.com) {
return 301 https://$host$request_uri;
} # managed by Certbot


server_name classbproject.com;
## Your only path reference.
root /var/www/classbproject;
listen 80;
return 404; # managed by Certbot


}]]>
electrotwelve How to... Tue, 27 Oct 2020 10:38:08 -0400
http://www.ldmicj.icu/read.php?11,289799,289799#msg-289799 Duplicate streams (no replies) http://www.ldmicj.icu/read.php?11,289799,289799#msg-289799
Could you help me with creating a configuration for the duplication stream(not balancing)?

I need to send accounting packets in two directions: the first for the main radius, the second to the accounting server.
The accounting server is only accounting so it should not respond to the accounting packets.

Thanks,]]>
vpeleh How to... Sun, 25 Oct 2020 16:39:42 -0400
http://www.ldmicj.icu/read.php?11,289798,289798#msg-289798 UTF-8 not working. (no replies) http://www.ldmicj.icu/read.php?11,289798,289798#msg-289798 No special characters show up, translates to ??

Will post my Nginx config below:

Please send help!


server { # local


include nginx.mimetypes.conf;


# Enable HTTP/2
listen 80 default_server; #Local / Default Important for local file transfer
listen [::]:80 default_server; #Local / Default Important for local file transfer


# Server Name
server_name localhost;

root "D:\whateversinhere"; # Root Directory

#
location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
autoindex_format json;
charset utf-8;
source_charset utf-8;
override_charset on;
add_header Content-Type application/json;
add_header Content-Type text/json;
auth_basic “Secret?
auth_basic_user_file "C:\WinNMP\conf\basicAuth\.htpasswd";

}

location = /favicon.ico {
log_not_found off;
}
}



mimetype file:




types {
text/html html htm shtml;
text/css css;
text/xml xml;
text
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;

text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;

image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;

font/woff woff;
font/woff2 woff2;

application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;

application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;

audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;

video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}]]>
Shidapu How to... Sun, 25 Oct 2020 15:31:14 -0400
http://www.ldmicj.icu/read.php?11,289746,289746#msg-289746 Disable upstream response buffering nginx (no replies) http://www.ldmicj.icu/read.php?11,289746,289746#msg-289746
> [warn] 16387#16387: *1117 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/1/32/0000000321 while reading upstream, client: 173.245.54.175, server:

this fills up my log files , i want to disable buffering completely ,

i've tried turning proxy_buffering `proxy_buffering off;` but the logs keeps showing that nginx/fastcgi is buffering responses

How do i turn off buffering all together ?]]>
salimsaid How to... Sat, 17 Oct 2020 01:36:32 -0400
http://www.ldmicj.icu/read.php?11,289745,289745#msg-289745 413 Request Entity Too Large nginx/1.18.0 (Ubuntu) (no replies) http://www.ldmicj.icu/read.php?11,289745,289745#msg-289745
nginx.conf
client_max_body_size 200M;

php.ini
upload_max_filesize = 200M
max_file_uploads = 20
Post_max_size = 256M

wp-config.php
@ini_set( 'upload_max_filesize' , '200M' );
@ini_set( 'post_max_size' , '256M' );
@ini_set( 'memory_limit' , 256M' );

Even with these parameters set in the three configuration files I am still getting the message
413 Request Entity Too Large nginx/1.18.0 (Ubuntu)

Can anyone help?]]>
wrknight How to... Fri, 16 Oct 2020 16:23:53 -0400
http://www.ldmicj.icu/read.php?11,289737,289737#msg-289737 Provide insights on nginx reverse proxy with external auth (no replies) http://www.ldmicj.icu/read.php?11,289737,289737#msg-289737
Two issues for this (for which I have found workarounds):

1. I need to use "break;" in the /auth location block. Why?
2. I needed to use a separate variable name for the $proxyurl variable. Why?

Thank you for any insights on this!

[code]
server {
listen 80;
server_name nginx;

location /auth {
internal;
set $proxyurl_auth http://auth:3000;
proxy_pass $proxyurl_auth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
break;
}

location / {
auth_request /auth;
auth_request_set $auth_status $upstream_status;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

set $proxyurl http://api-server:3000;
proxy_pass $proxyurl;
proxy_read_timeout 90;
}
}
[/code]]]>
holst How to... Wed, 14 Oct 2020 08:38:27 -0400
http://www.ldmicj.icu/read.php?11,289727,289727#msg-289727 Nginx reverse proxy for mpeg-ts. Not working. Lighttpd is better than Nginx? (no replies) http://www.ldmicj.icu/read.php?11,289727,289727#msg-289727
I configure VLC to stream via http the multicast stream.

