Results tagged “nginx” from WHO IS 2HEI?

nginx dynamic url rewrite

I have such a request, will rewrite url to google's search site,
type http://mysite/search/search.html?t=laday gaga --> http://www.google.com/search?q=lady%20gaga
I donn't want to use other tools(php/java etc.) except nginx.
For a long time googleing, finally find how to setting nginx dynamic url rewrite :)

 location /search/ {
  root   /var/2hei.net/nginx;
  if ($args){
  rewrite ^/search/search.html "http://www.google.com/search?q=$arg_t?" last;
  }
 }

and '?' is very important, or the rewrite url will add append query string,
http://mysite/search/search.html?t=laday gaga --> http://www.google.com/search?q=lady%20gaga?t=lady%20gaga
we will get wrong rewrite url.
alse we can use $query_string
 if ($query_string ~* t=(.*)){
  ...
 }


Just enjoy it!

标签:

  By 2hei on 2010年8月 6日 19:48 | | Comments (0) | TrackBacks (0)

nginx代理模式下,伪造X-Forwarded-For头的测试

测试环境: nginx+resin
IP: 内网:172.16.100.10

客户端IP:123.123.123.123


测试页面: test.jsp
<%
out.println("x-forwarded-for: " + request.getHeader("x-forwarded-for"));
out.println("remote hosts: " + request.getRemoteAddr());
%>

nginx 配置一
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试
wget -O aa --header="X-Forwarded-For:192.168.0.1" "http://2hei.net/test.jsp"
页面返回结果:
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H "X-Forwarded-For:192.168.0.1" "http://2hei.net/test.jsp"
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10


nginx 配置二
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试:
wget -O aa --header="X-Forwarded-For:192.168.0.1" "http://2hei.net/test.jsp"
页面返回结果:
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H "X-Forwarded-For:192.168.0.1" "http://2hei.net/test.jsp"
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10


测试结果:
1、配置  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
增加了一个真实ip X-Forwarded-For,并且顺序是增加到了“后面”。

2、配置  proxy_set_header X-Forwarded-For $remote_addr;
清空了客户端伪造传入的X-Forwarded-For,
保证了使用request.getHeader("x-forwarded-for")获取的ip为真实ip,
或者用“,”分隔,截取X-Forwarded-For最后的值。

标签:

  By 2hei on 2010年3月18日 16:30 | | Comments (5) | TrackBacks (0)

request.getScheme cann't get https in nginx proxy with apache

程序中为了不写死url,使用了动态获得的方式:
basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

其中: request.getScheme() return http but not https.
之前单独使用apache(https)+resin的方式正常,现在前面增加了一层nginx,发现问题来了,协议部分(Scheme)无法传过去,后台的resin无法获取到正确的值。

尝试了下面的配置,结果还是一无所获。
    proxy_redirect off;
    proxy_set_header HTTPS  on;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Url-Scheme $scheme;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Nginx-Scheme $scheme;
    proxy_set_header Scheme $scheme;
    proxy_set_header  X-FORWARDED_PROTO $scheme;
    proxy_set_header  X-FORWARDED_PROTO "https";
    proxy_set_header X-Forwarded-Scheme "https";
    proxy_set_header X-Forwarded-Proto $scheme;
    real-scheme-header     X-Forwarded-Proto;


今天下午好好google了一番,所有的帖子几乎翻了个遍,终于有所收获啦,重点是nginx配置完毕后,apache也要配置环境变量哦!
http://www.ruby-forum.com/topic/183450

nginx config:
=============
proxy_set_header X-Nginx-Scheme $scheme;
# nginx variable $scheme will be 'http' or 'https'.


apache config:
==============
SetEnvIf X-Nginx-Scheme "^https$" HTTPS=on
# Apache environment variable HTTPS will be 'on' or not defined.


测试代码如下:
<%
out.println("Protocol: " + request.getProtocol() + "<br>");
out.println("Scheme: " + request.getScheme() + "<br>");
out.println("Server Name: " + request.getServerName() + "<br>" );
out.println("Server Port: " + request.getServerPort() + "<br>");
%>

页面打印结果为,正常了!
Protocol: HTTP/1.0
Scheme: https
Server Name: 2hei.net
Server Port: 443

标签:

  By 2hei on 2010年2月21日 15:37 | | Comments (0) | TrackBacks (0)

nginx authentication

今天配置nginx的basic authentication折腾了好半天,开始error_log一直报错:
no user/password was provided for basic authentication

我是按照nginx的wiki配置的:
location  /  {
  auth_basic            "Restricted";
  auth_basic_user_file  htpasswd;
}

cat htpasswd
2hei:j3M4coizxFLDM

Since version 0.6.7 the filename path is relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory.

google了半天,发现了nginx作者Igor的一个回复:
Igor Sysoev
The HTTP Basic authentication works as following:
*) A browser requests a page without user/password.
*) A server response with 401 page, sending realm as well.
   At this stage the 401 code appears in access_log and the message
   "no user/password ..." appears in error_log.
*) The browser shows a realm/login/password prompt.
*) If a user will press cancel, then the browser will show the received
   401 page.
*) If the user enters login/password, then the browser repeats the request
   with login/password.

Then until you will exit the browser, it will send these login/password
with all requests in protected hierarchy.

赞一个,牛人果然就是牛人!

经过提示找到了罪魁祸首是error_page的配置 401 403 404 /40x.html;

error_page 401 403 404 /40x.html;
实际上是由于40x.html文件并不存在导致的。把文件建好问题得以解决!


标签:

  By 2hei on 2010年1月20日 21:11 | | Comments (0) | TrackBacks (0)

nginx+Django+memchached环境搭建备忘

系统环境
Kernal:Linux 2.6.9-78
nginx-0.7.61
pcre-7.9
Python version: 2.5.4
Django-1.1-py2.5
mysql-5.0.84
flup-1.0.2-py2.5
MySQL_python-1.2.3c1-py2.5-linux-i686
python_memcached-1.44-py2.5
setuptools-0.6c9-py2.5


1、nginx、python、mysql的安装可参考官方及网上的安装文档

2、安装django  http://www.djangoproject.com/
wget http://media.djangoproject.com/releases/1.1/Django-1.1.tar.gz
tar zxvf Django-1.1.tar.gz
cd Django-1.1
python setup.py install

3、Django以fastcgi方式启动需要
python-flup
wget http://www.saddi.com/software/flup/dist/flup-1.0.2.tar.gz
tar zxvf flup-1.0.2.tar.gz
cd flup-1.0.2
python setup.py install

4、MySQL-python-1.2.3c1.tar.gz
下载地址: http://sourceforge.net/projects/mysql-python/files/

我在安装和配置中遇到的问题:
1、mysql数据库连接:
django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: libmysqlclient_r.so.15: cannot open shared object file: No such file or directory
我曾经装过了mysql5.2,发现MYSQL_HOME/lib中没有libmysqlclient_r.so.15,倒是有libmysqlclient_r.so.16,可能是因为mysql版本比较高的缘故,或者是因为dj版本比较低??
所以我选择了mysql5.0
tar MySQL-python-1.2.3c1.tar.gz
cd MySQL-python-1.2.3c1
python setup.py build

会有如下报错:
_mysql.c:2516: error: `v' undeclared (first use in this function)
_mysql.c:2527: error: `name' undeclared (first use in this function)
_mysql.c:2528: error: `self' undeclared (first use in this function)
error: command 'gcc' failed with exit status 1
解决办法是:
vi site.cfg
# The path to mysql_config.
# Only use this if mysql_config is not on your PATH, or you have some weird
# setup that requires it.
mysql_config = /home/2hei.net/mysql/bin/mysql_config
然后接续
python setup.py build
python setup.py install


2、实际中还有这个错误出现:
django.core.exceptions.ImproperlyConfigured: Error loading MySQLdb module: /lib/tls/libc.so.6: version `GLIBC_2.4' not found (required by /home/yujingtao/.python-eggs/MySQL_python-1.2.3c1-py2.5-linux-i686.egg-tmp/_mysql.so
解决办法是:
vi /etc/ld.so.conf
add /home/2hei.net/mysql/lib
#ldconfig /etc/ld.so.conf

3、新建立一个Django的webapp
django-admin.py startproject myweb

4、Django的启动
#django作为独立启动
django manage.py runserver method=threaded 127.0.0.1:8080

#以FastCGI方式启动
python manage.py runfcgi method=threaded host=127.0.0.1 port=9000
因为我的Django是跟nginx配合使用的,所以普通用户在内网监听大于1024的端口即可
因为每次更改urls.py都需要重启一下fastcg,为了方便使用我写了一个脚本:

#!/bin/bash
#script-name: start_myweb.sh
#wirte by: 2hei at 2009/08/12
cd /home/2hei/djproject/
if [ $# -lt 1 ];then
echo "Usages: sh start_myweb.sh [start|stop|restart]"
exit 0
fi
if [ $1 = start ];then
  isrun=`ps aux|grep "manage.py runfcgi"|grep -v "grep"|wc -l`
  if [ $isrun -eq 1 ];then
    echo "dj has running!"
    exit 0
  else
    /home/python/bin/python myweb/manage.py runfcgi method=threaded host=127.0.0.1 port=9000 --settings=settings
  fi
elif [ $1 = stop ];then
  djid=`ps aux|grep "manage.py runfcgi"|grep -v "grep"|awk '{print $2}'`
  kill -9 $djid
elif [ $1 = restart ];then
  djid=`ps aux|grep "manage.py runfcgi"|grep -v "grep"|awk '{print $2}'`
  kill -9 $djid
  /home/python/bin/python myweb/manage.py runfcgi method=threaded host=127.0.0.1 port=9000 --settings=settings
else
  echo "Usages: sh start_myweb.sh [start|stop|restart]"
fi


5、关于nginx解析Django静态文件的处理
nginx.conf

        location /media/ {
                root /home/2hei.net/djproject/myweb;
                break;
        }

cp -r /home/python/lib/python2.5/site-packages/django/contrib/admin/media/ /home/2hei.net/djproject/myweb/
Django管理界面:
dj-admin.JPG














6、因为需要用到memcache,所以memcach与Django进行了结合:
urls.py
urlpatterns = patterns('',
    (r'^admin/', include(admin.site.urls)),
    (r'^status/cache/$', 'myweb.memcached_status.view'),

settings.py
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
dj-memcache.JPG

















---------------end-------------------

标签:

  By 2hei on 2009年8月14日 14:19 | | Comments (0) | TrackBacks (0)

nginx 的debug模式

编译的时候添加:

--with-debug

 nginx.conf中的配置:

error_log  logs/error.log debug;

#master_process  off;
daemon          off;
daemon off;            

说明:
master_process  on; 
Do not use the "daemon" and "master_process" directives in a production mode, these options are mainly used for development only. You can use  daemon off  safely in production mode with runit / daemontools however you can't do a graceful upgrade.  master_process off  should never be used in production.

生产环境中不要使用"daemon"和"master_process"指令,这些选项仅用于开发调试。

标签:

  By 2hei on 2009年8月 9日 15:38 | | Comments (0) | TrackBacks (0)

标签