-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 11/10/2017 11:36 PM, rihad wrote:
> Hello. Can I enable both brotli & gzip?
Yeah sure, I was test it using this module
https://github.com/google/ngx_brotli
> brotli on; gzip on;
>
> with the idea to support both newer & older clients, b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I got confused and no hint(s) about map directive co-exist with
try_files directive. Is it right to think using map directive? Or any
alternative?
The goals is, I want to avoid many location like :
... snip ...
index index.php;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 04/03/2017 08:21 PM, sachin.she...@gmail.com wrote:
> Hi,
>
> We are testing using nginx as a file cache in front of our app,
> but the contents of the proxy cache directory are readable to any
> body who has access to the machine.
[..]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I tried to use "stale-if-error=864000" and
"stale-while-revalidate=864000" co-exist with "expires max;"
directive. Is it possible? My configurations looks like :
... snip ...
expires max;
add_header Cache-Control "stale-while-revalidate=8640
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 03/03/2017 04:15 PM, abhipower.abhi wrote:
> I am using nginx-1.10.3 as a load balancer. In my architecture, I
> have two servers-
>
> Hostname - sal15062hkb152, IP Address - 172.15.54.116 Hostname -
> sal15062hkb184, IP Address - 172.15.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Yes I've force my system to read IPv4 first.
But, just curios, why IPv6 upstream can't serve the traffic? If I
access the IP Address using browser, it's normal.
I am using Cent OS 7.
On 03/01/2017 09:04 PM, Lukas Tribus wrote:
>> Did anyone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 03/01/2017 12:15 AM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Feb 28, 2017 at 10:57:01PM +0700, Dewangga Bachrul Alam
> wrote:
>
>> Currently I have problem with upstream with IPv6. For example I
>> have an or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Currently I have problem with upstream with IPv6. For example I have
an origin with subdomain dual-stack-ipv4-ipv6.xtremenitro.org.
dual-stack-ipv4-ipv6.xtremenitro.org IN A 192.168.1.1
dual-stack-ipv4-ipv6.xtremenitro.org IN 2001:xx:xx
Hello!
On 02/24/2017 07:33 PM, 0liver wrote:
> We've recently started delivering image urls with query strings for
> cropping, like
>
> http://images-camping.info/CampsiteImages/116914_Large.jpg?width=453&height=302&mode=crop
>
Try add:
proxy_ignore_headers Cache-Control Expires;
Ref:
http:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Thanks Francis, yes it's about 'Vary' header should be ignored on
proxy_ignore_headers.
Thanks for the hints.
On 02/16/2017 07:41 PM, Francis Daly wrote:
> On Thu, Feb 16, 2017 at 01:08:35PM +0700, Dewangga Bachrul Ala
Key : /artikel/berita/a-pen-by-hair?view=desktop
Path:
/var/cache/nginx/networksninja_cache/f/bf/f3863443c164cdfa95f6fe870be7db
ff
nginx/1.11.10
On 02/16/2017 01:08 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
> I've compiled latest nginx 1.11.10 with ngx_cache_purge, my
> c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I've compiled latest nginx 1.11.10 with ngx_cache_purge, my
configurations likes:
proxy_cache_key "$uri$is_args$args";
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2
keys_zone=networksninja_cache:60m inactive=60m use_temp_path=off
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I have problem how to debugs current response time to upstream, my
configuration is looks likes :
...
upstream upstream_distribution {
server full-fqdn.tld;
}
# common configuration
location ~ \.(jpe?g|png|gif|webp)$ {
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Is there any best practice or some example to see how brotli
compression works? I've patch the nginx using ngx_brotli[1], but I
didn't see any brotli header, there's only gzip.
Many thanks.
[1] https://github.com/cloudflare/ngx_brotli_modul
Hello!
On 08/22/2016 10:58 PM, rai...@ultra-secure.de wrote:
>
> nginx doesn't provide an auto-update mechanism that stupidly downloads
> and accepts all and everything somebody makes available under some
> spoofed address.
You can use PGP key[1] to verified the binary was correct or "injected"
Hello steve!
On 08/10/2016 10:47 AM, steve wrote:
> Hi!
>
> On 08/10/2016 03:07 PM, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I am using module small_light
>> (https://github.com/cubicdaiya/ngx_small_light), since the module can't
>> detect whic
Hello!
