Re: different ssl_cerficate/ssl_cerficate_key pair for different $host in same server directive

> Am 09.03.2022 um 09:18 schrieb huiming via nginx : > > hi Hello, > > Is below configuration valid? nginx report > "nginx: [emerg] "ssl_certificate" directive is not allowed here in > /usr/local/nginx/clientcfg/www.waf.soptest.com.443.conf:16" > > I hope different ssl_cerfica

Re: Getting weird issue with Nginx reverse Proxy

> Am 04.03.2022 um 04:37 schrieb blason : > > Here is Apache config > > >ServerAdmin webmas...@example.com >DocumentRoot /var/www/fs/ >ServerName fs.example.com >ServerAlias fs.example.com >ErrorLog /var/log/apache2/fs/error.log >CustomLog /var/log/

Re: Getting weird issue with Nginx reverse Proxy

> Am 03.03.2022 um 19:26 schrieb blason : > > Hi Team, > > My portal name is lets say fs.example.com and it is > configured on apache > server which is then proxied to internet using Nginx reverse proxy. However And what does the apache config look like? __

Re: wordpress with Nginx + fastcgi_cache with ssl but behind haproxy

ple nginx, > php-fpm, fcgi cache works for me. And rate limiting works in nginx too. Try > simplifying the setup so there are less variables to deal with. > > On Mon, 8 Feb 2021, 10:16 PM Rainer Duffner, <mailto:rai...@ultra-secure.de>> wrote: > Hi, > > I have an i

wordpress with Nginx + fastcgi_cache with ssl but behind haproxy

Hi, I have an interesting problem. I have apache behind Nginx behind haproxy. SSL is terminated with haproxy (because haproxy can load all certificates from a single directory, and because some rate-limiting stuff is easier with haproxy). This makes using Let’s Encrypt easier. Sometimes, I wa

Re: packages.nginx.org IPv6 SSL is broken

> Am 27.09.2020 um 21:54 schrieb sergio : > > https://packages.nginx.org is not accessible via IPv6 > > It's pingable and http also works fine. > > % openssl s_client -connect packages.nginx.org:443 > CONNECTED(0003) > > > Please fix it of remove records. > > BTW, packages.nginx.o

Re: What about BREACH (CVE-2013-3587)?

> Am 04.02.2020 um 21:38 schrieb J.R. : > > I think you are confusing TLS compression with HTTP compression... Probably. I read that later somewhere else. I just wonder why it’s lumped-in in testssl.sh. ___ nginx mailing list nginx@nginx.org http

Re: Weird problem cannot standup nginx on 443 ipv4

> Am 25.04.2019 um 21:27 schrieb Julian Brown : > > listen 443; > listen [::]:443; You most certainly want listen 443 ssl or listen 443 ssl http2 Not sure if it solves your problem. ___ nginx mailing list nginx@nginx.org http://mailma

Re: I'm about to embark on creating 12000 vhosts

> Am 11.02.2019 um 16:16 schrieb rick_pri : > > However, our customers, with about 12000 domain names at present have Let’s Encrypt rate limits will likely make these very difficult to obtain and also to renew. If you own the DNS, maybe using Wildcard DNS entries is more practical. Then, HA

Re: Can't disable TLS 1.0

> Am 17.11.2018 um 04:56 schrieb Jeremy Ardley : > >ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_protocols TLSv1.2; You need to disable 1.0 and 1.1. AFAIK. If you look around, everybody (ebay, github, MSFT, Google etc.pp.) who disabled 1.0 also disabled 1.1.

Re: ERR_SPDY_PROTOCOL_ERROR Nginx !!

> Am 01.08.2017 um 23:51 schrieb shahzaib mushtaq : > > What do you think should i change it to ? What does SSL-Labs say to it? Or htbridge? Rainer___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: Last roadblock changing from Apache: SSL & PHP #2

> Am 15.05.2017 um 00:50 schrieb Philip Rhoades : > > Also, nginx and php-fpm were actually running as services of course . . Maybe strip the comments next time you post a config file… I have: server { set_real_ip_from 127.0.0.12; real_ip_header X-Forwarded-For; listen 80;

Re: Reverse Proxy with 500k connections

> Am 07.03.2017 um 22:12 schrieb Nelson Marcos : > > Do you really need to use different source ips or it's a solution that you > picked? > > Also, is it a option to set the keepalive option in your upstream configure > section? > http://nginx.org/en/docs/http/ngx_http_upstream_module.html#kee

Re: How to cache static files under root /var/www/html/images

> Am 14.02.2017 um 22:07 schrieb Ebayer Ebayer : > > I want to cache critical files indefinitely regardless of them being hot or > stale until they're purged (by the app). > If you have enough RAM, they will stay cached. Do you also want to do the memory-management of your apps, allocating

Re: How to cache static files under root /var/www/html/images

> Am 14.02.2017 um 21:25 schrieb Ebayer Ebayer : > > Is there a more deterministic way besides fully trusting the MMU? I really > don't think the MMU will execute well on what I'm setting to accomplish. Some > more info: > > * I run Linux 2.6.32 (RH's) > > * I don't trust /dev/shm as a memory

Re: How to cache static files under root /var/www/html/images

> Am 14.02.2017 um 20:10 schrieb Ebayer Ebayer : > > Hi, > > I have Nginx running as a webserver (not as proxy). I need to cache static > files that are under /var/www/html/images in memory. What's the simplest way > to do this? Your OS does that for you. That’s why it does not make sense

Trouble with redirects from backend

Hi, I have typo3 with nginx running behind an nginx reverse-proxy, mapped to a subdirectory. So, it's www.company.bla/ourtypo3site. Typo3 has RealURL extension installed and that adds a "slash" at the end if it's not sent by the browser - this is done via a redirect. The trouble is that whe

Re: Nginx SSL Setup

> Am 03.11.2016 um 20:40 schrieb Ashish Gupta : > > Hello Team, > > I am using NGINX as a web server ot host some of the file and I need some > help with the SSL Setup. Is there a way to create a keystore and use that in > the configuration for SSL setup? > > I don't want to use the self sign

Re: Blocking tens of thousands of IP's

> Am 01.11.2016 um 23:43 schrieb Cox, Eric S : > > Unfortunately much like others have stated, we also don't have the automation > at the firewall layer to move as quickly as we would like. So at the moment > its not an option. If you get hammered, even serving the 403-page is actually notic

Re: Blocking tens of thousands of IP's

> Am 01.11.2016 um 23:35 schrieb Cox, Eric S : > > Currently we track all access logs realtime via an in house built log > aggregation solution. Various algorithms are setup to detect said IPS whether > it be by hit rate, country, known types of attacks etc. These IPS are > typically identifie

Re: Blocking tens of thousands of IP's

> Am 01.11.2016 um 22:46 schrieb Jeff Dyke : > > what is your firewall?, that is the place to block subnets etc, i assume they > are not random ips, they are likely from a block owned by someone?? Depends on the firewall, but our network-guys would refuse to do that (and have so in the past)

Re: Encrypting TLS client certificates`

> Am 26.10.2016 um 01:20 schrieb WGH : > > When nginx requests a client certificate with ssl_verify_client option, > and client complies, the latter sends its certificate in plain text. > > Although it's just a public part of the certificate, one can consider it > a kind of information disclosur

Re: fake googlebots

> Am 25.09.2016 um 23:58 schrieb li...@lazygranch.com: > > I got a spoofed googlebot hit. It was easy to detect since there were > probably a hundred requests that triggered my hacker detection map > scheme. Only two requests received a 200 return and both were harmless. > > 200 118.193.176.53 -

Re: Nginx Slow download over 1Gbps load !!

> Am 31.01.2016 um 19:48 schrieb shahzaib shahzaib >: > > The server is using ports 18 and 19 and those port are configured with speed > 1000 > > > LH26876_SW2#sh run int g 0/18 > > ! > > interface GigabitEthernet 0/18 > > description LH28765_3 > > no ip add

Re: Question about rewrite directive

> Am 29.01.2016 um 00:06 schrieb Lukas : > >> Lukas [2016-01-28 22:04]: >> >>> rai...@ultra-secure.de [2016-01-28 15:12]: >>> >>> a customer has this in his .htaccess file (among other things): >>> >>> RewriteCond %{REQUEST_FILENAME} !-f >>> RewriteCond %{REQUEST_FILENAME} !-d >>> RewriteRul

Re: nginx/1.9.9 with modsecurity/2.9.0 crashes with segfault and worker process exited on signal 11

> Am 10.01.2016 um 14:39 schrieb Lukas : > > Dear all > > Fascinated by nginx, I attempted to integrate it with modsecurity. > > Unfortunately, ever when modsecurity is enabled, nginx reports a > sefault in sysmessages. > > Searching the web did not reveal any solution, i.e. I switched off > S

Re: Debian Jessie, Nginx, PHP, UWSGI quick start

> Am 02.01.2016 um 08:37 schrieb Thomas Glanzmann : > > Hello, > I had to host a potential unsecure PHP web application. So I though about > writing a small c programm which creates a network, filesystem, pid, > uts, and ipc namespace and run php-fpm inside it. Excuse me if I’m blunt, but: can’

Re: running nginx-running and nginx concurrently

> Am 21.09.2015 um 11:49 schrieb Ekaterina Kukushkina : > > Hello Fabe, > > Unfortunately, you can't. > The 'nginx-plus' is a package name not a binary/service name and your > current 'nginx' package will be replaced with 'nginx-plus' package during > installation. > Well, on FreeBSD, the

Re: reverse proxy SMTP - How distinguish MUA and MTA

> Am 04.06.2015 um 20:13 schrieb dethegeek : > > Hi > > Still building a nginx reverse proxy for my mail servers. Thanks to the > community, I now have a secure connection between nginx and my backend mail > server. > > POP and IMAP are working well, from a MUA to my server. > > I'm wondering

