Hi
Whats considered the best way to auth again crowd.
I see some old module - 6-7 year untouched
https://github.com/kare/ngx_http_auth_crowd_module trying this one but
can't compile it
also noted crowd does openid
https://www.nginx.com/blog/authenticating-users-existing-applications-openid-c
HI
isn't this a bit futile, if they can get onto the box that has nginx they
can get either the private key or secret to get the private key.
safer would be to make it that you need human interact to start nginx.
But till a memory dump of the app would get you the private key.
On Fri, 16 Nov
Hi
Don't you need a openssl that works with 1.3 as well.
My sticking point is centos 6 - no openssl that comes with 1.3 - as far as
i know
A
On Mon, 5 Nov 2018 at 06:10, Bogdan via nginx wrote:
> Hi, Andreas!
>
>
> I disabled NPN (Next Protocol Negotiation) because, as far as I know (not
> ver
Hi
Not sure where to put this.
But I would like to have the ability to add client cert required any where
on the URI tree
so
www.abc.com.au/ you can access with out a cert but
www.abc.com.au/private/ you need a cert
www.abc.com.au/public/ no cert needed
A
__
Look at sticky session, a routing code in a cookie that helps you decide
where to send the packet. So on the 443 set the cookie and on the udp use
the cookie in the header to route on the back end
On 20 June 2018 at 17:16, nov1ce wrote:
> Hello,
>
> 1.14.0-1 running on Debian Stretch:
>
> # dp
Silly question why not use postfix for this ?
On 20 February 2018 at 18:56, Azusa Taroura
wrote:
> Hi everyone,
>
> I’m trying to optimize mail-proxy.
> My performance test is 1 client sends many request to 1 nginx server.
>
>
> This is my current settings:
>
> worker_processes auto;
> worker_r
Why not just change the log format to exclude the ip address or put in
static ip
On 14 February 2018 at 12:46, Tom wrote:
> Hi,
>
> I'm wondering if anyone has successfully masked ip addresses in nginx
> before they are written to a log file.
>
> I understand there are reasons why you would and
Hi
can you give an example of using a map instead of the if statement ?
Thanks
On 21 May 2017 at 02:35, c0nw0nk wrote:
> gariac Wrote:
> ---
> > I had run Naxsi with Doxi. Trouble is when it cause problems, it was
> > really hard to figure ou
such as asking it to reopen configuration (and thus to apply
> it to every worker).
> ---
> *B. R.*
>
> On Fri, May 19, 2017 at 11:40 PM, Alex Samad wrote:
>
>> Yes this exactly, I ended up been schooled by support :)
>>
>> Seems like my understanding of graceful
On 20 May 2017 at 08:00, wrote:
> My experience with deny in nginx is the url isn't hidden
So you don't want to just restrict access but you want to send a 404 not
found unless they come from a specific ip address.
I think you should be able to ... but my nginx skills are not that good for
no
Fri, May 19, 2017 at 11:28:05AM +1000, Alex Samad wrote:
>
> > Hi
> >
> > so I have lots of clients on long lived tcp connections , getting rp
> into 2
> > back end app servers
> >
> > I had a line in my error log, saying one of the upstream was failed
>
wouldn't you use
location /secret-page/ {
deny all
allow 1.1.1.1/32;
}
a
On 19 May 2017 at 17:24, ohmykot wrote:
> Hi!
> I've got a server with nginx and a wordpress website running on it.
>
> On the web-site, I have a wordpress page, i.e. domain.com/secret-page/,
> that
> I want to restri
Hi
so I have lots of clients on long lived tcp connections , getting rp into 2
back end app servers
I had a line in my error log, saying one of the upstream was failed caused
it timeout -
then I got this
2017/05/18 13:30:42 [notice] 2662#2662: exiting
2017/05/18 13:30:42 [notice] 2662#2662: ex
Thats what support have advised me, reload finished the current request and
then closes the connection. No longer honors the long lived
Alex
On 27 April 2017 at 19:21, shivramg94 wrote:
> We have a persistent connection to Nginx on which we are issuing https
> requests. Now when we do a reload
Hi
I am using
https://gist.github.com/wilhelmy/5a59b8eea26974a468c9
for
location /ts/ {
#autoindex on;
#autoindex_format html;
try_files $uri @autoindex;
}
# need xlst module
location @autoindex {
autoindex on;
autoindex_format xml;
On 26 April 2017 at 00:32, Maxim Dounin wrote:
>
> *) Change: SSL renegotiation is now allowed on backend connections.
>
What does this mean ?
reason I am asking is I would like to setup a site say example.com, that is
SSL, with no need for client certs at root URI
but I would like to for
Will it not be logged as a timeout either in access or error/log ?
On 20 April 2017 at 03:46, aT wrote:
> HI ,
>
> Is there a way to log all incoming requests on Nginx .
>
> Regardless of them being served or not .
>
> For example, In case of surge of crawler hits , if the upstream backend
> ca
But long live sessions are closed and I've had lua session information
persist with a reload. Needed a restart
A
On Sun, 9 Apr 2017 at 21:35, B.R. via nginx wrote:
> You could have got your answer yourself by Reading The... Fine? Manual:
> https://nginx.org/en/docs/control.html
>
> There are ton
Hi
I have started to use lua file for some dynamic stuff.
Whats the best practice to secure them
How do I stop them from being downloaded
location ~ \.lua$ {
send error back
}
is it best to place all of them into a different directory that isn't under
a root ?
