Posted by & filed under Nginx.

Nginx 1.10 – the new stable major version – has been released on May 24th 2016, followed by Nginx 1.10.1 on May 31st to fix the CVE-2016-4450 vulnerability.

The 1.10 branch brings a lot of new features and improvements, including :

  • HTTP/2 support: The SPDY module was replaced by the HTTP/2 module. Please make sure to update your listen directives.
  • The new stream module that lets you proxy and load-balance UDP and TCP traffic.
  • Support for dynamic modules.
  • SO_REUSEPORT support, TCP support for DNS resolution…

More details in this blog post.

As a consequence, I’m glad to announce that packages of Nginx 1.10.1 are now available :

  • for Debian 8 “Jessie” and Debian 7 “Wheezy”
  • On both amd64 and i386 architectures.

Important note when upgrading : please make sure that you have the following line at the beginning of your /etc/nginx/nginx.conf file :

include /etc/nginx/modules-enabled/*.conf;

Please also note that :

  • HTTP/2 with Chrome as a browser is not supported on stock Jessie and Wheezy, because it requires a more recent OpenSSL 1.0.2 for its ALPN protocol. Backporting such an important library is definitely not an option for me, so it’s totally your responsibility to upgrade OpenSSL from another vendor if you absolutely need HTTP/2.
  • even if the http-auth-pam, http-geoip, http-image-filter, http-lua, http-ndk, http-perl, http-xslt-filter, stream and mail modules now have their dedicated libnginx-mod-* packages, the current packaging scheme and numbering does not take profit from the dynamic loading for other extensions yet.
  • ngx_pagespeed has been updated to version 1.11.33.2 on Jessie.
  • ngx_pagespeed is stuck to version 1.9.32.11 on Wheezy because its 1.10 branch now requires GCC 4.8+. Usage of ngx_pagespeed on Wheezy has been kept for compatibility purpose but is highly discouraged. Upgrade to Jessie instead.
  • naxsi has been moved from its dedicated package to nginx-extras naxsi had to be temporarily disabled because of build failures, it should be back in nginx-extras (no more dedicated nginx-naxsi package) soon.
  • there won’t be any update for Squeeze, since its LTS support has been terminated.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options of their respective sections in the Jessie and Wheezy Makefiles.

67 Responses to “Nginx 1.10.1 for Jessie and Wheezy”

  1. CKone2one

    nginx-extras for wheezy seems to be broken …

    nginx: [emerg] unknown directive “gzip” in /etc/nginx/conf.d/gzip.conf:1

    nginx: [emerg] unknown directive “charset” in /etc/nginx/conf.d/headers.conf:1

    and so on …

    on jessie all is fine…
    installes temporarily nginx-full on wheezy …

  2. Justin

    Sorry for the double post, dotdeb! When I reloaded this page, my first comment was gone and I thought it had not been submitted properly. But after replying to
    CKone2one’s comment my first comment popped up again.

  3. Jack

    Les gens qui utilisent ton repo en production ont du avoir de belles surprises avec des trucs qui fonctionnent à moitié, du naxsi qui disparait…

  4. Dziga Vertov

    Would you consider maintaining nginx with a statically linked OpenSSL 1.0.2? That would solve the giant HTTP2 headache in the Jessie-using community.

  5. Marcus

    same here:

    dpkg: dependency problems prevent configuration of nginx:
    nginx depends on nginx-full (>= 1.10.1-1~dotdeb+7.1) | nginx-light (>= 1.10.1-1~dotdeb+7.1) | nginx-extras (>= 1.10.1-1~dotdeb+7.1); however:
    Package nginx-full is not installed.
    Package nginx-light is not installed.
    Package nginx-extras is not configured yet.
    nginx depends on nginx-full (<< 1.10.1-1~dotdeb+7.1.1~) | nginx-light (<< 1.10.1-1~dotdeb+7.1.1~) | nginx-extras (<< 1.10.1-1~dotdeb+7.1.1~); however:
    Package nginx-full is not installed.
    Package nginx-light is not installed.
    Package nginx-extras is not configured yet.

    dpkg: error processing nginx (–configure):
    dependency problems – leaving unconfigured
    Errors were encountered while processing:
    libnginx-mod-http-auth-pam
    libnginx-mod-http-geoip
    libnginx-mod-http-image-filter
    libnginx-mod-http-ndk
    libnginx-mod-http-lua
    libnginx-mod-http-perl
    libnginx-mod-http-xslt-filter
    libnginx-mod-mail
    libnginx-mod-stream
    nginx-extras
    nginx