I am using module small_light
(https://github.com/cubicdaiya/ngx_small_light), since the module can't
detect which browser can process webp transformation, I creating a
simple directive on nginx to detect chrome and opera only and fallback
the rest to jpeg/jpg.
But, if the origin is not jp
Hello!
On 08/01/2016 04:19 PM, Andrew Hutchings wrote:
> Hi Dewangga,
>
> I'm not quite sure what your desired outcome would be by connecting to
> two servers at the same time for a single client but it won't work the
> way you might think it will.
My main goal is
Hello!
I got curios with load balancing algorithm, I got scenarios like this.
I have 3 galera cluster, each cluster have 3 node and it was solved with
stream module.
Cluster1:
Node1-Cluster1: 192.168.11.1
Node2-Cluster1: 192.168.11.2
Node3-Cluster1: 192.168.11.3
Cluster2:
Node1-Cluster2: 192.16
Thanks Maxim, its works. :)
On 07/28/2016 03:29 PM, Maxim Konovalov wrote:
> Hi Dewangga,
>
> On 7/28/16 10:31 AM, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I've tried to build nginx 1.11.3 with --with-stream module parameter,
>> but, attached below:
Hello!
I've tried to build nginx 1.11.3 with --with-stream module parameter,
but, attached below:
.. snip ..
./configure \
--prefix=%{_sysconfdir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstated
Hello!
On 7/9/2016 10:23 PM, bai030805 wrote:
Hi Gurus
My lab environment is
Nginx IP: 192.168.16.206
Four Web Server: 192.168.16.201-204
My nginx.conf is
http {
upstream myapp1 {
server 192.168.16.201;
server 192.168.16.202;
server 192.168.16.203;
server
Hello!
On 02/26/2016 05:54 AM, dshe wrote:
> I think dashboard is a great feature in nginx plus but I was wondering if it
> can aggregate metrics from a cluster of nginx servers or each server has its
> own dashboard.
You can try amplify.nginx.com :)
> Thanks
>
> Posted at Nginx Forum:
> https
Hello!
On 2/20/2016 4:07 PM, rsclmumbai wrote:
I've a nginx server on CentOS with PHP setup.
I'm trying to block direct access to .inc files
I've added the following to nginx.conf
location ~ /\.inc
{
deny all;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
If you are in development, you can try this module
https://github.com/yaoweibin/nginx_upstream_check_module. But, not
recommended if use on production, better use n+.
On 01/28/2016 02:36 PM, Alexandre wrote:
> Hello,
>
> On 28/01/16 08:27,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
On 12/24/2015 04:28 PM, Maxim Konovalov wrote:
> On 12/24/15 12:24 PM, Dewangga Bachrul Alam wrote:
>> Sorry I forgot something, I'm using Nginx Plus R7.
>
> [...]
>
> Hi Dewangga,
>
> please open a sup
-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
- -fstack-protector-strong --param=ssp-buffer-size=4
- -grecord-gcc-switches -m64 -mtune=generic'
On 12/24/2015 04:01 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
> Currently my configuration looks like this :
>
> map $request_method $pur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Currently my configuration looks like this :
map $request_method $purge_method {
PURGE 1;
default 0;
}
map $arg_geoloc $bypass {
default 1;
1 0;
}
# Exclude from cache
# Expected URL http://domain.tld/
locatio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
I've tried Nginx Plus R7, but it come with openssl 1.0.1e which is
doesn't support ALPN extension, is there any info to get ALPN extension?
My box using CentOS 7 and using custom openssl 1.0.2d.
$ openssl version
OpenSSL 1.0.2d-fips 9 Jul 20
nx.com/products/>:
>
> |purger|=|on|||off|
My bad, didn't read the whole pages. :)
Thank you, bro :)
>
>
> On Sat, Nov 28, 2015 at 8:10 AM, Dewangga Bachrul Alam
> mailto:dewangg...@xtremenitro.org>>
> wrote:
>
> Hello!
>
> I am using nginx 1.8.0 on Cent
Hello!
I am using nginx 1.8.0 on Cent OS 7, tried to enable purger directive,
mentioned on
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path
But got error like this :
nginx[46931]: nginx: [emerg] invalid parameter "purge=on" in
/etc/nginx/conf.d/proxy.conf:5
My complete d
ints and helps are appreciated. :)
Regards,
Dewangga
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJWUbhTAAoJEF1+odKB6YIxKrEH/jcuSey9sUCbgSfVtejDDt+V
qfa187JDyzoG6xjIy2WsgCCvuViBAQA0UB0exKJECnO/Mk3Y2/N2n0ZyImpzLta9
l27oAtkNGMR/fb4Qw3VBAUasxbJ+ZmAaabyc801LYXMwKJ43dSG
Like this?
nginx version: nginx/1.9.5
built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC)
built with OpenSSL 1.0.2d-fips 9 Jul 2015
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.l
Hello!
