Mercurial > hg > nginx

view conf/fastcgi.conf @ 7459:982008fbc4ba

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: removed logging of empty "(SSL:)" in ngx_ssl_error(). The "(SSL:)" snippet currently appears in logs when nginx code uses ngx_ssl_error() to log an error, but OpenSSL's error queue is empty. This can happen either because the error wasn't in fact from OpenSSL, or because OpenSSL did not indicate the error in the error queue for some reason. In particular, currently "(SSL:)" can be seen in errors at least in the following cases: - When SSL_write() fails due to a syscall error, "[info] ... SSL_write() failed (SSL:) (32: Broken pipe)...". - When loading a certificate with no data in it, "[emerg] PEM_read_bio_X509_AUX(...) failed (SSL:)". This can easily happen due to an additional empty line before the end line, so all lines of the certificate are interpreted as header lines. - When trying to configure an unknown curve, "[emerg] SSL_CTX_set1_curves_list("foo") failed (SSL:)". Likely there are other cases as well. With this change, "(SSL:...)" will be only added to the error message if there is something in the error queue. This is expected to make logs more readable in the above cases. Additionally, with this change it is now possible to use ngx_ssl_error() to log errors when some of the possible errors are not from OpenSSL and not expected to have anything in the error queue.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 25 Feb 2019 16:41:15 +0300
parents 62869a9b2e7d
children
line wrap: on
line source


fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;