存档

文章标签 ‘nginx’

Nginx不支持https的正向代理

2013年11月2日 评论已被关闭

Nginx虽然很好,但也不是万能的,“只做自己最擅长的或许才是聪明的选择”.

最近用Nginx尝试搭建了proxy代理内部机器上网,Nginx基于http的代理确实非常不错,性能真没得说。不过访问https时问题来了,登陆不了,日志中会有很多这样的记录:

192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”
192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”
192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”
192.168.0.120 – – [01/Nov/2013:05:29:39 +0000] “CONNECT www.google.com:443 HTTP/1.0” 400 166 “-” “-”

问了google大神半天,偶然看到了作者Igor Sysoev的解答:http://forum.nginx.org/read.php?2,15124,15256#msg-15256

Q:I suspect Nginx has not been designed to be used as a forward proxy. If nginx won’t foot the bill, can anyone recommend a free solution please?
A:Yes, nginx has not been disigned as a forward proxy. You should try squid
which was a forward proxy from the very start.
Q:Is there any schedule to support the feathure, forward proxy ?
A:Not in near future: there is alreay good forward proxy Squid.

看来还得继续使用Squid,proxy中的战斗机。

分类: nginx, OpenSource 标签: ,

nginx lua as http client

2013年9月17日 评论已被关闭

首先感谢agentzh的辛苦大作,这里使用了openresty的版本。

1. 编译openresty


wget http://openresty.org/download/ngx_openresty-1.2.8.6.tar.gz
tar xzvf ngx_openresty-1.2.8.6.tar.gz
cd ngx_openresty-1.2.8.6/
./configure --with-luajit
make
make install

2.获取lua http client


git clone https://github.com/liseen/lua-resty-http

3. nginx vhost配置
阅读全文…

分类: linux, nginx 标签: ,

nginx+lua module直接调用redis实现url跳转

2013年5月24日 评论已被关闭

需求:想要实现的功能是lua通过id取redis中对应的url然后进行url跳转。

nginx编译用到的模块:
git clone https://github.com/simpl/ngx_devel_kit.git
git clone https://github.com/chaoslawful/lua-nginx-module
git clone https://github.com/agentzh/redis2-nginx-module.git
git clone https://github.com/agentzh/set-misc-nginx-module.git
git clone https://github.com/agentzh/echo-nginx-module.git
git clone https://github.com/catap/ngx_http_upstream_keepalive.git

阅读全文…

分类: nginx 标签: , ,

eventfd() failed when start nginx

2011年1月7日 评论已被关闭

yum install nginx
service nginx start

error.log:
2011/01/07 05:39:49 [emerg] 7180#0: eventfd() failed (38: Function not implemented)
2011/01/07 05:39:49 [alert] 7179#0: worker process 7180 exited with fatal code 2 and can not be respawn
2011/01/07 05:43:01 [emerg] 7296#0: eventfd() failed (38: Function not implemented)
2011/01/07 05:43:01 [alert] 7295#0: worker process 7296 exited with fatal code 2 and can not be respawn

[root@2hei.net /etc/nginx]# /usr/sbin/nginx -V
nginx version: nginx/0.8.53
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-48)
TLS SNI support disabled
configure arguments: –user=nginx –group=nginx –prefix=/usr/share/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –http-client-body-temp-path=/var/lib/nginx/tmp/client_body –http-proxy-temp-path=/var/lib/nginx/tmp/proxy –http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi –http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi –http-scgi-temp-path=/var/lib/nginx/tmp/scgi –pid-path=/var/run/nginx.pid –lock-path=/var/lock/subsys/nginx –with-http_ssl_module –with-http_realip_module –with-http_addition_module –with-http_xslt_module –with-http_image_filter_module –with-http_geoip_module –with-http_sub_module –with-http_dav_module –with-http_flv_module –with-http_gzip_static_module –with-http_random_index_module –with-http_secure_link_module –with-http_degradation_module –with-http_stub_status_module –with-http_perl_module –with-mail –with-file-aio –with-mail_ssl_module –with-ipv6 –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’

we can see –with-file-aio is been compiled at yum.

