Apparently our web application server is sending an older version of the
upgrade-insecure-request header which causes a brief "page cannot be
displayed" in Chrome, but not Firefox or Safari..
We use Nginx as a reverse proxy to our application servers, can I intercept
this header and just remove it
Kemp can do it:
https://www.tech-coffee.net/deploy-windows-admin-center-in-ha-through-kemp-load-balancer/
I can give the stream module a shot also.
Would this be a basic config to get me started?
stream {
listen 443
proxy_pass https://192.168.1.0:6516/
proxy_ssl_verify off;
}
Posted at Nginx
I am trying to set up a reverse proxy to the Windows Admin Center (WAC). The
WAC requires the use of a client certificate for authentication. When I log
into the WAC via https://localhost:6516 or https://192.168.0.100:6516 I am
prompted for the certificate and everything works fine. If I attempt to
I figured it out. I just needed to add the proxy+pass in the new location
block.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,271676,271677#msg-271677
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
For security purposes, we utilize the Cache-Control "no-cache, no-store,
must-revalidate" add_header parameter in our root location block.
However, I'd like to tweak this to allow the following file types to be
cached: jpg|jpeg|png|gif|ico|js|css|html
I added this above my root location / block,
We've noticed that if we flip the order of the backend servers, the server
the user is directed to flips.
upstream prodtemp {
ip_hash;
server 10.0.0.107:8080 max_fails=1 fail_timeout=5s;
server 10.0.0.106:8080 max_fails=1 fail_timeout=5s;
keepalive 50;
}
That results in the user being sent t
We are experiencing an issue where we have Nginx configured as a reverse
proxy. SSL terminates with Nginx also. On the back end are two Wildfly
servers. If a session is bound to server 2 (via Nginx ip_hash) after 30
minutes the user is redirected back to server 1 and the following is logged
in Ngin
Actually, I think this may have been because after upgrading Nginx, it
reinstalled the default.conf file. I've removed it, left the config above,
restarted Nginx, and the internal IP doesn't seem to be leaking any longer.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,270932,270935#msg
Hello - we have been dinged on our network penetration test because one of
our Nginx web servers is returning the internal IP in the HTTP location
response header. This is our only Nginx server that is not acting as a
reverse proxy, so I'm at a bit of a loss on how to disable Nginx returning
the In
I figured out what it was. I had an error_page directive in another location
block in the same server.conf that was apparently overriding the
proxy_next_upstream. I commented it out and now the upstream throwing the
404 is being skipped. I'm just going to remove 404 from the error_page
directive.
We have a backend server throwing a 404 error, so I added the directive
proxy_next_upstream error timeout http_404; but that seems to have no
effect. Nginx is still performing round robin connections to the working
backend server and the backend server throwing a 404. Is there another
directive I n
That seems like a very elegant way to handle the problem. I'll give it a
shot. Thanks!
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,265257,265282#msg-265282
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/n
We currently use the following method to perform an http to https rewrite.
rewrite ^ https://$server_name$request_uri permanent;
I am planning to change it to the preferred method of:
return 301 https://$server_name$request_uri;
However, we'd like to also make sure any requests for domain.com a
Sorry, I got a little ahead of myself.
If I only want to display all files named
"the_nginx_mailing_list_guys_are_genuises*" - can I do that?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254649,254650#msg-254650
___
nginx mailing list
ngin
Is there a way to have autoindex only display certain files?
If I only want to display a file named
"the_nginx_mailing_list_guys_are_genuises*" - can I do that?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254649,254649#msg-254649
___
ngin
richardm Wrote:
---
> [...]Someone in RH decided
> to make the nginx webserver follow the same SELinux policy rules as
> Apache.
Thanks for following up on this Richard. Undisclosed changes like this drive
me crazy ... why make changes like this
Thank you Richard. I have shared your post in my thread in the CentOS
forums.
For now, to work around the issue, CentOS forum user sercan has provided the
following commands to create a new SELinux policy for Nginx. I've tested it
on two of my servers and it works.
- Make sure you have the policy
Then that is something that is different with respect to CentOS 6.6, because
the default.conf was just dropped when I re-installed it from the Nginx yum
repository.
-rw-r--r--. root root system_u:object_r:httpd_config_t:s0 default.conf
-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0
That's the thing, I've never needed to set an SELinux policy. These are
single purpose servers, they run Nginx and that's it. I've always installed
Nginx, configured the .conf files for Nginx, and off it went. I've never
needed to disable SELinux and actually, since I perform a minimal install of
S
We have been successfully running Nginx installed from the official Nginx
CentOS repositories for ages. Last night I upgraded two of my Nginx 1.6.0
servers from CentOS 6.5 to CentOS 6.6 and SELinux immediately broke just
about everything with Nginx. At first it wouldn't let it read the SSL certs,
t
Bingo, I issued a -USR2 but a ps shows both the old and new master processes
listening. Thanks Maxim.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,247412,247418#msg-247418
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mail
Hello Everyone,
We have been running SPDY/2 for months and months without issue and recently
upgraded to 1.5.10 for SPDY/3.1 support. However, we are having an issue
where sometimes our site reports SPDY/2 and sometimes it reports SPDY/3.1 in
Chrome's net-internals and the Chrome spdy extension. W
Bingo. Now Chrome is reporting spdy/3. Thanks!
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,247180,247182#msg-247182
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
I upgraded my Nginx reverse proxy to 1.5.10 using the official Ubuntu
Precise Nginx packages, but my site is still reporting SPDY/2 in Chrome. Do
I need to do something more drastic than issuing a kill -HUP on the master
process to load the new Nginx binary? Or am I missing something else?
Posted
Hello Gurus,
It's been several years since I've revisited anything but the most basic
changes to our Nginx reverse-proxy front-end. I'm wondering if there have
been any new tweaks or security related configuration changes that should be
implemented on Nginx when acting as a reverse-proxy for JBoss
I didn't even think about rejecting the traffic rather than dropping it!
Great idea!
Would that allow the client connection (Browser to Nginx) to fail over to
the backend server that is up rather than simply timing out?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,238894,238913#msg-2
Oops, here is the relevant error.log entry from Nginx as well:
013/05/06 01:46:03 [error] 2063#0: *294659 upstream timed out (110:
Connection timed out) while connecting to upstream, client: ip.address,
server: amywebsite.com, request: "GET /home HTTP/1.1", upstream:
"http://192.168.1.12:8080/home
Hi Mex,
We shut them down one-by-one, 45 minutes apart. The issue only seems to
occur when the first server listed is blocked however. We don't see the read
timeouts if I leave the iptables rules enabled on the second server. I think
that may be a false symptom related to ip_hash binding clients t
Hello,
Each night we take our backend servers offline at specific times for
maintenance. When the application servers restart they immediately begin
answering HTTP requests from Nginx, but we want to keep them out of the
upstream pool for about 30 minutes while they cache information from our
data
29 matches
Mail list logo
