I understand nginx writes the log when request completes, but is time_local
(or time_iso8601, msec) representing the time that the request was received
or when the request completes and log written? I know Apache and AWS ELB
both log the request received time, and want to see nginx works the same.
Great, thanks!
On Wednesday, November 18, 2015, itpp2012 wrote:
> A simple 'hack', compiles and works, untested if port is coming from
> correct
> pool.
>
> http://pastebin.com/ZarS2nQd
> Raw code http://pastebin.com/raw.php?i=ZarS2nQd
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.ph
Some more interesting data: sometimes it HIT cache, sometimes not.
depending of referer I do not know how... I cannot imagine why.
(consecutive log lines filtering by uri I did not remove any file or
cache, even not restarted nginx at all)
107.167.108.187 - - [19/Nov/2015:05:22:22 +01
Hello all!
First, the specs:
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --with-http_flv_module --with-ipv6
--with-http_mp4_module --with-pcre=/usr/local/src/publicnginx/pcre
Hi.
Am 17-11-2015 21:13, schrieb lakarjail:
[snipp]
Please note that :
- nginx server starts correctly in command line (#nginx ), not using
service. SSL configuration (like file locations and permissions seems
therefore correct). Password is -that way- asked on terminal.
- when doing th
Thanks Maxim,
Well, regex location for this particular exemple is indeed useless, but
might prove very useful when URI description is not trivial.
Too bad they are that flawed.
I remember this talk very well indeed and think about it almost daily when
dealing with nginx configuration. I had hopes
Hello!
On Wed, Nov 18, 2015 at 09:18:51PM +0100, B.R. wrote:
> WIth the following configuration:
> server {
> listen 80;
> listen [::]:80;
>
> location / {
> location ~* "^/[[:alnum:]]+$" {
> default_type text/plain;
> return 200 "KO";
>
WIth the following configuration:
server {
listen 80;
listen [::]:80;
location / {
location ~* "^/[[:alnum:]]+$" {
default_type text/plain;
return 200 "KO";
}
}
location ~* "^/test" {
default_type text/plain;
re
On Wed, Nov 18, 2015 at 03:40:51PM +, Francis Daly wrote:
> On Wed, Nov 18, 2015 at 09:31:36AM -0500, lakarjail wrote:
> > Francis Daly Wrote:
> > ---
> > > On Wed, Nov 18, 2015 at 04:34:20AM -0500, lakarjail wrote:
Hi there,
> > However the
On Wed, Nov 18, 2015 at 09:31:36AM -0500, lakarjail wrote:
> Francis Daly Wrote:
> ---
> > On Wed, Nov 18, 2015 at 04:34:20AM -0500, lakarjail wrote:
Hi there,
I think I fail at reading comprehension :-(
> > I don't see how your system security
A simple 'hack', compiles and works, untested if port is coming from correct
pool.
http://pastebin.com/ZarS2nQd
Raw code http://pastebin.com/raw.php?i=ZarS2nQd
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,262876,262924#msg-262924
___
ngin
Thank you for your answer. I agree with you on all points concerning if it
would or not improve the security.
Francis Daly Wrote:
---
> On Wed, Nov 18, 2015 at 04:34:20AM -0500, lakarjail wrote:
> I don't see how your system security is enhanced
On Tue, Nov 17, 2015 at 03:07:33AM -0500, rgrraj wrote:
Hi there,
> The topic was the same one I was looking for. But we have specific idea of
> setting up the expire value. We need expires to be at every 2h hours at the
> same time to be on every 24hours, ie: midnight. Can you help me with how
On Mon, Nov 16, 2015 at 04:51:29PM +0300, Maxim Dounin wrote:
> On Sun, Nov 15, 2015 at 12:51:56PM +, Francis Daly wrote:
> > On Fri, Nov 13, 2015 at 03:37:28PM +0100, Joó Ádám wrote:
Hi there,
> > > I would like to terminate TLS connections arriving at the default
> > > server, only serving
On Wed, Nov 18, 2015 at 04:34:20AM -0500, lakarjail wrote:
Hi there,
> It made me wondering why
> "SSLPassPhraseDialog" from Apache was not as well added on Nginx.
I'm a bit unclear on this -- what extra security do you think that
Apache's "SSLPassPhraseDialog" gives you? See below for my ration
Hi Maxim,
> The directives above cover several very different areas and
> use-cases. Any specific reasons why you asking?
In this instance I would like to use Nginx for TLS termination only
and receiving the underlying traffic unaltered, but I would like to
provide the same functionality to brows
On 11/18/15 3:38 PM, Joó Ádám wrote:
> Hi,
>
> There are 10 directives missing from ngx_stream_ssl_module compared to
> ngx_http_ssl_module:
>
> * ssl_buffer_size
> * ssl_client_certificate
> * ssl_crl
> * ssl_stapling
> * ssl_stapling_file
> * ssl_stapling_responder
> * ssl_staplin
Hi,
There are 10 directives missing from ngx_stream_ssl_module compared to
ngx_http_ssl_module:
* ssl_buffer_size
* ssl_client_certificate
* ssl_crl
* ssl_stapling
* ssl_stapling_file
* ssl_stapling_responder
* ssl_stapling_verify
* ssl_trusted_certificate
* ssl_verify_client
> Can someone please tell me how much processing Nginx does on incoming
> requests before proxying? If I would use Nginx merely for TLS
> termination, how different would be the TCP stream arriving to the
> backend compared to the original TLS payload?
Nevermind, I wasn’t aware of the new streamin
lakarjail Wrote:
---
> Thank you for your answer.
> Could you please describe technically the "protected vault" for Debian
> you have in mind as a solution?
https://wiki.debian.org/TransparentEncryptionForHomeFolder
Posted at Nginx Forum:
https
Thank you for your answer.
Could you please describe technically the "protected vault" for Debian you
have in mind as a solution?
If I understand you well, there is no simple solution in debian as we can
have with Apache2 and its mod_ssl function 'SSLPassPhraseDialog'? That is
quite surprising fro
Assuming the cert files are not kept open, you could store them in a
protected vault with the password in them, place them (copy from vault)
where nginx wants them, close vault, start nginx and overwrite/remove the
files.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,262900,262912#msg
I see your point there. Thank you for the link. It made me wondering why
"SSLPassPhraseDialog" from Apache was not as well added on Nginx.
Indeed, I am looking for a solution that wouldn't decrease the global
security of my system. I can not consider leaving the password of a PEM key
in cleartext
23 matches
Mail list logo
