Hi Styopa,
On 09-01-14 22:48, Styopa Semenukha wrote:
Patrick,
It's not possible, because SSL works on lower level (session layer) than HTTP
(application layer).
Thank you for your feedback. That's unfortunate. I hope to see flexible
SSL config one day as an enhancement (if possible). For n
On 10/01/2014 7:58 AM, Francis Daly wrote:
Hi there,
The nginx config follows its own logic, which may not match your previous
experiences. When you understand that, you'll have a much better chance
of knowing the configuration you are looking for.
I think this is very true in my case. I will
Igor Sysoev wrote in post #928721:
> error_page 500 502 503 504 /500.html;
>
[snip]
>
> location = /500.html {
> }
> }
I would like to clarify what's going on in these two lines of Igor's
answer.
A. Note the "/500.html" part on the first line. That is not a variab
Patrick,
It's not possible, because SSL works on lower level (session layer) than HTTP
(application layer).
On Thursday, January 09, 2014 10:42:55 PM Patrick Lists wrote:
> Hi,
>
> On a Wordpress website that works with a basic StartSSL certificate I
> wonder if it is possible to configure ngi
On Wed, Jan 08, 2014 at 04:22:40AM -0500, wrote:
Hi there,
(This is all untested, so handle with care.)
> I have the folllowing requirement:
> 1. if /usr/share/nginx/html/maintenance.html exists, then always show this
> file to browser.
That is probably best done with an "if" and a "re
Hi,
On a Wordpress website that works with a basic StartSSL certificate I
wonder if it is possible to configure nginx (1.4.4) to use a separate
self-signed cert with client certificate authentication for wp-login.php
and any link in wp-admin/ ?
So the regular https://blog.example.org/[some/l
On Fri, Jan 10, 2014 at 12:51:24AM +1100, nano wrote:
> On 9/01/2014 11:57 PM, B.R. wrote:
> >On Thu, Jan 9, 2014 at 1:41 PM, nano wrote:
Hi there,
The nginx config follows its own logic, which may not match your previous
experiences. When you understand that, you'll have a much better chance
of
Thanks,
I changed my strategy :
one file programmatically modified and added to the site-enabled folder
like that everything runs fine and I keep being able to meet my requirement
of one root ca per client.
Many thanks all of you
Bye
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,2
Because the certs are parsed when the config is loaded so that you can have
a SSL context right from the start. Well before the HTTP layer is touched.
If you want dynamic cert loading you have to do it yourself.
At a time I tried that by following a simpler path of modifying stud so
that it does o
On Thu, Jan 09, 2014 at 07:03:49PM +, Matthew Ngaha wrote:
Hi there,
> Im trying to set up nginx with django. This is the instruction given:
>
> Symlink to this file from /etc/nginx/sites-enabled so nginx can see it:
That instruction assumes that the nginx config file that is being used
alr
Im trying to set up nginx with django. This is the instruction given:
Symlink to this file from /etc/nginx/sites-enabled so nginx can see it:
sudo ln -s ~/path/to/your/mysite/mysite_nginx.conf
/etc/nginx/sites-enabled/
The problem is this folder doesn't exist: /etc/nginx/sites-enabled/
my
Thanks,
I left the cookies out of this context right now I understand.
But since there is a http request first why doesn't nginx is able to switch
to the right certificate accordingly ?
Without obliging me to create a new entry for each (which is the route I am
going to take)?
Posted at Nginx F
Thanks a lot for the detailed answer, Yichun! I'll try to benchmark it,
estimate the db size, see if it fits in memory, etc.
Cheers,
Andre
signature.asc
Description: OpenPGP digital signature
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx
On 10/01/2014 4:33 AM, Jim Ohlstein wrote:
Hello,
On 1/9/14, 12:14 PM, nano wrote:
On 10/01/2014 2:21 AM, Jim Ohlstein wrote:
Hello,
On 1/9/14, 7:24 AM, nano wrote:
[snip]
I share your opinion regarding nginx documentation. It is woeful.
Particularly when compared to other exemplary open
Hello!
