Re: Allow/Deny rules in Location block

think you need 1.2.3.4/24 which allows all of the format 1.2.3.* Hope this helps. Ian On 23/01/2023 16:34, sandeep dubey wrote: Hello, I am trying to restrict some Location block in my Nginx configuration to specific IPs. Below are the changes I made - Version: nginx:1.21.0 location

Re: 2 x Applications using the same domain behind a reverse proxy

stuff here } The line within \.php that sets SCRIPT_FILENAME to $document_root$fastcgi_script_name will pass the different roots to php, so app1 and app2 will each get the correct script names. Regards Ian On 26/07/2022 08:11, Mik J via nginx wrote: Hello everyone, I'm still trying to

Re: 2 x Applications using the same domain behind a reverse proxy

ry to execute code, by adding a try_files thus... location ~ \.php$ { try_files $uri =450; include /etc/nginx/fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; etc. Hope this helps. Ian On 18/07/2022 05:08, Mik J via nginx wrote: Hello, I don't manage to make my t

Re: Domains not working as expected with nginx

ite redirects as you observed. Just edit the option_value field with phpMyAdmin or similar. Regards Ian On 09/07/2022 00:14, Jason Crews wrote: I'm not sure what I've got misconfigured here, I would appreciate anyone who could point me in the right direction. Site structure: maindo

Letsencrypt certbot leads to ssl protocol error

d=coachmaster.co.uk give no obvious errors, except that it shows the TLS 1.2 protocol NOT enabled. I'm way out of my depth now. Can anyone suggest something that is not weakening the security. Regards Ian -- Ian Hobson Tel (+66) 626 544 695 ___

Re: NGINX Proxy pass replace PNG file

Hi, I would try this with a location block... location /URL/of/Picture/tobereplaced.png { root /var/www/test1; try_files where/stored/image1.png; } location / { continue to proxy pass everything else Hope this helps Ian On 24/06/2022 00:01, Jason Prouty wrote: Is it possible to

Re: compiling nchan from source

Hi Sergey, On 21/05/2022 10:37, Sergey A. Osokin wrote: Hi Ian, hope you're doing well. I am thanks. On Sat, May 21, 2022 at 09:53:05AM +0700, Ian Hobson wrote: I compile nginx from source. When I use nchan-1.2.12 everything compiles clean. However I tried to upgrade to nchan-1.2.15

compiling nchan from source

ally? O/S Ubunutu 20.04 and Ubuntu 22.04 Regards Ian -- Ian Hobson Tel (+66) 626 544 695 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org

modules and compiling nginx 1.21.3 from source

use. Regards Ian -- Ian Hobson Tel (+351) 910 418 473 -- This email has been checked for viruses by AVG. https://www.avg.com ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Possible to make subdomain only accessible through 'embed'

outer level. RFC6265 is the standard that modern browsers follow https://tools.ietf.org/html/rfc6265 The clause you might need in your server {} are of nginx is if ($cookie_fileURI != "mymagicvalue") { return 403; } Where "mymagicvalue" was put in the cookie upon successful

Re: Multiple SSL web sites with nginx

may be a typo in your configuration - try sudo nginx -t to prove both servers are loaded. Regards Ian -- Ian Hobson Tel (+351) 910 418 473 -- This email has been checked for viruses by AVG. https://www.avg.com ___ nginx mailing list nginx@nginx.org

Re: Nginx wp-admin access control

-admin location somewhere else as well, but I have not bothered. Regards Ian On 15/04/2020 11:52, Lawrence wrote: Greetings All, To start, I am very much a beginner to nginx and coding. I am a application support engineer, but got very little development skills. I hope that there is someone out

Re: Unable to see a php page

er level. Then, if you use the line fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; (That is all on one line). in the localtion clause, things should work. -- Ian Hobson -- This email has been checked for viruses by AVG. http

