Timeline



07/04/16:

12:02 Ticket #814 (Support for parallel ECDSA / RSA certificates) updated by Maxim Dounin
LibreSSL doesn't have support for multiple certificate chains and …
11:02 Ticket #1000 (Domain-relative redirects doesn't work, they are absolute instead) updated by Ilyas Bakirov
Yes, nginx does not know public origin behind proxy. It only knows …

07/03/16:

21:36 Ticket #814 (Support for parallel ECDSA / RSA certificates) updated by david.sardari@…
And some additional info. As you can see both ECDSA and RSA based …
21:18 Ticket #814 (Support for parallel ECDSA / RSA certificates) updated by david.sardari@…
Some additional info about my Gentoo Linux Nginx server: […] …

07/02/16:

12:31 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by raeesiqbal@…
Oh! I see, thanks for explaining.
12:05 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by Maxim Dounin
And the summary of the #936 says "For security purposes it is …

07/01/16:

23:40 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by raeesiqbal@…
Replying to mdounin: > And that's why this ticket is …
22:21 Ticket #1017 (Custom Error page not possible if uri contains % + Special Character) closed by Maxim Dounin
invalid: The % character is only valid in URI if followed by two hexadecimal …
22:19 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by Maxim Dounin
Replying to raeesiqbal@…: > The purpose of this patch is …
21:17 nginx_server_name.patch attached to Ticket #1011 by raeesiqbal@…
Replace occurrences of string 'nginx' and NGINX_VER with new constants
21:01 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by raeesiqbal@…
Nevermind, there was an issue with HTTP/2 module but it has been …
20:43 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by raeesiqbal@…
@vbart I've just updated the patch and have confirmed it to be working …
20:21 Ticket #1017 (Custom Error page not possible if uri contains % + Special Character) created by rcorinth.googlemail.com@…
If a user calls a not existing website on my server my application …
19:16 Ticket #1014 (RFC 7230 Compliance: Err 400 on space+colon for header field separator) updated by regilero
OK, but the problem is not this specific character. It's more about …
18:22 Ticket #1014 (RFC 7230 Compliance: Err 400 on space+colon for header field separator) updated by Maxim Dounin
There are 256 different 1-byte characters, and only about 70 of them …
17:56 Ticket #814 (Support for parallel ECDSA / RSA certificates) updated by Maxim Dounin
The error reported suggests that you are using an old OpenSSL (before …
17:51 Ticket #1014 (RFC 7230 Compliance: Err 400 on space+colon for header field separator) updated by regilero
Well, at least it would prevent innocent errors from bad http client …
17:44 Ticket #1015 (image_filter module failure to perform image_filter_jpeg_quality step) closed by Maxim Dounin
invalid: The image_filter_jpeg_quality directive isn't a step, is't a …
17:36 Ticket #1016 (limit_except accepts multiple methods but docs don't say so) closed by Maxim Dounin
invalid: The syntax provided in the documentation is as follows: […] The …
17:07 Ticket #1014 (RFC 7230 Compliance: Err 400 on space+colon for header field separator) updated by Maxim Dounin
Current nginx behaviour predates RFC 7230 by years and universally …
16:18 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by Valentin V. Bartenev
Could you clarify the purpose of this change? Your patch breaks the …
13:44 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by raeesiqbal@…
bump.…
12:43 Ticket #1016 (limit_except accepts multiple methods but docs don't say so) created by Gawin
The …
09:32 Ticket #1015 (image_filter module failure to perform image_filter_jpeg_quality step) created by Robert Kenny
When nginx is built from source to include the image_filter module as …

06/30/16:

17:23 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by raeesiqbal@…
This ticket is completely different from ticket #936, which talks …
15:57 Ticket #1014 (RFC 7230 Compliance: Err 400 on space+colon for header field separator) created by regilero
https://tools.ietf.org/html/rfc7230#section-3.2.4 > No whitespace is …
15:20 Ticket #814 (Support for parallel ECDSA / RSA certificates) updated by david.sardari@…
I got my RSA and ECDSA certificates from Let's Encrypt. So, both …
15:13 Ticket #1013 (problem on restart nginx) created by gianmarco.carrieri.musement.com@…
Hi all, we have some nginx on production environment. I have see this …
14:22 Ticket #1012 (Allow changing 'Server' header in HTTP/2) closed by Maxim Dounin
duplicate: Duplicate of #1011.
14:18 Ticket #1012 (Allow changing 'Server' header in HTTP/2) created by raeesiqbal@…
The 'server' header has been hardcoded for HTTP/2 with `u_const …
13:02 Ticket #1011 (Allow changing 'Server' header in HTTP/2) closed by Maxim Dounin
duplicate
13:02 Ticket #1011 (Allow changing 'Server' header in HTTP/2) updated by Maxim Dounin
Duplicate of #936. Please also note that referring to identifiers in …
12:38 Ticket #1011 (Allow changing 'Server' header in HTTP/2) created by raeesiqbal@…
Commit 531e6fbfd6c785a7b42c285c12d3f0721cc989c7 introduced HPACK …
09:56 Ticket #1010 (Invalid request sent when serving error pages from upstream) created by sorin-manole@…
The bug appears when request_body_buffering is off (but maybe not …

06/29/16:

20:12 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
The RFC 2616 is foggy in some places. However, RFC 7231 attempts to …
18:21 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
The first option is basically identical to what RFC 2616 recommends in …
17:37 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
After researching the RFC, I agree with you about the second option. …
17:07 Ticket #1006 (two more server listen 443(ssl), none-default server's ...) updated by Maxim Dounin
Replying to cjhust1986@…: > if we parse tlsext server_name …
16:38 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
The only thing to do with the rest of body bytes after an error is to …
15:19 Ticket #1009 (Upstream sent invalid header while reading response header from upstream) closed by Maxim Dounin
worksforme: Unless you have some additional information to support the idea there …
15:18 Ticket #1009 (Upstream sent invalid header while reading response header from upstream) updated by Maxim Dounin
The error suggests there is NUL character or stray CR character (not …
14:52 Ticket #1008 (Nginx ignores reload) closed by Maxim Dounin
worksforme: Normal nginx behaviour is to reject a configuration if there are any …
14:11 Ticket #1007 (Version 1.10.0->1.10.1 config with alias with versioning failed to work) updated by gegepola@…
Thank you for the quick answer. I modified all of these entries in my …
13:11 Ticket #1007 (Version 1.10.0->1.10.1 config with alias with versioning failed to work) closed by Maxim Dounin
duplicate: Changes between 1.10.0 and 1.10.1 do not affect the above …
12:45 nginx.configuration.txt attached to Ticket #1009 by artursenk@…
Nginx configuration
12:44 curl_java.txt attached to Ticket #1009 by artursenk@…
A direct curl to Java microservice
12:44 curl_nginx.txt attached to Ticket #1009 by artursenk@…
Curl with nginx as a reverse proxy
12:40 Ticket #1009 (Upstream sent invalid header while reading response header from upstream) created by artursenk@…
Some background: in our solution we've got several Java microservices …
11:42 nginx.conf attached to Ticket #1008 by Anton T
main config
11:41 Ticket #1008 (Nginx ignores reload) created by Anton T
Good day. We've bumped with the problem, when nginx don't update …
08:57 Ticket #1007 (Version 1.10.0->1.10.1 config with alias with versioning failed to work) created by gegepola@…
I was upgrading from 1.10.0 to 1.10.1 and nginx was getting failed to …
03:15 Ticket #1006 (two more server listen 443(ssl), none-default server's ...) updated by cjhust1986@…
if we parse tlsext server_name (ssl_scan_clienthello_tlsext) before …

06/28/16:

22:42 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Hmmm... there seems to be some confusion still. Why would the Amazon …
22:30 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
Again: there is no "Amazon ELB to nginx timeout incompatibility". …
21:26 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
The reason I'm setting 'Content-Length' to an incorrect value is …
21:19 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
By manually defining "Content-Length" to an incorrect value you …
21:04 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Here another example of how nginx confuses the httpie [1] client: …
20:52 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
"Fixing the client is a correct way to go if you want problems to be …
20:37 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
Replying to simonhf@…: > However, at this point the …
20:35 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Interestingly, the current nginx behavior of a TCP connection drop to …
20:26 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Here's what the nginx timeout looks like with and without the patch: …
20:09 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
FYI I've been working on a small patch which works as follows: If the …
19:55 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Maybe we are talking about the same thing? When I say the "request is …
18:27 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
Monitoring a connection for errors is not the same as "signal that the …
18:01 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
"there is no way to "signal that the 1st request is finished"" This …
16:48 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
In HTTP/1.x there is no way to "signal that the 1st request is …
16:23 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Thanks for the comments. Disclaimer: The perl code is just a quick …
14:47 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
The perl code in question does the following: 1. sends part of a …
14:16 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Thanks for looking at the perl code in case there's a bug in it. …
11:04 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
It looks like the problem is in the client then: it fails to send the …
01:30 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
FYI Amazon is also refusing to change / fix anything. They say the …

06/27/16:

18:39 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
WRT 504: I agree with you that 504 is perhaps not the best choice. …
18:29 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
From what you describe it looks like ELB just screws up protocol …
18:01 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Would it be possible to add an option to nginx to switch on sending …
16:55 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
Returning a response in case of timeouts almost always doesn't make …
16:17 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by simonhf@…
Why is it preferred to drop the connection (potentially upsetting the …
12:59 Ticket #1003 (Growing amount of active connections with http/2) updated by Valentin V. Bartenev
This problem is likely similar to the one that has been already …
12:58 http2_socket_leak.patch attached to Ticket #1003 by Valentin V. Bartenev
12:25 Ticket #1006 (two more server listen 443(ssl), none-default server's ...) closed by Maxim Dounin
wontfix: Yes, that's expected behaviour. Sessions are saved/restored by OpenSSL …
12:17 Ticket #1005 (client_body_timeout does not send 408 as advertised) updated by Maxim Dounin
Component changed
Yes, no 408 response is returned. That's expected behaviour, …
03:16 Ticket #1006 (two more server listen 443(ssl), none-default server's ...) created by cjhust1986@…
server{ listen 443 ssl default_server; server_name a.com; ... …

06/25/16:

08:50 Ticket #1000 (Domain-relative redirects doesn't work, they are absolute instead) updated by zakjan@…
Because the inner nginx behind a reverse proxy doesn't know the public …

06/24/16:

23:54 nginx.conf attached to Ticket #1005 by simonhf@…
Minimally modified nginx.conf for reproducing the bug.
23:53 Ticket #1005 (client_body_timeout does not send 408 as advertised) created by simonhf@…
client_body_timeout [1] docs says "If a client does not transmit …
19:21 Ticket #1004 (try_files outside of location{} triggered when no location{} matches) created by stackoverflow.com/users/1336044/martin
Please, specify in: …

06/22/16:

14:28 Ticket #1003 (Growing amount of active connections with http/2) updated by Valentin V. Bartenev
Could you provide configuration and a …
12:49 Bildschirmfoto 2016-06-22 um 14.43.12.png attached to Ticket #1003 by Matthias Baur
Screenshot 4 - Monitoring System
12:48 Bildschirmfoto 2016-06-22 um 14.42.28.png attached to Ticket #1003 by Matthias Baur
Screenshot 3 - Monitoring System
12:48 Bildschirmfoto 2016-06-22 um 14.41.40.png attached to Ticket #1003 by Matthias Baur
Screenshot 2 - Monitoring System
12:48 Bildschirmfoto 2016-06-22 um 14.40.28.png attached to Ticket #1003 by Matthias Baur
Screenshot 1 - Monitoring System
12:47 Ticket #1003 (Growing amount of active connections with http/2) created by Matthias Baur
We're running a couple of Nginx HTTP load balancer. Since upgrading to …
10:39 Ticket #1002 (worker process 9255 exited on signal 11 (core dumped)) updated by Valentin V. Bartenev
Could you reproduce it without 3rd-party modules?

06/21/16:

20:07 Ticket #1002 (worker process 9255 exited on signal 11 (core dumped)) created by Bruno Bigras
I have no idea what happened and how to reproduce. I think I only had …
15:34 Ticket #1001 (Nginx error with php socket) closed by Maxim Dounin
worksforme: From your description it looks like a packaging and/or configuration …
15:29 Ticket #1001 (Nginx error with php socket) created by adm.repositorio@…
I have a server with CentOS 7, my bug report, reports that on install …

06/20/16:

16:39 Ticket #1000 (Domain-relative redirects doesn't work, they are absolute instead) updated by Ilyas Bakirov
why not using: […]
14:08 Ticket #1000 (Domain-relative redirects doesn't work, they are absolute instead) created by zakjan@…
Nginx configuration: […] Expected result: GET …
13:48 Ticket #999 (sub_filter does not uncompress the data first) closed by Maxim Dounin
wontfix
13:43 Ticket #998 (Intermediate cert is not sent to client with recent) closed by Maxim Dounin
invalid: The cert-chain.pem-new file is obviously corrupted, it doesn't contain …

06/17/16:

22:31 Ticket #999 (sub_filter does not uncompress the data first) updated by h4ck3rm1k3@…
Perfect!
16:12 Ticket #999 (sub_filter does not uncompress the data first) updated by Ilyas Bakirov
Disable gzip on backend side or inform backend side's content …
12:11 Ticket #999 (sub_filter does not uncompress the data first) created by h4ck3rm1k3@…
I am setting up a reverse proxy, the data is compressed and the …
05:45 Ticket #996 (nginx memory leak) updated by enjoychange@…
Hi vbart, thanks for your help. I have provided the update to END …

06/16/16:

