Categories
Nginx

Nginx 1.2.0 with Naxsi 0.45 and Passenger 3.0.12

Dotdeb’s packages of the long-awaited Nginx 1.2.0 are now available for Debian 6.0 “Squeeze” (amd64/i386) in five flavors : nginx-light, nginx-naxsi, nginx-full, nginx-passenger and nginx-extras.

This is a major release with a lot of improvements since the former 1.0 branch. Please take a look at Nginx’ official Changelog before upgrading.

On the Dotdeb side :

  • Naxsi, a high performance, low rules maintenance, Web Application Firewall module, has been upgraded to its 0.45 version. Please read its documentation fore more info.
  • Passenger has been upgraded to its 3.0.12 version.
  • Because nginx-passenger is now dedicated to Passenger, nginx-extras does not contain it anymore. Don’t forget to backup your configuration files when switching from nginx-extras to nginx-passenger.

If you want to know which module has been included in each Nginx flavor, you just have to look at this useful document.

34 replies on “Nginx 1.2.0 with Naxsi 0.45 and Passenger 3.0.12”

Hello,

is there a way to add Naxsi to nginx-full?
or I just need to replace nginx-full with nginx-extra ?

Thank you for nice additions !:)

Thanks for nginx-extras. Now I don’t need to build it on my own for the mp4 module. 😀

this version causes redirect loop this simple rewrite code on CodeIgniter.

if (-f $request_filename) {
# expires max;
break;
}

if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?$1 last;
}

@Guillaume

Yeah, I have that as part of my configuration already:


location / {
try_files $uri $uri/ /index.php;
}

I managed to trace it back to something related to the proxy caching, but I eventually had to downgrade to 0.7.67 from the official repositories to get it working. The wp-admin URLs still worked fine though.

@Guillaume

Just to clarify and provide some more information. Even after disabling proxy caching the problem still happens with 1.2.0

I’m reverse proxying to Apache 2.2.16-6+squeeze7 and running the following mods (alias, authz_default, authz_user, dir, negotiation, reqtimeout, setenvif, auth_basic, authz_groupfile, autoindex, env, perl, rewrite, speling, authn_file, authz_host, cgi, mime, php5, rpaf, status)

PHP and the Apache PHP mod are at version 5.3.11-1~dotdeb.0, PHP is running the following addons (apc, curl, gd, mcrypt, mysqli, mysql, pdo, pdo_mysql, xmlrpc)

My NginX config file is at: http://pastebin.com/yvnWa4Bp
One of my site config config files is at: http://pastebin.com/8M3MiDKE
I also have the file proxy.conf in my conf.d: http://pastebin.com/RNmbpXts

My Apache setup is pretty standard, nothing has changed there except the PHP and libapache2-mod-php5 upgrades.

This all works with custom PHP sites etc. It’s possible it’s conflict with the upgrades PHP and NginX, as I upgraded them at the same time

we use

ii nginx 1.2.0-1~dotdeb.1 small, but very powerful and efficient web server and mail proxy
ii nginx-common 1.2.0-1~dotdeb.1 small, but very powerful and efficient web server (common files)
ii nginx-full 1.2.0-1~dotdeb.1 nginx web server with full set of core modules

@Guillaume

There is nop with debain squeeze packages. I think this bug is Dotdeb specific.

ii nginx 1.2.0-1~squeeze HTTP and reverse proxy server, as well as a mail proxy server
rc nginx-common 1.2.0-1~dotdeb.1 small, but very powerful and efficient web server (common files)
rc nginx-full 1.2.0-1~dotdeb.1 nginx web server with full set of core modules

@ramires : the goal of this test is knowing if it’s a bug introduced with Nginx 1.2 (major branch). So testing 1.2 from Dotdeb and from Nginx official site makes sense.

@Guillaume

I was using nginx-extras but the problem was still there with the full and light, all at version 1.2.0-1~dotdeb.1.

I’ve tested nginx 0.7.67-3+squeeze2 from the Debian Squeeze repository and it works fine. 1.1.19-1~bpo60+1 light, full and extra from the Debian Squeeze backports repository works fine too.

Just tested nginx 1.2.0-1~squeeze the NginX repository and it also has the problem. So it’s a problem with NginX 1.2

Scratch that,

the backports packages (1.1.19-1~bpo60+1) seem to have the same problems.

@Guillaume

Possibly, whatever the previous version was on Dotdeb before this version worked fine. I can’t remember what branch that was. If it was 1.1 then that worked fine from here.

Again, it only happens with WordPress and the wp-admin URL and backend works fine.

For anything else by the time it hits Apache it just looks like:


::ffff:XX.XXX.XXX.XXX - - [08/May/2012:12:00:17 +0100] "GET /index.php HTTP/1.0" 301 301

Trying to track it down further.

@Guillaume

Then yes definitely a problem introduced by the 1.1 branch, trying to track it down further right now.

Thanks for the awesome work.

I’ve a server on which I host several applications. PHP and Rails ones. Do I have any solution, to use nginx-passenger AND have uploadprogress module?

Thanks,
Jérémy

Would you consider adding the http://wiki.nginx.org/HttpHeadersMoreModule to Nginx? It’d allow for some really cool stuff such as clearing headers too.

For instance, you could then use Nginx to automatically remove any X-Powered-By header set by a PHP framework, so that you’re not exposing the PHP framework that is being used. Otherwise there is no way to remove such a header currently using dotdeb’s nginx.

Doesn’t it seem like something that should be in Nginx Full too?
For instance, I have no need for anything in Nginx Passenger or Nginx Extras, but I know I’d certainly benefit from “HTTP headers More”. Being able to modify headers in more ways than just Nginx’s default add_headers would be useful for all kinds of requests. I’m sure others would benefit from it too. Then continuing to keep it out of Nginx Light would make sense.

Hi Guillaume,

when restarting nginx in a huge prod environment, it will not restart properly : the stop didn’t wait for all nginx processes to be killed, so when start pass, it will not start.

You shoul probably add option –retry 60 to start-stop-daemon in stop and restart. I’ve tried it and it fix my problem.

Another question : will module ngx_http_upstream_keepalive be included in furthers versions ?

Greg

@Greg : Thanks for the report, I’ll take a look at this issue.

About, upstream_keepalive, yes, it will be included since it’s now part of the Nginx source. I just forgot it in the first 1.2 packages.

Comments are closed.