If I go directly to VLC-http (from Smart IPTV on my LG TV, for example), I can see the video with no problems.
If I set nginx as reverse proxy to VLC-http, and I go to nginx, I can see the video starting, but, after about 2 seconds, it stops and start continuously.

The flow received by Smart IPTV is about 11Mbit/s.

My nginx configuration for reverse proxy is:

location /a69514ffd9d53524e240ee023f3463890f799774/camera.ts {
proxy_pass http://192.168.1.44:50001/camera.ts;
proxy_cache off;
proxy_buffering off;
}

Using lighttpd as reverse proxy works, but I would like to use nginx, because I feel confortable with nginx.

Anyway, it seems that for this use case, lighttpd is better than nginx.... :-(

Do you know any setting to optimize reverse proxy to VLC for high throughput (about 11Mbit/s)?

Thanks, regards]]>
lucdig How to... Tue, 13 Oct 2020 03:17:56 -0400
http://www.ldmicj.icu/read.php?11,289692,289692#msg-289692 Cookies are sometimes empty (1 reply) http://www.ldmicj.icu/read.php?11,289692,289692#msg-289692 I'm using a nginx dockerized image with this server block:

server {
listen 80;
listen [::]:80;
server_name localhost;

location / {
add_header Set-Cookie "username=$http_matricola; Domain=localhost; SameSite=Lax; Path=/" always;
root /usr/share/nginx/html;
index index.html index.htm;
}
}

My nginx homepage was modified to do this:

<body>
<h1>Welcome to nginx!</h1>
<script>function listCookies() {var theCookies = document.cookie.split(';'); var aString = ''; for (var i = 1 ; i <= theCookies.length; i++) { aString += i + ' ' + theCookies[i-1] ; } return aString;} console.log(listCookies()); </script>
</body>

I am setting a custom request header via the modheader chrome extention. The odd thing that happens is that if I refresh the page, approximately 25% of the time the cookie is printed with an empty value.

In other words, 75% of the times that I press the page refresh button, it prints the cookie key and value correctly, while the other 25% it prints the cookie key, but with no value next to it. If I open the web console and go to Application and Cookie, the cookie is there and always has the value set, even when it's not printed via javascript.

Is there a race condition between nginx setting the cookie and the javascript printing it?

Thank you very much,
Roberto]]>
Tyler_durden_83 How to... Tue, 13 Oct 2020 08:48:53 -0400
http://www.ldmicj.icu/read.php?11,289669,289669#msg-289669 Calculate latency introduced by NGINX (no replies) http://www.ldmicj.icu/read.php?11,289669,289669#msg-289669 Currently I'm looking at request_time - upstream_response_time but this gets skewed when the connection is slow.
Are there any other options for calculating NGINX latency?
Thank you.]]>
ashwinv2003 How to... Tue, 06 Oct 2020 17:06:50 -0400
http://www.ldmicj.icu/read.php?11,289639,289639#msg-289639 Block X-FORWARDED-FOR IP in nginx (no replies) http://www.ldmicj.icu/read.php?11,289639,289639#msg-289639 ======================

fastcgi_cache_path /mnt/cache/example.com/cache levels=1:2 keys_zone=example.com:100m inactive=30m;
map $http_x_forwarded_for $block {
180.179.124.98 1;
}

server {
server_name example.com;
root /var/www/website;
index index.php;

include modsecurity.conf;
############ Skip Cache #########
set $skip_cache 0;

# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}

# Don’t cache uris containing the following segments
if ($request_uri ~* "/wp-admin/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}

# Don’t use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}

####################################
if ($block) { return 403; }

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wpfpmpool;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache example.com;
fastcgi_cache_valid 30m;

}


location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}

# Logging ?
access_log /var/log/nginx/example.com_custom.access.log;
access_log /var/log/nginx/example.com_custom.access.log main;
error_log /var/log/nginx/example.com_error.log;
}]]>
rahulaggarwal0709 How to... Sat, 03 Oct 2020 06:52:17 -0400
http://www.ldmicj.icu/read.php?11,289622,289622#msg-289622 redirect and add client ip to URI (no replies) http://www.ldmicj.icu/read.php?11,289622,289622#msg-289622
- I want to call: http://my-nginx-instance
- it should answer with: HTTP 301 -> http://final-url/?client_ip=IP_OF_THE CLIENT (with IP_OF?being replaced by the caller’s ip of course)


is that possible? if yes, could someone provide a snippet? please dont ask why, it’s a workaround for an internal app’s limitation.


