Re: how to unsubscribe?

On Mon, Jul 7, 2025 at 5:53 PM Rostyslav Zalevskyy wrote: > > How can I unsubscribe it ? > > ___ > nginx mailing list > nginx@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx Visit the link at the bottom of the email you receive. ___

Nginx on Fedora with SELinux

Hi Everyone, I'm trying to install Nginx on Fedora 41 with SELinux in enforcing mode. In my case, the document root is /var/www/html (for historic reasons). I added /etc/nginx/conf.d/webserver.conf, and specified my document root. I chown'd -R /var/www to root:nginx. I also chmod'd -R o-rwx /var/w

Re: Default site configured for 444 returns 404

On Sun, Aug 25, 2024 at 6:18 AM Steinar Bang wrote: > > > Steinar Bang : > > One piece of weirdness in the access.log. > > These two IP address requests for "/" returns 200. > > > 162.216.149.127 - - [23/Aug/2024:00:51:03 +] "" > > "GET / HTTP/1.1" 200 467 "-" "Expanse, a Palo Alto Networ

SVN front-end using Nginx?

Hi Everyone, I'd like to use SVN, and Nginx as the web server for it. From what I've found, it looks like Apache is required due to mod_dav_svn (and the combo is Apache with Nginx proxy). I also came across svnserve, but I am not familiar with it. Is anyone aware of a way to use a pure Nginx env

Re: No SNI support on multisite installation

On Fri, Mar 15, 2024 at 2:37 PM Thomas Ward wrote: > > Jeffrey, > > If I read OP's information right, the test they were seeing was that it says > it needs SNI support and a number of browsers showed "No SNI support". I > know from testing OpenResty supports SNI. That isn't the issue here I >

Re: No SNI support on multisite installation

On Fri, Mar 15, 2024 at 2:05 PM Thomas Ward via nginx wrote: > > If you only have one IP, then you cannot fix this. SNI is what determines > which certificate to serve for the request. The only solution would be > individual IPs for each domain, thus not needing SNI to get the correct cert >

Re: Forcing URLs to lower case example

On Thu, Mar 7, 2024 at 1:54 PM Victor Oppenheimer wrote: > > I am using nginx on MS Windows primarily for reverse proxying. > > I would like to force URLs reaching nginx into lower case before further > processing in my nginx.configfile. > > That is, I'd like subsequent server and/or location dire

Re: Issues building Nginx using boringssl

On Tue, Feb 20, 2024 at 10:19 PM Jinze YANG wrote: > > After I built libssl as a shared library, the compilation could be completed > normally, but I encountered some problems after compilation. The details are > as follows: > root@VM-8-12-debian /www/server/nginx/sbin # ./nginx -t > ./nginx: sy

Re: Issues building Nginx using boringssl

On Tue, Feb 20, 2024 at 12:23 AM 杨金泽 wrote: > > I encountered the following error when using boringssl to build Nginx: > checking for OpenSSL library ... not found > checking for OpenSSL library in /usr/local/ ... not found > checking for OpenSSL library in /usr/pkg/ ... not found > checking for O

Re: announcing freenginx.org

On Wed, Feb 14, 2024 at 12:59 PM Maxim Dounin wrote: > > As you probably know, F5 closed Moscow office in 2022, and I no > longer work for F5 since then. Still, we’ve reached an agreement > that I will maintain my role in nginx development as a volunteer. > And for almost two years I was working

Re: ngx_quic_create_stream segfault

On Thu, Dec 21, 2023 at 7:35 AM Clima Gabriel wrote: > > Hello everyone, > > My Nginx worker process has frequent segfaults on this codepath. > (ngx_quic_create_stream) > Here are some observations I have made so far. > 1. The faults happen with tcmalloc and malloc so this is not the issue. > 2.

Re: trying to disable gzip

On Thu, Oct 19, 2023 at 12:36 AM alienmega via nginx wrote: > > Thank you for the information. I didnt notice I was lookgin at the wrong > place. It turns out that the culprit is cloudflare. If I dont use it, I can > see the gzip going on and off(as expected), but as soo as I use cloudflare, >

Re: OT: Rapid Reset attacks on HTTP/2

On Tue, Oct 10, 2023 at 3:04 PM Maxim Dounin wrote: > > On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote: > > > This just made my radar: > > <https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html>. > > > > From the article: > &

OT: Rapid Reset attacks on HTTP/2

Hi Everyone, This just made my radar: . From the article: F5, in an independent advisory of its own, said the attack impacts the NGINX HTTP/2 module and has urged its customers to update their NGINX configuration to l

