DISQUS

Community Page on DISQUS

what is this?

Homo-Adminus Blog

Jump to original thread »
Author

Обзор Типичных Конфигураций Для Nginx

Started by Scoundrel · 2 months ago

В одном из предыдущих постов я рассказывал об очень мощноР... Continue reading »

24 comments

  • joe

    2 years ago

    When using nginx in reverse proxy mode, is it possible to have nginx cache the result it got from the backend server (say for 1 minute) and just serve that without asking the backend server any more (until the 1 minute is up...)?
    reply
  • Scoundrel

    2 years ago

    joe,
    Actually, no. Nginx has only non-caching reverse proxying mode. But if your backend is some dynamic application on php/perl/java/etc, you can use memcached module to cache your answers and then nginx can get pages from cache.
    reply
  • matthew

    2 years ago

    I'm running nginx with a mongrel process in the background to serve RoR applications, but I'm having trouble getting nginx to serve static HTML pages from the document root. The server passes all requests, regardless of whether there is a directory/file in the document root to mongrel.

    For reference, I've uploaded my configuration file to a different server: http://macographie.com/nginx.conf.txt

    As you'll see, I have two virtual hosts defined. Eventually, I would like to have both hosts capable of server both RoR applications and static server content.

    Thanks in advance for any advice.
    reply
  • Ian

    2 years ago

    Thanks for the resource. How do you have nginx reverse-proxy to http and https for apache?

    It looks really interesting, can't wait to try it out.
    reply
  • Scoundrel

    2 years ago

    2Ian: You can take a look at sample config file from nginx distribution. there is some https example.

    All ideas are the same but you need some additional params in server section of config to assign specific certificates for virtual host.
    reply
  • Scoundrel

    2 years ago

    2matthew: Take a look at my post about using nginx with rails and mongrel. there is some config file with rails caching support.
    reply
  • Ian

    2 years ago

    I just thought of something...

    If nginx is running the ssl and reverse proxying to apache, does the _Apache_ have to be running ssl...or is the connection between nginx and apache encrypted. Just thought of that after reading some info on Pound and seeing how it acts as an SSL wrapper.
    reply
  • Scoundrel

    2 years ago

    2Ian: AFAIU, you can setup non-encrypted connection between nginx and apache. As for pound, afair, it is simple tcp balancer, so it may require ssl on apache because it would simple proxy users connection on ISO Model Level 3.
    reply
  • Ian

    2 years ago

    Made a partial jump last night...

    Fired up nginx running an ssl connection and reverse proxying it to Apache.

    All seemed to work okay. Fired up Squirrelmail and was able to read messages just fine. I did notice a problem when I tried to send message. After I hit "send" in Squirrelmail, the page wouldn't refresh to the message list, but stayed in the message edit page. The message DID get sent (I checked) but Squirrel wouldn't leave the compose message page.

    I checked the error logs for nginx and saw this message:

    SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 aler
    t bad certificate) while reading client request line, client: xxx.xxx.xxx.xxx, server: www.myserver.com

    Here's the server config:

    server {
    listen 443;
    root /usr/local/apache/htdocs;
    server_name www.myserver.com;
    ssl on;
    ssl_certificate /usr/local/apache/conf/server.pem;
    ssl_certificate_key /usr/local/apache/conf/server.key;

    ssl_session_timeout 5m;

    location / {
    root shtml;
    index index.shtml index.html;
    location / {
    proxy_pass http://127.0.0.1:8080/;
    proxy_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 10m;
    client_body_buffer_size 128k;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;

    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
    }
    reply
  • Scoundrel

    2 years ago

    2Ian: Honestly speaking, I have not so big experience with nginx+ssl... I've forwarded your question to russian nginx mailing list. Will answer here or by email if someone will answer about this issue.
    reply
  • Ian

    2 years ago

    Thanks.
    reply
  • Ian

    2 years ago

    2scoundrel: I might have a bit of an "aha" moment here...fired up firefox's live headers and rec'd this after hitting the "send":

    Location: http://www.myserver.com:8080/webmail/src/right_...

    So, it looks like the Apache backend is misbehaving and not trying to redirect to

    "https://www.myserver.com/webmail..."