thanks in advance!
axel.]]>
flypenguin How to... Wed, 30 Sep 2020 16:30:36 -0400
http://www.ldmicj.icu/read.php?11,289607,289607#msg-289607 cant get https (no replies) http://www.ldmicj.icu/read.php?11,289607,289607#msg-289607 I do not know what is wrong.
thanks

[9/29/2020] [11:44:37 PM] [Nginx ] ?? info Reloading Nginx
[9/29/2020] [11:44:37 PM] [SSL ] ?? info Requesting Let'sEncrypt certificates for Cert #30: nextcloud.cosasdejorge.cyou
[9/29/2020] [11:44:51 PM] [Nginx ] ?? info Reloading Nginx
[9/29/2020] [11:44:51 PM] [Express ] ?? warning Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-30" --agree-tos --email "xxxxxxxx@gmail.com" --preferred-challenges "dns,http" --domains "xxxx.xxxdejxxxe.cyou"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.xxxdejxxxe.cyou
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain xxxx.xxxdejxxxe.cyou
http-01 challenge for xxxx.xxxdejxxxe.cyou\
Cleaning up challenges
Some challenges have failed.]]>
jorgeg73 How to... Tue, 29 Sep 2020 19:56:58 -0400
http://www.ldmicj.icu/read.php?11,289570,289570#msg-289570 Nginx proxy_cache_min_use Feature (1 reply) http://www.ldmicj.icu/read.php?11,289570,289570#msg-289570
I am working on a fairly complex Nginx caching setup and need to know is there a timeout time for the number of requests before it caches them. In other words for how long does it count URLs, does cache inactive time influence this?

I wanted to do something like, if a URL was requested 100 times within the last 60 seconds then cache.]]>
gpro How to... Sun, 25 Oct 2020 21:41:14 -0400
http://www.ldmicj.icu/read.php?11,289567,289567#msg-289567 Nginx download the index file and 404 Not Found when I want to go to the first page (no replies) http://www.ldmicj.icu/read.php?11,289567,289567#msg-289567 this is my Nginx config file for Domain:

----------------------------------------------------------------------------------------
############# DOMAIN domainname.COM ####################
server {
server_name domainname.com www.domainname.com;
rewrite ^(.*) http://domainname.com$1 permanent;
return 301 $scheme://domainname.name$request_uri;
}
server {
listen 80;

# Basic Domain
server_name domainname.com www.domainname.com;
root /home/www/domainname;
index index.php index.html index.htm index.py;
autoindex on;
access_log /var/log/nginx-domainname-access.log;
error_log /var/log/nginx-domainname-error.log;
#error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
# rewrite ^(.+)/index.html$ $1 permanent;
## REDIRECT domainname.com/index(.php) to domainname.com/
if ($request_uri ~ ^(.*/)index(?:\.php)?$) {
return 301 $1;
}
# OR USE :
## REDIRECT domainname.com/index(.html) to domainname.com/
if ($request_uri ~ ^(.*/)index(?:\.html)?$) {
return 301 $1;
}
## REDIRECT domainname.com/index.html to domainname.com/index
#if ($request_uri ~ ^(.+)\.html$) {
# return 301 $1;
#}

# To remove a slash at the end:
rewrite ^/(.*)/$ /$1 permanent;

#try_files $uri $uri/index.html =404;
#try_files $uri $uri/ /index.php?q=$uri&$args;
error_page 404 /404.html;

location / {
root /home/www/domainname;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include /etc/nginx/fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

}
# Remove trailing slash to please routing system.
if (!-d $request_filename) {
rewrite ^/(.+)/$ /$1 permanent;
}
# cache Media: images, icons, video, audio, HTC
location ~* \.(jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 30d;
add_header Cache-Control "public";
}
# cache.appcache, your document html and data
location ~* \.(manifest|appcache|html?|xml|json)$ {
expires -1;
# access_log logs/static.log; # I don't usually include a static log
}
location ~* \.(css|js)$ {
expires 7d;
}
# Feed
location ~* \.(rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~ /\.ht {
deny all;
}
}
server {
server_name ~^(www\.)(?<subdomain>.+).domainname.com$ ;
root /home/www/domainname/$subdomain;
}
server {
server_name ~^(?<subdomain>.+).domainname.com$ ;
root /home/www/domainname/$subdomain;
}

