Thanks Maxim.
I tried changing the ssl_verify_depth to 1 from value of 2 however still I
get 400 Bad Request for all the certificates ( Valid and Revoked ).
I checked the error_log file, there are no entries in that file. It all
works when I remove the ssl_crl option ( however then revoked certif
> We're facing quite slow uploading speed on FreeBSD-10.X over HTTP (NGINX).
How slow is "slow"?
As in you didn't provide any metrics.
> There's not much load on HDDs so i suspect that maybe tcp tuning has some
> problem.
Well you could simply transfer a file via scp (-c arcfour) or netcat to
Hi,
We're facing quite slow uploading speed on FreeBSD-10.X over HTTP (NGINX).
Hardware is quite strong with 4x1Gbps LACP / 65G RAM / 12x3TB SATA .
There's not much load on HDDs so i suspect that maybe tcp tuning has some
problem. Here is my sysctl.conf
http://pastebin.com/MqNbD3VR
Here is /boot
Am 2016-10-13 16:13, schrieb Reinis Rozitis:
You mean a transparent proxy?
In our case, this is not possible.
It's not really transparent.
As far as I understand you have a problem with opening outgoing
traffic to _random_ destination but you are fine if such traffic is
pushed through some pro
You mean a transparent proxy?
In our case, this is not possible.
It's not really transparent.
As far as I understand you have a problem with opening outgoing traffic to
_random_ destination but you are fine if such traffic is pushed through some
proxy server (which in general means that the p
- use an explicitly configured OCSP responder with the
ssl_stapling_responder directive. It allows to configure your
own OCSP responder at a fixed address, and then proxy requests to
the real responder. See http://nginx.org/r/ssl_stapling_responder
for details.
Ohh totally have looked
Hello!
On Thu, Oct 13, 2016 at 12:25:44PM +0200, rai...@ultra-secure.de wrote:
> Hi,
>
> we have been informed by our CA that they will be moving their OCSP-servers
> to "the cloud" - it was a fixed set of IPs before.
> These fixed sets could relatively easily be entered as firewall rules (and
>
Hello!
On Thu, Oct 13, 2016 at 03:07:25PM +0530, Zeal Vora wrote:
> Hi
>
> We've implemented basic Certificate Based Authentication for Nginx.
>
> However whenever the certificate is revoked, Nginx still allows the client
> ( with revoked certificate ) to access the website.
>
> I verified man
Am 2016-10-13 13:16, schrieb Reinis Rozitis:
It would be cool if nginx would be able to do the stapling through a
http-
proxy.
Technically you could just "override" (via /etc/hosts or if you have
your own dns service) your ssl's provider ocsp ip to your own proxy
which will forward then the re
> It would be cool if nginx would be able to do the stapling through a http-
> proxy.
Technically you could just "override" (via /etc/hosts or if you have your own
dns service) your ssl's provider ocsp ip to your own proxy which will forward
then the requests to the original server.
p.s. in thi
Hi,
we have been informed by our CA that they will be moving their
OCSP-servers to "the cloud" - it was a fixed set of IPs before.
These fixed sets could relatively easily be entered as firewall rules
(and hosts-file entries, should DNS-resolution be unavailable).
Of course, they could as easil
Hi All
I'm using nginx with Unified Streaming - I would like to have different
cache settings per channel. Is it possible to state different
proxy_cache_path parameters?
Thanks in advance
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,270240,270240#msg-270240
__
Hi
We've implemented basic Certificate Based Authentication for Nginx.
However whenever the certificate is revoked, Nginx still allows the client
( with revoked certificate ) to access the website.
I verified manually with openssl with OCSP URI and OCSP seems to be working
properly. Nginx doesn'
13 matches
Mail list logo
