Custom Query (2297 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (7 - 9 of 2297)

1 2 3 4 5 6 7 8 9 10 11 12 13
Ticket Resolution Summary Owner Reporter
#1234 fixed "proxy_ssl_trusted_certificate" is loaded into memory many times when defined in "http" context. zrice57@…
Description

When enabling proxy_ssl_verify we set the proxy_ssl_trusted_certificate to the default system bundle: /etc/pki/tls/cert.pem.

This cert bundle is about 250 Kilobytes.

We have thousands of server blocks defined and all of them have a value for proxy_ssl_name defined because we use IP addresses to define upstream servers.

It seems that the cert bundle is loaded many thousands of times into memory (once for each upstream?).

Nginx typically uses ~2GB of memory, but enabling proxy_ssl_verify causes it to expand to 8GB (the system max) before being killed by the kernel.

If the proxy_ssl_trusted_certificate is changed to a single cert, the memory consumed by nginx is seemingly normal again.

#1998 duplicate SSL Stapling not preloading OCSP answer Zocker1999NET@…
Description

I use certificates by Let's Encrypt with OCSP MUST STAPLE enabled. ssl_stapling on; is enabled globally and specific in all server blocks with additional configuration. However after an restart of nginx, nginx fails to serve the OCSP data on the first request due to not preloading. This happens to all server blocks separately meaning to ensure no user of my web services is getting an error because of being the first visitor, I need to call each virtual server manually.

I used Mozilla Firefox to test this issue, and it aborts the request if the OCSP data is missing because of being the first visitor of the website. Chrome seems to ignore the flag.

#26 wontfix feature request about upstream module somebody lanshun zhou
Description

Just wonder if it's possible to change the http upstream module to a non-http module, so it will be easily used to implement load balancers for other protocols like dns_proxy/mysql_proxy that has nothing to do with http protocol.

This module is used to choose a server from many, load balancing, fault tolerance and connection caching. All these features can be commonly used for all protocols. and the round robin, hash and keepalive upstream modules are useful and can be easily reused.

or just simply change prototype of ngx_http_upstream_init_peer_pt (actually it's almost done after this) from 

typedef ngx_int_t (*ngx_http_upstream_init_peer_pt)(ngx_http_request_t *r,
    ngx_http_upstream_srv_conf_t *us);

to 

typedef ngx_int_t (*ngx_http_upstream_init_peer_pt)(ngx_http_upstream_t *upstream,
    ngx_http_upstream_srv_conf_t *us);

and add these fields to ngx_http_upstream_t 

ngx_log_t          *log;
ngx_pool_t         *pool;

thanks~

1 2 3 4 5 6 7 8 9 10 11 12 13
Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.