On Thu, Jan 9, 2014 at 5:35 AM, Andre Nathan wrote:
> However, as known,
> using the lua-sqlite3 library directly is not optimal because it would
> block the Nginx worker process.
>
Well, I suggest you benchmark the actual performance and measure the
actual blocking effect (We actually hav
Hello,
On 1/9/14, 12:14 PM, nano wrote:
On 10/01/2014 2:21 AM, Jim Ohlstein wrote:
Hello,
On 1/9/14, 7:24 AM, nano wrote:
[snip]
I share your opinion regarding nginx documentation. It is woeful.
Particularly when compared to other exemplary open source projects, such
as Postfix and FreeBSD
On 10/01/2014 4:13 AM, Jim Ohlstein wrote:
Hello,
On 1/9/14, 9:42 AM, nano wrote:
I have attempted several variations of this format[1] you recommend and
continue to produce a broken site; dialog to download
application/octet-stream from the main servername.com and a 'File not
found.' from htt
On 10/01/2014 2:21 AM, Jim Ohlstein wrote:
Hello,
On 1/9/14, 7:24 AM, nano wrote:
[snip]
I share your opinion regarding nginx documentation. It is woeful.
Particularly when compared to other exemplary open source projects, such
as Postfix and FreeBSD. My inability to easily transfer my webse
Hello,
On 1/9/14, 9:42 AM, nano wrote:
I have attempted several variations of this format[1] you recommend and
continue to produce a broken site; dialog to download
application/octet-stream from the main servername.com and a 'File not
found.' from https://servername.com/phpmyadmin.
[1]
locatio
Maxim,
Thank you for your reply.
On Thu, Jan 9, 2014 at 10:03 AM, Maxim Dounin wrote:
> [snip]
>
> If you are able to connect to localhost:9090 with your browser,
> you are likely using native HTTP support in your uWSGI server.
>
Yes, I am starting the uwsgi process like this, using the --http
So, what is the workaround I could use to avoid creating one file per new
(self-signed)certificate issued ?
I cannot use only one certificate for all since I have to be able to
revoke the certs with granularity.
If you don't want to use file/certificate per domain but the same time can't
work
> I resolved this problem by making the /wordpress directory the server root.
> However, I now have the problem of /usr/local/www/phpMyAdmin being
> inaccessible, due to the same error.
>
You can, and its probably best to use:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
A
On 9 January 2014 16:28, Larry wrote:
> I would like to be able to "load" the right cert according to the cookie set
> and request uri.
> A sort of dynamic setting.
> So, what is the workaround I could use to avoid creating one file per new
> (self-signed)certificate issued ?
Your problem is that
Certificates are selected and presented by the server before the
client even has the chance to send any cookies, the latter
happening after the »TLS handshake«.
2014/1/9 Larry :
> Hello,
>
> Here is my current conf
>
> server {
> listen 443;
>
> server_name ~^(.*)
Hello,
Here is my current conf
server {
listen 443;
server_name ~^(.*)\.sub\.domain\.com$
sslon;
ssl_certificate$cookie_ident/$1.crt;
ssl_certificate_key$cookie_ident/$1.key;
Hello,
On 1/9/14, 7:24 AM, nano wrote:
[snip]
I share your opinion regarding nginx documentation. It is woeful.
Particularly when compared to other exemplary open source projects, such
as Postfix and FreeBSD. My inability to easily transfer my webservers to
nginx from Apache, due to (my own s
Hello!
On Wed, Jan 08, 2014 at 08:15:47PM -0500, Denis Papathanasiou wrote:
> I've installed nginx via apt, using the nginx stable pkg as described here:
> http://nginx.org/en/linux_packages.html#stable
>
> It works perfectly for serving static files using the default configuration.
>
> Next, I
On 9/01/2014 11:57 PM, B.R. wrote:
II. Use a smarter (and more scalable, in light of future adds to the
nginx config) way, which is nesting the rules of 'location
/phpmyadmin/(.*\.php)$' in a 'location ~\.php$' block embedded in a
'location ^~ /phpmyadmin/' block.
I have attempted several var
Hello!
On Wed, Jan 08, 2014 at 02:57:18PM +, Jon Leighton wrote:
> Hi there,
>
> I work on a site which has nginx in front of a Rails application, and we
> use proxy_cache.
>
> For the home page, our application returns a "max-age=600, public"
> Cache-Control header, and we have nginx confi
On 9/01/2014 11:57 PM, B.R. wrote:
Try to understand what you are doing first.
I really am trying.
One request is handled in one location.
For this request, the one location that you want to be used is
not the
one that nginx actually uses.
1.
Hello
I'm considering the possibility of implementing a project using Nginx
and the Lua module. One of the requirements of the project is that the
code must use an embedded database such as SQLite. However, as known,
using the lua-sqlite3 library directly is not optimal because it would
block the
On 9/01/2014 11:47 PM, Jonathan Matthews wrote:
On 9 January 2014 12:24, nano wrote:
I share your opinion regarding nginx documentation. It is woeful.
Sorry chap - I didn't say that and I don't think that. There may well
be some specific target audiences not well served by the aggregate of
th
Hello!
On Sat, Jan 04, 2014 at 03:36:33PM -0500, Jonathan Vanasco wrote:
> I recently encountered an issue with a 1.5.7 branch on OSX. i did not check
> 1.5.8
>
> The following code will set ALL css/js files as the default_type
>
> include /usr/local/nginx/conf/mime.types;
> def
Try to understand what you are doing first.
One request is handled in one location.
>>
>> For this request, the one location that you want to be used is not the
>> one that nginx actually uses.
>>
>>
>>> 1.
>>> location / {
>>>
>>> 2.
>>> location ~ \.php$ {
>>>
>>> 3.
>>> location /php
Hello!
On Thu, Jan 09, 2014 at 12:12:09PM +, Jonathan Matthews wrote:
> On 9 January 2014 11:57, Maxim Dounin wrote:
> > Hello!
> >
> > On Thu, Jan 09, 2014 at 10:21:43AM +, Jonathan Matthews wrote:
> >
> >> On 9 January 2014 10:03, basti wrote:
> >> > Hello,
> >> >
> >> > I have a clos
On 9 January 2014 12:24, nano wrote:
> I share your opinion regarding nginx documentation. It is woeful.
Sorry chap - I didn't say that and I don't think that. There may well
be some specific target audiences not well served by the aggregate of
the current (psuedo-)documentation sources, but that
On 9/01/2014 9:23 PM, nano wrote:
I am having trouble configuring nginx to serve up PHP from outside of
the server document root. For example, this site's root is
/usr/local/www/site1/wordpress and phpMyAdmin is located in
/usr/local/www/phpMyAdmin. I cannot access servername.com/phpmyadmin.
ngin
On 9/01/2014 11:12 PM, Jonathan Matthews wrote:
On 9 January 2014 11:57, Maxim Dounin wrote:
Hello!
On Thu, Jan 09, 2014 at 10:21:43AM +, Jonathan Matthews wrote:
On 9 January 2014 10:03, basti wrote:
Hello,
I have a closed-source Webapp that run on an IIS-Webserver and send a
"X-Fram
On 9 January 2014 11:57, Maxim Dounin wrote:
> Hello!
>
> On Thu, Jan 09, 2014 at 10:21:43AM +, Jonathan Matthews wrote:
>
>> On 9 January 2014 10:03, basti wrote:
>> > Hello,
>> >
>> > I have a closed-source Webapp that run on an IIS-Webserver and send a
>> > "X-Frame-Options: SAMEORIGIN" he
Hello!
On Thu, Jan 09, 2014 at 10:21:43AM +, Jonathan Matthews wrote:
> On 9 January 2014 10:03, basti wrote:
> > Hello,
> >
> > I have a closed-source Webapp that run on an IIS-Webserver and send a
> > "X-Frame-Options: SAMEORIGIN" header.
> > I also have to implement this Webapp in my own,
On 9/01/2014 10:01 PM, Francis Daly wrote:
On Thu, Jan 09, 2014 at 03:57:43PM +1100, nano wrote:
Hi there,
As subject says: I cannot access wp-admin due to above [error].
Otherwise, site functions as it should.
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME
/usr/lo
Hello!