----------------------------------------------------------------------------------------



And this is my configuration for the nginx.conf Global config file

----------------------------------------------------------------------------------------

###############################################################
#usually equal to number of CPUs you have. run command "grep processor /proc/cpuinfo | wc -l" to find it
worker_processes auto;
worker_cpu_affinity auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}
http {
include mime.types;

include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-available/*;
include /etc/nginx/sites-enabled/*;
include /etc/nginx/fastcgi_params;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
client_max_body_size 13m;
keepalive_timeout 65;
index index.php index.html index.htm;
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;

upstream php-fpm {
server 127.0.0.1:9000;
}
server {
listen 80;
server_name localhost;
error_log /var/log/nginx-error.log warn;
location / {
root /home/www;
#this line tells NGINX to look for index.php, then index.html, then index.htm
index index.php index.html index.htm;
#proxy_connect_timeout 300s;
#proxy_read_timeout 300s;
#proxy_pass php-fpm;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /home/www;
#root /var/www/unixmen;
}

location ~ \.php$ {
include /etc/nginx/fastcgi_params;
#fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param HTTP_PROXY "";
}

}
}

----------------------------------------------------------------------------------------

In this code, Firstly, Nginx downloaded the index file when I want to go to the first page

But now I get 404 Not Found error message

I want to know why this happened

My used CMS is WordPress

My OS is Slackware

My PHP version is 7.4.10

If you need any other details, please don't be hesitate to tell me about that

I am waiting for the correct one

In the addition, I installed WHMCS on a subfolder and I want to know about the code segment that can help me to access to WHMCS without a problem

thanks ahead]]>
redscience How to... Mon, 28 Sep 2020 13:58:16 -0400
http://www.ldmicj.icu/read.php?11,289549,289549#msg-289549 Access logfile without IP (no replies) http://www.ldmicj.icu/read.php?11,289549,289549#msg-289549
frontend all_https
option forwardfor header X-Real-IP
http-request set-header X-Real-IP %[src]

Configure a custom log format in Nginx

Add a custom log format named “realip?(but name it the way you want?

log_format realip '$http_x_real_ip - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

Use it in your access_log directive

access_log /dev/stdout realip;
access_log /path_to/log/file realip;


Having a look at the nginx logfiles, afterwards I only see a "-" instead of an IP. Without those lines the IP of the Reverseproxy is recorrded.

Maybe someone in here has go a hint.

Best
Krischan]]>
krischanb How to... Sat, 26 Sep 2020 08:53:01 -0400
http://www.ldmicj.icu/read.php?11,289506,289506#msg-289506 NGINX Reverse Proxy for RD Gateway stops working (1 reply) http://www.ldmicj.icu/read.php?11,289506,289506#msg-289506
My setup. I have two servers that need access to port 443 from the internet so I have setup NGINX in front of it to act as a reverse proxy. I also have Windows Server 2016 Essentials using they Remote Web Access or RD Gateway. I can still access the Essentials website. I can still access my other server that is part of the process. All certs are still valid. When I try to connect to any of my internal computers with RD Gateway it says it can't connect. I do get as far as it popping up my credential ask and entering them and that works but then it chokes. To be honest it worked 8 months ago and since being home because of the pandemic couldn't use it. Now at a remote location and finding it doesn't work. i went to my house and restarted the essentials server but didn't do anything.

NGINX is running on my Ubiquiti EdgeRouter Lite and apparently is still running. I am using upstream for my 443 connections. Below is what I have setup in the conf file:

######--------------BEGIN of the script server {
listen 80;
server_name remote.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

location / {
proxy_pass http://192.168.0.1;
}
}

server {
listen 80;
server_name smart.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

location / {
proxy_pass http://192.168.0.50;
}
}

upstream essentials {
server 192.168.0.1:443;
keepalive 32;
}

upstream assistant {
server 192.168.0.50:8123;
keepalive 32;
}

server {
listen 443 ssl http2;
server_name remote.*;

ssl_certificate /config/user-data/ssl_chain_essentials.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_essentials.pem;

client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

location / {
proxy_pass https://essentials;
}
}

server {
listen 443 ssl http2;
server_name smart.*;

ssl_certificate /config/user-data/ssl_chain_smart.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_smart.pem;

client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

location / {
proxy_pass https://assistant;
}
}

#######-----------------end of script----------------------------

Note I tweaked a few settings above for security so hopefully it all still makes sense.

Thoughts? Note I'm remote right now so can't physically check the NGINX logs so hoping someone knows what would have caused this like an http_version requirement change or something.

Thanks.

JR]]>
jriker1 How to... Thu, 24 Sep 2020 17:29:09 -0400
http://www.ldmicj.icu/read.php?11,289445,289445#msg-289445 NGINX Reverse Proxy Issues (no replies) http://www.ldmicj.icu/read.php?11,289445,289445#msg-289445
Based on a review of the NGINX and NiFi log files, along with other information, it looks like the reverse proxy is not forwarding the remote client info to NiFi.


1. NGINX access.log:

"GET /nifi-api/flow/current-user HTTP/1.1" 401 85 "https://<uri>"
"GET /nifi/login HTTP/1.1" 200 832 "https://<uri>"
"GET /nifi/css/nf-login-all.css?1.9.1 HTTP/1.1" 200 2426 "https://uri/login"
"GET /nifi-api/access/config HTTP/1.1" 200 54 "https://<uri>/login"
"GET /nifi-api/access HTTP/1.1" 200 108 "https://<uri>/login"

2. NIFI nifi-user.log:

GET request for (<><CN=reverse_proxy, OU=NiFi>)
Authentication success for anonymous
anonymous does not have permission to access the requested resource...Unknown user with identity 'anonymous.' Returning Unauthorized response.

3. NiFI User Interface: Success: You are already logged in

I'm not really sure whether getting the proper headers passed is a configuration problem in the NiFi.properties > nifi.web.proxy.context.path or in the nginx.conf file; however, the NiFi docs say that if the nifi.web.proxy.context.path is not configured properly then "An unexpected error has occurred" page will be shown and an error will be written to the nifi-app.log." and there is no such error message in the nifi-app.log.

That indicates to me that thethe reverse proxy isn't including the required client information.

Any help appreciated.

Thanks.]]>
cornpop How to... Mon, 21 Sep 2020 07:06:00 -0400
http://www.ldmicj.icu/read.php?11,289415,289415#msg-289415 Allow someone to watch a livestream from the beginning if he tunes in late (1 reply) http://www.ldmicj.icu/read.php?11,289415,289415#msg-289415 I am mostly trying to understand the basics of livestreaming using nginx. I need to create a livestreaming nginx server running on CentOS, where is someone tunes in to the live stream late, he has to watch the stream from the beginning, while others that had tuned in when the stream started can continue watching live. For example,

1:00 -> stream starts (and runs for 2 hours, upto 2:00)
Someone watching from 1:00 watches for 1 hour, stream ends at 2:00
Someone comes in at 1:30, but watches the video from the beginning, that is, starting from what was being streamed at 1:00
He watches for 1 hour, for him the stream ends at 2:30

Is something like this possible using nginx? Can this be done just by changing the nginx.conf files, or would it require something more complex? How easy or difficult would this be?

My current setup:
I have CentOS 8.2 with nginx installed. I compiled from source using the instructions here:
https://www.nginx.com/blog/video-streaming-for-remote-learning-with-nginx/

Before installing, I used checkinstall to create a package instead of using sudo make install as instructed. Nginx is installed successfully. I was not able to properly stream using HLS and DASH as instructed in the website linked above, since I kept getting error in the nginx.conf file. I was able to get a basic stream using instructions given here:
https://opensource.com/article/19/1/basic-live-video-streaming-server

On my windows client I am running OBS studio with an mp4 file as a video source. I stream to the nginx server with this setting:
rtmp://192.168.0.xx/live
Stream key: 1

I am using VLC to receive the stream using this setting:
rtmp://192.168.0.xx/live/1

As of now, when I tune in to the stream I start seeing the exact point where the streaming source is at, with a little lag (for example, if the source is at 1 min 42 sec, I see 1 min 38 sec in VLC). I would like to start seeing this from 00:00 when I tune in to the stream.