Re: Compatibility of X25519Kyber768 ClientHello

On Mon, Oct 9, 2023 at 11:55 AM Gentry Deng via nginx wrote: > > ... > I'm able to reproduce the problem. It looks like a bug in www.paypal.cn's > server. They didn't implement TLS 1.2 correctly. Specifically, they do not > correctly handle when the ClientHello comes in in two reads. Before Kybe

Re: TLS 1.2 and TLS1.3 extensions supported by nginx

On Wed, Apr 19, 2023 at 8:03 AM preetham g wrote: > > I wanted the list of the TLS 1.2 and TLS 1.3 extensions that are currently > being supported by the Nginx. Can you please provide the same. > Nginx uses OpenSSL for TLS. You may want to ask the OpenSSL folks. Be sure to tell them which versio

Re: Nginx using HTPPS but without SSL ???

On Thu, Jan 26, 2023 at 8:26 PM Gus Flowers Starkiller wrote: > > I need test some pages in my office but with a different domain and I don't > have SSL certificates. > > Is there any way to publicate a web site with an alias? > For example mysite1.com (using nginx) to siteok.domain.com ??? Yo

Re: Is there a conflict between Debian Bullseye and nginx?

On Fri, Dec 16, 2022 at 11:23 AM Mike Lieberman wrote: > > On Fri, 2022-12-16 at 15:59 +, Francis Daly wrote: > > > On Fri, Dec 16, 2022 at 04:27:15PM +0800, Mike Lieberman wrote: > > > > You have configured your nginx to listen on port 80 on all IP addresses. > > > > You have configured your

Re: Your connection is not private error on Android device

On Mon, Nov 14, 2022 at 4:59 PM James Read wrote: > ... > OK. Thanks. I rearranged the file and deleted some certificates. Now > sslabs is reporting no chain issues for Certificate #1: RSA 2048 bits > (SHA256withRSA) but for Certificate #2: RSA 2048 bits (SHA256withRSA) it > is reporting > Chain

Re: Help with nginx.conf

On Fri, Nov 11, 2022 at 1:43 PM Gus Flowers Starkiller < relectgus...@gmail.com> wrote: > > Hi ! Thanks a lot for your explanation ! Well I've installed some Nginx servers all cases like configured like Proxy Reverse, But, at first I installed Nginx from pages different from Nginx.org but the sourc

Re: Client can't negotiate with TLS 1.0 and 1.1

On Wed, Aug 24, 2022 at 4:25 PM Fabiano Furtado Pessoa Coelho wrote: > > Hi... > > I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server > with one NIC and 2 IPs, with the following config: > > * config based on > https://ssl-config.mozilla.org/#server=nginx&version=1.22.0&config=in

Spurious DNS lookups due to Host header?

Hi Everyone, I'm examining a webapp which had a scan looking for security related errata and vulnerabilities. The app is hosted on Google Cloud (GPC) and the webserver is Nginx. Only the app was scanned. GPC and Nginx were not scanned. The scan produced an interesting finding I have not seen befo

Re: NGINX "--with-zlib=..." linker error

On Mon, Mar 28, 2022 at 3:35 PM Fabiano Furtado Pessoa Coelho wrote: > > Hi... > > I'm using > https://nginx.org/packages/rhel/8/SRPMS/nginx-1.20.2-1.el8.ngx.src.rpm > to compile NGINX to RHEL 8.5, with "--with-openssl=/openssl_1_1_1n" > parameter in the "%define BASE_CONFIGURE_ARGS" .SPEC file,

Re: "SSL: error:0A0000B9:SSL routines::no cipher match" with Mozilla modern ciphers v5.5

On Fri, Feb 18, 2022 at 6:57 AM petecooper wrote: > > I am following up with fresh eyes.The 3x ciphers that cause problems are: > > TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 > > I have just noticed each cipher name above has an underscore `_` character > as a separ

Re: Obvious malware rejection module?

On Mon, Feb 14, 2022 at 6:17 PM lists wrote: > ... > > I have plenty of transit capacity. I can serve 3TB a month and I do 30GB. > What I don't have is CPU power. I have a one CPU VPS. The CPU is shared > resource. I think the RAM used by the VPS is more "available," if that > makes any sense. Th

Re: ssl_reject_handshake disallow TLSv1.3

On Tue, Feb 8, 2022 at 8:02 AM Sergey Kandaurov wrote: > > > > On 8 Feb 2022, at 14:15, rjvbzeoibvpzie wrote: > > > > ssl_protocols TLSv1.2 TLSv1.3; > > > > server { > >listen 443 ssl default_server; > >ssl_reject_handshake on; > > } > > > > This does not allow ANY other server to be rea

Re: Strategies for large-file upload?

