Re: FAQ Suggestions

Hi, On Mon, Feb 20, 2023, at 10:51, Ivo Welch wrote: > please ignore previous email. nanaya has an explanation that I need > to explore. I think this would make a great example for an FAQ... > As explained by Francis, I forgot to mention the part that "root /tmp/w" in a &q

Re: FAQ Suggestions

Hi On Sun, Feb 19, 2023, at 10:27, Ivo Welch wrote: > 2. why does > > ``` > location /wth { >root /var/www/fcgi-bin/; >index wth-root.html; > } > ``` > > not resolve '/wth' (but incidentally does resolve '/wth-root.html', > though not '/wth-root'). > it's one of the common confusions. Ju

Re: Allow/Deny rules in Location block

Just adding, if it's `location /auth {}`, it'll also match /autha, /authb, /authsomething/something, not just limited to /auth/*. On Wed, Jan 25, 2023, at 01:56, Reinis Rozitis wrote: >> There are other locations like /auth, /auth/, /auth/admin, /auth/admin/ and >> few more which have the same r

Re: Questions about real ip module

Hi On Wed, Aug 3, 2022, at 07:34, Francis Daly wrote: > On Sat, Jul 30, 2022 at 05:13:52AM +0900, nanaya wrote: > > >> 1. is there no way to reset the list of `set_real_ip_from` for a specific >> subsection? For example to have a completely different set of trusted >&g

Questions about real ip module

I have a few questions about the real ip module (tried on nginx/1.22.0): 1. is there no way to reset the list of `set_real_ip_from` for a specific subsection? For example to have a completely different set of trusted addresses for a specific server 2. does setting `real_ip_header '';` in a sect

Re: Real client IP in the error logs when a server is behind a reverse proxy

Hello, You need to set the reverse proxy ip in the www server: https://nginx.org/r/set_real_ip_from Also note this will replace $remote_addr with the value from X-Real-IP header (the original value is in $realip_remote_addr). On Thu, Jun 30, 2022, at 21:56, Mik J via nginx wrote: > Hello, > >

Re: Usage of $proxy_add_x_forwarded_for on edge proxies

On Thu, Jan 14, 2021, at 02:45, Maxim Dounin wrote: > > Another question is how often it is used properly. Given it > requires update of two headers, at least one of them being very > rare, I would assume the answer is "almost never". But again, it > has nothing to do with $proxy_add_x_for

Re: Usage of $proxy_add_x_forwarded_for on edge proxies

On Wed, Jan 13, 2021, at 22:53, Maxim Dounin wrote: > It's not "dangerous config", it's incorrect usage of > X-Forwarded-For which might be dengerous. In the most simply > configuration with a single server the X-Forwarded-For header > comes directly from the client, without anything added by n

Re: Usage of $proxy_add_x_forwarded_for on edge proxies

On Wed, Jan 13, 2021, at 02:46, Maxim Dounin wrote: > The X-Forwarded-For is expected to contain multiple addresses, with > the last one being from the last proxy. It is up to the reader of > the header to trust or not particular values from the header. > > For example, in the realip module n

Usage of $proxy_add_x_forwarded_for on edge proxies

Should there be warning in documentation on usage of $proxy_add_x_forwarded_for for X-Forwarded-For proxy header on edge proxies? I keep seeing config examples with proxy settings like this: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; Which doesn't make sense on edge servers as

Re: websocket connection seems to cause nginx to not reload

Hi, On Tue, Apr 16, 2019, at 07:14, Andrea Y Ma wrote: > Seeing nginx not picking up changes to its configuration. Running > `nginx -t` does not reveal any errors and no errors generated when > running `nginx -s reload`. However nginx access logs show that the old > IPs from the previous config

Re: Rewrite doesn't work if location has no trailing /

Hi, On Sat, Feb 9, 2019, at 19:50, Reiner Bühl wrote: > Hi all, > > I currently use the following location to redirect every request for a > resource under /webmail to a seperate server: > > location /webmail { > rewrite ^/webmail(.*) /$1 break; > prox

Re: FreeBSD Clean Install nginx.pid Permissions Errors

Hi, On Sun, Jul 16, 2017, at 00:45, Viaduct Lists wrote: > > My point was that you can start the service as root, or set the user to > root in nginx.conf. It’s confusing. Two ways. If I’m deliberately > starting the service as root, why would I need to set the config file to > indicate so? >

Re: FreeBSD Clean Install nginx.pid Permissions Errors

On Sat, Jul 15, 2017, at 18:56, Viaduct Lists wrote: > > > On Jul 15, 2017, at 5:04 AM, nanaya wrote: > > > > > > It works if you start it from user with root privilege. Otherwise you > > can't switch user and thus the directive is ignored. > >

Re: FreeBSD Clean Install nginx.pid Permissions Errors

Hi, On Sat, Jul 15, 2017, at 17:47, Viaduct Lists wrote: > The latter. It makes little sense. If it’s ignored then there’s no > sense in having it. > It works if you start it from user with root privilege. Otherwise you can't switch user and thus the directive is ignored. > Much like how th

Re: proxy_set_header directives don't inherit from father context

Hi, On Wed, Jul 5, 2017, at 14:41, foxgab wrote: > i expected the X-Forwarded-For and X-Forwarded-Proto header will be set, > but > it didn't. > what happend? > Quite a few of additive configs (proxy_set_header, add_header) are only inherited if there's no same directive set at current block.