Re: nginx_slowfs_cache

> Am 19.04.2015 um 15:24 schrieb wishmaster >: > >> >> >> I’ve briefly toyed with it myself, at some point. >> >> What is your „slow“ filesystem? > > SATA II single disk, UFS. Just let the OS do its work. https://openconnect.itp.netflix.com/software/index.html

Re: nginx_slowfs_cache

> Am 19.04.2015 um 15:16 schrieb jb : > > At least in my experience unless your most used static files exceed in size > your available RAM, or are changing, they are effectively cached by the OS > anyway. > Normally, yes. Hence the reason why phk wrote Varnish, when he saw what squid was (an

Re: nginx_slowfs_cache

> Am 19.04.2015 um 15:12 schrieb wishmaster : > > > `ngx_slowfs_cache` is `nginx` module which allows caching of static files > (served using `root` directive). This enables one to create fast caches > for files stored on slow filesystems, for example: > > - storage: network disks, cache: local

Re: nginx_slowfs_cache

> Am 19.04.2015 um 13:14 schrieb wishmaster : > > Hi, > > Today after upgrading from nginx version 1.6.x to 1.7.x I have got a > segmentation fault. After short investigation the culprit was found. It is > module by Frikle - nginx_slowfs_cache. > > Is anybody has the same issue? Is this modu

Re: Google dumps SPDY in favour of HTTP/2, any plans for nginx?

> Am 17.03.2015 um 23:32 schrieb Valentin V. Bartenev : > > On Tuesday 17 March 2015 09:49:04 alexandru.eftimie wrote: >> Will there be support for http/2 for upstream connections? I can't seem to >> find anything about this online ( either SPDY or HTTP/2 for upstream >> connections ) >> > > Th

Re: Expected Server configuration for 100 users

> Am 18.02.2015 um 16:56 schrieb ragavd : > > Hi, > We are configuring the NGINX as a reverse proxy. We are expecting some 100 > concurrent users or connections/sessions to be active at any given moment of > time. Right now the server is acting as a reverse proxy for only one > application. These

Re: Dynamic/Wildcard SSL certificates with SNI ?

> Am 15.01.2015 um 20:50 schrieb Gabriel L. Somlo : > > Hi, > > I'm working on a "Web simulator" designed to serve a large number of > web sites on a private, self-contained network, where I'm also in > control of issuing SSL certificates. > > The relevant bits of my nginx.conf look like this:

Re: How to write nginx, NGINX or Nginx ?

> Am 30.12.2014 um 19:53 schrieb B.R. >: > > It seems the original and preferred way to spell it is 'nginx', the one cming > from Igor. I am still wondering about capitalizing the name, but since it is > to me a personal name, I do not apply rules that would nor

Re: How to write nginx, NGINX or Nginx ?

> Am 30.12.2014 um 14:17 schrieb hpatoio >: > > Hello. I'm writing some documentation for a project that use NGINX. I'm > wondering what's the correct way to write nginx. > > a) NGINX - Always all uppercase > b) nginx - Always all lowercase. Even at the beginning of

Re: Caching servers in Local ISPs !!

Am 09.05.2014 um 16:58 schrieb shahzaib shahzaib : > Hello, > > We're running a high traffic website similar to youtube.com. Due to > high bandwidth utilization over the network, we're in contact with the local > ISP in order to put caching server to reduce bandwidth utilization for file

Re: High traffic on Nginx-Webservers !!

Am Tue, 22 Apr 2014 15:21:09 +0500 schrieb shahzaib shahzaib : > Thanks for quick response, well our website is related to video > streaming just like youtube. Could you provide me some guide to learn > varnish for start-up ? > > Any suggestions will be highly appreciated. > > Shahzaib Do you

Re: High traffic on Nginx-Webservers !!

Am Tue, 22 Apr 2014 14:39:53 +0500 schrieb shahzaib shahzaib : > Hello, > >We're using the cluster of 5 webservers using nginx (reverse > proxy) > + apache to handle php requests. Our web-servers are constantly high > with load-avg of 2.0~3.0. I have seen people using varnish between > ng

Re: nginx and GeoLite2

Am Mon, 21 Oct 2013 17:12:51 +0400 schrieb Maxim Dounin : > Hello! > > On Mon, Oct 21, 2013 at 12:38:30PM +0300, wishmaster wrote: > > > Hi > > I am planning to use GeoLite with nginx. On the MaxMind website > > there is an announcement: > > > > Announcement > > Free access to the latest in IP

Strange proxy_pass problem

Hi, I recently upgraded a server from nginx 1.2.8 to 1.4.3 (on FreeBSD amd64). nginx is a reverse-proxy to apache, intended to serve static files directly and pass all php requests zu apache - with one exception: the default vhost on both nginx and apache. It looks like this (on apache): Ali

Re: question about nginx/modsecurity

Am 19.06.2013 um 21:04 schrieb AJ Weber : > Is anyone maintaining a "current" version of nginx with mod-security > linked-in? > > I realize this is a bit lazy on my part -- the instructions seem relatively > straightforward to build -- but I didn't want to "re-invent the wheel" if I > didn't