Is there a problem with my nginx.conf?

sastro · August 25, 2010, 8:07pm

Hi,

I’m new with nginx, so i just copy paste my nginx.conf from some
resources on internet. I just want to know if there’s any mistakes or
wrong configuration. Here it is

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


#----------------------------------------------------------------------
# Events Module
#
#   http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------

events {
    worker_connections  1024;
}


#----------------------------------------------------------------------
# HTTP Core Module
#
#   http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local]
"$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

  gzip              on;
  gzip_buffers      16 8k;
  gzip_comp_level   9;
  gzip_proxied any;
  gzip_http_version 1.0;
  gzip_min_length   1100;
  gzip_types text/plain text/css application/x-javascript text/xml
application/xml
  application/xml+rss text/javascript;
  gzip_vary         on;

# Load config files from the /etc/nginx/conf.d directory
  proxy_cache_path  /var/log/cache levels=1:2 keys_zone=my-cache:8m
max_size=1000m inactive=600m;
  proxy_temp_path /var/log/cache/tmp;

    include /etc/nginx/conf.d/*.conf;
    #
    # The default server
    #

server {
        listen       184.82.20.181:80;
        server_name  mywebsite.com;
    charset utf-8;

access_log /var/log/nginx/mywebsite.access.log  main;

#Serve Static Files
location ~ \.(ico|css|js|png|jpg|gif)$ {
root /home/mywebsite/public_html;
expires max;
access_log off;
proxy_cache my-cache;
proxy_cache_valid  200 302  600m;
proxy_cache_valid  404      600m;
}

#Serve XML Files
location ~ \.xml {
root /home/mywebsite/public_html;
proxy_cache my-cache;
proxy_cache_valid  200 302  20m;
proxy_cache_valid  404      600m;
}

location / {
    if (-f $request_filename) {
        break;
      }
    if (-f $request_filename.html) {
        rewrite (.*) $1.html break;
      }

#Block access to contact.php
location ~* (contact|ontact)\.php$ {
return 444;
access_log off;
}


proxy_pass  http://127.0.0.1:8008;
expires 15m;
proxy_hide_header Pragma;
proxy_hide_header Cache-Control;
proxy_cache my-cache;
proxy_cache_valid  200 301 302  15m;
proxy_cache_valid  404 600m;
proxy_cache_use_stale  error timeout invalid_header updating http_500
http_502 http_503 http_504;

#Block bad bot
  if ($http_user_agent ~*
(libwww-perl|libcurl|wget|discobot|Exabot|Casper|kmccrew|plaNETWORK|RPT-HTTPClient))
{
    return 444;
    access_log off;
     }
#Block No user agent
   if ($http_user_agent = "") {
   return 444;
   access_log off;
   }
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300;
proxy_send_timeout 300;
 }

#error page
        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

}

Thanks in advanced

Posted at Nginx Forum:

sastro · August 25, 2010, 8:17pm

On Wed, Aug 25, 2010 at 02:06:30PM -0400, sastro wrote:

#error_log /var/log/nginx/error.log notice;
#----------------------------------------------------------------------

gzip_http_version 1.0;

access_log /var/log/nginx/mywebsite.access.log main;
    break; 
access_log off;
error_page 404 /404.html;
}

[/code]

Thanks in advanced

I see at least one problem: the configuration is unreadable, it has
very bad formating.

–
Igor S.
http://sysoev.ru/en/

sastro · October 28, 2010, 5:00pm

hi
i am running ngnix with perl module for IMAP/POP, but i am not getting
the source remote address from where user is authenticating.
my conf:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local]

$request ’
'“$status” $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;
perl_modules  perl/lib;
perl_require  mailauth.pm;
server {
   listen 8880;
   location /auth {
      perl  mailauth::handler;
   }
}

}

mail {
auth_http 127.0.0.1:8880/auth;
auth_http_timeout 6000;

pop3_capabilities “TOP” “USER”;
imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {
listen 110;
protocol pop3;
proxy on;
auth_http_header X-Auth-Port 110;
}
server {
listen 143;
protocol imap;
proxy on;
auth_http_header X-Auth-Port 143;
}
}

my mailauth.pm handler function on nginx server 192.168.1.1:
sub handler {
my $r = shift;
$r->header_out(“Auth-Status”, “OK”);
$r->header_out(“Auth-Server”, ‘192.168.1.2’);
$r->header_out(“Auth-Port”, ‘143’);
$r->send_http_header(“text/html”);
warn 'H: ',$r->remote_addr;
return OK;
}

from 192.168.1.3
telnet 192.168.1.1 143
. login user1 pass1
. OK [CAPABILITY IMAP4 IMAP4rev1 logged in

on 192.168.1.1 tail -f /var/log/nginx/error_log
H: 127.0.0.1 at /usr/share/nginx/perl/lib/mailauth.pm line 59.

actually i have to get 192.168.1.3
how to get this remote_addr can u plz help me.