    I've seen several pages on how to configure Apache as a reverse proxy, but can't seem to find much on how it should be configured to be the backend.
    reply
  • aim

    1 year ago

    вот хотел спросить -- а есть возможность каждому виртуальному серверу своего пользователя указать?

    сейчас у меня крутится apache-mpm-itk но в общем-то мне не нужен апач на сервере. но нужно раздавать кучу всякой статики для которой судя по всему nginx подходит как нельзя лучше...
    reply
  • Scoundrel

    1 year ago

    2aim: не - нельзя. Но можно извратиться и запустить N нгинксов по одному воркеру на каждого и на них спроксировать... через нгинкс номер N+1 :-)
    reply
  • Ray

    1 year ago

    I am testing nginx with your static configuration (first example in your post) and getting some strange behaviour:

    For files larger than a few hundred kB, I often get a 206 partial or a 200, but the file does not send completely. This is very irregular. Sometimes it works, sometimes not. Any ideas?

    Thanks.

    An example req/resp:

    GET /static/f/testimage.jpg HTTP/1.1
    Host: www.xxxx.com
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Range: bytes=544487-
    If-Range: Wed, 04 Apr 2007 12:20:33 GMT
    Cache-Control: max-age=0

    HTTP/1.x 206 Partial Content
    Date: Sat, 02 Jun 2007 11:15:58 GMT
    Server: nginx/0.5.22
    Content-Type: image/jpeg
    Content-Length: 2949459
    Last-Modified: Wed, 04 Apr 2007 12:20:33 GMT
    Expires: Thu, 31 Dec 2037 23:55:55 GMT
    Cache-Control: max-age=315360000
    Content-Range: bytes 544487-3493945/3493946
    Keep-Alive: timeout=2, max=100
    Connection: Keep-Alive
    reply
  • Fritzie

    1 year ago

    hi anyone know how to get nginx to autostart on reboot.. using ssl and be able to have the passphrase ( which it always ask for on restart ) automatically entered. ??

    please send answer to chrisangileri@yahoo.com

    thanks muchly
    reply
  • K Achary

    10 months ago

    Hi
    I am trying to configure Nginx as proxy POP3 server on a Linux 2.6.x system. When I try to use the example config files, nginx daemon says imap and mail as unrecognized words. Would appreciate any help in this regards.

    achari_98 AT yahoo.com
    reply
  • Scoundrel

    10 months ago

    2Fritzie: AFAIU, you need to enable mail support when you compile your nginx.
    reply
  • K Achary

    9 months ago

    Hi,
    Thanks for the previous response.
    Is it possible to enable SSL between NGINX and backend POP server. Can somebody please share any example configuration to achive this.

    Basically the scenario I am talking about is, the end user POP3 client talks to the NGINX pop proxy over TCP port 110, then the NGINX server talks to backend POP3 server over SSL socket say 995.

    I tried compiling the NGINX with mail_ssl support, but the TCP connection between NGINX and backend pop3 server gets established but SSL session set up does not happen.

    I appreciate any help in this regard.

    Thanks and regards

    K Achary
    reply
  • Администраторша

    8 months ago

    Скажите, а где прописывать эти команды для нгинкс?
    Если создать .htaccess и в нём прописать. то будет работать?
    reply
  • Bruno

    7 months ago

    Hi, its possible to use Trac SCM on nginx with basic auth?
    reply
  • Добрые комиксы

    6 months ago

    i'm tired of fighting with nginx, so changed it with lighttpd
    reply
  • Anton

    4 months ago

    Здравствуйте. Кто нибудь в курсе как настроить nginx, так чтобы он смог обрабатывать URL большой длины т.е. длина HTTP GET запросов могла быть более 4-5 кб. При моей текущей конфигурации запросы такой длины приводят к появлению 414 ошибки.
    reply
  • Hans

    2 months ago

    Thanks for the nice overview. A question:

    Could nginx be used as a HTTP wrapper for TCP protocols that do not speak HTTP, such as RTMP? Or with added SSL to function like stunnel?
    reply

Add New Comment

Returning? Login