Is it possible to do this using only changes to nginx.conf, and if not, what should I be looking in to find out how to do this?]]>
mahaju How to... Fri, 09 Oct 2020 03:57:24 -0400
http://www.ldmicj.icu/read.php?11,289393,289393#msg-289393 How to configure Nginx to proxy websocket and enable SSL? (no replies) http://www.ldmicj.icu/read.php?11,289393,289393#msg-289393
I have configured my app to communicate via websocket (ws) protocol with app server.
I want to host the app over https. However, I'm getting the following error:

The page at 'https://verify.flexibilitaetsmarkt.de/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://80.158.47.134:7546/'.
This request has been blocked; this endpoint must be available over WSS.

I could somehow fix the above error using proxy websocket as follows:


server {

# server_mame verify.flexibilitaetsmarkt.de

root /home/ubuntu/alf_poc/app;
index index.html index.htm index.nginx-debian.html;

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/verify.flexibilitaetsmarkt.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/verify.flexibilitaetsmarkt.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location / {
proxy_http_version 1.1;
proxy_pass http://ws-backend;

proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}
}

upstream ws-backend {
# enable sticky session based on IP
ip_hash;

server 80.158.47.134:7546;
}


I'm getting the following error:
from browser:
WebSocket interface is active. Open WS connection to access RPC.

from browser console:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

any help to fix the issue?
many thanks]]>
m_yahya How to... Fri, 11 Sep 2020 03:18:17 -0400
http://www.ldmicj.icu/read.php?11,289368,289368#msg-289368 How to merge .conf files (no replies) http://www.ldmicj.icu/read.php?11,289368,289368#msg-289368 http://librenms + /smokeping

The other is for

http://librenms but has a different root (nfsen)

can anyone help me merge the 2 conf files so I can have

http://librenms
http://librenms/smokeping
http://librenms/nfsen

Thanks]]>
wysedata How to... Wed, 09 Sep 2020 19:08:44 -0400
http://www.ldmicj.icu/read.php?11,289314,289314#msg-289314 UpStream Server - Session and Form based Authentication (no replies) http://www.ldmicj.icu/read.php?11,289314,289314#msg-289314 I have upstream/backend webServer which exposes REST API using session based authentication where in for first request it authenticate using form based authentication ( i.e post request and username and password in body) , on success it return session cookie and for next transaction request session cookie needs to be passed.
Can some one pls help me how to implement the same using NGINX as reverse proxy . What code or configuration to have n NGINX ?
Note - Focus here is on UpStream/back end service authentication and not front end..

Regards
Rakhi]]>
atdev How to... Fri, 04 Sep 2020 06:09:42 -0400
http://www.ldmicj.icu/read.php?11,289211,289211#msg-289211 Wordpress Multisite Woes - delivering wrong site and more (no replies) http://www.ldmicj.icu/read.php?11,289211,289211#msg-289211
1. From the Network Administrator Dashboard in WP, I can see my original site and a second site I added. The original site is fine. I am attempting to add this second site as a subdomain (no real reason subdomain vs. folders). When I try to go to the second site, it takes me to a completely unrelated Wordpress site I also run. Even scarier, if I go to the admin of the second site, it takes me to the >admin< of this unrelated site. Fortunately right now I'm the only one with access to the VPS and the only one with access to any of the Wordpress admin areas.

From another browser not logged into anything, at least both sites currently give a 404. This is better than going to the wrong site for the moment.

I've been using nginx from the beginning but I'm no nginx master. But I have encountered this situation of nginx defaulting to the first alphanumeric site, and that's the one I'm getting here, a site whose domain begins with the number "2".

I haven't been using a default server for some years but I thought that would help. I see no change. I looked at various versions on the net and this is what I have now:

[code]
$ cat 00-default.conf
server {
server_name _;
listen 80 default_server;
return 404;
}


server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
return 404;
}
[/code]

I assume this is getting hit for the case where I'm on a different browser and not logged in to any Wordpress site.

Now I am trying to have my Multisite install have a second site, call it new.mydomain.com. In my registrar, I have added a wildcard "*" for the domain. Using certbot I have (hopefully correctly but not sure at this point) added the wildcard domain to my original domain certificate.

I the nginx config of my original site of this multisite (work in progress), I have tried every combination of "server_name mydomain.com", "server_name mydomain.com *.mydomain.com", "server_name new.mydomain.com", etc., but nothing seems to catch browser attempts to reach new.mydomain.com.

Any advice on how to debug this would be very highly appreciated.

Thanks,
Chris]]>
chrisco23 How to... Thu, 27 Aug 2020 13:30:14 -0400
Žɳ1005app