Tag Archives: nginx

[Solved] Nginx Start Error: No mapping for the Unicode character exists in the target multi-byte code page

Starting nginx in Windows version of nginx did not respond. The background process was not found in the task manager, and the browser returned the error page when accessing the startup address

find the error in nginx log, and the log information is as follows

No mapping for the Unicode character exists in the target multi-byte code page

by querying the data, we know that: the path of the file decompression directory exists in Chinese, and the mobile directory address can be decompressed again

the effect of accessing address is as follows

There are a lot of no live upstreams while connecting to upstream about nginx logs

Geeks, please accept the hero post of 2021 Microsoft x Intel hacking contest>>>

Due to the modification of the server configuration on the upstream, Max is added_ fails,fail_ The three parameters of timeout and weight result in a large number of errors of the following types in nginx error log.

First of all, the problem is related to the client. The client is accessed by HTTP. Then, the problem is that there is a problem in the connection and interaction between nginx and the back-end API. After checking the configuration of nginx, there is no problem in the configuration

Looking at the explanation of the error, we can get the result that there is no server that can provide services in the upstream. However, I can directly access the back-end server, which proves that the server is available

Finally, find the document, and find that the problem is that the business requires to keep the session, but nginx does not keep the session to the API. Of course, nginx can not find the back-end available server, and it will report no live upstream

Modify the configuration of nginx

Solution of [errno 5] input / output error after Django is deployed on nginx

Knowledge map advanced must read: read how large-scale map data efficient storage and retrieval>>>

Environment: centos6.5 gunicorn + Django + nginx

After the configuration is completed and the project is running, the [errno 5] input/output error will be reported sometimes. At the beginning, print will report this error. After deletion, the same error will be reported in other places

my solution process and attempt are as follows:

1. The conf configuration file of nginx, and the path of configuration log

I saw an article mentioning this point, but he deployed it with uwsgi. The idea of the article is to suspect that there is no place for log files to go, which leads to IO errors. The solution is to increase log configuration
address http://shenwang.blog.ustc.edu.cn/freeshell%E4%B8%8A34218%E8%8A%82%E7%82%B9%E5%87%BA%E7%8E%B0django-errno-5-inputoutput-error/

According to this principle, I add log path configuration under the server node of nginx’s conf configuration file

access_log /home/webroot/www/public/XianyuApi/nginx.access.log;
​​​​​​​error_log /home/webroot/www/public/XianyuApi/nginx.error.log;

However, after setting this step, we restart nginx and gunicorn and find that they are the same. So I thought about the question of whether it would have authority

2. Set the access permission of the source code directory to 777
confirm the access permission of the source code folder, and recursively set the permission of all files to 777. When nginx is running, it is run by the user configured in nginx.conf, not by the user you are currently logged in to. Permissions can also lead to strange problems. This step must be confirmed at last. You may have set 777 at the beginning, but you may have added some configuration files to the directory in the middle, so check it at last< 3. Restart Dafa
but after this point is set, it will not work. After checking a lot of materials, in desperation, I restarted the Linux server. Then it’s ok…
you can also try to restart Dafa

as for which of the above steps led to the problem, I’m not sure. Anyway, I’ve done everything. If you encounter the same problem, you can try it step by step

File not found error handling of nginx accessing PHP files, two cases

Knowledge map advanced must read: read how large-scale map data efficient storage and retrieval>>>

This error is very common. There are two kinds of errors

PHP FPM could not find script_ PHP file executed in file name

PHP FPM can’t access the executed PHP, which is a permission problem

The first case

Change the configuration file nginx. Conf
fastcgi_ param SCRIPT_ FILENAME /scripts$fastcgi_ script_ name;
replace with the following

fastcgi_ param SCRIPT_ FILENAME$document_ root$fastcgi_ script_ name;

Then reload the nginx configuration file
/etc/init.d/nginx reload

The second situation

Two solutions:
the first is to set your root folder to allow other users
the second is to find your PHP FPM configuration file, find the following paragraph, and replace Apache with the user group you want

; RPM: apache Choosed to be able to access some dir as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache

[Solved] Primary script unknown in nginx configuration PHP

Cause

In the past two days, when building the virtual host, the environment is basically configured. There is no problem in accessing the HTML file, but there is a file not found error when accessing the PHP file

Solution

When there is a problem, first open the log to find the error message

FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream

Well, if you don’t understand it, you can go directly to Baidu, and then according to the various results of Baidu, the attempt is failed, such as this one

fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
change to
SCRIPT_FILENAME $document_root$fastcgi_script_name; 

But my nginx configuration file is already like this, and then I started to compare the nginx configuration of the server running normally with my current nginx configuration. After comparison, the two are the same, so the problem is not nginx

Then continue to search by chance, try all kinds of things, and finally find a solution

/etc/selinux/config  mid
SELINUX=enforcing
to
SELINUX=disabled

If it hasn’t been solved, consider the issue of permissions

It’s over

If problems are not solved, they will come back again

<?php
  echo 'How can't this input box be removed?';