  6. Marcus

    looks like no extras will work on wheezy any more. So far it’s

    gzip
    geoip_country
    more_set_headers

    no matter if nginx-full or nginx-extras

    although I can spot according compile options

    # nginx -V
    nginx version: nginx/1.10.1
    built with OpenSSL 1.0.1e 11 Feb 2013
    TLS SNI support enabled
    configure arguments: –with-cc-opt=’-g -O2 -fstack-protector –param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2′ –with-ld-opt=’-Wl,-z,relro -Wl,-z,now’ –prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –modules-path=/usr/lib/nginx/modules –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_v2_module –with-http_dav_module –with-file-aio –with-threads –with-http_addition_module –with-http_flv_module –with-http_geoip_module=dynamic –with-http_gunzip_module –with-http_gzip_static_module –with-http_image_filter_module=dynamic –with-http_mp4_module –with-http_perl_module=dynamic –with-http_random_index_module –with-http_secure_link_module –with-http_sub_module –with-http_xslt_module=dynamic –with-mail=dynamic –with-mail_ssl_module –with-stream=dynamic –with-stream_ssl_module –add-module=/usr/src/builddir/debian/modules/headers-more-nginx-module –add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam –add-module=/usr/src/builddir/debian/modules/nginx-cache-purge –add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module –add-dynamic-module=/usr/src/builddir/debian/modules/nginx-development-kit –add-module=/usr/src/builddir/debian/modules/nginx-echo –add-module=/usr/src/builddir/debian/modules/ngx-fancyindex –add-module=/usr/src/builddir/debian/modules/nginx-push-stream-module –add-dynamic-module=/usr/src/builddir/debian/modules/nginx-lua –add-module=/usr/src/builddir/debian/modules/nginx-upload-progress –add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair –add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module –add-module=/usr/src/builddir/debian/modules/nginx-auth-ldap –add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module –add-module=/usr/src/builddir/debian/modules/ngx_pagespeed –add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header –add-module=/usr/src/builddir/debian/modules/nginx-rtmp-module –with-ld-opt=-lossp-uuid

  7. Marcus

    even core????

    # nginx -t
    nginx: [emerg] unknown directive “add_header” in /etc/nginx/sites-includes/001-ciphers.conf:28
    nginx: configuration file /etc/nginx/nginx.conf test failed

  8. Marcus

    unified summary of first 60VMs:

    nginx: [emerg] unknown directive “add_header”
    nginx: [emerg] unknown directive “expires”
    nginx: [emerg] unknown directive “geoip_country”
    nginx: [emerg] unknown directive “gzip”
    nginx: [emerg] unknown directive “more_set_headers”
    nginx: [emerg] unknown directive “pagespeed”

    all wheezy, mixed nginx-extra and nginx-full. As soon an nginx got stopped, it won’t start ever.

    anyone else? Any hints or fixes?

  9. Sebastien

    Looks like we have Wheezy-production system broken now…

  10. Guillaume Plessis

    @all : could you please make sure that you have the following line at the beginning of your /etc/nginx/nginx.conf :

    include /etc/nginx/modules-enabled/*.conf;

    Example : https://github.com/gplessis/dotdeb-nginx/blob/jessie/debian/conf/nginx.conf#L4

    If you want to rollback to the previous 1.8.1 version, you can force it’s version number :

    apt-get install --reinstall nginx=1.8.1-1~dotdeb+8.1 nginx-common=1.8.1-1~dotdeb+8.1 nginx-full=1.8.1-1~dotdeb+8.1

    (replace with 1.8.1-1~dotdeb+7.1 for Wheezy).

    Sorry for this unexpected issues.

  11. Sebastien

    Guillaume,

    With the include you asked, we are having:

    Floating point exception (core dumped)

  12. Sebastien

    In your apt-get install –reinstall , I think it’s dotdeb+7.2 not dotdeb+8.1 ?

  13. Sebastien

    Even the downgrade crash…

    having ” subprocess installed pre-removal script returned error exit status 1″ for every “new” package!

  14. Stef

    Yeah, I just ran into this too. For some reason nginx-full 1.10.1-1~dotdeb+8.1 isn’t handling any geo directives, so I had to downgrade back to 1.8.1-1~dotdeb+8.1.

    I’m guessing the modules haven’t compiled in correctly? nginx -V did yield:- -with-http_geoip_module=dynamic but it wasn’t working.

    @Sebastien: if you’re having trouble downgrading, may try opening up another shell and run “nginx -t” – this should tell you where the config file(s) is failing. If you use https, it’s probably because you changed ‘sdpy’ to ‘http2’ as required for the new nginx syntax >v1.9?