Re: nginx and php settings

rror-log lines near the top, and choose a suitable level of logging, and then check the error-log after the problem. Hope this helps. Ian I also have put a phpinfo.php file like this root@fr13:/usr/local/nginx/html# cat phpinfo.php When I open the browser and enter localhost/phpinfo.php,

Re: message 3 / Robert Paprocki

(or possibly oversight?)? Best, Ian > -- > > Message: 3 > Date: Mon, 3 Feb 2020 13:28:20 -0800 > From: Robert Paprocki > To: nginx@nginx.org > Subject: Re: upstream hash consistent seems to depend on order of DNS > entries

Re: upstream hash consistent seems to depend on order of DNS entries (Maxim Dounin)

themselves. I must be missing/mis-understanding something. Does the current implementation/solution make sense to you? Best, Ian > > Message: 2 > Date: Mon, 3 Feb 2020 16:05:38 +0300 > From: Maxim Dounin > To: nginx@nginx.org > Subject: Re: upstream hash consistent seems to depe

upstream hash consistent seems to depend on order of DNS entries

“consistent” flag in nginx, there could also be a flag like “sorted-ip” which will sort the IP addresses before applying the the hash algorithm. Best, Ian ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Controlling Access on and off LAN

d will get 404s. If this is a problem, set up advice on your 404 page. Faking referer is easy but pointless here. Regards Ian ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Allow internal redirect to URI x, but deny external request for x?

ous to know how this might work. Nginx itself is safe, so it would have to be a script. And while those may indeed be vulnerable, is the vulnerability changed by symlinking the root elsewhere? I don't see any difference myself, but perhaps you know something I don't. Regards Ian

Re: Allow internal redirect to URI x, but deny external request for x?

mlink to the desired version. This can be changed using "ln -sfn version/dir serving/root" and then restarting nginx to pick up the new version. By not using redirects, this method should be more efficient. Regards Ian -- Ian Hobson ___ ngin

Re: Where does the content get stored?

back end servers, so there is no need to have any of the web application files running on it? That is how I would set it up. Rgds Ian -- Ian Hobson ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Protect against php files being send as static files

Hi, On 12/03/2019 08:53, Olaf van der Spek wrote: Ian Hobson Wrote: http://forumm.nginx.org/read.php?2,88846,page 3 This link doesn't work.. Sorry - typo (made months ago) https://forum.nginx.org/read.php?2,88845,page=3 try_files $uri =404; fastcgi_split_path

Re: Protect against php files being send as static files

00; } } Then you should be OK. There is actually no need to move php files to a new root. Regards Ian -- Ian Hobson Tel (+351) 910 418 473 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Ignoring proxy_cache_background_update on;

We are running NGINX in front of our backend server. We are attempting to enable the proxy_cache_background_update feature to allow NGINX to async updates to the cache and serve STALE content while it does this. However, we are noticing that it still delivers STALE content slowly as if it's not s

Darktable Win10 version 2.6.0 Wont Install

app and worthy replacement to my no longer supported Adobe LR. Regards, Ian this is darktable 2.6.0 reporting an exception: --- Error occurred on Thursday, December 27, 2018 at 09:36:39. darktable.exe caused an Access Violation at location 7FFA1EE7E3DE in module igdrcl64

Re: Planned Features for gRPC Proxy

Thanks for the reply. My team and I are eagerly awaiting these features. Is there a ticket I can follow to track their status? I wasn’t able to find one on the roadmap page. Thanks, -Ian > On Mar 11, 2018, at 7:10 PM, Maxim Dounin wrote: > > Hello! > >> On Fri, Mar 09,

Planned Features for gRPC Proxy

Hi all, I am new to the nginx community so my apologies if this is not the correct place for this kind of question. I see gRPC proxy is in progress for 1.13: https://trac.nginx.org/nginx/roadmap Does anyone know if the proxy will support host/path based routing for gRPC calls? I have a use c

