Re: nginx and python script

Pass {serial} to your proxy from a normal nginx args variable. location /another_script { proxy_pass http://server/cgi-bin/another_script.py? $args } And then you'll likely want to change from environ to the query string. I would also make

Re: Wrong content served

In addition to Francis' always helpful ask. You have a domain problem with material.av.domain and it may be from /etc/hosts all the way to public DNS. Or, incorrectly supplied *location-letsencrypt.conf.* If you provide that file contents, you'll likely see your own error as you send it (i've don

Re: Nginx Support required

You accepted when you installed it, no one is your support, but if you ask nicely and stop with the FN demands, you may get a little help, as this nice person did. This is not what this type of software is about, and its your bad for not understanding. This is not only for you, but would like it

Re: How to run a shell script on every request?

Can you explain why? I would never tie a script to a request. I post process logs all of the time. If it needs to be in the application, don't force it into Nginx. Strong statement, but would love to hear why? On Fri, Aug 18, 2023 at 9:47 AM Kaushal Shriyan wrote: > Hi, > > I am running nginx

Re: Is this an attack or a normal request?

I've seen the rest of this thread, and there are many good ideas, fail2ban is great, i actually use it with wazuh. The best security measure i ever made with wordpress is changing the name of the /admin/login.php and disabling or at least access listing the api. If no one needs api access, shut

Re: Removing Null Character from Query Parameter

no offense to the OP, but i love Maxim. Direct and to the point, and in this case, as usual, he is correct. You should not look at what the requester wants, before understanding what the sender should provide. On Thu, Jun 25, 2020 at 2:18 PM Maxim Dounin wrote: > Hello! > > On Thu, Jun 25, 202

Re: right config for letsencrypt

since i do this through haproxy, it will be a little different, but where ever port 80 is open to you can have a block that does the following so in the http block of haproxy i send it to a backend when it meets these requirements. acl letsencrypt-request path_beg -i /.well-known/acme-challenge/ r

Re: How to do location /test/place?id=2

I know this is not an answer to your question, but it begs another, mainly due to the if statement. How many of these are you going to have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ You've likely considered this, but if not wanted to throw it out there. Even if you are mo

Re: Do nginx 1.14 and 1.17 have compatible configuration file formats?

As an old dog in this world, i don't think you should ever take release notes over config tests and further web tests (siege, wrk, ab). Nginx has become such a versatile server starting with web and any proxy , then with openresty and unit etc ...how can you provide proof of an upgrade path. This i

Re: packages built for Ubuntu 18.04

Given what that post states and since openssl 1.1.1 hit 18.04 the other day, i'd assume the next build would be based off of 1.1.1? While i use nginx, i terminate SSL at HAProxy, and that is what occurred last week. On Tue, Jun 18, 2019 at 2:17 PM Zeev Tarantov wrote: > The openssl package for

Re: I'm about to embark on creating 12000 vhosts

t 80. > > I couldn't work out what the limits are at LE as it's not clear with > regards to adding new unique domains limits. I'm going to have to ask in > the forums at some point so that I can work out what our daily batches are > going to be. > > Kind regards,

Re: I'm about to embark on creating 12000 vhosts

I use haproxy in a similar way as stated by Rainer, rather than having hundreds and hundreds of config files (yes there are other ways), i have 1 for haproxy and 2(on multiple machines defined in HAProxy). One for my main domain that listens to an "real" server_name and another that listens to `ser

Re: no TLS1.3 with 1.15.5

Hi. I know this does not solve the problem, but curious if you found a package that was compiled with 1.1.1 or compile it yourself. Generally i like to avoid the later as everything is managed through salt, but am interested in TLSv1.3 Thanks, Jeff On Tue, Nov 6, 2018 at 1:19 PM Maxim Dounin

Re: A fatal 301 redirect...

I think this problem is better solved allowing 80 to be open and a separate server block. Since i terminate from haproxy, from memory something like this, in the same vhost file. Obviously you can listen here on H/2 if you want to as well. server { listen 80 default_server; server_name test

Re: rewrite rule: MediaWiki to static site

Seems like you have a solution, but i've done this recently in the reverse and found this configuration to be incredibly helpful, with little reason to ever update. I check the primary (static in my case) site first and if it 404's it is sent to a different proxy_pass. As you can guess i use the

Re: HTTPS over port 443

how about adding server { listen 80; redirect https://$host$request_uri 301; //YYMV as to what destination you need them to end up at. } On Tue, Aug 7, 2018 at 3:58 PM, fugee ohu wrote: > What do you mean by "also have a port 80 config" ? The port 80 configs > are my other sites that I ha

Re: 301 Redirect from www version to non www.

A couple things here guess. Is 80 even open in the firewall? Also could cloudflare be picking up 80 and redirecting to https, also this won't solve your problem, but having a server name prefixed with https is not valid, it may pass a configtest, but not sure that it would every match. On Fri, Ma

Re: domain only reachable with https:// in front

I think it is unfortunate that certbot does it this way, with an if statement, which i believe is evaluated in every request. I use something like the following (with your names): server { listen 80 default_server; listen [::]:80 default_server; server_name pstn.host www.pstn.host; return

Re: nginx cache growing well above max_size threshold

You can actually can run H/2 through HAProxy, using ALPN to determine if the client understands H/2 I have the following (snippet of a) config that sends to different nginx ports based on the ALPN response. frontend https mode tcp bind 0.0.0.0:443 ssl crt /etc/haproxy/certs alpn h2,http/1.1 e

Re: Multiple certificates in one server block?

Jim is correct, letsencrypt supports that wow, sorry for trying to help, that was a bit caustic, that information would be helpful in the original question. Enjoy the weekend. On Fri, Aug 4, 2017 at 9:40 AM, Jim Ohlstein wrote: > Hello, > > On 08/04/2017 09:36 AM, Olaf van der Spek wrote: >

Re: Multiple certificates in one server block?

i assume you have some sort of UCC certificate, if so you should be able to use it with multiple server_names, but have multiple ssl_certificates in a single server block is a limitation of nginx from what i understand. Most relavant information is here: https://nginx.org/en/docs/http/ngx_http_ssl

Re: block google app

a Google crawler - they are end-user > requests from the Google App (mobile application). I'm not sure what the > motivation is for blocking them but I wouldn't consider it malicious / > unwanted traffic. > > On Thu, Jun 22, 2017 at 4:47 PM, Jeff Dyke wrote: > >> I&

Re: block google app

I'm glad you found the solution, but being a Google crawler, it would likely respect a robots.txt file with Disallow: images/*, which if it worked would allow you to remove an if clause from being evaluated on every page load. You may have already tried it. But i have a feeling you'll start to fi

Re: invalid default_server parrameter

if you're using sni, you should be able to use _ as the server_name or remove default server b/c if this is going to represent many servers, from memory, default_server is not a value you want. for example i run nginx behind haproxy to create letsencrypt certs, which will listen to currently dozen

Re: Logging all requests onNginx

this might be helpful - http://stackoverflow.com/questions/12315832/how-to-fix-nginx-throws-400-bad-request-headers-on-any-header-testing-tools/17289826#comment16555393_12315832 On Wed, Apr 19, 2017 at 7:53 PM, Jeff Dyke wrote: > untested, but if you set error_log to the correct level,

Re: Logging all requests onNginx

untested, but if you set error_log to the correct level, it should log there as it likely received a > 300 response from the backends. I don't think you want these in your access logs, but i am suprised you don't get some sort of non < 400 response in those logs. But it's been a long day On W

nginx-extras

I realize this may not be the best place to ask, but thought someone may know. I am using nginx-extras which runs 1.10, for some very helpful lua functionality, and nginx stable just hit the apt repositories on 1.12, does anyone know how quickly nginx-extras may be updated to 1.12? I would like t

Re: nginScript and accessing cookies

at first glance i thought this may be dead, but perhaps you'd should look here: https://www.nginx.com/blog/introduction-nginscript/, which supports both Plus and OSS versions. I've been working with the lua module via nginx-extras on ubuntu, they suit my needs, but that page may help you. Jeff O

Re: upload xml file

what do you want it to do? if you're talking nginx without any application backend you could do a lot with some lua locations, or you're going to pass that request to another process, or serve a static (xml) file from the file system. Nginx does support XML just fine, its all a matter of what you

Re: another "bind() to 0.0.0.0:80 failed (98: Address already in use)" issue

depending on the version you may want to look for /etc/nginx/conf.d/default.conf, when i have been building servers (i use salt for configuration management) i have in my state file that includes file.absent: - /etc/nginx/conf.d/default.conf which will ensure the file does not exist immediately

Re: Move from apacht to nginx

There is an `allow all` in a location block, but i would recommend that you determine what part of All is really needed from your Apache config and apply only those rules that need to make the site work. I used apache in exactly this nature for a while and then dug in and found that i only needed

Re: SNI and certs.

Just a personal preference, but i put an https version in front of all sites(and redirect 80 to 443) and keep the certs up to date for free with lets-encrypt/certbot (i have nothing to do with the company), with SNI, one IP. This is simple as I keep the nginx configurations up to date with a confi

Re: Blocking tens of thousands of IP's

what is your firewall?, that is the place to block subnets etc, i assume they are not random ips, they are likely from a block owned by someone?? On Tue, Nov 1, 2016 at 5:37 PM, CJ Ess wrote: > I don't think managing large lists of IPs is nginx's strength - as far as > I can tell all of its ACLs

Re: Nginx proxy_pass not working as expected.

You may want to define example.org as an upstream if it is just an application server that handles requests, but not entirely sure what you're trying to accomplish... upstream anything.you.want { server 127.0.0.1:PORT # or domain name; } server { server_name example.com; location / { proxy_pass

Re: proxy_protocol - access server directly

On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan wrote: > On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote: > > Thank you Roman, i knew it would be painfully obvious once the solution > was > > presented to me > > > > Very much appreciate it! >

Re: proxy_protocol - access server directly

Thank you Roman, i knew it would be painfully obvious once the solution was presented to me Very much appreciate it! Jeff On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan wrote: > Hello, > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote: > > i have configured

proxy_protocol - access server directly

i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but i'd like to be able to access the servers directly on occasion and not through haproxy. Mainly this is done for troubleshooting or viewing a release before it goes out to the public (its off the LB at the time). Unfortunately acc