存档

‘nginx’ 分类的存档

Nginx不支持https的正向代理

2013年11月2日 评论已被关闭

Nginx虽然很好,但也不是万能的,“只做自己最擅长的或许才是聪明的选择”.

最近用Nginx尝试搭建了proxy代理内部机器上网,Nginx基于http的代理确实非常不错,性能真没得说。不过访问https时问题来了,登陆不了,日志中会有很多这样的记录:

192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”
192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”
192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”
192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”

问了google大神半天,偶然看到了作者Igor Sysoev的解答:http://forum.nginx.org/read.php?2,15124,15256#msg-15256

Q:I suspect Nginx has not been designed to be used as a forward proxy. If nginx won’t foot the bill, can anyone recommend a free solution please?
A:Yes, nginx has not been disigned as a forward proxy. You should try squid
which was a forward proxy from the very start.
Q:Is there any schedule to support the feathure, forward proxy ?
A:Not in near future: there is alreay good forward proxy Squid.

看来还得继续使用Squid,proxy中的战斗机。

分类: nginx, OpenSource 标签: ,

nginx lua as http client

2013年9月17日 评论已被关闭

首先感谢agentzh的辛苦大作,这里使用了openresty的版本。

1. 编译openresty


wget http://openresty.org/download/ngx_openresty-1.2.8.6.tar.gz
tar xzvf ngx_openresty-1.2.8.6.tar.gz
cd ngx_openresty-1.2.8.6/
./configure --with-luajit
make
make install

2.获取lua http client


git clone https://github.com/liseen/lua-resty-http

3. nginx vhost配置
阅读全文…

分类: linux, nginx 标签: ,

nginx+lua module直接调用redis实现url跳转

2013年5月24日 评论已被关闭

需求:想要实现的功能是lua通过id取redis中对应的url然后进行url跳转。

nginx编译用到的模块:
git clone https://github.com/simpl/ngx_devel_kit.git
git clone https://github.com/chaoslawful/lua-nginx-module
git clone https://github.com/agentzh/redis2-nginx-module.git
git clone https://github.com/agentzh/set-misc-nginx-module.git
git clone https://github.com/agentzh/echo-nginx-module.git
git clone https://github.com/catap/ngx_http_upstream_keepalive.git

阅读全文…

分类: nginx 标签: , ,

eventfd() failed when start nginx

2011年1月7日 评论已被关闭

yum install nginx
service nginx start

error.log:
2011/01/07 05:39:49 [emerg] 7180#0: eventfd() failed (38: Function not implemented)
2011/01/07 05:39:49 [alert] 7179#0: worker process 7180 exited with fatal code 2 and can not be respawn
2011/01/07 05:43:01 [emerg] 7296#0: eventfd() failed (38: Function not implemented)
2011/01/07 05:43:01 [alert] 7295#0: worker process 7296 exited with fatal code 2 and can not be respawn

[root@2hei.net /etc/nginx]# /usr/sbin/nginx -V
nginx version: nginx/0.8.53
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-48)
TLS SNI support disabled
configure arguments: –user=nginx –group=nginx –prefix=/usr/share/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –http-client-body-temp-path=/var/lib/nginx/tmp/client_body –http-proxy-temp-path=/var/lib/nginx/tmp/proxy –http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi –http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi –http-scgi-temp-path=/var/lib/nginx/tmp/scgi –pid-path=/var/run/nginx.pid –lock-path=/var/lock/subsys/nginx –with-http_ssl_module –with-http_realip_module –with-http_addition_module –with-http_xslt_module –with-http_image_filter_module –with-http_geoip_module –with-http_sub_module –with-http_dav_module –with-http_flv_module –with-http_gzip_static_module –with-http_random_index_module –with-http_secure_link_module –with-http_degradation_module –with-http_stub_status_module –with-http_perl_module –with-mail –with-file-aio –with-mail_ssl_module –with-ipv6 –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’

we can see –with-file-aio is been compiled at yum.

[root@2hei.net /etc/nginx]# yum list | grep aio
libaio.i386                              0.3.106-3.2            installed       
libaio.x86_64                            0.3.106-3.2            installed       
libsane-hpaio.x86_64                     1.6.7-4.1.el5.4        installed       
libaio-devel.x86_64                      0.3.106-3.2            base            
libaio-devel.i386                        0.3.106-3.2            base   

yum install libaio-devel
restart nginx still has such error.

Got a new stable version of nginx
nginx version: nginx/0.8.54
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-48)
TLS SNI support disabled
configure arguments: –user=nginx –group=nginx –prefix=/usr/share/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –http-client-body-temp-path=/var/lib/nginx/tmp/client_body –http-proxy-temp-path=/var/lib/nginx/tmp/proxy –http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi –pid-path=/var/run/nginx.pid –lock-path=/var/lock/subsys/nginx –with-http_ssl_module –with-http_realip_module –with-http_addition_module –with-http_sub_module –with-http_dav_module –with-http_flv_module –with-http_gzip_static_module –with-http_stub_status_module –with-http_perl_module –with-mail –with-mail_ssl_module –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ –add-module=/builddir/build/BUILD/nginx-0.8.54/nginx-upstream-fair
download link: nginx-stable-0.8.54-1.el5.x86_64.rpm
useful link:
http://forum.nginx.org/read.php?2,23577,153119#msg-153119
http://forum.nginx.org/read.php?2,150853,150853

分类: nginx, OpenSource 标签:

nginx dynamic url rewrite — II

2010年11月25日 评论已被关闭
nginx rewirte II, nginx if has no AND OR and nest,so we only can use regx to do it:
———————————- BEGIN—————————————–
location /music/search.html {
root   /home/2hei.net/music;
if ($query_string ~* ^p=(.*)&a=(.*)&t=(.*)$) {
set $p $1;
set $a $2;
set $t $3;
rewrite /music/search.html http://www.last.fm/music/$p/$a/$t? last;
}
if ($query_string ~* ^p=(.*)&t=(.*)$) {
set $p $1;
set $t $2;
rewrite /music/search.html http://www.last.fm/music/$p/_/$t? last;
}
if ($query_string ~* ^p=(.*)&a=(.*)$) {
set $p $1;
set $a $2;
rewrite /music/search.html http://www.last.fm/music/$p/$a? last;
}
if ($query_string ~* ^p=(.*)$) {
set $p $1;
rewrite /music/search.html http://www.last.fm/music/$p? last;
}
rewrite /music/search.html http://www.last.fm/music/? last;
}
———————————- END —————————————–
Test URL:
http://2hei.net/music/search.html?p=lady gaga
http://2hei.net/music/search.html?p=lady gaga&a=the frame
http://2hei.net/music/search.html?p=lady gaga&t=just dance
http://2hei.net/music/search.html?p=lady gaga&a=the frame&t=just dance
分类: nginx, OpenSource 标签:

nginx dynamic url rewrite

2010年8月6日 1 条评论

I have such a request, will rewrite url to google’s search site,
type http://mysite/search/search.html?t=laday gaga –> http://www.google.com/search?q=lady%20gaga
I donn’t want to use other tools(php/java etc.) except nginx.
For a long time googleing, finally find how to setting nginx dynamic url rewrite 🙂

 location /search/ {
  root   /var/2hei.net/nginx;
  if ($args){
  rewrite ^/search/search.html “http://www.google.com/search?q=$arg_t?” last;
  }
 }

and ‘?’ is very important, or the rewrite url will add append query string,
http://mysite/search/search.html?t=laday gaga –> http://www.google.com/search?q=lady%20gaga?t=lady%20gaga
we will get wrong rewrite url.
alse we can use $query_string
 if ($query_string ~* t=(.*)){
  …
 }

Just enjoy it!

分类: nginx 标签:

nginx代理模式下,伪造X-Forwarded-For头的测试

2010年3月18日 6 条评论

测试环境: nginx+resin
IP: 内网:172.16.100.10

客户端IP:123.123.123.123

测试页面: test.jsp
<%
out.println(“x-forwarded-for: ” + request.getHeader(“x-forwarded-for”));
out.println(“remote hosts: ” + request.getRemoteAddr());
%>

nginx 配置一
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试
wget -O aa –header=”X-Forwarded-For:192.168.0.1″ “http://2hei.net/test.jsp
页面返回结果:
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H “X-Forwarded-For:192.168.0.1” “http://2hei.net/test.jsp
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

nginx 配置二
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试:
wget -O aa –header=”X-Forwarded-For:192.168.0.1″ “http://2hei.net/test.jsp
页面返回结果:
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H “X-Forwarded-For:192.168.0.1” “http://2hei.net/test.jsp
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

测试结果:
1、配置  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
增加了一个真实ip X-Forwarded-For,并且顺序是增加到了“后面”。

2、配置  proxy_set_header X-Forwarded-For $remote_addr;
清空了客户端伪造传入的X-Forwarded-For,
保证了使用request.getHeader(“x-forwarded-for”)获取的ip为真实ip,
或者用“,”分隔,截取X-Forwarded-For最后的值。

分类: nginx, OpenSource 标签:

request.getScheme cann’t get https in nginx proxy with apache

2010年2月21日 评论已被关闭

程序中为了不写死url,使用了动态获得的方式:
basePath = request.getScheme()+”://”+request.getServerName()+”:”+request.getServerPort()+path+”/”;

其中: request.getScheme() return http but not https.
之前单独使用apache(https)+resin的方式正常,现在前面增加了一层nginx,发现问题来了,协议部分(Scheme)无法传过去,后台的resin无法获取到正确的值。

尝试了下面的配置,结果还是一无所获。
    proxy_redirect off;
    proxy_set_header HTTPS  on;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Url-Scheme $scheme;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Nginx-Scheme $scheme;
    proxy_set_header Scheme $scheme;
    proxy_set_header  X-FORWARDED_PROTO $scheme;
    proxy_set_header  X-FORWARDED_PROTO “https”;
    proxy_set_header X-Forwarded-Scheme “https”;
    proxy_set_header X-Forwarded-Proto $scheme;
    real-scheme-header     X-Forwarded-Proto;

今天下午好好google了一番,所有的帖子几乎翻了个遍,终于有所收获啦,重点是nginx配置完毕后,apache也要配置环境变量哦!
http://www.ruby-forum.com/topic/183450

nginx config:
=============
proxy_set_header X-Nginx-Scheme $scheme;
# nginx variable $scheme will be ‘http’ or ‘https’.

apache config:
==============
SetEnvIf X-Nginx-Scheme “^https$” HTTPS=on
# Apache environment variable HTTPS will be ‘on’ or not defined.

测试代码如下:
<%
out.println(“Protocol: ” + request.getProtocol() + “<br>”);
out.println(“Scheme: ” + request.getScheme() + “<br>”);
out.println(“Server Name: ” + request.getServerName() + “<br>” );
out.println(“Server Port: ” + request.getServerPort() + “<br>”);
%>

页面打印结果为,正常了!
Protocol: HTTP/1.0
Scheme: https
Server Name: 2hei.net
Server Port: 443

分类: nginx 标签: