RE: [IE] Re: Nginx with windows auth

When you saw “Windows Auth” did you mean NTLM? From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Brian W. Sent: Monday, September 24, 2018 2:50 PM To: nginx@nginx.org Subject: [IE] Re: Nginx with windows auth I saw a post this morning claiming that only paid versions supported it. I did

RE: [IE] Re: Rewrite with number after hyphen

FWIW when I debug this sort of thing I like to emit a response header identifying which rule is routing the request, like this: location /a/ { add_header X-nginx-debug /a/ proxy_pass http://whatever/; } That way you can use F12 tools or some other inspection on the result and see exactly

How are you managing CI/CD for your nginx configs?

Last year I gave a talk at nginx.conf describing some success we have had using Octopus Deploy as a CD tool for nginx configs. The particular Octopus features that make this good are * Octopus gives us a good variable replacement / template system so that I can define a template along with var

RE: Aborting malicious requests

Have you considered using something like mod_security to manage this sort of thing? From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Friscia, Michael Sent: Monday, March 19, 2018 9:17 AM To: nginx@nginx.org Subject: [IE] Re: Aborting malicious requests Thank you Gary, I really appreciat

RE: Proxy requests that return a 403 error - issue with sending headers

add_header is used to add a header to a response. It’s not entirely clear to me that that’s what you want to do. But if so, add_header won’t run for non-200 return values by default. If you want to propagate the header for error conditions add the “always” option: add_header X-Origin-Forward

Re: NTLM sharepoint when use nginx reverse proxy

I posted this a few weeks ago – I hope it helps you. I did this with nginx plus, so it may not work if you are using the open-source product. NTLM authentication authenticates connections instead of requests, and this is somewhat contradicts HTTP protocol, which is expected to be stateless. As

RE: Redirection

One easy newbie mistake to make is leaving out trailing slashes for location and proxy_pass blocks. I'd expect the location block to look something like this: location /app/ { proxy_pass http://tomcatdomain/application_name/; } Note the trailing slashes after /app/ and /application_name/.

RE: Clientcertificate authentication only for a single URL

I would think "location=" would solve this. What about something like the following? server { listen 443 ssl http2; server_name localhost; ssl_certificate ... ssl_certificate_key ... ssl_session_cache shared:SSL:1m; include templates/ssl

RE: Different certificates and keys for server and client verification

Yes - SSL and Client certs are completely orthogonal. However nginx needs to know about whatever cert is used to sign the client certs. Each client can't create completely distinct self-signed certs; they have to be signed by an issuer that nginx trusts. The blog posts at [1] and [2] do a pr

Re: Allow and Deny IP's

I find that add_header always works well to verify that the location is being chosen the way you think. Try something like add_header X-NGINX-Route always; to some of your location blocks and specify different distinct values for . Then in your browser you can use F12 tools to verify that

RE: [IE] localhost works but server_name times out!

Try adding the server name you are using to the server_name directive. You can specify multiple, e.g: server_name dog cat dogcat; Jason -Original Message- From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Credo Sent: Tuesday, February 06, 2018 9:30 AM To: nginx@nginx.org Subjec

RE: [IE] Re: Has anyone implemented Nginx as a reverse proxy with Microsoft Sharepoint?

I haven’t done it for sharepoint but I have done it for TFS. If I had to guess you are probably being bitten by NTLM. NTLM authentication authenticates connections instead of requests, and this is somewhat contradicts HTTP protocol, which is expected to be stateless. As a result it doesn't gen

RE: [IE] GeoIP Module for Blocking IP in http_x_forwarded_for

If you control Frontend Server A I would suggest not using X-Forwarded-For for this purpose. Can you have the front end server send a distinct header to server B? X-Real-IP would be a good choice of header. Then Server B could key off that header instead of XFF. You might find this page inte

RE: [IE] Re: limit_conn not working

If you have a github account you can fork the nginx wiki troubleshooting and send them a pull request ☺ https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ Look for “Edit this page” in the rightmost column. Jason From: nginx [mailto:nginx-boun...@nginx.org] On Behal

RE: [IE] Re: "sub_filter_once off" not working as advertised?

advertised? Hello! On Tue, Dec 12, 2017 at 04:34:36PM +0000, Jason Whittington wrote: > I have a rule like the following where I am trying to replace > instances of /spf/ with /ec/apps/symmetry/spf/. I’ve used > sub_filter to do this sort of thing before and had luck with it. > >

"sub_filter_once off" not working as advertised?

ion block but for future reference – has anyone seen sub_filter only make one substitution even when sub_filter once off is specified? Jason Whittington | Architect, PD Shared Services [cid:image001.jpg@01CD7B01.8E79C0A0] WORKFORCE SOLUTIONS (o) 314.214.7163 | (m) 636.284.4082 jaso

RE: [IE] Can Nginx used as a reverse proxy send HTTP(s) requests through a forward proxy ?

Are you trying to do something like this? server foo { listen 443 ssl; ...other settings elided... location /foo/ { https://external_site/; } } If https://external_site/ traverses a proxy then the answer is “no” – nginx can’t deal with proxy situations where it has to issue H