On 09/28/2015 08:40 PM, rik...@deds.nl wrote:
> Dear,
>
> Does the Nginx HTTP/2 module work on RHEL 7.1 with (ALPN) TLS?
>
> It seems like the HTTP/2 module is enabled by default in your RHEL 7.1
> based rpm and srpm.
>
> Your Nginx website writes about:
>
> "Note that accepting HTTP/2
Hello!
On 08/31/2015 09:29 PM, shahzaib shahzaib wrote:
> Hi,
>
> We want nginx vhost to access the file audo_portal.php without
> specifying it,i.e instead of using
> URL http://domain.com/audio_portal.php , can we access it with
> http://domain.com ? So it'll directly access audio_portal.php
Hello!
Recently discovered by my self, since apache 2.4.1 or latest, it was
bundled with mod_remoteip. So, we didn't need any additional modules
like mod_rpaf or mod_extract_forwarded.
On 05/07/2015 10:11 AM, Nurahmadie Nurahmadie wrote:
>
> On Thu, May 7, 2015 at 12:07 PM, Dewan
Hello!
On 05/07/2015 09:45 AM, Nurahmadie Nurahmadie wrote:
> Hi
>
> On Thu, May 7, 2015 at 11:38 AM, Dewangga Bachrul Alam
> mailto:dewangg...@xtremenitro.org>> wrote:
>
> Hello!
>
> Did anyone have same problem when configuring reverse proxy nginx +
Hello!
Did anyone have same problem when configuring reverse proxy nginx +
apache, when the request came from nginx, the IP didn't shows real visitor.
Example access.log:
127.0.0.1 - - [07/May/2015:09:27:30 +0700] "GET / HTTP/1.0" 200 61925
127.0.0.1 - - [07/May/2015:09:27:35 +0700] "GET / HTTP/1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
On 5/4/2015 15:22, Francis Daly wrote:
> On Mon, May 04, 2015 at 11:43:10AM +0700, Dewangga wrote:
>
> Hi there,
>
>> map $http_referer $badboys { hostnames; default 0;
>> "~*hitleap.com" 1; }
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
I have a map directive like this :
map $http_referer $badboys {
hostnames;
default 0;
"~*hitleap.com" 1;
}
and already defined on server block like this :
server {
.. skip ..
if ($badboys) {
return 40
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
What linux distribution do you use?
On el6 I use openssl-1.0.1e-30.el6
On el7 I use openssl-1.0.1e-42.el7.4.x86_64
https://kb.iweb.com/entries/90860777-Security-vulnerabilities-in-OpenSSL
- -FREAK-CVE-2015-0204-and-more
Red hat using their o
Hi!
You'll _never_ reach http request since you set HSTS configuration :)
If you still want some http request on your web server, disable your
HSTS directive. (see Daniel statement on previous email).
On 03/20/2015 05:14 PM, Gena Makhomed wrote:
> On 20.03.2015 11:35, Daniƫl Mostertman wrote:
>
Hi,
I have project that will be used multilocation webserver, but still
confuse about implementing GeoDNS or GeoIP. Which method are powerfull?
I want to separate user between Country A to WebServer A, Country B to
Webserver B.
Each webserver are located on each country.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
By default nginx drops as pasted before, nginx never drops the file
types as `httpd_config_t`.
If you never needed SELinux and didn't familiar with it, just
disabled. But, it not recommended to you to disable them. Good luck!
On 10/31/2014 01:05
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Something wrong on your policy?
$ cat /etc/issue
CentOS release 6.6 (Final)
Kernel \r on an \m
$ sestatus
SELinux status: enabled
SELinuxfs mount:/selinux
Current mode: enforcing
Mode from config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Oh sorry, I still use the comp_level to 9. Should I decrease it? If
yes, which value?
Sorry for thread discussion hijacking :)
On 10/27/2014 10:44, Valentin V. Bartenev wrote:
> On Monday 27 October 2014 10:29:46 Dewangga wrote:
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Have you tried to put `gzip_comp_level` on level 9? Based on
http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_comp_level
And tried to put `gzip_proxied any`
http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied
On 10/2
Hi mex,
Yes, it's apacheconfig, Litespeed is drop-in replacement for Apache.