Re: location ~* .(a|b|c)$ {} caused an error

limit_rate 64k; } … } Did I misread the http://nginx.org/en/docs/http/ngx_http_core_module.html#location doxs? Quite possibly - matching is rather complex. I have been caught by the order of matching which is NOT the order of declaration. I need to check it every time I create a configura

Re: Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php

e value =0. 5) You may have to install and enable mcrypt and mbstring (as root) # apt install php7.0-mcrypt php7.0-mbstring # phpenmod mcrypt # phpenmod mbstring Your mileage will probably vary, but I hope this helps you avoid some ditches you might otherwise fall into. Ian On 22/

access log debugging

Not sure if it's the heat and I'm tired... Had access logs off for a long time. Decided to start it up again to try and track down a bot issue. Added access_log /var/log/nginx/access.log; to my server config. Restarted. It creates a log file. Notice it has root:root permissions, while the er

Re: Images loaded but not displaying

Hi skorpinok Two points: 1) Use correct HTML, or you can only blame yourself if different browsers mangle it each in their own way. The structure is Html 5 only. page content properly nested. (eof) 2) The src url takes its root as the location of the current page (unles

Re: Set up version control of local files with the help of nginx server

git hosting for free for small groups. I use them as the "origin" repo for all users. Ian On 31/10/2015 08:40, Francis Daly wrote: On Tue, Oct 20, 2015 at 08:41:38PM +0200, Tie Cheng wrote: Hi there, I have bought a dedicated server from DigitalOcean, and configured nginx. I wan

Basic protection for different IPs

main IP of my server, and have no password prompt when responding on localhost? I tried using if (hostname = 'example.com') in spite of if-is-evil, and could not get it to work. Regards Ian ___ nginx mailing list nginx@ngin

Help needed with configuration

ve if present, else 404 try_files $uri $uri/ =404; } } By way of explanation, we are migrating from oldhtdocs to a new site, but having to replace pages in groups. This way I hope we can leave all the junk behind. Ubuntu 14:04, with standard versions of all software. Nginx is 1.4.6 Than

Help required with configuration

} location / { # anything NOT static (.htm) is passed to flask include uwsgi_params; uwsgi_pass unix:/tmp/uwsgi.sock; } } } However nginx complains that I can't put location inside location @newerver. So how can the site be configured?

Re: 301 redirect

lots of location clauses thus: location = /oldurl$ { return 301 https://$server_name/newurl; } Hope this works for you Ian -- Ian Hobson Mid Auchentiber, Auchentiber, Kilwinning, North Ayrshire KA13 7RR Tel: 0203 287 1392 Preparing eBooks for Kindle and ePub formats to give t

Converting POST into GET

|$request_method but that caused a configuration error. Thanks Ian| -- Ian Hobson Mid Auchentiber, Auchentiber, Kilwinning, North Ayrshire KA13 7RR Tel: 0203 287 1392 Preparing eBooks for Kindle and ePub formats to give the best reader experience

keep-alive message flood.

could mess things up for Nginx? How can I prove its the proxy? Crucially how can I compensate? Thanks Ian -- Ian Hobson Mid Auchentiber, Auchentiber, Kilwinning, North Ayrshire KA13 7RR Tel: 0203 287 1392 Preparing eBooks for Kindle and ePub formats to give the

Re: syslog files per server entry (Francis Daly)

I understand that part, what I mean is separating the entries like you’d have with flat files, so if you had; domaina => log/domaina_access domainb => log/domainb_access That kind of setup, but, with syslog so it’s easier to identify where they’ve come from. Right now we have one nginx.access.

syslog files per server entry

server blocks, how do I go about that as if I change access_log to say access_ian_log it errors. Thanks in advance. Ian ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

SSL Certificate confusion.

fine. Does anyone know what the group of certificates is for, and how I should I introduce them to nginx? Nginx is a compiled version :- ian@ianhobson~ $ nginx -V nginx version: nginx/1.6.0 built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) TLS SNI support enabled configure arguments: --sbin

