Custom Query (2297 matches)

Consider this conf line:

access_log /var/log/nginx/access.log combined if=0;

Works correctly when nginx run with sudo. But if not then we get the following error:

nginx: [emerg] open() "/var/log/nginx/access.log" failed (13: Permission denied)

The thing is, because the if condition is zero then surely it should not even be trying to access /var/log/nginx/access.log, or?

selamat pakai

I had to configure new server entry for simply redirecting clients with IPs from whitelist to another URL, and the rest of clients should have seen 403 Forbidden answer. Obvious configuration:

server {
  listen 80;
  server_name someserver.ru;
  allow 10.0.0.0/8;
  deny all;
  location {
    return 301 http://anotherurl.com;
  }
}

However, nginx with this configuration was returning 301 to all clients, even those not in allowed list. Tried using rewrite ^/.*$ http://anotherurl.com permanent; instead of return 301 - same results. Tried moving allow/deny into location / {}, moving return/rewrite outside location / {} (e.g. into server context) - same results. The only thing that changed this behavior was removing allow line, leaving deny all - after that server began answering 403 to all requests.

Finally I came to the following workaround:

server {
    listen 127.0.5.6:321;
    return 301 http://anotherurl.com;
}

server {
  listen 80;
  server_name someserver.ru;

  allow 10.0.0.0/8;
  deny all;

  location / {
    proxy_pass http://127.0.5.6:321;
  }
}

But that looks crutchy, doesn't it?

There are no exceptions described in documentation, so I guess this behavior of nginx is wrong and should be fixed to respect ACLs.