A
_
so (have a stab at this)
location = /mini {
equals
http://10.21.169.13/mini and not http://10.21.169.13/mini/ or anything else
http://10.21.169.13/mini/*
try
location /mini {
or
location /mini/ {
A
On 28 March 2017 at 12:43, Jun Chen via nginx wrote:
>
> I am configuring a nginx r
Hi
If you asking if some part of the tree can have no ssl client verification,
then no
https://a.b.c.d/
https://a.b.c.d/This/Some
https://a.b.c.d/Not/here
Once you turn on client verififcation its on for / and down, no way to turn
it off for https://a.b.c.d/Not/here of its on.
Shame, I would li
Hi
I got something like this
error_page 404 /stderror404.html;
location = /stderror400.html {
root /var/www/error;
content_by_lua_file /var/www/error/stderror400.lua;
internal;
allow all;
}
and the lua file has
ngx.say( "Your source ip address
Do those pages have access to the previous pages details ? Like for
example client_verify ?
Thanks
A
On 22 March 2017 at 21:52, B.R. via nginx wrote:
> RTFM? :o)
>
> https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page
> ---
> *B. R.*
>
> On Tue, Mar 21, 2
Hi
How would I added custom info to the error page.
Say like for 400 if its a cert error, how can I add that to the page and
maybe to add in the clients ip address as well
A
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listin
Hi
Firstly, I am fairly new to nginx.
>From what I understand you have a standard sort of setup.
2 nodes (vm's) with haproxy, allowing nginx to be active / passive.
You have SSL requests which once nginx terminates the SSL, it injects a
security header / token and then I presume it passes thi
Hi
if I am reading this right, you currently have too much load on 1 nginx
server and you wish to releave this by adding another nginx server in front
of it ?
What I have is 2 nodes, but I use pacemaker instead of keepalive - i like
it as a better solution - but thats for another thread.
what yo
Hi
I have a cron script that generates a crl file and places it a file for
nginx to read... I believe I reload nginx after doing this
I don't think - happy to be proved wrong - that nginx checks for a oscp or
crl attribute in the cert and makes the relevant request
Alex
On 11 January 2017 at 03
Hi
I do a lot of stuff with client certs, we have just moved from an inhouse
RP to using NGINX.
But I find that the amount of information about the client cert is very
limited. compared to say squid / apache.
For example I looking for end date for the client cert. It would be nice
if this sort
Just when through this. your nginx server makes a requets to the OCSP url
for information.
My nginx servers can't make requests to the internet so I had to use the
offline method
2016-11-08 22:36 GMT+11:00 Christian Cioni :
> Hi,
>
> on my server have activated a SSL in SNI configuration withou
nion, e.g.
> Qualsys, as THE authoritative source of truth for a 'proper' secure config
> is dangerous).
>
> On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad wrote:
>>
>> Hi
>>
>> Any one got a write up on how to get a A+ f
Hi
Any one got a write up on how to get a A+ from this site.
I can get a A and I have to support tls1.0 which might be dragging me down !
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi
So you have done a setup ?
Alex
On 2 November 2016 at 08:42, CJ Ess wrote:
> Probably a better solution then most!
>
> On Fri, Oct 28, 2016 at 10:42 PM, Alex Samad wrote:
>>
>> Hi
>>
>> Not really an option in current setup. The rate limit is to stop
>
t;
>
>
> On Fri, Oct 28, 2016 at 1:29 AM, Alex Samad wrote:
>>
>> Hi
>>
>> yeah I have had a very quick look, just wondering if any one on the
>> list had set one up.
>>
>> Alex
>>
>> On 28 October 2016 at 16:15, CJ Ess
oad_rate and proxy_upload_rate
>
> On Thu, Oct 27, 2016 at 11:22 PM, Alex Samad wrote:
>>
>> Yep
>>
>> On 28 October 2016 at 11:57, CJ Ess wrote:
>> > FIX as in the financial information exchange protocol?
>> >
>> > On Thu, Oct 27, 2016 at 7:19 PM, Alex
Yep
On 28 October 2016 at 11:57, CJ Ess wrote:
> FIX as in the financial information exchange protocol?
>
> On Thu, Oct 27, 2016 at 7:19 PM, Alex Samad wrote:
>>
>> Hi
>>
>> any one setup nginx infront of a fix engine
Hi
any one setup nginx infront of a fix engine to do rate limiting ?
Alex
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
What I had to do was sent the depth to the number or greater than the
number of ca's and I had to get all the crl's for each CA and concat
into a crl file.
On 14 October 2016 at 16:49, Zeal Vora wrote:
> Thanks Maxim.
>
> I tried changing the ssl_verify_depth to 1 from value of 2 however still
wrote:
> Hello!
>
> On Wed, Oct 12, 2016 at 12:43:12PM +1100, Alex Samad wrote:
>
>> Hi
>>
>> I am trying to create a dynamic auth address
>>
>>
>> # grab ssoid
>> map $cookie_SSOID $ssoid_cookie {
>> default "";
>&
Hi
I am trying to create a dynamic auth address
# grab ssoid
map $cookie_SSOID $ssoid_cookie {
default "";
~SSOID=(?P.+) $ssoid;
}
location /imaadmin/ {
proxy_cache off;
proxy_pass http://IMAAdmin;
auth_request /sso/validate?SSOID=$ssoid_cookie&a=imaadmin;
Yep I think thats what i was asking.
We have a home grown RP at work that does it and IIS used to do it,
apply cert requirements on part of the tree.
On 2 February 2016 at 20:56, Aleksandar Lazic wrote:
> Dear Alex.
>
> Am 02-02-2016 04:32, schrieb Alex Samad:
>>
>> Hi
Hi
Is it possible with nginx to do this
https://www.abc.com
/
/noclientcert/
/clientcert/
so you can get to / with no client cert, but /clientcert/ you need a
cert, but for /noclientcert/ you don't need a cert.
Looks like from the config doco you can only set it for the whole tree ...
A
41 matches
Mail list logo