Curious problem with PHP

idea as what might be happening? I'm stumped. Thanks Ian ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

grunt deploy and nginx root dir

Just curious if anyone out there is using grunt and how you deal the possibility of race conditions, i.e. people trying to access old assets just as grunt is creating/renaming new ones. I'd be interested to hear how people are handling this. I heard one example might be to create a new build d

nginx "Segementation Fault" - dont know where to start

6 GNU/Linux This includes all released updates. And on the production server it is Linux ianhobson.com 3.2.0-39-virtual #62-Ubuntu SMP Wed Feb 27 22:45:45 UTC 2013 i686 athlon i386 GNU/Linux This includes all updates up to about 3 weeks ago. I don't know where to start to try and find

Re: Maintenance mode for all but my ip

On 2013-12-07 15:31, B.R. wrote: ​Hello,​ On Sat, Dec 7, 2013 at 6:31 PM, Ian Evans wrote: Thanks. Ill give this a spin. Is there anyway to still trigger the mapping based on the existence of a maintenance.whatever file? Just thinking of the ease of quickly touching the maintenance file to

Re: Maintenance mode for all but my ip

On 2013-12-07 09:58, B.R. wrote: I am new to the use of maps, but I suppose it would fit perfectly, using core variables such as the binary IP address: Maybe something like: server {     error_page 503 /503.html # Configuring error page     map $binary_remote_addr $target { # Configuring white-

Maintenance mode for all but my ip

Getting ready to convert the site to UTF-8 (finally!) and wanted to know how I could issue error code 503 to all people and bots but still allow my IP in so I can go 'round the site checking for glitches due to the change. Right now I have this implementation for 503's but that issues the err

Re: Any config tricks to stop site from framing us?

On 2013-12-03 16:39, Francis Daly wrote: On Tue, Dec 03, 2013 at 04:13:03PM -0500, Ian Evans wrote: Hi there, Yesterday, I discovered that someone had registered a site (basically taking our domain name and adding a word to it) and then framed our whole site in theirs. By that I mean it

Re: Any config tricks to stop site from framing us?

On 2013-12-03 16:32, Branden Visser wrote: If they're using an iframe rather than a proxy then IP tricks won't help. Using the X-FRAME-OPTIONS header is probably your best bet [1] Hope that helps, Branden [1] http://stackoverflow.com/questions/2896623/how-to-prevent-my-site-page-to-be-loaded

Re: Any config tricks to stop site from framing us?

On 2013-12-03 16:15, Ilan Berkner wrote: One possibility (not Nginx related directly) is to block their IP address at the firewall level from even getting to your server. Or add a deny ###.###.###.### to the server block? ___ nginx mailing list nginx

Any config tricks to stop site from framing us?

Yesterday, I discovered that someone had registered a site (basically taking our domain name and adding a word to it) and then framed our whole site in theirs. By that I mean it's a full iframe job, with no toolbars showing. Not sure what they're up to, but I'd like to stop it. I know I can us

Re: debugging ssl and php-fpm

On 24/11/2013 9:43 AM, Francis Daly wrote: What does "diff" say about the config on the old server and the config on the new server? As I moved to a new server, I split everytng from one file to the whole sites-available format so I'd have to recombine everything. However... fastcgi_params

debugging ssl and php-fpm

Okay, so rule #1 is to never think a server migration will go easy. As I've said in another thread, I've been running nginx and php-fpm for years on my site. But I'm moving from a CentOS to an Ubuntu server and things aren't going as smooth as they should be. I've got the non-ssl server worki

Re: will request_uri get passed from cookieless server to 403 page on main server?

On 19/11/2013 4:31 AM, Francis Daly wrote: > *If* that php is set to always return cookies, then you might want to > run a separate php-fpm that does not return cookies for the static > site. But that's a side issue. Still experimenting with this... What setting stops the php-fpm from not return

Re: Debugging and ubuntu

On 22/11/2013 4:44 AM, Ian Evans wrote:[snip] > Scratching my head on this one. I created a file that has just the > phpinfo(); and looking at the debug log I can see that it appears to hit > the fastcgi (it returns an x-powered-by header) but returns a blank page: > [snip] >

Re: Debugging and ubuntu

ri, Nov 22, 2013 at 4:06 AM, Francis Daly mailto:fran...@daoine.org>> wrote: On Fri, Nov 22, 2013 at 02:01:52AM -0500, Ian Evans wrote: Hi there, > Does the package version not include debug (don't see it with -V) and if > so how can I get it through the packa

Debugging and ubuntu

Been running nginx for _years_ on centos and am in the process of migrating to an Ubuntu (raring) server. I've always compiled from source before but figured I'd use the Ubuntu apt-get install. For whatever reason, testing is not working at all (I can serve static but not php) and I set the

Re: will request_uri get passed from cookieless server to 403 page on main server?

On 19/11/2013 4:31 AM, Francis Daly wrote: *If* that php is set to always return cookies, then you might want to run a separate php-fpm that does not return cookies for the static site. But that's a side issue. Will look into that. Thanks, hadn't thought of it. Did a cursory glance at Google a

Re: will request_uri get passed from cookieless server to 403 page on main server?

On 18/11/2013 6:26 PM, Francis Daly wrote: Thanks for your response. (You can possibly avoid that if you use something like .../dhe403.shtml/$request_uri and handle it appropriately on the far side.) Ok. It would seem easier to either proxy_pass or fastcgi_pass to the old server, in an err

Re: will request_uri get passed from cookieless server to 403 page on main server?

On 17/11/2013 3:16 PM, Ian M. Evans wrote: Migrating to a new server and thought I'd take the time to set up a cookieless subdomain on it for static files. In my current setup, 403 errors are sent to a php file which grabs the $_SERVER["REQUEST_URI"], locates the page of the ph

will request_uri get passed from cookieless server to 403 page on main server?

Migrating to a new server and thought I'd take the time to set up a cookieless subdomain on it for static files. In my current setup, 403 errors are sent to a php file which grabs the $_SERVER["REQUEST_URI"], locates the page of the photo on the site, and redirects the person to that page so they

Getting things humming on a 4 gig server

Will soon be migrating from a 2 gig CentOS server to a 4 Gig Ubuntu. We'll be running nginx (of course), php-fpm, the fastcgi cache, MariaDB and Zend Opcache. Though I realize that 4 gigs of RAM is still modest, it is twice what we've previously had. I'm just curious for some general suggestio

Re: Help needed with config

Hi Francis, Your guess was spot on. I had domain "resellerdev.anake.hcs" confused with "reseller.anake.hcs" , becasue of a switch about on my favourites menu :( Thanks. Ian On 04/11/2013 19:01, Francis Daly wrote: On Mon, Nov 04, 2013 at 05:37:15PM +, Ian Hob

Help needed with config

isten 80; fastcgi_read_timeout 300; index index.php; set $resellerroot "/home/ian/websites/reseller/htdocs"; set $centralroot "/home/ian/websites/coachmaster3dev/htdocs"; root $resellerroot; # if / then redirect to index.php location = / { # s

Re: Solving a 500 error

anged. Sometimes I get two consecutive 500 errors, sometimes only one. I'm still mystified as to why I should get any at all - and why on unchanged files? Regards Ian -- Ian Hobson 31 Sheerwater, Northampton NN3 5HU, Tel: 01604 513875 Preparing eBooks for Kindle and ePub formats to give the b

Solving a 500 error

nginx I am running is 1.2.6 compiled with the long polling module included. Does anyone know what is happening? Thansk, Ian This is my server confiig. server { server_name coachmaster3.anake.hcs; listen 80; fastcgi_read_timeout 300; index index.php; root /home/ian

Re: index and location not working together properly?

Hi Maxim, Thank you. That worked a treat. Regards Ian On 26/07/2013 16:25, Maxim Dounin wrote: Hello! On Fri, Jul 26, 2013 at 11:19:45AM +0100, Ian Hobson wrote: [...] root /home/ian/websites/reseller/htdocs; # if / then redirect to index.php location = / { # serve

index and location not working together properly?

rce things - it doesn't work either. Here is my config # reseller on anake # # This is the development version - in reseller and served without ssl! # server { server_name reseller.anake.hcs; listen 80; fastcgi_read_timeout 300; index index.php; root /home/ian/websites

Re: Help needed with configuration

Hi Mex, Thanks for your interest. On 18/07/2013 11:39, mex wrote: iirc there is something with the order/length of location $var {} - content. I have tried moving the location / to the first position, but that changed nothing. is there an index.php in /home/ian/websites/reseller/htdocs? No

Help needed with configuration

reseller.anake.hcs does not result in serving ...coachmaster3dev/htdocs/index.php as I want, but in a 403 Forbidden error. server { server_name reseller.anake.hcs; listen 80; fastcgi_read_timeout 300; index index.php index.html index.htm; root /home/ian/websites/reseller

different fastcgi_cache for bots and humans

As mentioned before, I'm tweaking pixabay's version of handling the new Google Image search traffic killer by making their trap URLs more cacheable. Img tags in the html will have ?i appended to the source and those "?i" are removed for bots. I thought I could use nginx's httpsubmodule to strip th

Can nginx handle/cache this robot handling case?

Hi everyone. First some background. I'm trying to integrate the method used by Pixabay to handle Google Image Search's new design which makes it very easy (one button click) for visitors to see an image outside of the site's context. This has greatly slammed many sites' traffic and income. T

Re: nginx tips for localhost development

On Mon, April 15, 2013 1:49 pm, Francis Daly wrote: > On the nginx side, there should be approximately nothing special to do. > > The nginx.conf that works on your production server can be put onto your > development server; "listen" directives which specify ip addresses may > need to be changed, a

nginx tips for localhost development

As I'm about to launch some major additions to my site (and launch another site) I've been starting to get my act together in regards to development, e.g. finally starting to use git, getting ready for a responsive redesign, etc. I've realized that it would probably be wise to develop locally by r

nginx rpm and configure arguments

I began thinking about using Puppet to automate deployment and that led me to thinking about using rpms to make keeping up with new releases easier. Since I've always compiled nginx from source, I was curious how one specifies configure arguments like --with-http_ssl_module and --with-http_gzip_s

fastcgi-cache and expires

Just curious... In a lot of examples I've seen on the net for setting up fastcgi-cache the directives fastcgi_ignore_headers Cache-Control Expires; expires epoch; are included. Is there any major reason for that? For my own setup I want the fastcgi caching to reduce load on the server, but I'd a

Re: Updated hotlink protection with new Google Image Search

On Fri, February 22, 2013 5:51 am, Namson Mon wrote: > Hi Ian, we've just published an extensive blog post about how to achieve > this kind of hotlinking protection against Google Images: just curious...unless I missed it in the article...how are you adding the GET param for visitors,

Re: Updated hotlink protection with new Google Image Search

On 22/02/2013 5:51 AM, Namson Mon wrote: Hi Ian, we've just published an extensive blog post about how to achieve this kind of hotlinking protection against Google Images: http://pixabay.com/en/blog/posts/hotlinking-protection-and-watermarking-for-google-32/ Thanks for the link. I lik

Rewriting jpg with specific google referer to 1 pixel gif

If I understand correctly, nginx doesn't do multiple conditions in an 'if' or nested if's. Based on some of the ideas being tossed around in this thread (http://www.webmasterworld.com/google/4537063-11-30.htm) I'd like to rewrite serve up a one pixel gif to whenever both of the two following condi