20:11 verify-old-cert.txt attached to Ticket #998 by jhoblitt@…
openssl verify output with old cert
20:10 verify-new-cert.txt attached to Ticket #998 by jhoblitt@…
openssl verify output with new cert
20:10 nginx-debug-old-cert.2.txt attached to Ticket #998 by jhoblitt@…
openssl s_client trace with old cert
20:10 s_client-new-cert.txt attached to Ticket #998 by jhoblitt@…
openssl s_client trace with new cert
20:09 root-chain.pem attached to Ticket #998 by jhoblitt@…
ssl_trusted_certificate (shared between new/old cert)
20:09 nginx-debug-old-cert.txt attached to Ticket #998 by jhoblitt@…
ngin vhost debug log with old cert
20:08 nginx-debug-new-cert.txt attached to Ticket #998 by jhoblitt@…
ngin vhost debug log with new cert
20:08 jenkins.conf attached to Ticket #998 by jhoblitt@…
nginx vhost conf
20:08 cert-chain.pem-old attached to Ticket #998 by jhoblitt@…
old tls cert
20:08 cert-chain.pem-new attached to Ticket #998 by jhoblitt@…
new tls cert
20:07 Ticket #998 (Intermediate cert is not sent to client with recent) created by jhoblitt@…
I was preparing to replace a Alphassl DV wildcard TLS cert issued last …

06/15/16:

09:40 Ticket #996 (nginx memory leak) updated by Valentin V. Bartenev
Could you try without the 3rd-party module? See also: …
02:44 Ticket #996 (nginx memory leak) updated by enjoychange@…
Customer's version is nginx/1.8.0. We reproduce it in the lab, the …
02:40 nginx.conf attached to Ticket #996 by enjoychange@…
please find the nginx configuration attached
02:30 Ticket #996 (nginx memory leak) updated by enjoychange@…
[root@messagepush-05 sbin]# ./nginx -V nginx version: nginx/1.8.0 …

06/14/16:

12:34 Ticket #997 ($body_bytes_sent compute bigger in HTTP2.0 then HTTP1.X) closed by Valentin V. Bartenev
wontfix: A quote from …
12:17 Ticket #996 (nginx memory leak) updated by Valentin V. Bartenev
Could you provide configuration and output of nginx -V?
12:13 Ticket #995 (The probable error in ngx_conf_parse (ngx_palloc?) implementation) closed by Valentin V. Bartenev
invalid
10:34 Ticket #997 ($body_bytes_sent compute bigger in HTTP2.0 then HTTP1.X) created by cjhust1986@…
source file:2000Byte; HTTP1.0/HTTP1.1: $body_bytes_sent = 2000byte, I …
05:53 reproduceIssue.png attached to Ticket #996 by enjoychange@…
reproduce the issue in the lab
05:50 nginx-memory-leak.txt attached to Ticket #996 by enjoychange@…
05:44 Ticket #996 (nginx memory leak) created by enjoychange@…
Hello, I am from Microsoft azure team. One of our customers deploys …

06/12/16:

01:15 Ticket #995 (The probable error in ngx_conf_parse (ngx_palloc?) implementation) updated by Dmitry Afanasiev
hmm... after remove --crossbuild=win32 and rebuild whith uname …

06/11/16:

19:07 Ticket #860 (NGINX 1.9.9 fails to build against OpenSSL 1.1.0) updated by rugk@…
In my test nginx 1.11.1 does now compile fine with OpenSSL 1.1.0-pre5.
14:33 Ticket #995 (The probable error in ngx_conf_parse (ngx_palloc?) implementation) created by Dmitry Afanasiev
Enviroment: * nginx build with --crossbuild=win32 switch using VS2013 …

06/08/16:

18:31 Ticket #994 (perl_require directive has effect only at first config) created by KES777@…
my configs are included as: include /etc/nginx/sites-enabled/*.conf; …

06/07/16:

10:46 Ticket #959 (Permit post before acking settings) updated by driskell@…
Replying to waqark3389@…: > Any plans to put this patch …

06/06/16:

17:44 Ticket #993 (support for X25519 in ssl_ecdh_curve) updated by Wonderfall@…
I already asked them, they replied that they removed it as they don't …
12:38 Ticket #993 (support for X25519 in ssl_ecdh_curve) closed by Maxim Dounin
wontfix: It looks like BoringSSL people took their own way of supporting …

06/04/16:

19:04 Ticket #992 (proxy_next_upstream broken since 1.9.13 including stabe 1.10.1) closed by Ruslan Ermilov
worksforme: When updating, it's a good idea to read the changes. Changes with …
10:59 Ticket #993 (support for X25519 in ssl_ecdh_curve) created by Wonderfall@…
I use nginx statically linked against BoringSSL, which supports …
Note: See TracTimeline for information about the timeline view.