uild nginx
from source with that option enabled.
*[image: userimage]Scott Larson[image: los angeles]
<https://www.google.com/maps/place/4216+Glencoe+Ave,+Marina+Del+Rey,+CA+90292/@33.9892151,-118.4421334,17z/data=!3m1!4b1!4m2!3m1!1s0x80c2ba88ffae914d:0x14e1d00084d4d09c>Lead
Systems Admini
The mod_security module for nginx does require libapr-1.
*[image: userimage]Scott Larson[image: los angeles]
<https://www.google.com/maps/place/4216+Glencoe+Ave,+Marina+Del+Rey,+CA+90292/@33.9892151,-118.4421334,17z/data=!3m1!4b1!4m2!3m1!1s0x80c2ba88ffae914d:0x14e1d00084d4d09c>Lead
S
ES128-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA;
*[image: userimage]Scott Larson[image: los angeles]
<https://www.google.com/maps/place/4216+Glencoe+Ave,+Marina+Del+Rey,+CA+90292/@33.9892151,-118.4421334,17z/data=!3m1!4b1!4m2!3m1!1s0x80c2ba88ffae914d:0x14e1d00084d4d09c>Lead
Systems Administrator[im
*[image: userimage]Scott Larson[image: los angeles]
<https://www.google.com/maps/place/4216+Glencoe+Ave,+Marina+Del+Rey,+CA+90292/@33.9892151,-118.4421334,17z/data=!3m1!4b1!4m2!3m1!1s0x80c2ba88ffae914d:0x14e1d00084d4d09c>Lead
Systems Administrator[image: wdlogo] <https://www.wiredrive.com
I can second the fact FreeBSD + nginx is a rocking combo. We've been
running that for years under ever increasing traffic and it only requires a
few basic adjustments to the OS, even fewer in 10 since a lot of system
defaults were cranked up for modern times. Our current hardware handling
ngin
quot; This
> is not really a problem from what I have read but I will spend a little
> time trying to figure how to correct this also.
>
> On Tue, Dec 30, 2014 at 2:38 PM, Scott Larson wrote:
>
>> That test should point you in some direction but you're probably
&g
That test should point you in some direction but you're probably
missing an intermediate certificate which would normally be provided by the
issuer and appended to the file containing your server certificate.
*__Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext.
Without knowing everything in the mix my first thought would be the
NFS head node is being tapped out and can't keep up. Generally you'd solve
this with some type of caching, either at a CDN level or you could look at
the SlowFS module. I've not checked to see if it still compiles against the
If you're using nginx as a reverse proxy you'll want a cert set up on
that node. Without it, worst case is your link between the proxy and the
IIS server is secure but your link between the remote client and the proxy
will be insecure defeating the whole purpose. Best case is an error will be
requiring SSL, then I’m going to do
it right and not be rolling out potentially compromised
libraries/protocols/ciphers.
__
Scott Larson
Systems Administrator
Wiredrive/LA
310 823 8238 ext. 1106
310 943 2078 fax
www.wiredrive.com <http://www.wiredrive.com/>
www.twitt
/1.0.1i combo.
__
Scott Larson
Systems Administrator
Wiredrive/LA
310 823 8238 ext. 1106
310 943 2078 fax
www.wiredrive.com <http://www.wiredrive.com/>
www.twitter.com/wiredrive <http://www.twitter.com/wiredrive>
www.facebook.com/wiredrive <http://www.wiredrive.com/fac
The CA will never provide a key, if this was a simple renewal of the
existing certificate the key already in place would be the one to reuse.
One thing to note however is that SHA1 is being aggressively phased out now
due the the Google policy change with Chrome. If that matters to you,
you'll
Something else must be going on here. Looking at your ssl_cipher
string, you're opening with a rough declaration of specific ciphers you'll
support, none of which should pull in RC4. It's specific enough in fact
that your subsequent excluded ciphers don't even come into play. To test
this I sw
I'm personally partial to just outright declaring my supported ciphers
rather than using the exclusion bits. My personal server is aggressively
strict, the setup for our production gear is much less so. Either way it
allows me to know exactly what's available to clients.
For lunatics with DSA
Frankly it sounds more like laziness or being averse to change. All I
can relay is experience with our setup here which is purely FreeBSD with an
internal Poudriere based package build server, and system/config management
with Salt. Taken as a whole it's a painless and relatively trivial proce
I'm not personally a fan of telling nginx to glob all .html files for
PHP processing, but maybe that's just me and unrelated. If other PHP apps
are working I'd dig into the logging for that. Generally when I run into
situations like this it has nothing to do with nginx and instead is
something
In setting up OCSP stapling on 1.5.10 I've found it behaving in a way
which is opposite to what I perceive is documented. There it states that
the contents of ssl_trusted_certificate are not sent to the client. However
when I enable ssl_stapling_verify, which requires the inclusion of in this
17 matches
Mail list logo