Posted at Nginx Forum:

sastro · October 28, 2010, 5:19pm

Hello!

On Thu, Oct 28, 2010 at 10:59:21AM -0400, moorthi wrote:

i am running ngnix with perl module for IMAP/POP, but i am not getting
the source remote address from where user is authenticating.

[…]

from 192.168.1.3
telnet 192.168.1.1 143
. login user1 pass1
. OK [CAPABILITY IMAP4 IMAP4rev1 logged in

on 192.168.1.1 tail -f /var/log/nginx/error_log
H: 127.0.0.1 at /usr/share/nginx/perl/lib/mailauth.pm line 59.

actually i have to get 192.168.1.3
how to get this remote_addr can u plz help me.

Connection to auth_http server is obviously from nginx, not
client. Client’s ip address as seen on nginx mail proxy is
available in Client-IP header.

Maxim D.

sastro · October 29, 2010, 9:58am

thanks a lot, Client-IP header worked for me.

Posted at Nginx Forum:

sastro · November 1, 2010, 9:22am

Hi,
now the problem is on nginx server(192.168.1.1) if i do
telnet localhost 143
. login user1 pass1
. OK [CAPABILITY IMAP4 User logged in
. select inbox

FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen *)]
* 0 EXISTS
…
if i do telnet to actual imap host(192.168.1.2)
telnet 192.168.1.2 143
. login user1 pass1
. OK [CAPABILITY IMAP4 User logged in
. select inbox
FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen *)]
* 1 EXISTS
…

and no error in nginx logs
nginx -V output is
nginx version: nginx/0.6.28
built by gcc 4.1.2 20071124 (Red Hat 4.1.2-42)
configure arguments: --user=nginx --group=nginx
–prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–http-client-body-temp-path=/var/lib/nginx/tmp/client_body
–http-proxy-temp-path=/var/lib/nginx/tmp/proxy
–http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
–pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx
–with-http_ssl_module --with-http_realip_module
–with-http_addition_module --with-http_sub_module
–with-http_dav_module --with-http_flv_module
–with-http_gzip_static_module --with-http_stub_status_module
–with-http_perl_module --with-mail --with-mail_ssl_module
–with-cc-opt=-O2 -g
–add-module=/usr/src/redhat/BUILD/nginx-0.6.28/nginx-upstream-fair

Posted at Nginx Forum:

sastro · November 1, 2010, 10:04am

thanx, ur right, sorry it’s my auth coding problem

Posted at Nginx Forum:

sastro · October 9, 2013, 1:08pm

one more problem is how get original ip in authentication details of
imap-server log instead of nginx server ip.
when i see cyrus authentication log (/var/log/maillog) it shows nginx ip
as
client-ip instead of original desktop ip.

Posted at Nginx Forum:

sastro · November 1, 2010, 9:39am

Hello!

On Mon, Nov 01, 2010 at 04:21:24AM -0400, moorthi wrote:

if i do telnet to actual imap host(192.168.1.2)
telnet 192.168.1.2 143
. login user1 pass1
. OK [CAPABILITY IMAP4 User logged in
. select inbox

FLAGS (\Answered \Flagged \Draft \Deleted \Seen)

OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen *)]
* 1 EXISTS
…

nginx doesn’t execute “select” imap command by itself, it just
passes everything it got from client after login to backend
server.

You may want to re-check you auth script, most likely it returned
some other imap host to nginx.

Maxim D.

sastro · October 9, 2013, 1:18pm

other issue i’m getting is when i login thru php webmail (which connects
to
nginx for imap proxy) I am not getting original remote_addr in nginx
server,
instead i am getting 127.0.0.1, I’ve tried below header in php webmail
where
imap login happens, using
header('X-Forwarded-For: '.$_SERVER[‘REMOTE_ADDR’]);

how should i get original remote address in nginx.

Posted at Nginx Forum: