:09PM +0200, basti wrote:
Hello Maxim,
that does not work for me.
root@tower:~# resolvectl query icinga2
icinga2: 192.168.145.217 -- link: ve-icinga2
-- Information acquired via protocol LLMNR/IPv4 in 105.7ms.
-- Data is authenticated: no
root@tower:~# getent hosts icinga2
Hello Maxim,
that does not work for me.
root@tower:~# resolvectl query icinga2
icinga2: 192.168.145.217 -- link: ve-icinga2
-- Information acquired via protocol LLMNR/IPv4 in 105.7ms.
-- Data is authenticated: no
root@tower:~# getent hosts icinga2
192.168.145.217 icinga2
Sorry, my mistake.
1.18.0 debian11 is installed.
Am 18.04.23 um 19:21 schrieb A. Schulze via nginx:
Am 18.04.23 um 14:58 schrieb mailingl...@unix-solution.de:
nginx is 1.1.18
Whats wrong there?
released in March 2012
couldn't you use a "not so historic" version?
Andreas
___
Hello,
we have a website with some embedded content to YT. So the idea is to
setup a GDPR Proxy.
Setup:
User Client -> example.com (embedded content media.example.com) -> YT
So YT only can see the IP of media.example.com.
What's about cookies?
Can YT track the 'User Client'?
Something li
Check your config with 'nginx -T | less' for 'server_name _'.
This is a catch_all as described in the docs.
On 02.11.21 22:50, deeztek wrote:
> I already tried that with same results.
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,292742,292744#msg-292744
>
> __
First of all try to add a "server_name".
See http://nginx.org/en/docs/http/server_names.html
Am 02.11.21 um 20:46 schrieb deeztek:
> I'm having a problem with Nginx serving static content (.css, .js, .png,
> .jpg etc.).
>
> In the below configuration, if I access the server via IP address static
Hello,
first of all, I'm not sure if it is a php or nginx problem.
Today I had the problem, that nginx run into "504 Gateway Time-out" when
the first nameserver in /etc/resolv.conf did not answer.
The php application is query some names (db-server for example).
Did nginx use nsswitch?
Did so
port 80 and it matches that special catch-all that accepts
> all server_name results. (though, default_server will match anything
> that doesn't match any other server_name Host so...)
>
>
> Thomas
>
> On 6/9/20 11:14 AM, basti wrote:
>> Hello,
>>
>&
Hello,
i want to setup a location match for any hostname/servername like in apache:
cat /etc/apache2/conf-enabled/git.conf
RedirectMatch 404 /\.git
In nginx I try
cat /etc/nginx/conf.d/git.conf
server {
## Disable .htaccess and other hidden files
location ~ /\.(?!well-known).* {
deny al
It depends on how you compile.
First of all have a look at the repository of you distribution or nginx
itself it's easier to update for bugfix or security impacts.
The 2'nd way can be to upgrade you server and get a newer nginx.
If that all is not an option I would prefer a build a debian packag
: * basti
*To: *
*Sent: * 16/04/2020 4:54 PM
*Subject: * Re: Nginx wp-admin access control
I have not follow the entire discussion.
What is the goal to do with wp-admin?
There are several ways to limit access:
- http basic auth
- use a x509 cert to authenticate instead of user
I have not follow the entire discussion.
What is the goal to do with wp-admin?
There are several ways to limit access:
- http basic auth
- use a x509 cert to authenticate instead of user/pass
- write a hook plugin to wp_login() to use you own / external login
- just use fail2ban to keep bad guys
In the past I have used "siege". I have grep the access.log for 200
Status code and create a list. This list I used for input in siege to
have a very close realistic stress test.
Best Regards
On 28.01.20 01:41, James Read wrote:
> Hi,
>
> does anyone know of a way to stress test a nginx server?
You can also use multiple names in one line.
http://nginx.org/en/docs/http/server_names.html
On 25.07.19 11:59, rai...@ultra-secure.de wrote:
> Hi,
>
>
> I found that using multiple
>
> server_name bla;
> server_name blu;
>
> directives seems to actually work.
>
> At least in 1.12.
>
>
> C
Hello Maxim,
thanks a lot, the proxy send the header only on http, my mistake sorry.
On 21.06.19 16:05, Maxim Dounin wrote:
> Hello!
>
> On Fri, Jun 21, 2019 at 03:46:53PM +0200, basti wrote:
>
>> I have nginx 1.14.2 on debian buster and need to enable proxy_p
Hello,
I have nginx 1.14.2 on debian buster and need to enable proxy_protocol.
