Re: [security advisory] $http_host vs $host

On 10.03.2015 23:09, Francis Daly wrote: server { listen 443 ssl; server_name private.example.com; location / { auth_basic "closed site"; auth_basic_user_file conf/htpasswd; proxy_set_header Host $http_host; proxy_pass http://backend; } } server { li

Re: [security advisory] $http_host vs $host

On Mon, Mar 09, 2015 at 08:56:28PM +0200, Gena Makhomed wrote: > On 09.03.2015 19:25, Francis Daly wrote: Hi there, thank you for the explanation. > >It is true that $http_host is completely controlled by the client, and > >$host is mostly controlled by the client. It is true that they can have

Re: nginx page caching not working for responses with valid (rfc 1123 compliant) Expires header

- Original Message - From: "Valentin V. Bartenev" To: nginx@nginx.org Sent: Tuesday, March 10, 2015 1:10:09 PM Subject: Re: nginx page caching not working for responses with valid (rfc 1123 compliant) Expires header On Tuesday 10 March 2015 14:42:41 Kunal Pariani wrote: > Hello, > I a

Re: nginx page caching not working for responses with valid (rfc 1123 compliant) Expires header

On Tuesday 10 March 2015 14:42:41 Kunal Pariani wrote: > Hello, > I am on nginx-1.7.1 & trying to use nginx's page caching feature but run into > an issue for responses with a valid 'Expires' header which seem to be in the > correct rfc 1123 compliant format. Nginx somehow doesn't like it & henc

nginx page caching not working for responses with valid (rfc 1123 compliant) Expires header

Hello, I am on nginx-1.7.1 & trying to use nginx's page caching feature but run into an issue for responses with a valid 'Expires' header which seem to be in the correct rfc 1123 compliant format. Nginx somehow doesn't like it & hence doesn't cache such responses. Is this a bug ?

RE: AES-NI support with nginx

> I'm very interested in this issue > I have a problem with use openssl version and engine AES-NI > Detail my question: > http://stackoverflow.com/questions/28939825/how-to-config-openssl-engine-aes-ni-in-nginx > Please suggest a solution for me. Use official openssl distributions, not some github

Re: nginx + LibreSSL + ECDSA cert = Error

I've been using ECDSA without issue on 1.7.10 with LibreSSL 2.1.4. Method to generate the key was: openssl ecparam -out ec_key.pem -name secp384r1 -genkey openssl req -newkey ec:ec_key.pem -nodes -sha256 -keyout www.domain.tld.key -new -out www.domain.tld.csr Then I'm declaring the DSA

Re: AES-NI support with nginx

I'm very interested in this issue I have a problem with use openssl version and engine AES-NI Detail my question: http://stackoverflow.com/questions/28939825/how-to-config-openssl-engine-aes-ni-in-nginx Please suggest a solution for me. Thank you so much. -- Posted via http://www.ruby-forum.com/.

Re: AES-NI support with nginx

http://openssl.6102.n7.nabble.com/having-a-lot-of-troubles-trying-to-get-AES-NI-working-tp44285p44301.html > On Mar 10, 2015, at 3:51 AM, HD DH wrote: > > Kurt Cancemi wrote in post #11

Re: Nginx upstream delays

Does the time reported by Gunicorn match the upstream time reported by nginx for the faulty request? - If yes, then the slowdown comes from Gunicorn (or most probably from the application within) - If no, then the shallow waters between front and backend needs inspection by whatever means available

Re: NGINX and mod_log_sql

Hi Fabián, You most likely put nginx in front of Apache. If that's the case, then chances are that you see the address in your logs that nginx contacts Apache from, instead of the user connecting to nginx. You might want to look into passing the IP of the visitor to your backend (Apache). A

Re: NGINX and mod_log_sql

Any idea? Thanks. On 04/03/15 15:18, Fabián M Sales wrote: > Hello List. > > I use mod_log_sql-1.10 compiled into Apache / 2.4.7 and write > correctly in MySQL. > > In the nginx web server with the IP writer in MySQL is the IP of the > webserver and not the client IP to access the website. > > You

Re: Nginx upstream delays

Hello, The definition of the gunicorn time I mentioned is 'request time in microseconds'. Because Gunicorn only talks to Nginx, this would be the time Gunicorn needs (after having received the request) to generate the response and send it back to nginx, I would say. In most cases, this time ma

Re: Nginx upstream delays

Hello! On Mon, Mar 09, 2015 at 04:28:22PM +0100, Wiebe Cazemier wrote: > I have a question about sporadic long upstream response times > I'm seeing on (two of) our Nginx servers. It's kind of hard to > show and quantify, but I'll do my best. > > One is a Django Gunicorn server. We included th

Re: fastcgi_ignore_headers inside if{} - block

Hello! On Sun, Mar 08, 2015 at 12:10:04PM +0200, wishmaster wrote: > Hi. > > I need set some fascgi_* inside "if" block. E.g.: > > if ($foo = "bar") { > fastcgi_ignore_headers "Set-Cookie"; > } > > But the error is occure on configtest stage: > > nginx: [emerg] "fastcgi_ignore_headers" di

Re: Nginx upstream delays

Then it means nginx waited 3.042 seconds after having finished sending the request to the backend (ie time waiting for an answer). http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time Try to get the definition of the time you mention from Gunicorn. Times could be

Re: nginx + LibreSSL + ECDSA cert = Error

wrong curve? On Tue, Mar 10, 2015 at 1:27 PM, wrote: > Hi, > > this time not stupidly formatted ;): > I compiled nginx 1.7.10 + LibreSSL 2.1.4, but am not able to use ECC > certificates. > > nginx -V: > nginx version: nginx/1.7.10 > built by gcc 4.7.2 (Debian 4.7.2-5) > TLS SNI support enabled >

Aw: nginx + LibreSSL + ECDSA cert = Error

Hi,   this time not stupidly formatted ;): I compiled nginx 1.7.10 + LibreSSL 2.1.4, but am not able to use ECC certificates.   nginx -V: nginx version: nginx/1.7.10 built by gcc 4.7.2 (Debian 4.7.2-5)  TLS SNI support enabled configure arguments: --with-openssl=/root/git/build_nginx/build/li

nginx + LibreSSL + ECDSA cert = Error

Hi,   I compiled nginx 1.7.10 + LibreSSL 2.1.4, but am not able to use ECC certificates.   nginx -V: nginx version: nginx/1.7.10 built by gcc 4.7.2 (Debian 4.7.2-5)  TLS SNI support enabled configure arguments: --with-openssl=/root/git/build_nginx/build/libressl-2.1.4 --with-pcre=/root/git

Re: [security advisory] $http_host vs $host

You specifically configured nginx to pass the Host header ($http_host) to the backend, thus the backend has only this piece of information available... If you specified $host to be passed over, you would not have this flaw in your configuration. nginx does exactly what you configured. By default th

Re: Nginx upstream delays

Hello, The $request_time and $upstream_request_time are already included. In the log below it says ' 3.042 3.098 '. The latter is the request time, the former the upstream request time. It doesn't seem to be an issue of slow clients (also not for other log entries, they're similar). It's goi

Re: AES-NI support with nginx

Kurt Cancemi wrote in post #1168394: > AES-NI is already on, there is no configuration option and it will work > as > long as your cpu supports it. > > --- > Kurt Cancemi > https://www.x64architecture.com Can you show me where does the source of information from ? -- Posted via http://www.ruby-f