Nginx Error: nginx: [emerg] “server” directive is not allowed here in

If you want to check whether a configuration file is correct, an error is reported after – C is specified, as follows:

[root@op-2:~# nginx -t -c /etc/nginx/conf.d/default.conf
nginx: [emerg] "server" directive is not allowed here in /etc/nginx/conf.d/default.conf:1
nginx: configuration file /etc/nginx/conf.d/default.conf test failed

Sometimes the file is correct, but it will also report an error

The practical problem is that the object of syntax detection has problems

To detect whether there are errors in the existing modified nginx configuration, we should not only detect the. Conf file, but always detect the main file/etc/nginx/nginx.conf at any time. Only in this way can we load the. Conf file in the corresponding module smoothly

This ensures the correctness of the context before and after the configuration, which is the real detection

So the correct command to detect whether the syntax of the modified nginx is wrong should be: nginx - t - C/etc/nginx/nginx. Conf , if there is an exception in the configuration file, it will be reported directly, otherwise it will be

[ root@op-2 :~# nginx -t -c /etc/nginx/nginx.conf
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[ root@op-2 :~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Solving the problem of nginx reverse proxy web service soap:address location problem

One: First, let’s publish a web service

package com.ws.service;

public interface IUserService
{
public String getUserName(String id);
}
package com.ws.service;

import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;

@WebService
public class UserService implements IUserService
{
@WebMethod
public String getUserName(@WebParam(name=”id”) String id)
{
return “User:” + id;
}
}
package com.ws.service;

import javax.xml.ws.Endpoint;

public class Server
{
public static void main(String[] args)
{
Endpoint.publish(“http://0.0.0.0:6633/api/v1/user”, new UserService());
System.out.println(“ws startup ok on port ” + 6633);
}
}

The port of ws is 6633
The access address is: http://192.168.100.95:6633/api/v1/user?wsdl

Then, nginx is configured as follows.

upstream webservice {
server 192.168.10.95:6633;
}
server {
listen 6633;
location/{
proxy_pass http://webservice;
}
}

The nginx address is: 192.168.2.123
Then visit the proxy address: http://192.168.2.123:6633/api/v1/user?wsdl

The result is as follows

The address here is clearly wrong.

The solution is as follows

The nginx configuration is changed to

upstream webservice {
server 192.168.100.95:6633;
}
server {
listen 6633;
location/{
proxy_set_header Host $host:$server_port;
proxy_pass http://webservice;
}
}

The reason for this is that if you don’t configure
proxy_set_header Host $host:$server_port;
then, nginx reverse proxy to the backend, passing the Host http header as
Host=webservice

Nginx Timeout Error: upstream timed out (110: Connection timed out) while reading response header from ups…

Error content

We can see it in error. Log

Error: upstream timed out (110: Connection timed out) while reading response header from upstream

Cause of error

From the error log, we can know that the error is due to the timeout of nginx agent to get the return value of upstream server. What causes this problem

It takes a long time for the back-end to process the request

It may also be a network problem between the proxy server and the upstream server

We find out the problem by locating the wrong URL, and finally determine that the problem is due to the long time of back-end processing of the request. Then the solution can be that developers optimize the interface, or we can set the timeout time longer through nginx

Error resolution

nginx timeout setting

Official website link: http://nginx.org/en/docs/http/ngx_ http_ proxy_ module.html#proxy_ read_ timeout

Syntax: proxy_ read_ timeout time;
Default: proxy_ read_ timeout 60s;
Context: http,server,location
Defines a timeout for reading a response from the proxied server. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the proxied server does not transmit anything within this time, the connection is closed.

proxy_ read_ Timeout parameter. This instruction refers to the time-out for two successful read operations from the upstream server. It means that after 60 seconds of successful read operation from the upstream server, if there is no successful read operation from the upstream server, the connection will be closed

The default value is 60s. We can set it to 240s or 300s. To deal with the problem of slow processing of requests by upstream servers

In the configuration file of nginx, add

proxy_read_timeout 240s; 

Vue project webpack optimization compression webpack plugin open gzip

Abstract:

Starting gzip when packaging can greatly reduce the size of the package, which is very suitable for online deployment. Smaller size for user experience

It means faster loading speed and better user experience.

