SSL default changes?

It looks like these changes from default are required for SSL session resumption and to mitigate the BEAST SSL vulnerability: ssl_session_cache shared:SSL:10m; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; Should the defaults be changed to these? - Grant __

Re: SPDY patch not applying cleanly.

On Monday 11 March 2013 05:18:44 António P. P. Almeida wrote: > On 11 Mar 2013 01h58 CET, vb...@nginx.com wrote: > > You're probably doing something wrong. I've just checked it myself: > I just reproduced all your commands below with the same result. I.e., > no clean application, with rejection of

Re: SPDY patch not applying cleanly.

On 11 Mar 2013 01h58 CET, vb...@nginx.com wrote: > You're probably doing something wrong. I've just checked it myself: I just reproduced all your commands below with the same result. I.e., no clean application, with rejection of some hunks :( --- appa > % wget -q http://nginx.org/download/nginx

Re: SPDY patch not applying cleanly.

On Monday 11 March 2013 04:42:36 António P. P. Almeida wrote: > Hello, > > Apparently the SPDY patch doesn't apply cleanly to 1.3.14. See the > results below for the offending files. [...] You're probably doing something wrong. I've just checked it myself: % wget -q http://nginx.org/download/ngi

SPDY patch not applying cleanly.

Hello, Apparently the SPDY patch doesn't apply cleanly to 1.3.14. See the results below for the offending files. I suppose that the patch should apply cleanly to the "dev" branch? Thanks, --- appa |# HG changeset patch |# User Valentin Bartenev |# Date 1362681099 -14400 |# Node ID b2981903b9bd

Re: HTTPS header missing from single server

>> How can I make nginx set the HTTPS header in a single http/https >> server? > > What is "the HTTPS header"? I meant to say HTTPS environment variable. >> piwik with force_ssl=1 on apache goes into a redirect loop >> because it doesn't know SSL is on due to the nginx reverse proxy. > > This sou

Re: IMAP: auth_http

>> nginx seems to require being pointed to an HTTP server for imap >> authentication. Here's the protocol spec: >> >> http://wiki.nginx.org/MailCoreModule#Authentication >> >> Is the idea to program this server yourself or does a server like this >> already exist? > > It's usually a script written

Re: "nginx does not suck at ssl"

> one quote from that post i can confirm: > >> nobody has any idea how SSL performance works > > esp. when it comes to CIPER1 vs CIPHER, compared > oin terms of speed and security. > > what i can suggest to test if your ssl-implementation is stil > secure from a cipher-pov is > https://www.ssllabs.

securing access to a folder - 404 error

I'm trying to secure a directory on a CentOS 6.3 64 server running NGINX 1.2.7. I think I've set this up correctly, but it keeps giving me a 404 Not Found error when I try to access a file in that folder in the browser using domainName/secure/hello2.html. I created an .htpasswd file using printf

Re: Location regex + if + basic auth to restrict directory access

Hello, Thanks for that... I thought the ^~ was meaning 'starting with regex'... My bad! I changed the symbol for some of the ones relly meaning 'regex' (~*) and it works! :o) If there is no better way than sticking with 'if', then it's all good. Thanks again, problem solved, --- *B. R.* On S

Re: Headers set in http {} go missing after setting headers in location {}

Thank you very much Francis. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237172,237192#msg-237192 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: IMAP: auth_http

Hello! On Thu, Mar 07, 2013 at 09:16:11PM -0800, Grant wrote: > nginx seems to require being pointed to an HTTP server for imap > authentication. Here's the protocol spec: > > http://wiki.nginx.org/MailCoreModule#Authentication > > Is the idea to program this server yourself or does a server l

Re: imap: invalid header in response while in http auth state

Hello! On Thu, Mar 07, 2013 at 01:55:35PM -0800, Grant wrote: > I'm using imapproxy and trying to switch to nginx. courier is > listening on port 143. > > mail { > auth_http localhost:143; > proxy on; > server { > listen 144; > protocol im

Re: error unlink() nginx 1.2.6

Hello! On Sat, Mar 09, 2013 at 07:52:40PM -0500, michael.heuberger wrote: > Hello guys > > I'm having this problem too in version 3.1.14 and never do delete these > files manually. How can I solve this? Even if you did not delete files manually, the message still indicate files were somehow re

Re: External Redirect when expecting internal redirect

Hello Francis, * Francis Daly [2013-03-10 13:57]: > You can use an internal rewrite to a file, provided that you actually > rewrite to a file. Here, you rewrite to a directory without including > the trailing /. I wanted to rewrite to a directory. I see my mistake now and it should have been obv

Re: External Redirect when expecting internal redirect

On Sun, Mar 10, 2013 at 01:30:22PM +0100, Thomas Glanzmann wrote: Hi there, > Depending on the subnet accessing either rewrite internally to a cgi > script or to a static Website. For the cgi script that works perfectly > fine, for the static web site nginx always does a HTTP 301 instead of an >

External Redirect when expecting internal redirect

Hello, I'm running nginx 1.2.1-2.2 on Debian Wheezy (testing). I try to obtain the following: Depending on the subnet accessing either rewrite internally to a cgi script or to a static Website. For the cgi script that works perfectly fine, for the static web site nginx always does a HTTP 301 inste

Re: Location regex + if + basic auth to restrict directory access

On Sun, Mar 10, 2013 at 05:29:18AM -0400, B.R. wrote: Hi there, > The *correct* way: > location ^~ /documents/(\w+) { > set $user $1; > if ($user != $remote_user) { > return 503; > } > } > > Although the syntax is now OK and the configuration is able to be reloaded, > it doe

Re: HTTPS header missing from single server

On Sat, Mar 09, 2013 at 09:51:02PM -0800, Grant wrote: Hi there, > How can I make nginx set the HTTPS header in a single http/https > server? What is "the HTTPS header"? > piwik with force_ssl=1 on apache goes into a redirect loop > because it doesn't know SSL is on due to the nginx reverse pro

Re: Headers set in http {} go missing after setting headers in location {}

On Sat, Mar 09, 2013 at 11:02:09PM -0500, nano wrote: Hi there, > How can I have global headers sent to the client, and send additional > headers when the client reaches a location block? The short version is "you can't". The longer version is "you can, but you have to configure it the nginx wa

Re: "nginx does not suck at ssl"

one quote from that post i can confirm: > nobody has any idea how SSL performance works esp. when it comes to CIPER1 vs CIPHER, compared oin terms of speed and security. what i can suggest to test if your ssl-implementation is stil secure from a cipher-pov is https://www.ssllabs.com/ssltest/

Deny rules not working - raw php files being served!

Hi all, I'm using a pretty simple WordPress nginx config that is documented on the WordPress codex. http://codex.wordpress.org/Nginx All works fine except for 1 critical aspect. The config uses a restrictions.conf which has some fairly simple rules for blocking unauthorized access to specific f

Re: Location regex + if + basic auth to restrict directory access

I'll answer to my own question there: Apparently, yes, evaluating something with the 'if' directive doesn't propagate the environment containing the variables from the 'location' directive. All explained on StackOverflow