On Tue, Feb 8, 2022 at 9:27 AM Alva Couch wrote: > > I’m new to this list but have been running an NGINX community stack including > NGINX community/Gunicorn/Django for several years in production. > > My site is a science data repository. We have a need to accept very large > files as uploads:

Re: Tuning client request buffering in ngx_http_proxy_module

On Wed, Feb 2, 2022 at 12:45 PM bengalih wrote: > > > Note that SSL is likely the most important contributor to CPU > > utilization in this setup. It might be a good idea to carefully > > tune ciphers used. > > I believe I have set this fairly appropriately. If you know of a resource > that woul

Re: ktls nginx not working

On Thu, Jan 27, 2022 at 8:52 AM Anoop Alias wrote: > > I am trying to implement/test ktls as per the blog article > > https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/#tls-protocol > > ### > This is done on CentOS8 VM > > # uname -r > 4.18.0-348.7.1.el

Re: Use prebuilt Bzip, zLib and OpenSSL?

On Mon, Jan 10, 2022 at 10:40 PM Jeffrey Walton wrote: > > I need to build a modern Nginx from sources on an older platform. The > need arises because the organization can't upgrade a particular set of > machines. We want to set up a Nginx proxy to handle the front-end > wor

Re: Use prebuilt Bzip, zLib and OpenSSL?

On Tue, Jan 11, 2022 at 4:02 PM Thomas Ward wrote: > > Which NGINX are you attempting to compile? Last I checked only the 1.21.x > branch (Mainline) has support for PRCE2, unless I missed a stable branch > release note... > Thanks Thomas. Nginx version is 1.20.2. I guess I'll wait for 1.21 t

Re: Use prebuilt Bzip, zLib and OpenSSL?

On Tue, Jan 11, 2022 at 8:27 AM Maxim Dounin wrote: > > Hello! > > On Mon, Jan 10, 2022 at 10:40:09PM -0500, Jeffrey Walton wrote: > > > I need to build a modern Nginx from sources on an older platform. The > > need arises because the organization can't upgrade

Use prebuilt Bzip, zLib and OpenSSL?

Hi Everyone, I need to build a modern Nginx from sources on an older platform. The need arises because the organization can't upgrade a particular set of machines. We want to set up a Nginx proxy to handle the front-end work. I've got Bzip, zLib and OpenSSL built and installed in /opt, but I am h

Re: inlining

On Tue, Feb 18, 2014 at 2:51 PM, atarob wrote: > Pankaj Mehta Wrote: > --- >> These should be covered during the link time optimisations. >> >> Look here for gcc: http://gcc.gnu.org/wiki/LinkTimeOptimization > > I was very much unaware of this. T

Re: SSL ciphers, disable or not to disable RC4?

On Thu, Jan 9, 2014 at 4:53 AM, Lukas Tribus wrote: >> My current values in my nginx configuration for ssl_protocols/ciphers >> what i use is this: >> >> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; >> ssl_ciphers RC4:HIGH:!aNULL:!MD5; >> ssl_prefer_server_ciphers on; >> >> What are todays recommend

Re: SSL ciphers, disable or not to disable RC4?

On Thu, Jan 9, 2014 at 4:53 AM, Lukas Tribus wrote: >> My current values in my nginx configuration for ssl_protocols/ciphers >> what i use is this: >> >> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; >> ssl_ciphers RC4:HIGH:!aNULL:!MD5; >> ssl_prefer_server_ciphers on; >> >> What are todays recommend

Re: SSL ciphers, disable or not to disable RC4?

On Thu, Jan 9, 2014 at 4:29 AM, wrote: > Hi > > My current values in my nginx configuration for ssl_protocols/ciphers what i > use is this: > > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers RC4:HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > > What are todays recomm

OT: OpenSSL 1.0.1f

OpenSSL 1.0.1f was released today. It might be a good time to rebuild all the versions of nginx using static versions of OpenSSL. There are three CVE remediations included in the release: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450. http://www.openssl.org/news/openssl-1.0.1-notes.html. It does no

Re: Centos 6.5 and ECDH ciphers in nginx.org Centos repo

.so.1.0.0 (0x7f9f02b6a000) libcrypto.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x7f9f02785000) ... > so I guess the question is when will the nginx.org builds be built on 6.5? Sorry, I can't help. I believe that's a question for the Red Hat or CentOS f

Re: Centos 6.5 and ECDH ciphers in nginx.org Centos repo

On Sun, Jan 5, 2014 at 10:56 PM, Nick Jenkin wrote: > Hi > > In Centos 6.5 (and RHEL 6.5) the ECDH ciphers were enabled. There appears to > be an issue with the nginx.org 1.5.8 Centos binaries still not having support > for ECDHE despite having updated openssl 1.01e with elliptic curves. > > If

OT: Crypto Hardening Guide (nginx has an entry)

For administrators interested in SSL/TLS protocols and ciphers settings, the following may be useful. It also looks like the [possibly influenced] US stuff was removed. https://bettercrypto.org/static/applied-crypto-hardening.pdf ___ nginx mailing l

agentzh's encrypted session module

I've been studying agentzh's encrypted session module from https://github.com/agentzh/encrypted-session-nginx-module/tree/master/src. There are essentially two methods: one to encrypt values, and a second to decrypt modules. The functions to do so are ngx_http_set_encode_encrypted_session and ngx_

-rpath linker option?

I'm having trouble with dll hell on Debian and Ubuntu with OpenSSL. Debian and Ubuntu insist on runtime linking with the copy in /usr/lib. Fedora and Red Hat are OK because they don't use OpenSSL by default, so they are not present in /usr/lib. I've tried specifying a rpath in ld options: --wit

Re: Force linking to static archives during make?

Thanks On Wed, Dec 18, 2013 at 4:29 AM, Ruslan Ermilov wrote: > On Tue, Dec 17, 2013 at 04:16:55PM -0500, Jeffrey Walton wrote: >> This should be my last build question. >> >> $ ./auto/configure --with-http_ssl_module ... >> --with-cc-opt="-I/usr/local/ssl/include

Force linking to static archives during make?

This should be my last build question. $ ./auto/configure --with-http_ssl_module ... --with-cc-opt="-I/usr/local/ssl/include" --with-ld-opt="-L/usr/local/ssl/lib /usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.a -ldl" ... $ make ... Results in the following. Note that OpenSSL is still dy

Re: checking for OpenSSL library ... not found

On Tue, Dec 17, 2013 at 8:07 AM, Maxim Dounin wrote: > Hello! > > On Tue, Dec 17, 2013 at 08:05:49AM -0500, Jeffrey Walton wrote: > >> On Tue, Dec 17, 2013 at 8:01 AM, Maxim Dounin wrote: >> > ... >> >> >> >> Any thoughts on how to proce

Re: checking for OpenSSL library ... not found

On Tue, Dec 17, 2013 at 8:01 AM, Maxim Dounin wrote: > Hello! > > On Tue, Dec 17, 2013 at 07:17:47AM -0500, Jeffrey Walton wrote: > >> On Tue, Dec 17, 2013 at 7:02 AM, Maxim Dounin wrote: >> >... >> > >> > Something like this should work for you: >

Re: checking for OpenSSL library ... not found

On Tue, Dec 17, 2013 at 7:02 AM, Maxim Dounin wrote: > Hello! > > On Mon, Dec 16, 2013 at 07:12:56PM -0500, Jeffrey Walton wrote: > >> >> checking for OpenSSL library ... not found >> >> ./auto/configure: error: SSL modules require the OpenSSL library. >>

Re: checking for OpenSSL library ... not found

developer is free to use them, or he/she can specify the exact library code they want (e.g., /usr/local/ssl/lib/libssla.). Tested OK on Fedora 19 and Ubuntu 13.04. On Mon, Dec 16, 2013 at 7:12 PM, Jeffrey Walton wrote: > > checking for OpenSSL library ... not found > > ./auto/configure

Re: checking for OpenSSL library ... not found

e_path" and "ngx_feature_libs" more helpful? Jeff On Mon, Dec 16, 2013 at 7:12 PM, Jeffrey Walton wrote: > > checking for OpenSSL library ... not found > > ./auto/configure: error: SSL modules require the OpenSSL library. > You can either do not enable the modules, or in

Re: checking for OpenSSL library ... not found

ita Rares Dumitrescu wrote: > if you are using centos/fedora you need to install openssl-devel > > > On 17/12/2013 01:40, coderman wrote: >> >> On Mon, Dec 16, 2013 at 4:12 PM, Jeffrey Walton >> wrote: >>> >>> >>> checking for OpenSSL library ...

checking for OpenSSL library ... not found

checking for OpenSSL library ... not found ./auto/configure: error: SSL modules require the OpenSSL library. You can either do not enable the modules, or install the OpenSSL library into the system, or build the OpenSSL library statically from the source with nginx by using --with-openssl= option

Re: ngx_conf_t args count

On Mon, Dec 16, 2013 at 2:15 AM, Ruslan Ermilov wrote: > On Sun, Dec 15, 2013 at 04:31:08PM -0500, Jeffrey Walton wrote: >> From Miller's http://www.evanmiller.org/nginx-modules-guide.html, section >> 5.2: >> >> ngx_http_upstream_hash(ngx_conf_t *cf

ngx_conf_t args count

>From Miller's http://www.evanmiller.org/nginx-modules-guide.html, section 5.2: ngx_http_upstream_hash(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_upstream_srv_conf_t *uscf; ngx_http_script_compile_t sc; ngx_str_t *value; ngx_array_t

Re: location configuration?

On Thu, Dec 12, 2013 at 9:36 AM, coderman wrote: > On Thu, Dec 12, 2013 at 6:30 AM, Jeffrey Walton wrote: >> I'm reading through the nginx architecture document at >> http://www.aosabook.org/en/nginx.html. >>... >> What is the location configuration, an

location configuration?

I'm reading through the nginx architecture document at http://www.aosabook.org/en/nginx.html. The location configuration is called out in a few places. For example: Phase handlers typically do four things: get the location configuration, generate an appropriate response, send the head

Re: OpenSSL Locks

On Wed, Dec 11, 2013 at 10:25 AM, Maxim Dounin wrote: > Hello! > > On Wed, Dec 11, 2013 at 05:55:16AM -0500, Jeffrey Walton wrote: > >> I need to do some additional processing with OpenSSL in a custom >> module. I noticed ngingx does not set any locks in ngx_ssl_init (fro

Hg checkout missing config and friends

I performed a checkout to the latest stable: $ hg clone http://hg.nginx.org/nginx -u "release-1.4.4" I tried to run config, and it appears to be missing: $ ./config -bash: ./config: No such file or directory $ nginx-release-1.4.4$ ls autoconfcontribdocsmiscsrc The

Re: Nginx Deployments in Practice

2013/12/11 Brian Akins : > I build packages using omnibus - https://github.com/bakins/omnibus-nginx > Thanks Brian. It appears omnibus-nginx does not contain the nginx sources. Is it safe to assume you provide them? What version of nginx do you currently use? Do you have any custom code that might

OpenSSL Locks

I need to do some additional processing with OpenSSL in a custom module. I noticed ngingx does not set any locks in ngx_ssl_init (from ngx_event_openssl.c). A few questions: 1) Should lock installation be guarded on NGX_THREADS or something else? 2) Where is most appropirate to initialize the lo

Nginx Deployments in Practice

My nginx needs are (1) stable nginx, (2) patched nginx, and (3) something I can modify. The last is what concerns me - I want to ensure I don't lose my changes and enhancements while pursuing (1) and (2). What are folks finding is the easiest way to ensure stable and patched nginx is used in the e

ngx_ssl_dhparam and dh1024_p

Hi All, ngx_event_openssl.c hs the following around line 535: ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) { ... /* * -BEGIN DH PARAMETERS- * MIGHAoGBALu8LcrYRnSQfEP89YDpz9vZWKP1aLQtSwju1OsPs1BMbAMCducQgAxc * y7qokiYUxb7spWWl/fHSh6K8BJvmd4Bg6RqSp1

Re: Configure, make and self tests?

On Sun, Dec 8, 2013 at 6:21 AM, Maxim Dounin wrote: > Hello! > > On Sun, Dec 08, 2013 at 06:18:40AM -0500, Jeffrey Walton wrote: > >> `make check` and `make test` results in "no rule to make target". >> >> Does nginx include any self test? If so, how do

Configure, make and self tests?

`make check` and `make test` results in "no rule to make target". Does nginx include any self test? If so, how does on run them? Thanks in advance. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx module developer documentation?

On Sun, Dec 8, 2013 at 3:14 AM, Homutov Vladimir wrote: > On Sun, Dec 08, 2013 at 12:46:45AM -0500, Jeffrey Walton wrote: >> Hi All, >> >> I'm interested in exploring nginx as the basis for a proxy. >> >> I'm having trouble locating reading material on

nginx module developer documentation?

asons, I'd prefer to use C/C++. Finally, Amazon does not list any books related to development. Would anyone know of a few good references for a C/C++ developer? Thanks in advance. Jeffrey Walton Baltimore, MD, US [0] http://nginx.org/en/docs/http/ngx_http_proxy_module.html [1] http:/