Here is my full nginx -V http://fpaste.org/142890/60334141/raw
I don't have nginx with different openssl-library installed.
Thanks.
On 10/17/2014 10:29 PM, mex wrote:
>> Regarding POODLEbleed[1] issue, I've disable SS
Hi there,
Regarding POODLEbleed[1] issue, I've disable SSLv3 on `ssl_protocols`
directive. But, ssllabs.com says that :
snip
Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more
info[2])
snip
But on LiteSpeed[3] configuration, it says yes.
snip
oop problems
>>
>> Update:
>>
>> I just want to redirect specific URL contains `/go/*` to HTTP, and force
>> others to HTTPS.
>>
>> On 10/14/2014 12:03 PM, Dewangga Bachrul Alam wrote:
>>> Hi,
>>>
>>> Today, I was implement redi
Update:
I just want to redirect specific URL contains `/go/*` to HTTP, and force
others to HTTPS.
On 10/14/2014 12:03 PM, Dewangga Bachrul Alam wrote:
> Hi,
>
> Today, I was implement redirect using return 301, here's my snippet:
>
> server {
> listen 80
Hi,
Today, I was implement redirect using return 301, here's my snippet:
server {
listen 80;
server_name domain.tld;
error_log /dev/null;
access_log off;
return 301 https://www.domain.tld$request_uri;
}
server {
listen 80;
server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Are you using system and/or config management to manage your third
party software? IMHO, nginx and apache is same, the different is only
on configuration and performance.
Pkgs, pacthes, updates, etc depend on each linux distribution. IMHO.
On 9/30/20
Are you familiar with SELinux? If not, just disable it :)
Try run 'getenforce' (without quotes) on your console, it must be enforcing.
On 09/29/2014 06:31 PM, mert1972 wrote:
> Thanks Anton for your response,
> Would you please provide some hints about how I can overcome this issue.
> This is a ne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Which one do you use to reloading the config? `restart` or `reload`
command?
On 9/20/2014 02:50, igorhmm wrote:
> Hi BR,
>
> I don't known how to reproduce, not yet :-)
>
> I couldn't identify which worker was responding too, but I can see
> wi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi bro,
It works! Thanks in a bunch!
On 09/13/2014 05:42 PM, Valentin V. Bartenev wrote:
> On Saturday 13 September 2014 17:29:57 Dewangga wrote:
>> Hi,
>>
>> The original URI is :
>>
>> http://engine.x
close the unusual port, and proxied to nginx. So I can
control the logs only from nginx.
Is it possible?
On 09/13/2014 05:29 PM, Valentin V. Bartenev wrote:
> On Saturday 13 September 2014 16:46:56 Dewangga wrote:
>> Hi,
>>
>> I have configuration like this :
>>
>&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have configuration like this :
... snip ...
location /monitor {
proxy_pass http://backend:6800/;
proxy_redirect default;
}
... snip ...
Trying to access /monitor, it's works. But, I tried to access URL
behind them, /monitor/log
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I have a page contains 'http://' assets, and I do redirect on my nginx
like this :
- BEGIN CONFIGURATION
server {
listen 80;
server_name subdomain.domain.com;
return 301 https://$http_host$request_uri$
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
What kind of ciphers do you use? Could you paste your ciphers
configuration there?
On 9/1/2014 14:11, lpugoy wrote:
> To add more information, we have the chain issue "Chain issues:
> Contains anchor". But removing it does not help.
>
> Some mor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Did you try my patch?
On 8/30/2014 09:57, nginxfanboy wrote:
> So now i have one config file with Content. /etc/nginx/nginx.conf
>
> http://paste.debian.net/118297/
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,252951,252955#ms
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Yes of course your http configuration works fine because of this
configuration :
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Your configuration looks like uncomplete, are you using fpm or httpd
as reverse proxy? This line shows your php was un-processed.
... snip ...
location / {
root /usr/share/nginx/www;
index index.php index.html;
}
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did you try using aio? Try turn off sendfile and tcp_nopush also.
Here is my patch http://fpaste.org/128456/40901547/raw/
On 8/26/2014 03:51, tristanb wrote:
> Hello,
>
> Before posting, i've done a lot of google search, and i found other
> similar i
64 matches
Mail list logo