  15. Stef

    Diffing the nginx -V output from 1.8.1 to 1.10.1:

    -nginx version: nginx/1.8.1
    +nginx version: nginx/1.10.1
    built with OpenSSL 1.0.1k 8 Jan 2015
    TLS SNI support enabled
    configure arguments:
    –with-cc-opt=’-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2′
    —with-ld-opt=-Wl,-z,relro
    +–with-ld-opt=’-Wl,-z,relro -Wl,-z,now’
    –prefix=/usr/share/nginx
    –conf-path=/etc/nginx/nginx.conf
    –http-log-path=/var/log/nginx/access.log
    –error-log-path=/var/log/nginx/error.log
    –lock-path=/var/lock/nginx.lock
    –pid-path=/run/nginx.pid
    +–modules-path=/usr/lib/nginx/modules
    –http-client-body-temp-path=/var/lib/nginx/body
    –http-fastcgi-temp-path=/var/lib/nginx/fastcgi
    –http-proxy-temp-path=/var/lib/nginx/proxy
    @@ -22,21 +23,23 @@
    –with-http_stub_status_module
    –with-http_realip_module
    –with-http_auth_request_module
    —with-http_gunzip_module
    +–with-http_v2_module
    +–with-http_dav_module
    –with-file-aio
    –with-threads
    —with-http_spdy_module
    –with-http_addition_module
    —with-http_dav_module
    —with-http_geoip_module
    +–with-http_geoip_module=dynamic
    +–with-http_gunzip_module
    –with-http_gzip_static_module
    —with-http_image_filter_module
    +–with-http_image_filter_module=dynamic
    –with-http_secure_link_module
    –with-http_sub_module
    —with-http_xslt_module
    —with-mail
    +–with-http_xslt_module=dynamic
    +–with-stream=dynamic
    +–with-stream_ssl_module
    +–with-mail=dynamic
    –with-mail_ssl_module
    —add-module=/usr/src/builddir/debian/modules/nginx-auth-pam
    +–add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam
    –add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module
    –add-module=/usr/src/builddir/debian/modules/nginx-echo
    –add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair

    (extra dependencies)
    libnginx-mod-http-auth-pam:amd64 (1.10.1-1~dotdeb+8.1)
    libnginx-mod-http-geoip:amd64 (1.10.1-1~dotdeb+8.1)
    libnginx-mod-http-image-filter:amd64 (1.10.1-1~dotdeb+8.1)
    libnginx-mod-http-xslt-filter:amd64 (1.10.1-1~dotdeb+8.1)
    libnginx-mod-mail:amd64 (1.10.1-1~dotdeb+8.1)
    libnginx-mod-stream:amd64 (1.10.1-1~dotdeb+8.1)

    At a guess, it’s these dynamic libraries that aren’t working for some reason?

  16. Marcus

    so far I know:

    auto-update failed due the missing

    include /etc/nginx/modules-enabled/*.conf;

    ok, easy fix. But even with that line added the

    Floating point exception

    remains. Btw: some updates failed prior to linking all extra modules into /etc/nginx/modules-enabled which I had to fix manually too

    @Guillaume: check your mail for access to a test VM

  17. Sebastien

    @Stef: Already done, but the reinstall/downgrade command give me:

    apt-get install –reinstall nginx-common=1.8.1-1~dotdeb+7.1 nginx-extras=1.8.1-1~dotdeb+7.1
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Suggested packages:
    fcgiwrap nginx-doc
    The following packages will be REMOVED:
    libnginx-mod-http-auth-pam libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl
    libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
    The following packages will be DOWNGRADED:
    nginx-common nginx-extras
    0 upgraded, 0 newly installed, 2 downgraded, 9 to remove and 0 not upgraded.
    10 not fully installed or removed.
    Need to get 0 B/5333 kB of archives.
    After this operation, 1262 kB disk space will be freed.
    Do you want to continue [Y/n]?
    (Reading database … 54081 files and directories currently installed.)
    Removing libnginx-mod-mail …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-mail (–remove):
    subprocess installed pre-removal script returned error exit status 1
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error while cleaning up:
    subprocess installed post-installation script returned error exit status 1
    Removing libnginx-mod-http-xslt-filter …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-http-xslt-filter (–remove):
    subprocess installed pre-removal script returned error exit status 1
    Removing libnginx-mod-http-perl …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-http-perl (–remove):
    subprocess installed pre-removal script returned error exit status 1
    Removing libnginx-mod-http-lua …
    Removing libnginx-mod-http-ndk …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-http-ndk (–remove):
    subprocess installed pre-removal script returned error exit status 1
    Removing libnginx-mod-http-image-filter …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-http-image-filter (–remove):
    subprocess installed pre-removal script returned error exit status 1
    Removing libnginx-mod-http-geoip …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-http-geoip (–remove):
    subprocess installed pre-removal script returned error exit status 1
    Removing libnginx-mod-http-auth-pam …
    nginx: [emerg] unknown directive “gzip” in /etc/nginx/nginx.conf:55
    dpkg: error processing libnginx-mod-http-auth-pam (–remove):
    subprocess installed pre-removal script returned error exit status 1
    Errors were encountered while processing:
    libnginx-mod-mail
    libnginx-mod-http-xslt-filter
    libnginx-mod-http-perl
    libnginx-mod-http-ndk
    libnginx-mod-http-image-filter
    libnginx-mod-http-geoip
    libnginx-mod-http-auth-pam
    E: Sub-process /usr/bin/dpkg returned an error code (1)

  18. Marcus

    @Sebastien

    I managed a downgrade on one vm after forced removal of all modules & nginx.

    apt-get remove libnginx*
    apt-get -f install
    apt-get remove libnginx*
    apt-get remove nginx-*

    (your sequence might differ)

    apt-get install –reinstall nginx-common=1.8.1-1~dotdeb+7.1 nginx-extras=1.8.1-1~dotdeb+7.1

  19. Sebastien

    @Marcus: Just try that, and same issue, can’t remove libnginx*

  20. Guillaume Plessis

    @Sebastien : could you please make sure that you have the following line at the beginning of your /etc/nginx/nginx.conf file :

    include /etc/nginx/modules-enabled/*.conf;
  21. Sebastien

    @Guillaume: To make it uninstalled/downgrade properly or to keep it at the latest version?!

  22. Marcus

    if apt-get remove libnginx* fails with postinstall errors, like

    /var/lib/dpkg/info/libnginx-mod-stream.postinst: 16: /var/lib/dpkg/info/libnginx-mod-stream.postinst: nginx: not found

    try to

    rm /run/nginx.pid

    (stopped nginx assumed) and run again

    apt-get remove libnginx*

  23. Marcus

    see below, I got issues with /var/lib/dpkg/info/libnginx-mod-stream.postinst: 16

    opened that skript and found invokation of nginx bin in line 16 (which won’t work until properly installed)

  24. Guillaume Plessis

    @all : I managed to have the Floating point exception and Unknown directive issues fixed on Wheezy with the packages (version 1.10.1-1~dotdeb+7.2) that I just uploaded to the main Dotdeb repository.

    Could you please try on your side (after checking that you have the include /etc/nginx/modules-enabled/*.conf; line at the beginning of /etc/nginx/nginx.conf) and keep me posted?

    For the record, ngx_pagespeed was faulty. Patching it to support Nginx 1.9.11+ / dynamic modules solved all the above mentioned issue on my test machines.

    Jessie seems to be unaffected, just make sure – once again – that you have the include /etc/nginx/modules-enabled/*.conf; line at the beginning of /etc/nginx/nginx.conf.

  25. Sebastien

    @Guillaume: Working perfectly now! But to make it work perfectly after the upgrade, I manage to remove spdy/http2 option!

  26. Justin Franks

    Still getting the exact same errors with the 7.2 update and the modules-enabled include line in my nginx.conf.

  27. CKone2one

    this seemed to help on wheezy. but why wasnt it needed on jessie?

  28. Marcus

    Thanks Guillaume,

    so far – that update resolved all our issues. I will report if any of my “exotic” VMs fail, but don’t expect that.

  29. Justin Franks

    Marcus / Techniker / Sebastien / anyone else who got it working on Wheezy — What steps did you take to correct the issue? I updated with the new 1.10.1-1~dotdeb+7.2 and re-ran the upgrade command, but I am still getting the same errors as when I first tried updating nginx-extras. Did you have to downgrade back to 1.8 first and then upgrade to 1.10?

    I have the failed (partially configured) nginx-extras 1.10.1-1~dotdeb+7.1 package on my server right now, and have only tried going directly to 1.10.1-1~dotdeb+7.2.

    Thanks for your help!

  30. Justin Franks

    And yes, the “include /etc/nginx/modules-enabled/*.conf;” directive is the first line in my nginx.conf.

  31. Sebastien

    @Justin: I just re-run apt-get update/upgrade and that’s it!

  32. Marcus

    @Justin:

    On VMs that had recent 1.10.1 installed another apt-get upgrade fixed nginx install.

    On downgraded VMs I had to manually reinstall nginx-extras & nginx-common.

    Only one VM had issues as it had an ‘nginx’ (no flavour) Package installed. Removed it and installed ‘nginx-common’ + ‘nginx-extras’ without hassle

  33. Loris

    On Wheezy I now have :
    nginx: [emerg] unknown directive “upload_progress”

  34. Nathan

    Also receiving this error. It is strange, because the module appears with nginx -V.

  35. Justin Franks

    I was able to get it working by removing the nginx package and all its related packages, then reinstalling. Thanks for the help everyone.

  36. Guillaume Plessis

    @Jan : ok, sorry for that. Could you please be more precise and give us some more details about your environment (Debian version, nginx flavor) and the error message (in a gist or a pastebin)?

  37. Justin Franks

    I noticed a new version, 1.10.1-1~dotdeb+7.3, which updated fine on my server (+7.1 broke it, and +7.2 did not fix it automatically, but I was able to get +7.2 working after removing all nginx packages and reinstalling +7.2).

    What has changed with +7.3?

  38. Andread

    @Guillaume
    You’ve said that the latest ngx_pagespeed version is not available on Wheezy due to GCC 4.8. Did you consider to compile with clang instead of gcc? Seems to work for me.

  39. Marcus

    A new one: module links don’t get installed during update nor by reinstall. Tried remove & reinstall in the end without luck and had to link

    /usr/share/nginx/modules-available/*.conf into /etc/nginx/modules-enabled manually to get back in business.

    with missing modules you’ll get install error due to missing directives. I guess that error also prevents links from building, results in a loop of issues.

  40. Asier

    It’s just me or I have lost pagespeed module when upgrading?

    See:

    nginx -V
    nginx version: nginx/1.10.1
    built with OpenSSL 1.0.1k 8 Jan 2015
    TLS SNI support enabled
    configure arguments: –with-cc-opt=’-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2′ –with-ld-opt=’-Wl,-z,relro -Wl,-z,now’ –prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –modules-path=/usr/lib/nginx/modules –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_v2_module –with-http_dav_module –with-file-aio –with-threads –with-http_addition_module –with-http_geoip_module=dynamic –with-http_gunzip_module –with-http_gzip_static_module –with-http_image_filter_module=dynamic –with-http_secure_link_module –with-http_sub_module –with-http_xslt_module=dynamic –with-stream=dynamic –with-stream_ssl_module –with-mail=dynamic –with-mail_ssl_module –add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam –add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module –add-module=/usr/src/builddir/debian/modules/nginx-echo –add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair –add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module –add-module=/usr/src/builddir/debian/modules/nginx-cache-purge –add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module –add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header –with-ld-opt=-lossp-uuid

  41. Asier

    Thank you! it worked, I don’t know why it installed nginx-full instead of extras.

  42. Asier

    Hi Guillaume, thanks for your hard work!
    Any thoughts about using fast open for nginx compilation in further releases? Any drawbacks?

    Thanks!

  43. Manuel

    Thank you for your continued effort! 🙂 Worked fine on my Debian 8.4 machines.

  44. Charuru

    RealIP Module is broken in jessie build. I can do whatever I want, Nginx will never use the IP from the Real IP header I specify. Rolled back to 1.9.10 (from jessie backports).

  45. Guillaume Plessis

    @Charuru : I just tested with nginx-light from Dotdeb on a clean Jessie, everything is working as expected with the following configuration :

    server {
            listen 80 default_server;
            server_name _;
            set_real_ip_from 0.0.0.0/0;
            real_ip_header X-Forwarded-For;
    
            location / {
                    default_type text/plain;
                    echo $remote_addr;
            }
    }
  46. Charuru

    @Guillaume Plessis: I used nginx-full and the realip config from CloudFlare – even if I didn’t set a trusted IP, $remote_addr didn’t change to the real client IP, I still got reported the CloudFlare server’s IP.

  47. Jools Wills

    Also seeing issues with realip with nginx behind varnish.

    Seeing local server ip since the update.

    set_real_ip_from server_ip_address;
    real_ip_recursive on;

    this all worked before 1.10

  48. Jools Wills

    downgrading to the backports 1.9.10-1~bpo8+2 version restores the realip functionality

  49. Guillaume Plessis

    @Jools : sorry to hear that. Could you please provide sore more input in a gist or a pastebin, especially the headers :

    • received by Varnish
    • sent by Varnish
    • received by Nginx
    • the value returned by real_ip
  50. Jools Wills

    Will need to reproduce it locally to provide some debugging, as the problem is on a very busy production site. Will get back when I can with further information.