(https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#listen)
When I enable it on http all is fine. When i try to enable it on https
no connection can be established. No syntax error and no log
On 11.01.19 22:04, petrosetta wrote:
> 2. An outside user hits https://www.mydomain.com/webdev NGINX redirects him
> to the internal site https://devapp.mydomain.com
How does an image link look like in this case?
Have you try to create an location /webdev and redirect this to devapp
in your confi
On 11.01.19 20:44, petrosetta wrote:
> It works perfectly. Thanks very much. If you could bear with me a little
> though,What if I wanted to also put the prod web site behind nginx, I can't
> use more than one root location so how could that be done. The only
> difference with the name is prod is p
On 11.01.19 19:51, petrosetta wrote:
> HI
> Thanks so much for replying. Below is the block and upstream entry. Also,
> let's say without NGINX I bring up the site at
> https://mysite.domain.com/webaccess, when I click on an image, the url is
> https://mysite.domain.com/name_of_image.
>
>
On 11.01.19 17:35, petrosetta wrote:
> Hi All
> I am trying to redirect to an internal server behind nginx that I really
> have no permissions to change. When you browse to the site normally at
> https://www.devapp.com for example it redirects to
> https://www.devapp.com/webaccess and it comes u
Hello,
after i switch my error log to info level (to find an other Problem) I
get a lot of messages like:
"client sent plain HTTP request to HTTPS port while reading client
request headers"
I search for a solution and always found that this error is shown when
http and https is in one server {}
e/public;
>rails_env production;
>passenger_enabled on;
> }
>}
>
> On Tue, Aug 7, 2018 at 3:28 PM, basti wrote:
>> please show us your config
>>
>> On 07.08.2018 21:22, fugee ohu wrote:
>>> I'm trying to enable site wide ssl over
please show us your config
On 07.08.2018 21:22, fugee ohu wrote:
> I'm trying to enable site wide ssl over port 443 on a site that runs
> on http port 80
> In nginx.conf i have `listen 443 ssl;` for the server but requests for
> the server get routed to the first available host on port 80, another
Thanks a lot.
On 30.07.2018 18:02, Richard Stanway wrote:
> nginx only resolves hostname once on startup. See this workaround:
>
> https://github.com/DmitryFillo/nginx-proxy-pitfalls
>
> On Thu, Jul 26, 2018 at 8:47 PM basti <mailto:mailingl...@unix-solution.de>&g
Hello,
inside a location I have a proxy_pass to a hostname with a dynamic IP
for example
location ^~ /example/ {
proxy_pass https://host1.dyndns.example.com;
}
getent hosts resolve the right IP.
But in via nginx return a 504.
When I reload nginx it work until IP is changed.
The DNS Serv
Hello,
I have the following config
Frontend (with IP x.y.1.1) -> Proxy
In the Proxy settings I have "allow x.y.1.1" and this work very well.
Now I want to see the client IP how access to frontend in the proxy logs
and have add something like
# to get real IP who access
set_real_ip_from x.y.1.1/3
On 27.06.2018 15:57, Ruslan Ermilov wrote:
> Since you have switched auth_basic off, the only enabled authentication
> left is by client address, and your inherited configuration says it's
> denied for everything except . Put "allow all" into the
> "location /.well-known/acme-challenge/" to hav
Hello,
I have a config like:
server {
...
# combine basic auth and ip whitelisting
#
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
satisfy any;
allow ;
deny all;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/nx4/.htpass
lancer using http geo ip module nginx.
>
>
> Currently, I can block the clients which is not coming through load
> balancer or api gateway by geo ip module.
>
>
>
>
> On Mon, May 21, 2018, 2:02 PM basti <mailto:mailingl...@unix-solution.de>> wrote:
>
&
hello,
the way to block ip's can also be used for PTR records, I think.
Also as wildcard.
On 21.05.2018 05:49, Sathish Kumar wrote:
> Hi All,
>
> I have a requirement to block certain countries coming to our website.
> I managed to achieved it using the ngx_http_geoip_module. I have a
> problem
On 06.04.2018 20:17, Giulio Loffreda wrote:
> Hi
>
> I created one separated file for while (as we have just one customer
> under ssl) and placed this file on sites-enable. So it is being loaded
> at top of nginx configuration.
> Then I have another conf file to handle 443 requests.
>
> The aim
Hello,
where have you defined your certificate? I cant see.
if you use one serer directive for all your domains, all domains must be
in this certificate (Subject alt names).
On 06.04.2018 19:40, Giulio Loffreda wrote:
> Dears
>
>
> I have one wordpress multisite with subdomain being served by Ng
fixed by myself
On 24.01.2018 13:13, basti wrote:
> Hello,
>
> I try to use "more_set_headers" directive in nginx 10.3 on debian.
>
> Modules are loded.
>
> ls -la /etc/nginx/modules-enabled/
> lrwxrwxrwx 1 root root 68 Jan 24 12:57
> 50-mod-http-hea
-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
I get this error:
1640#1640: unknown directive "more_set_headers" in /etc/nginx/nginx.conf:23
Best regards,
Basti
___
nginx mailing list
nginx
Oct 29, 2017 at 11:53:23AM +0100, basti wrote:
>
> Hi there,
>
>> In this example from nginx docs domain has "fullname".
>>
>> server {
>> server_name ~^(www\.)?(*?*.+)$;
>> root /sites/*$domain*;
>> }
>
> When I use the
Hello,
i try to setup a catch all proxy server with nginx.
I want to catch domains like this but have only domainname (without
subdomain) in $domain
In this example from nginx docs domain has "fullname".
server {
server_name ~^(www\.)?(*?*.+)$;
root /sites/*$domain*;
}
servername: www.e
Hello again,
OK i have fixed it.
On 11.10.2017 09:58, basti wrote:
> Hello,
>
> i have a config look like
>
> server {
>servername example.com
>
>
>location /foo {
> index index.php;
> proxy_pass ...
> ...
>
this dir I
can also see all files.
Best Regards,
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
your server_name .3jgkp.de; and server_name .armapedia.de;
are wrong. Use www.armapedia.de, wildcard, regex or whatever.
See http://nginx.org/en/docs/http/server_names.html
Best Regards,
Basti
On 12.08.2017 09:21, Jamesadamar wrote:
Dear community,
I am a beginner in the land of
e
Log say "access forbidden by rule."
Is there a way to allow /.well-known/ and deny all other?
Best Regards,
basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
there where an other problem, ssl_session_tickets where set to off.
My config is some days old and this nedd nginx >1.5.9.
Turn ssl_session_tickets on and all works fine.
Best Regards,
On 16.01.2017 14:46, Alarig Le Lay wrote:
> Hi,
>
> On Mon Jan 16 14:31:49 2017,
r/lib/letsencrypt.sh/certs/ssl.example.com/privkey.pem;
Error:
SSL_ERROR_RX_RECORD_TOO_LONG
[ipv6ip] - - [16/Jan/2017:14:25:58 +0100]
"\x16\x03\x01\x00\xE2\x01\x00\x00\xDE\x03\x03\xD2m8" 400 173 "-" "-"
Want's wrong here?
Thanks for any help.
Best regards,
bast
Hallo,
for one application i need to disable output_buffering in php.ini.
In my opinion there is a better solution to disable it for the special
location and not for system wide php.
So i try to set fastcgi_param PHP_VALUE "output_buffering=Off"; but when
i reload nginx and look at the app/ or
Hello,
what does 'netstat -tulpen | grep 80' say? (run this as root to see
procress)
what does 'ps ax | grep apache' say?
If you do not need nginx anymore why you do not uninstall it?
Best Regards;
On 04.11.2016 11:02, bertuka wrote:
> Hello,
> since a couple of days I am getting this error mes
Sorry, not working is not an error message, so nobody can help you.
Perhaps you *should* edit this example?
What have you try?
What is the error? What's in the access-/errorlog (srv1 and srv2)?
On 14.10.2016 16:28, avk wrote:
> Thank you for reply, but not working.
>
> Posted at Nginx Forum:
> ht
;
proxy_set_header X-Real-IP$remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
}
Best Regards,
Basti
p.s i use this to proxy an wordpress site
On 14.10.2016 12:53, avk wrote:
> Hi! Can you help? How use proxy_pass (or ot
I have files by myself.
the part of my conf looks like
location ~ ^/foo/(.*.\.pl|cgi)$ {
...
}
location ~ ^/foo/d/(.+?)(/.*)$ {
try_files foo /foo/dl.pl;
}
foo is a non existent file, so always dl.pl is executed
On 22.09.2016 13:13, basti wrote:
> Hello,
>
> i have a script wh
Hello,
i have a script where i can upload files. the uri is like
https://example.com/foo/bar.pl
the location looks like
location ~ ^/foo/(.*.\.pl|cgi)$ {
...
}
then a upload url is generatred
https://example.com/foo/u/f28c104/df3d-45ce/example.txt
the location for the uploaded files looks li
Hello,
I have a perl/ gci script that creates a dir and within that an subdir
with permission 0750. The owner of the dirs are www-data.
nginx can't delete the dirs because this is run as user nginx.
is there a way to set the user for perl/cgi to nginx? only for this
location?
best regards
__
_errors=0";
On 15.09.2016 09:26, Tseveendorj Ochirlantuu wrote:
> Hello,
>
> Basti thank you for help.
>
> Does this override system wide or it applied to /foo location ?
>
> Best regards,
> Tseveen
>
> On Thu, Sep 15, 2016 at 4:20 PM, basti <mailto:black.fled
Hello,
you can use "fastcgi_param PHP_VALUE" to change PHP values.
For example:
location /foo {
location ~ ^(.*.\.php)(.*)$ {
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
fastcgi_param PHP_VALUE "max_execution_time = 60";
}
}
Best Regards,
Bast
Hello,
I have a question about tmpfs.
On my raspberry pi I with only 256 MB RAM df looks like.
root@pi:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/root15G 2.0G 13G 14% /
devtmpfs111M 0 111M 0% /dev
tmpfs 115M 0 115M 0% /dev/shm
tmpfs
Hello,
I have nginx installed with multiple domainnames and multiple ssl-hosts
use SNI.
Now I add an other vhost with non-ssl server entry like example.com.
when I try to use https://example.com/ I get a cert from an other vhost.
I found this "solution" to "catch all"
|
|
|server { listen 443 ss
Upgrade to nginx 1.9.7 fixed the error with/etc/nginx/html
Am 24.11.2015 um 14:54 schrieb basti:
> Hello,
> I have installed nginx 1.9.6 on debian jessie.
> As I can see there is no sites-enabled and sites-available anymore. Is
> that right?
>
> An other strange thing is t
ror] 14763#14763: *70 open()
"/etc/nginx/html/robots.txt" failed (2: No such file or directory)
But I can't find an entry for "/etc/nginx/html" in any config file
placed in /etc/nginx.
Is it "hard-coded" in source?
Regards,
Basti
_
is forbidden, client: xx.xxx.xx.xx, server: www.example.com,
request: "GET / HTTP/1.1", host: "www.example.com"
nginx version: nginx/1.9.1
Best Regards,
basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Thanks for your answer Maxim
On 10.06.2015 12:40, Maxim Konovalov wrote:
> On 6/10/15 1:06 PM, itpp2012 wrote:
>> Try the latest 1.9.2, in 191 is was added but not working.
>>
> http part is fully functional in 1.9.1. The author has different
> issue and Lukas Tribus already answered.
>
_
Where can I find? The latest tag I have found is 1.9.1.
(http://trac.nginx.org/nginx/browser/nginx?order=name)
On 10.06.2015 12:06, itpp2012 wrote:
> Try the latest 1.9.2, in 191 is was added but not working.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,259486,259488#msg-259488
:80 in ...
Is there a way to use "reuseports" for multiple locations?
How can I test if it works for a special location?
Is there a header send or something else? Or is the only way to compare
"stress test" like siege?
Regards,
Basti
_
Hello I have config to combine basic auth and ip whitelisting like that:
# combine basic auth and ip whitelisting
#
http://serverfault.com/questions/242218/how-to-disable-http-basic-auth-in-nginx-for-a-specific-ip-range
satisfy any;
include /etc/nginx/myips;
deny all;
auth_basic "Re
Thanks a lot!
On 30.03.2015 21:21, Francis Daly wrote:
> On Mon, Mar 30, 2015 at 10:45:49AM +0200, basti wrote:
>
> Hi there,
>
>> is there a way to do following in nginx server or location config.
>>
>> 1. allow access to certain client addresses
>> 2. if the
Hello Mailing list,
is there a way to do following in nginx server or location config.
1. allow access to certain client addresses
2. if the ip is not in the list, allow access by ngx_http_auth_basic_module
Thanks for any help.
Best Regards,
Basti
Hello,
i have a URL like
https://example.com/foo/doc/bar/filename.txt
I want to deny access to all files and folders in /doc/...
and try
location ~ ^/foo/(doc|etc|lib|log|sbin|var/cache|var/lib|var/log)/ {
deny all;
}
I does not work, i can download the file above.
How can please help?
Tha
You can try "siege".