Vue-cli3.0 project

Installation dependency: compression webpack plugin

npm install compression-webpack-plugin –save-dev

vue.config.js Revision:

const CompressionPlugin = require('compression-webpack-plugin');

constproductionGzipExtensions=/.(js-124css-124json-124txt *)?$/i;

module.exports = {
    publicPath: './',
    productionSourceMap: false,
    configureWebpack: {...},
    chainWebpack: config =&> {
        config.resolve.alias.set('@', resolve('src'));
        if (process.env.NODE_ENV === 'production') {
            config.plugin('compressionPlugin')
            .use(new CompressionPlugin({
                filename: '[path].gz[query]',
                algorithm: 'gzip',
                test: productionGzipExtensions,
                threshold: 10240,
                minRatio: 0.8,
                deleteOriginalAssets: true
            }));
        }
    },
};

Parameter configuration of compression webpack plug in: View on the official website( https://www.webpackjs.com/plugins/compression-webpack-plugin/ )

Parameter configuration of compression webpack plug in: View on the official website(

Parameter configuration of compression webpack plug in: View on the official website(

gzip on;
gzip_static on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6].";

Gzip use environment: http, server, location, if (x), generally defined in nginx.conf Http { Between

  gzip on

on is enabled and off is off

gzip_ min_ length 1k

Set the minimum number of bytes of the page that can be compressed. The number of bytes of the page is obtained from the content length in the header. The default value is 0, no matter how many pages are compressed. It is recommended to set the number of bytes larger than 1K. If the number of bytes is less than 1K, it may increase.

gzip_ buffers 4 16k

How much memory is used to cache compression results?”4 16K” means to get the compression results in 16K * 4

  gzip_ comp_ level 5

Gzip compression ratio (1 ~ 9), the smaller the compression effect is, the worse the compression effect is, but the larger the processing speed is, the slower the processing speed is, so the intermediate value is generally taken

  gzip_ types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php

Takes effect for specific MIME types, where ‘text/HTML’ is forced to be enabled by the system

  gzip_ http_ version 1.1

Identify the version of HTTP protocol. Early browsers may not support gzip self decompression, and users will see garbled code

  gzip_ vary on

Enable reply header “vary: accept encoding”

  gzip_ proxied off

When nginx is used as a reverse proxy, it is enabled, off (compression of all proxy result data is turned off), expired (compression is enabled, if the header contains “expires” header information), and no cache (compression is enabled, if the header contains “cache” header information)- Control:no-cache “), no store (compression enabled, header header contains” cache “- Control:no-store “), private (compression enabled, The header contains “cache”- Control:private “),no_ last_ Modefied (compression enabled, header header does not contain “last modified”), no_ Etag (enable compression, if header does not contain “Etag” header information), auth (enable compression, if header contains “authorization” header information)

  gzip_ disable msie6

Ie5.5 and IE6 SP1 use the msie6 parameter to disable gzip compression) to specify which browsers (which will match with user agents) do not need gzip compression, depending on the PCRE library

Server configuration from juan26 = &> https://segmentfault.com/a/1190000012571492?utm_ source=tag-newest

Note: (gzip)_ Static on) the dynamic compression of nginx is to compress each request first and then output it, which causes the virtual machine to waste a lot of CPU. To solve this problem, we can use the nginx module gzip Precompression, this module is used to directly read the compressed file (file name is plus. GZ) for the file that needs to be compressed, instead of dynamic compression. For the request that does not support gzip, read the original file.

1. Files can be compressed using gzip or any other compatible command.

2.gzip_ Static configuration takes precedence over gzip.

3. Open nginx_ After static, we will first find out whether there is a corresponding GZ file for any file.

4.gzip_ Types setting to gzip_ Static is invalid.

5. Gzip static is applicable to HTTP 1.1 by default.

view the size comparison before and after compression:

Unpack



EnPack


Mixed Content: The page at was loaded over HTTPS, but requested an insecure image.

Make the browser no longer display the HTTP request alert in the HTTPS page

As HTTP over secure socket layer is an HTTP channel aiming at security, so HTTP requests are not allowed on the pages hosted by HTTPS. Once they appear, they will be prompted or an error will be reported

Mixed Content: The page at ‘ https://www.taobao.com/ ‘ was loaded over HTTPS, but requested an insecure image ‘ http://g.alicdn.com/s.gif ’. This content should also be served over HTTPS.

After the transformation of HTTPS, we can see the following alerts in many pages:

Many operators have no technical concept of HTTPS, so HTTP resources are unavoidable in the data filled in. The system is huge, and negligence and loopholes are inevitable.

CSP set upgrade insure requests

Fortunately, the W3C working group took into account the difficulty of upgrading HTTPS. In April 2015, it published a upgrade secure requests draft, which is to let the browser automatically upgrade requests.

In the response header of our server, add:

header("Content-Security-Policy: upgrade-insecure-requests");

Our page is HTTPS, and this page contains a large number of HTTP resources (pictures, iframes, etc.). Once the above response header is found on the page, it will be automatically replaced by an HTTPS request when loading HTTP resources. You can see a demo provided by Google

However, what is puzzling is that this resource has made two requests, which are supposed to be a bug in the browser implementation

Of course, if it is not convenient for us to operate on the server/nginx, we can also add the meta header to the page:

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" /&>

At present, only chrome 43.0 supports this setting, but I believe that CSP will become the content that web front-end security pays great attention to and uses in the future. The upgrade insure requests draft will soon enter RFC mode.

From the example given by W3C working group, we can see that this setting will not deal with a link of foreign domain, so it can be used safely.

Buy me a cup of coffee 🙂