On Thu, Jan 09, 2014 at 11:03:11AM +0100, basti wrote:
> Hello,
>
> I have a closed-source Webapp that run on an IIS-Webserver and send a
> "X-Frame-Options: SAMEORIGIN" header.
> I also have to implement this Webapp in my own, Frame based Application.
>
> So I try to use nginx as a reve
On 9/01/2014 9:55 PM, Francis Daly wrote:
On Thu, Jan 09, 2014 at 09:23:56PM +1100, nano wrote:
Hi there,
One request is handled in one location.
For this request, the one location that you want to be used is not the
one that nginx actually uses.
location / {
location ~ \.p
On Thu, Jan 09, 2014 at 03:57:43PM +1100, nano wrote:
Hi there,
> As subject says: I cannot access wp-admin due to above [error].
> Otherwise, site functions as it should.
> location ~ \.php$ {
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/wordpress$fastcgi_script_name;
On Thu, Jan 09, 2014 at 09:23:56PM +1100, nano wrote:
Hi there,
> The WordPress site, however, is served without error. Therefore, nginx
> is refusing to serve PHP from outside of the server document root.
nginx doesn't serve php.
nginx tells the fastcgi server what you configure it to tell.
On 9/01/2014 9:27 PM, Richard Stanway wrote:
fastcgi_passunix:/tmp/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/usr/local/www/phpMyAdmin$fastcgi_script_name;
include fastcgi_params;
What's in your fastcgi_para
> fastcgi_passunix:/tmp/php-fpm.sock;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> /usr/local/www/phpMyAdmin$fastcgi_script_name;
> include fastcgi_params;
>
What's in your fastcgi_params? Is it overriding your SCRIPT_FILENAME
I am having trouble configuring nginx to serve up PHP from outside of
the server document root. For example, this site's root is
/usr/local/www/site1/wordpress and phpMyAdmin is located in
/usr/local/www/phpMyAdmin. I cannot access servername.com/phpmyadmin.
nginx logs the following error:
==
On 9 January 2014 10:03, basti wrote:
> Hello,
>
> I have a closed-source Webapp that run on an IIS-Webserver and send a
> "X-Frame-Options: SAMEORIGIN" header.
> I also have to implement this Webapp in my own, Frame based Application.
>
> So I try to use nginx as a reverse Proxy, but the X-Frame-
On Thu, Jan 9, 2014 at 4:53 AM, Lukas Tribus wrote:
>> My current values in my nginx configuration for ssl_protocols/ciphers
>> what i use is this:
>>
>> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
>> ssl_prefer_server_ciphers on;
>>
>> What are todays recommend
On Thu, Jan 9, 2014 at 4:53 AM, Lukas Tribus wrote:
>> My current values in my nginx configuration for ssl_protocols/ciphers
>> what i use is this:
>>
>> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
>> ssl_prefer_server_ciphers on;
>>
>> What are todays recommend
Hello,
I have a closed-source Webapp that run on an IIS-Webserver and send a
"X-Frame-Options: SAMEORIGIN" header.
I also have to implement this Webapp in my own, Frame based Application.
So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
is still send.
How can I remove his
Hi,
> My current values in my nginx configuration for ssl_protocols/ciphers
> what i use is this:
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
>
> What are todays recommendations for ssl_ciphers option for supporting
> all curr
On Thu, Jan 9, 2014 at 4:29 AM, wrote:
> Hi
>
> My current values in my nginx configuration for ssl_protocols/ciphers what i
> use is this:
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers RC4:HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
>
> What are todays recomm
On 9/01/2014 8:29 PM, pekka.pan...@sofor.fi wrote:
Hi
My current values in my nginx configuration for ssl_protocols/ciphers
what i use is this:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
What are todays recommendations for
Hi
My current values in my nginx configuration for ssl_protocols/ciphers what
i use is this:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
What are todays recommendations for ssl_ciphers option for supporting all
curr
Aidan Scheller Wrote:
---
> Does using the --with-openssl-opt="enable-ec_nistp_64_gcc_128"
> configure parameter without the *--with-openssl *cause a static
> version of
> OpenSSL to be created for Nginx? I'm unsure as the configuration
> summar
57 matches
Mail list logo