[root@2hei.net /etc/nginx]# yum list | grep aio
libaio.i386                              0.3.106-3.2            installed       
libaio.x86_64                            0.3.106-3.2            installed       
libsane-hpaio.x86_64                     1.6.7-4.1.el5.4        installed       
libaio-devel.x86_64                      0.3.106-3.2            base            
libaio-devel.i386                        0.3.106-3.2            base   

yum install libaio-devel
restart nginx still has such error.

Got a new stable version of nginx
nginx version: nginx/0.8.54
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-48)
TLS SNI support disabled
configure arguments: –user=nginx –group=nginx –prefix=/usr/share/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –http-client-body-temp-path=/var/lib/nginx/tmp/client_body –http-proxy-temp-path=/var/lib/nginx/tmp/proxy –http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi –pid-path=/var/run/nginx.pid –lock-path=/var/lock/subsys/nginx –with-http_ssl_module –with-http_realip_module –with-http_addition_module –with-http_sub_module –with-http_dav_module –with-http_flv_module –with-http_gzip_static_module –with-http_stub_status_module –with-http_perl_module –with-mail –with-mail_ssl_module –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ –add-module=/builddir/build/BUILD/nginx-0.8.54/nginx-upstream-fair
download link: nginx-stable-0.8.54-1.el5.x86_64.rpm
useful link:
http://forum.nginx.org/read.php?2,23577,153119#msg-153119
http://forum.nginx.org/read.php?2,150853,150853

分类: nginx, OpenSource 标签:

nginx dynamic url rewrite — II

2010年11月25日 评论已被关闭
nginx rewirte II, nginx if has no AND OR and nest,so we only can use regx to do it:
———————————- BEGIN—————————————–
location /music/search.html {
root   /home/2hei.net/music;
if ($query_string ~* ^p=(.*)&a=(.*)&t=(.*)$) {
set $p $1;
set $a $2;
set $t $3;
rewrite /music/search.html http://www.last.fm/music/$p/$a/$t? last;
}
if ($query_string ~* ^p=(.*)&t=(.*)$) {
set $p $1;
set $t $2;
rewrite /music/search.html http://www.last.fm/music/$p/_/$t? last;
}
if ($query_string ~* ^p=(.*)&a=(.*)$) {
set $p $1;
set $a $2;
rewrite /music/search.html http://www.last.fm/music/$p/$a? last;
}
if ($query_string ~* ^p=(.*)$) {
set $p $1;
rewrite /music/search.html http://www.last.fm/music/$p? last;
}
rewrite /music/search.html http://www.last.fm/music/? last;
}
———————————- END —————————————–
Test URL:
http://2hei.net/music/search.html?p=lady gaga
http://2hei.net/music/search.html?p=lady gaga&a=the frame
http://2hei.net/music/search.html?p=lady gaga&t=just dance
http://2hei.net/music/search.html?p=lady gaga&a=the frame&t=just dance
分类: nginx, OpenSource 标签:

nginx dynamic url rewrite

2010年8月6日 1 条评论

I have such a request, will rewrite url to google’s search site,
type http://mysite/search/search.html?t=laday gaga –> http://www.google.com/search?q=lady%20gaga
I donn’t want to use other tools(php/java etc.) except nginx.
For a long time googleing, finally find how to setting nginx dynamic url rewrite 🙂

 location /search/ {
  root   /var/2hei.net/nginx;
  if ($args){
  rewrite ^/search/search.html “http://www.google.com/search?q=$arg_t?” last;
  }
 }

and ‘?’ is very important, or the rewrite url will add append query string,
http://mysite/search/search.html?t=laday gaga –> http://www.google.com/search?q=lady%20gaga?t=lady%20gaga
we will get wrong rewrite url.
alse we can use $query_string
 if ($query_string ~* t=(.*)){
  …
 }

Just enjoy it!