In the past I have take the access log to create a list of urls to be
used by siege.
Regards,
Basti
On 08.01.2015 11:06, Das, Jagannath wrote:
> Hi Folks,
>I am trying to get some performance numbers on nginx by sending
> HTTP and HTTPS requests. My
Hello,
is somethink relevant to this in the nginx/ php error log?
On 17.12.2014 07:14, khav wrote:
> My site does video streaming and users are not able to play videos greater
> than 10 mins.After 10-11 mins flowplayer stop playing the video but i don't
> get any error either by php/nginx/flowplay
history listen.mode was set to 0666 an update has change this to
0600, perhaps this is the error.
I hope this helps.
Regards,
Basti
Am 25.11.2014 13:16, schrieb ManuelRighi:
> Hello,
> I have nginx 1.6.2 (compiled from source) and php-fpm 5.5.9 on Ubuntu server
> 14.04.1 LTS.
> I have prob
Here is my solution:
server {
server_name ~^(.*)\.example\.com$ ;
return 200;
deny all;
access_log off;
log_not_found off;
}
Am 06.06.2014 09:48, schrieb basti:
> Hello,
>
> I try to block wildcard sub domains as follows:
>
>
> # block wildcard
> ser
idden" site of nginx.
When "deny all" is removed it work as expected.
Can anybody explain?
And does anybody know a workaround?
Best Regards;
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
/www.tank-app.de/mailadmin/ is also rewrite, I dont know why.
On 24.02.2014 19:07, Francis Daly wrote:
> On Mon, Feb 24, 2014 at 04:10:24PM +0100, basti wrote:
>
> Hi there,
>
>> # do not rewrite this
>> location /mailadmin/(.*.\.php)$ {
> You probably will have no requests
Sorry same result.
On 24.02.2014 16:34, Styopa Semenukha wrote:
> Use:
> return 301 http://$server_name$request_uri;
> to redirect.
>
> On Monday, February 24, 2014 04:01:03 PM basti wrote:
>> Hello,
>> I have a SSL config like
>>
>> server {
>>
&
https://example.com/mailadmin/test.php?ps=301A1123344556E925803435&framework=
are partly rewrite.
Regards,
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
://example.com/mailadmin/set.php?p_s=301AB1837E730B55&framework=
are partly rewrite
How can I solve this?
Regards,
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
try this
http://stackoverflow.com/questions/13894386/upstream-too-big-nginx-codeigniter
Regards,
Basti
On 10.02.2014 11:55, rubenarslan wrote:
> Hi Maxim & Jeroen,
>
> I'm the user Jeroen mentioned. I'm sorry for only being to produce sporadic
> errors earli
/download.html.
Regards,
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
remove his header?
I have try "proxy_hide_header X-Frame-Options;" without success.
Regards,
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
||] = ||strtr||(||$_GET||[||"q"||], ||"+"||, ||" "||);|
at
http://www.dmuth.org/node/1268/how-get-rid-annoying-plus-signs-drupal-under-nginx
Is there a way to do this, in nginx config?
Regards,
basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Replace
[nginx*]
env.url http://localhost/nginx_status
with
[nginx_*]
user root
my nginx default file
egrep -v "(^$|^#)" /etc/nginx/sites-enabled/default
server {
listen 80; ## listen for ipv4
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name local
My config looks like:
/etc/munin/plugin-conf.d/munin-node
...
[nginx_*]
user root
/etc/nginx/sites-enabled/default
...
## munin nginx status (request/ connections handeled)
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
...
This runs for me v
Have a look at http://nginx.org/packages/debian/pool/nginx/n/nginx/
Try squeeze files or build your own.
All needed packages for build are in the link above.
best regards
Basti
Am 14.05.2013 13:27, schrieb David Geistert:
> Hey,
> I only want to ask, when the Debian Wheezy package w
thin => socket: /tmp/thin.sock
nginx => server unix:/tmp/thin.0.sock;
would be the problem i think.
Am 18.03.2013 20:53, schrieb Yunior Miguel A.:
Thans for all. The end configuration:
thin configuration:
chdir: /var/www/redmine/
environment: production
address: 127.0.0.1
port: 3000
timeout:
Have you try localhost on the server (use lynx or somethink else)?
I think the default.conf is it:
server {
listen 80;
server_name localhost;
...
will be only used if you do something likehttp://localhost
So change it to your domain.
Basti
Am 04.03.2013 11:44, schrieb Kaoz:
Hi
81 matches
Mail list logo
