I've never used Linux or Raspberry Pi before but I bought one in order to create my own RTMP server. I made one with NGINX and got it working. Now I'm trying to incorporate NOALBS for more functionality. I renamed my working .conf to nginx-old.conf and copied in the NOALBS .conf and now NGINX fails with this error.
nginx: [emerg] unknown directive "rtmp_stat" in /etc/nginx/nginx.conf:26
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx.service: Control process exited, code=exited, status=1/FAILURE
nginx.service: Failed with result 'exit-code'.
My .conf is as follows:
worker_processes 1;
events {
worker_connections 1024;
}
http {
sendfile off;
tcp_nopush on;
directio 512;
include mime.types;
default_type application/octet-stream;
ignore_invalid_headers on;
log_format compression '';
server {
listen 80;
server_name localhost;
# This URL provides RTMP statistics in XML
location /stat {
if ($request_method = "GET") {
add_header "Access-Control-Allow-Origin" *;
}
rtmp_stat all;
# Use this stylesheet to view XML as web page
# in browser
rtmp_stat_stylesheet /stat.xsl;
}
location /stat.xsl {
# XML stylesheet to view RTMP stats.
# Copy stat.xsl wherever you want
# and put the full directory path here
# root /path/to/stat.xsl/;
root /var/www/html/stat.xsl;
}
location /control {
rtmp_control all;
}
}
}
rtmp {
log_format compression '';
server {
listen 1935;
ping 30s;
notify_method get;
chunk_size 8192;
ack_window 8192;
sync 4ms;
interleave on;
access_log logs/rtmp-access.log compression;
# Stream to "rtmp://IPHERE/publish/live".
application publish {
live on;
wait_video on;
wait_key on;
exec_options on;
publish_notify on;
play_restart on;
drop_idle_publisher 4s;
idle_streams off;
sync 4ms;
interleave on;
}
}
}
The only thing I've edited is actually adding the stat.xsl path and my Pi's IP address (which I've scrubbed here). Can anyone help me out?
Add this header :
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
Related
I try to put a nodejs application in production using a nginx server when I test locally everything works fine but when I put on line I have an infinite load of some particular assets
here is my nodejs configuration file
upstream beauteadom_me {
server localhost:3000;
}
server {
listen 80;
listen [::]:80;
server_name beauteadom.me www.beauteadom.me;
location ~ /\.well-known/acme-challenge {
allow all;
}
root /var/www/beauteadom.me;
location / {
return 301 https://www.beauteadom.me$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
http2_push_preload off;
server_name www.beauteadom.me;
root /var/www/beauteadom.me;
error_log /var/log/nginx/beauteadom.me.log notice;
access_log off;
location / {
http2_push_preload off;
add_header X-Content-Type-Options nosniff;
proxy_pass http://beauteadom_me;
}
location /websocket/ {
proxy_pass http://beauteadom_me;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~* \.(html|css|js|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
expires max;
proxy_pass http://beauteadom_me;
}
location ~ /\. { deny all; }
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_comp_level 2;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
access_log off;
error_log /var/log/nginx/error.log crit;
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
pagespeed on;
pagespeed FetchHttps enable,allow_self_signed;
pagespeed FileCachePath /var/ngx_pagespeed_cache;
pagespeed RewriteLevel OptimizeForBandwidth;
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
}
here's what i get in my chrome browser console
I think it's definitely one to one nginx security setting given that i do not have this problem locally
I already googling too much please I need your help. thank you in advance
I am attempting to benchmark the perf of my rest API endpoint. It's a node/mongdb endpoint with a pretty nasty aggregate query - a few unwraps, groups and a lookup. I am using Apache Bench (ab) to test it perf under 100 concurrency 1000 times. My issue: I am getting different results based on where I run the ab test:
localhost:3000/api_endpoint/ using ngrok to tunnel it = I am
getting around 50 requests per second.
Running the test on the
production app server directly where the app is hosed I am seeing
6000 requests per second.
Running it from my web server/reverse proxy I am seeing similarly 5000reqs per second -if I use a relative path to the API.