分类: nginx 标签:

nginx代理模式下,伪造X-Forwarded-For头的测试

2010年3月18日 6 条评论

测试环境: nginx+resin
IP: 内网:172.16.100.10

客户端IP:123.123.123.123

测试页面: test.jsp
<%
out.println(“x-forwarded-for: ” + request.getHeader(“x-forwarded-for”));
out.println(“remote hosts: ” + request.getRemoteAddr());
%>

nginx 配置一
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试
wget -O aa –header=”X-Forwarded-For:192.168.0.1″ “http://2hei.net/test.jsp
页面返回结果:
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H “X-Forwarded-For:192.168.0.1” “http://2hei.net/test.jsp
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

nginx 配置二
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试:
wget -O aa –header=”X-Forwarded-For:192.168.0.1″ “http://2hei.net/test.jsp
页面返回结果:
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H “X-Forwarded-For:192.168.0.1” “http://2hei.net/test.jsp
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

测试结果:
1、配置  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
增加了一个真实ip X-Forwarded-For,并且顺序是增加到了“后面”。

2、配置  proxy_set_header X-Forwarded-For $remote_addr;
清空了客户端伪造传入的X-Forwarded-For,
保证了使用request.getHeader(“x-forwarded-for”)获取的ip为真实ip,
或者用“,”分隔,截取X-Forwarded-For最后的值。

分类: nginx, OpenSource 标签:

nginx authentication

2010年1月20日 评论已被关闭

今天配置nginx的basic authentication折腾了好半天,开始error_log一直报错:
no user/password was provided for basic authentication

我是按照nginx的wiki配置的:
location  /  {
  auth_basic            “Restricted”;
  auth_basic_user_file  htpasswd;
}

cat htpasswd
2hei:j3M4coizxFLDM

Since version 0.6.7 the filename path is relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory.

google了半天,发现了nginx作者Igor的一个回复:

Igor Sysoev
The HTTP Basic authentication works as following:
*) A browser requests a page without user/password.
*) A server response with 401 page, sending realm as well.
   At this stage the 401 code appears in access_log and the message
   “no user/password …” appears in error_log.
*) The browser shows a realm/login/password prompt.
*) If a user will press cancel, then the browser will show the received
   401 page.
*) If the user enters login/password, then the browser repeats the request
   with login/password.

Then until you will exit the browser, it will send these login/password
with all requests in protected hierarchy.

赞一个,牛人果然就是牛人!

经过提示找到了罪魁祸首是error_page的配置 401 403 404 /40x.html;

error_page 401 403 404 /40x.html;
实际上是由于40x.html文件并不存在导致的。把文件建好问题得以解决!

分类: OpenSource 标签:

nginx+Django+memchached环境搭建备忘

2009年8月14日 评论已被关闭

系统环境
Kernal:Linux 2.6.9-78
nginx-0.7.61
pcre-7.9
Python version: 2.5.4
Django-1.1-py2.5
mysql-5.0.84
flup-1.0.2-py2.5
MySQL_python-1.2.3c1-py2.5-linux-i686
python_memcached-1.44-py2.5
setuptools-0.6c9-py2.5

1、nginx、python、mysql的安装可参考官方及网上的安装文档

2、安装django  http://www.djangoproject.com/
wget http://media.djangoproject.com/releases/1.1/Django-1.1.tar.gz
tar zxvf Django-1.1.tar.gz
cd Django-1.1
python setup.py install

3、Django以fastcgi方式启动需要
python-flup
wget http://www.saddi.com/software/flup/dist/flup-1.0.2.tar.gz
tar zxvf flup-1.0.2.tar.gz
cd flup-1.0.2
python setup.py install

4、MySQL-python-1.2.3c1.tar.gz
下载地址: http://sourceforge.net/projects/mysql-python/files/

我在安装和配置中遇到的问题:
1、mysql数据库连接:
django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: libmysqlclient_r.so.15: cannot open shared object file: No such file or directory
我曾经装过了mysql5.2,发现MYSQL_HOME/lib中没有libmysqlclient_r.so.15,倒是有libmysqlclient_r.so.16,可能是因为mysql版本比较高的缘故,或者是因为dj版本比较低??
所以我选择了mysql5.0
tar MySQL-python-1.2.3c1.tar.gz
cd MySQL-python-1.2.3c1
python setup.py build

