> so if I put both of these in one server block so that the incoming is
> de-crypted and the outgoing is decrypted. Do I put both the server and client
> certs in the same server block ?
confused.
Depends on what setup/requirements you actually have:
- If your backend server requires authentic
On 26 April 2017 at 00:32, Maxim Dounin wrote:
>
> *) Change: SSL renegotiation is now allowed on backend connections.
>
What does this mean ?
reason I am asking is I would like to setup a site say example.com, that is
SSL, with no need for client certs at root URI
but I would like to for
I am reading this doc : https://www.nginx.com/blog/nginx-ssl/ and it shows
how to either terminate (de-crypt) ssl or how to receive un-encrypted
traffic over port 80 for example and encrypt it before sending to the
upstream servers.
>From the doc:
listen 443 *ssl*;
*** tells nginx to decrypt th
I am using Nginx 1.13 and have read that using "if" is a poor solution. I
have looked through my configuration file and found one and would like to
rewrite it without the "if". Does anyone know how to rewrite this snippet?
## Execute PHP Scripts using FastCGI
location ~ \.php(/.*)? {
i
Read the docs please :)
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#set
Set is allowed is server, location, and if blocks. Not http blocks.
> On Apr 25, 2017, at 12:41, Joel Parker wrote:
>
> I have a set directive inside an http block which I thought was valid but
> when I ru
Hello,
I want to secure a site using the allow/deny directives so that only
allowed networks will be able to access it. There is one "public"
directory, however, that I want to be accessible for everyone.
nginx serves as a reverse proxy on that site, and requests for URIs that
end with the
I have a set directive inside an http block which I thought was valid but
when I run config -t it says the nginx: [emerg] "set" directive is not
allowed here.
http {
log_format bodylog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_ref
I am still having issues with the config, can you take a look at my short
config and see where my confusion lies ? Changed the stream block to http
and think I did the rest correct but still complains about log_format and
not sure if my proxy_pass or any of the rest of it is bad.
Joel
On Tue, Apr
Just set up a server {} block that accepts TLS connections. This is exactly
what proxy_pass is for :) You can log whatever HTTP data you need via Nginx
(just as your log_format and content_by_lua block does), and then
proxy_pass that traffic to your upstream as normal. Stream blocks are for
arbitra
I'm running nginx 1.11.9, and I get an error any time I try to use
bytes_sent, upstream_bytes_sent, or upstream_bytes_received. I've tried
logging directly in a log format, or using in a map:
map $request_method $chad_sent {
default $upstream_bytes_sent;
}
map $request_method $chad_received {
What I am trying to do is create an open proxy that listens to TLS from
many servers and de-crypts the traffic with the appropriate keys, log the
de-crytped request / response then re-encrypt with different certs and send
to an upstream server. My thought was theat a stream block would help me
acco
Hi Roman,
Thank you so much - it worked great!
Cheers,
Kevin
--
Kevin Worthington
kworthington ( at ) gmail {dot} com
https://kevinworthington.com/
https://twitter.com/kworthington
On Tue, Apr 25, 2017 at 1:32 PM, Roman Arutyunyan wrote:
> Hi,
>
> Please try the patch.
>
> On Tue, Apr 25, 2017
No. stream {} and http {} blocks are mutually exclusive.
What exactly are you trying to accomplish with stream?
On Tue, Apr 25, 2017 at 11:46 AM, Joel Parker
wrote:
> so can I have a hierarchy like this ?
>
> http {
> // log format
> stream {
> server {
> // acc
so can I have a hierarchy like this ?
http {
// log format
stream {
server {
// access log
}
}
}
On Tue, Apr 25, 2017 at 1:38 PM, Robert Paprocki <
rpapro...@fearnothingproductions.net> wrote:
> What you're doing doesn't quite make sense. You're tryi
What you're doing doesn't quite make sense. You're trying to log HTTP data
inside a stream block. That doesn't work. There's no such concept of
$status, $http_referer, etc, inside a stream {} block.
Have a read of the log_format docs:
http://nginx.org/en/docs/http/ngx_http_log_module.html#log_form
I am trying to log all request / response in a stream with a lua script I
found in git hub and am having issues figuring out where to put the
log_format directive. Here is what I currently have :
stream {
log_format bodylog '$remote_addr - $remote_user [$time_local] '
'"$request" $statu
Hi,
Please try the patch.
On Tue, Apr 25, 2017 at 11:41:10AM -0400, Kevin Worthington wrote:
> Hello!
>
> Getting a make error on 32-bit and 64-bit Cygwin:
>
> -o objs/src/os/unix/ngx_writev_chain.o \
> src/os/unix/ngx_writev_chain.c
> cc -c -pipe -O -W -Wall -Wpointer-arith -W
Hi,
On Tue, Apr 25, 2017 at 12:11:00PM -0400, kay wrote:
> I'd like to implement proxy server for internet radio streaming. And I'd
> like to reuse existing established connection to the upstream for all
> clients which listen the same "radio station"/"url".
>
> Right now every listener creates a
Hello!
On Tue, Apr 25, 2017 at 06:01:11PM +0200, rai...@ultra-secure.de wrote:
> am I right that $upstream_cache_status primarily concerns nginx' own
> upstreams like fastcgi, uwsgi etc?
Yes.
> Or is there a possibility to display whether an upstream varnish has had
> the page cached?
To obt
Hi,
I'd like to implement proxy server for internet radio streaming. And I'd
like to reuse existing established connection to the upstream for all
clients which listen the same "radio station"/"url".
Right now every listener creates a new connection on nginx side. Is it even
possible to reuse one
Hi,
am I right that $upstream_cache_status primarily concerns nginx' own
upstreams like fastcgi, uwsgi etc?
Or is there a possibility to display whether an upstream varnish has had
the page cached?
Rainer
___
nginx mailing list
nginx@nginx.org
h
Hello!
Getting a make error on 32-bit and 64-bit Cygwin:
-o objs/src/os/unix/ngx_writev_chain.o \
src/os/unix/ngx_writev_chain.c
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g
-D FD_
SETSIZE=2048 -I src/core -I src/event -I src/event/modules -I src/os/un
On Sat, Apr 22, 2017 at 01:52:48AM +0200, B.R. via nginx wrote:
> I do not know if your detailed explanation was aimed to me, or to the list
> in general, but I got all that already as far as I am concerned.
>
> To me, when an attempt is made to an upstream group where no peer can be
> selected,
Changes with nginx 1.13.025 Apr 2017
*) Change: SSL renegotiation is now allowed on backend connections.
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
*) Feature: the "r
This is what my setup looks like:
INTERNET (subdomain.domain.com A Record to public IP 186187)
Hurl.it -POST-> Public IP:
https://186187/API/switches?sw1?password=123456 -> Linksys Router
IP:186...187:443 Port Forward to 192...53
ONLAN (nginx setup https with ssl from letsencr
Hello,
I am developing my own nginx module, I would like to use the
"keepalive_timeout" option.
I tried to find a callback which signal that timeout was expired, before the
nginx call ngx_http_close_connection. I am using a memory which I allocate
and I would like to free it
Thanks,
Ortal Levi
26 matches
Mail list logo