NOW: If I run the same test on the web server
but this time use the domain name instead or run it from local dev
machine but hitting the domain, now it drops to 9 requests per
second.
What can I deduce this? To me, It seems the query must not be that nasty if I am getting such high perf when I hit it directly. It seems I either have something configured wrong in my nginx.conf file for handing my domain requests or there is a DNS resolution problem? Its an exotic TLD (.ly) could that be it? Where should I look?
Edit: Adding my nginx.conf file for analysis:
user www-data;
worker_processes 1;
#error_log /log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
#include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
#optimizations per digitalOcean
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
#compression
gzip on;
gzip_disable "msie6";
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/x-javascript text/xml text/css application/xml application/json text/xml application/xml+rss application/javascript text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
access_log off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
#redirect to https
server {
server_name www.staq.ly staq.ly getstackrank.com www.getstackrank.com;
return 301 https://staq.ly;
}
server {
listen 80;
listen 443 ssl;
server_name staq.ly;
ssl_certificate /etc/nginx/ssl/staqly.crt;
ssl_certificate_key /etc/nginx/ssl/staqly.key;
root /var/local;
location ~ ^/(sitemap.xml) {
}
location ~ ^/(robots.txt) {
}
location ~ ^/(googlee828ea2f1ef594b3.html) {
}
location / {
try_files $uri #prerender;
}
location #prerender {
proxy_set_header X-Prerender-Token XXXXXXXX;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff|svg|eot)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
# rewrite .* /index.ejs break; # Throw away the path because this is a single page web app with only an index.html
proxy_pass http://10.132.126.36:3000;
}
}
}
}
I've got nginx running in docker as a reverse proxy and have been for some time - and it works wonderfully, short of one little issue I've recently seen crop up.
What I'd like: when a user gets to my nginx server and there isn't a .conf file specified for the URL, either 404/444 or some other HTTP response that drops the connection.
What I'm seeing: when a user navigates to sudomain.url.com and that subdomain isn't specified in any of my *.conf files, nginx uses the first conf file it finds - ignoring the default.conf. Find my details below.
Any other tips/tricks you can provide would be awesome as well!
nginx.conf:
user nginx;
worker_processes 1;
error_log /etc/nginx/log/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /etc/nginx/log/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 70;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
default.conf:
server {
server_name _;
listen 80 default_server;
return 444;
}
server {
server_name _;
listen 443 default_server;
return 444;
}
Example of a conf file (there are maybe a dozen of these):
server {
listen sub.domain.com:80;
server_name sub.domain.com;
return 302 https://sub.domain.com$request_uri;
}
server {
listen sub.domain.com:443;
server_name sub.domain.com;
ssl_certificate /etc/nginx/keys/ssl.pem;
ssl_certificate_key /etc/nginx/keys/ssl.key;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC4-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/keys/dhparams.pem;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
location / {
proxy_pass http://10.0.1.4:81;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I haven't actually tested this but my gut feeling is that your listen directives shouldn't contain a host name. They should contain the IP address of the interface you want to be listening on and the port you want to be listening to. Then for each different port/IP combination you can specify one of them as the default.
Only after resolving which IP address did the request go to and which port was it on, nginx begins to actually process the request. The first step here is to check the Host header, if it finds a matching server block for the value of the host header then that's where it should route. If it doesn't find one then it should route to the default.
If there is no host header being received then, I think, in more recent versions of nginx it will drop the request, however it would previously just handle this by sending to the default server for the IP/port combo.
Below is an nginx.conf which gives me working endpoints for named servers and returns 404 for everything else. Due to HSTS headers you need to hit test.se{1,2,3,4}.home-v.ind.in to see it work or you will just get back a browser error.
user nginx;
worker_processes auto;
error_log stderr notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 300s;
ssl_certificate /etc/pki/nginx/fullchain.pem;
ssl_certificate_key /etc/pki/nginx/privkey.pem;
ssl_dhparam /etc/pki/nginx/dhparams.pem;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1400;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/pki/nginx/fullchain.pem;
add_header "Cache-Control" "no-transform";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
resolver_timeout 2s;
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name test.se1.home-v.ind.in;
root /usr/share/nginx/html;
location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; }
location /robots.txt { satisfy any; allow all; add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; }
location / { satisfy any; allow all; add_header Content-Type text/plain; return 200 "Test Site 1"; }
}
server {
listen 443 ssl http2;
server_name test.se2.home-v.ind.in;
root /usr/share/nginx/html;
location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; }
location /robots.txt { satisfy any; allow all; add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; }
location / { satisfy any; allow all; add_header Content-Type text/plain; return 200 "Test Site 2"; }
}
server {
listen 443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; }
location / { return 404; }
}
}
I'm trying to set up a domain for my node project with nginx (v1.5.11), i have succesfull redirected the domain to the web, but i need to use 3000 port, so now, my web location looks like http://www.myweb.com:3000/ and of course, i want to keep only "www.myweb.com" part like this: http://www.myweb.com/
I have search and try many configurations but no one seems to work for me, i dont know why, this is my local nginx.conf file, i want to change http://localhost:8000/ text to http://myName/ text, remember that the redirect is working, i only want to "hide" the port on the location.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8000;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://localhost:8000/;
proxy_redirect http://localhost:8000/ http://myName/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
pd. I'm trying to fix it on my local windows 8 machine, but if other OS is required, my remote server works on Ubuntu 12.04 LTS
Thanks you all.
Add this to your server block:
port_in_redirect off;
E.g.
server {
listen 80;
server_name localhost;
port_in_redirect off;
}
Documentation reference.
You should also change server_name to myName. server_name should be your domain name.
You should also be listening on port 80, and then use proxy_pass to redirect to whatever is listening on port 8000.
The finished result should look like this:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.myweb.com;
location / {
proxy_pass http://localhost:8000/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Comments were removed for clarity.
Hiding the port during proxying needs these two lines in server body:
server_name_in_redirect off;
proxy_set_header Host $host:$server_port;
The conf is like:
server
{
listen 80;
server_name example.com;
server_name_in_redirect off;
proxy_set_header Host $host:$server_port;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080;
}
access_log off;
}
I am running node.js(0.8.20 and 0.9.10) on windows 2012 server. I have ran it absolutely without any problems for weeks. That was without Nginx(1.2.6) in front. With nginx in front configured like this:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream dem2 {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name dem2.cz dem2;
access_log /nginx-1.2.6/logs/dem2.log;
location / {
#proxy_pass http://127.0.0.1:8080/;
proxy_pass http://dem2/;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
}
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
}
}
On requests, I randomly get this error in Node.js app:
events.js:69
throw arguments[1]; // Unhandled 'error' event
^
Error: socket hang up
at createHangUpError (http.js:1383:15)
at ServerResponse.OutgoingMessage._writeRaw (http.js:499:26)
at ServerResponse.OutgoingMessage._send (http.js:466:15)
at ServerResponse.OutgoingMessage.end (http.js:911:18)
at SendStream.notModified (C:\dem2cz_node_app\node_modules\express\node_modules\send\lib\send.js:223:7)
at SendStream.send (C:\dem2cz_node_app\node_modules\express\node_modules\send\lib\send.js:353:17)
at SendStream.pipe (C:\dem2cz_node_app\node_modules\express\node_modules\send\lib\send.js:322:10)
at Object.oncomplete (fs.js:93:15)
Process finished with exit code 1
I suspect I have something wrong configured in Nginx, but I sure as hell don't know what it could be. Could anyone advise please?
I can post the node.js code too if you want, but it is nothing fancy, just 100 line express app for serving AngularJS static files with the option to serve HTML generated in PhantomJS when there is a bot.
There was a bugfix in 0.8.20 which significantly raised the number of "http hang-up" errors you get. They talk about it in the release notes. As #robertkelp said, it's nothing to worry about, but you should catch error events emitted by the http server to avoid crashing the server.