会有如下报错:
_mysql.c:2516: error: `v’ undeclared (first use in this function)
_mysql.c:2527: error: `name’ undeclared (first use in this function)
_mysql.c:2528: error: `self’ undeclared (first use in this function)
error: command ‘gcc’ failed with exit status 1
解决办法是:
vi site.cfg
# The path to mysql_config.
# Only use this if mysql_config is not on your PATH, or you have some weird
# setup that requires it.
mysql_config = /home/2hei.net/mysql/bin/mysql_config
然后接续
python setup.py build
python setup.py install

2、实际中还有这个错误出现:
django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: /lib/tls/libc.so.6: version `GLIBC_2.4′ not found (required by /home/yujingtao/.python-eggs/MySQL_python-1.2.3c1-py2.5-linux-i686.egg-tmp/_mysql.so
解决办法是:
vi /etc/ld.so.conf
add /home/2hei.net/mysql/lib
#ldconfig /etc/ld.so.conf

3、新建立一个Django的webapp
django-admin.py startproject myweb

4、Django的启动
#django作为独立启动
django manage.py runserver method=threaded 127.0.0.1:8080

#以FastCGI方式启动
python manage.py runfcgi method=threaded host=127.0.0.1 port=9000
因为我的Django是跟nginx配合使用的,所以普通用户在内网监听大于1024的端口即可
因为每次更改urls.py都需要重启一下fastcg,为了方便使用我写了一个脚本:

#!/bin/bash
#script-name: start_myweb.sh
#wirte by: 2hei at 2009/08/12
cd /home/2hei/djproject/
if [ $# -lt 1 ];then
echo “Usages: sh start_myweb.sh [start|stop|restart]”
exit 0
fi
if [ $1 = start ];then
  isrun=`ps aux|grep “manage.py runfcgi”|grep -v “grep”|wc -l`
  if [ $isrun -eq 1 ];then
    echo “dj has running!”
    exit 0
  else
    /home/python/bin/python myweb/manage.py runfcgi method=threaded host=127.0.0.1 port=9000 –settings=settings
  fi
elif [ $1 = stop ];then
  djid=`ps aux|grep “manage.py runfcgi”|grep -v “grep”|awk ‘{print $2}’`
  kill -9 $djid
elif [ $1 = restart ];then
  djid=`ps aux|grep “manage.py runfcgi”|grep -v “grep”|awk ‘{print $2}’`
  kill -9 $djid
  /home/python/bin/python myweb/manage.py runfcgi method=threaded host=127.0.0.1 port=9000 –settings=settings
else
  echo “Usages: sh start_myweb.sh [start|stop|restart]”
fi

5、关于nginx解析Django静态文件的处理
nginx.conf

        location /media/ {
                root /home/2hei.net/djproject/myweb;
                break;
        }

cp -r /home/python/lib/python2.5/site-packages/django/contrib/admin/media/ /home/2hei.net/djproject/myweb/
Django管理界面:
dj-admin.JPG

6、因为需要用到memcache,所以memcach与Django进行了结合:
urls.py
urlpatterns = patterns(”,
    (r’^admin/’, include(admin.site.urls)),
    (r’^status/cache/$’, ‘myweb.memcached_status.view’),

settings.py
CACHE_BACKEND = ‘memcached://127.0.0.1:11211/’

dj-memcache.JPG

—————end——————-

分类: others 标签: ,

nginx 的debug模式

2009年8月9日 评论已被关闭

编译的时候添加:

–with-debug

 nginx.conf中的配置:

error_log  logs/error.log debug;

#master_process  off;
daemon          off;
daemon off;            

说明:
master_process  on; 
Do not use the “daemon” and “master_process” directives in a production mode, these options are mainly used for development only. You can use  daemon off  safely in production mode with runit / daemontools however you can’t do a graceful upgrade.  master_process off  should never be used in production.

生产环境中不要使用”daemon”和”master_process”指令,这些选项仅用于开发调试。

分类: OpenSource 标签: