Re: How to hide kernel information

2020-04-28 Thread lists
Not to get too far off topic, but unless your server is important (government, financial, etc.), it is most likely the hacks it will receive are just "sprayed." They don't care what rev of OS you are running. The hacker tries a number of exploits on IP space known to host servers. Who you are is

Re: SSL and port number [was: Rewrite -- failure]

2020-04-28 Thread Paul
On 2020-04-22 3:14 a.m., Francis Daly wrote: On Tue, Apr 21, 2020 at 07:09:41PM -0400, Paul wrote: Hi there, I confess I'm not quite certain what you are reporting here -- if you can say "with *this* config, I make *this* request and I get *this* response, but I want *that* response instead", i

Re: How to hide kernel information

2020-04-28 Thread Praveen Kumar K S
Thank you for your support. I will take all your inputs into consideration to fix this issue. On Tue, Apr 28, 2020 at 8:47 PM J.R. wrote: > > Okay. I exactly don't know how the Security Testing Team is able to get > the > > kernel information. They use Qualys and Nessus for performing tests. All

Re: How to hide kernel information

2020-04-28 Thread J.R.
> Okay. I exactly don't know how the Security Testing Team is able to get the > kernel information. They use Qualys and Nessus for performing tests. All I > can say is only port 443 allowed to the server and I thought asking you > guys if it is from Nginx or is there any way to handle it. Server is

Re: Compile Nginx

2020-04-28 Thread Anoop Alias
The Nginx binary compiled on one system can be run on a similar architecture system as it is portable code. The ones you download from the repo are compiled on a machine to binary by the repo maintainer you can ship the binary in a tool like rpm or deb On Tue, Apr 28, 2020 at 7:13 PM Praveen Kum

Re: Compile Nginx

2020-04-28 Thread Praveen Kumar K S
I usually install from the official nginx apt repo. But since I want to use modules like more_set_headers which requires building nginx from source, I'm looking for best practices. On Tue, Apr 28, 2020 at 6:50 PM Reinis Rozitis wrote: > > Can I compile nginx on Ubuntu 16.04 and reuse it on other

Re: SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

2020-04-28 Thread Daniel Hadfield
The key is the key you used when you generated the CSR. The key remains on your machine at all times not sent to godaddy. On 28/04/2020 13:46, Aran wrote: Hi, [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/domain.key") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expect

Re: How to hide kernel information

2020-04-28 Thread Josef Vybíhal
The test is GUESSing, it's written there in the link you posted. What are your HTTP headers - what do you expose there? Do you expose your nginx version to clients? Like in headers? Error pages? From those, it's possible determine used OS and then guess kernel information. Is your app leaking this

RE: Compile Nginx

2020-04-28 Thread Reinis Rozitis
> Can I compile nginx on Ubuntu 16.04 and reuse it on other deployments? Or do > I need to compile every time ? Please advise. As far as the hosts have all the shared libraries like openssl/pcre etc (you can check with 'ldd /path/to/nginx') there is no need to compile every time and you can jus

Re: Compile Nginx

2020-04-28 Thread basti
It depends on how you compile. First of all have a look at the repository of you distribution or nginx itself it's easier to update for bugfix or security impacts. The 2'nd way can be to upgrade you server and get a newer nginx. If that all is not an option I would prefer a build a debian packag

Re: How to hide kernel information

2020-04-28 Thread Praveen Kumar K S
Okay. I exactly don't know how the Security Testing Team is able to get the kernel information. They use Qualys and Nessus for performing tests. All I can say is only port 443 allowed to the server and I thought asking you guys if it is from Nginx or is there any way to handle it. Server is behind

SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)

2020-04-28 Thread Aran
Hi, [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/domain.key") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) We bought ssl certificates from godaddy and tried to install their guida

Compile Nginx

2020-04-28 Thread Praveen Kumar K S
Hello, Can I compile nginx on Ubuntu 16.04 and reuse it on other deployments? Or do I need to compile every time ? Please advise. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx