Re: Use of Certs

2015-01-05 Thread Darren Pilgrim
On 12/29/2014 11:36 AM, Peter Fraser wrote: Hi All I am very new to nginx and am currently doing a lot of reading but would just love to have a nudge in the right direction I want to set up nginx as a reverse proxy for about three IIS servers behind a firewall. One of them is a public web server

Re: Creating CNAME

2014-12-10 Thread Darren Pilgrim
On 12/10/2014 4:09 AM, krajeshrao wrote: brooklynwate.org and innoviaweb.com are the two domain name innovled . in this i want to create CNAME for www.brooklynwate.org =>CNAME=>events.innoviaweb.com. when i do this its not working . Dumb question, but are you removing the A record for www.broo

Re: $time_iso8601 is not set for invalid HTTP?

2014-12-01 Thread Darren Pilgrim
On 12/1/2014 5:23 AM, igorb wrote: Maxim Dounin wrote: Use map instead: Thanks, map works nicely :) avoid using such "timestamped log names" at all as this approach implies unneeded overhead on opening/closing files for each request. I use open_log_file_cache to mitigate this. Are the

Re: Serve *only* from cache for particular user-agents

2014-02-21 Thread Darren Pilgrim
On 2/21/2014 7:25 AM, rge3 wrote: I havne't found any ideas for this and thought I might ask here. We have a fairly straightforward proxy_cache setup with a proxy_pass backend. We cache documents for different lengths of time or go the backend for what's missing. My problem is we're getting ov

Re: SSL ciphers, disable or not to disable RC4?

2014-01-12 Thread Darren Pilgrim
On 1/12/2014 9:42 AM, Axel wrote: I juggled around with ssl ciphers and tried to disable RC4, but still be able to serve IE under WinXP. Those ciphers are my choice - if anyone has 'better' ciphers or prefers another order i am pleased to hear... ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RS

Re: Using 127.0.0.1 in resolver

2013-12-20 Thread Darren Pilgrim
On 12/20/2013 3:20 PM, justin wrote: Using: resolver 127.0.0.1 valid=300s; Does not work. I assume this would simply uses the DNS servers listed in /etc/resolv.conf? Thanks. The resolver directive tells NSD to do its own DNS lookups, bypassing the system name lookup call (and thus /etc/resol

Re: Any rough ETA on SPDY/3 & push?

2013-10-22 Thread Darren Pilgrim
On 10/19/2013 5:07 PM, Darren Pilgrim wrote: On 10/14/2013 9:37 AM, Andrew Alexeev wrote: http://barry.wordpress.com/2012/06/16/nginx-spdy-and-automattic/ How much capital would you need to do this? I'd contribute to a crowd-funding campaign for this and I can likely get work to mat

Re: Any rough ETA on SPDY/3 & push?

2013-10-19 Thread Darren Pilgrim
On 10/14/2013 9:37 AM, Andrew Alexeev wrote: On Oct 14, 2013, at 8:01 PM, codemonkey wrote: Contemplating switching my site over to Jetty to take advantage of spdy/3 and push, but would rather stay with nginx really... Is there a "rough" ETA on spdy3 in nginx? 1 month? 6 months? 2 years?

Re: Getting forward secrecy enabled

2013-10-02 Thread Darren Pilgrim
I have: ssl_ciphers HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!DSS:!aNULL:@STRENGTH; ssl_prefer_server_ciphers on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; Yields: https://www.ssllabs.com/ssltest/analyze.html?d=rush.bluerosetech.com nginx 1.4.2 compiled against OpenSSL 1.0.1e 11 Feb 2013 _