Re: No referrer header on leacher's site !!

Hi, On Tue, Apr 4, 2017, at 20:24, shahzaib mushtaq wrote: > Hi, > > We came across a website who is playing our video links remotely. Since > we've hotlinking protection enabled based on referrer headers so i > checked > the request header by playing that video & found out that *referrer > heade

Re: Allow /.well-known/acme-challenge but deny dot files

Hi, On Tue, Apr 4, 2017, at 17:45, Anoop Alias wrote: > You can put it above the other deny location > # Allow "Well-Known URIs" as per RFC 5785 > location ~* ^/.well-known/ { > allow all; > } > Or use "^~" because it's of higher precedence compared to "~". > If the longest matching prefix loca

Re: Full URL parameter in nginx

Hi, On 2016/06/23 20:10, iivan wrote: Hi, I have this nginx rule: rewrite ^/(.*)?$ /index.cfm?event=saveURL=$1 last; - Which makes this work: http://mywebsite.com/http://notherwebsite.com/page.html - But if I pass a parameter like this: http://mywebsite.com/http://notherwebsite.com/page.html?

Re: Can we ask for permission before download?

Hi, On Sat, Mar 12, 2016, at 17:39, Alexandr Porunov wrote: > Hello, > I have a storage like S3 with photos. And I need to check users > permissions > before photo downloading. Somebody can downloads a photo and somebody > can't. Can we configure NGINX to act like this: This should help: https:/

Re: What modules are using the query term "token" for access control?

Hi, On Fri, Jan 22, 2016, at 03:16, Eliezer Croitoru wrote: > I have seen that couple media sites are using the "token" query term for > access control to some media content and I was wondering what module can > do that? > For examples the request: > http://example.com/media/11.mp4?token=xyz

Re: nginx modsecurity on Debian 8

On Thu, Dec 24, 2015, at 02:31, Thierry wrote: > Bonjour Alt, > > Thx a lot But, I might mistaken ... > My nginx is already working, as already been compiled with a certain > number of modules ... I do not want to break something ... > If I am doing what you said ... It might happen no ?

Re: 400 Error on % !!

On Mon, Nov 23, 2015, at 05:17 PM, shahzaib shahzaib wrote: > Hi, > >We've encountered with 400 Bad request error on nginx reverse proxy in > front of apache. Here is the attached link : > > http://prntscr.com/95wlsl > > If we remove '%' from the URL, it works fine. What could be the issue

Re: Nginx failing to ask for PEM SSL key password

Hi On Thu, Nov 19, 2015, at 10:40 PM, Valentin V. Bartenev wrote: > "named pipe can also be used instead of a file" - doesn't that help to > make > interactive solution? > Considering the admin must be ready when the "service" starts, I'm wondering the benefit of using systemd or other service m

Re: nginx rewrite url without causing redirect and proxy to backend app

On Wed, Nov 4, 2015, at 05:27 AM, kodeninja wrote: > Howdy, everyone! > > I'm trying to figure out if there's a way to achieve this with nginx: > . > I didn't get response on the SO q

Re: SEO gone mad...

Oh and this part On Wed, Oct 14, 2015, at 05:11 AM, steve wrote: > > > ( this is also *not* a google sanctioned document - it's on blogspot ) > And if you didn't know, blogspot is owned by google and that blog is google's. In fact, if you search for anything in here https://support.google.com/

Re: SEO gone mad...

On Wed, Oct 14, 2015, at 05:11 AM, steve wrote: > > > I suggest you re-read the article... whilst it does include the Chuck > Norris quote, it also states 'While it’s not totally optimal behavior, > it’s perfectly legitimate and a-okay. :)'. > The following point specifically mentions that

Re: SEO gone mad...

On Wed, Oct 14, 2015, at 04:58 AM, steve wrote: > >> As can be seen from the google article, it's apparently a bad thing(tm) > >> to duplicate content for example.com/ and example.com. Apparently some > >> .htaccess tweak can do a 301 redirect from one to the other, but > >> absolutely nothing th

Re: SEO gone mad...

On Wed, Oct 14, 2015, at 04:39 AM, steve wrote: > As can be seen from the google article, it's apparently a bad thing(tm) > to duplicate content for example.com/ and example.com. Apparently some > .htaccess tweak can do a 301 redirect from one to the other, but > absolutely nothing that has be

Re: SEO gone mad...

On Tue, Oct 13, 2015, at 04:59 AM, steve wrote: > Hi folks, > > I have a requirement from a customer that the terminal slash be > rewritten when accessing the homepage - eg example.com/ is a 301 to > example.com > > I've tried a simple rewrite of ^/$ but that just loops. > > Any ideas? > >

Re: nginx systemd reload service command skips configtest

> On Sat, Sep 26, 2015 at 11:03 PM, Per Hansson > wrote: > > Hi, the "nginx.service" file shipped with systemd rpm's both in nginx's > > stable repository and epel for CentOS7 / RHEL7 do not perform a "configtest" > > when "systemctl reload nginx" is issued. > > So if there is an error in the con

Re: Trailing slash issue with https redirect - Nginx

On Wed, Sep 23, 2015, at 08:25 PM, linsonj wrote: > Yes, the line rewrite ^(.*)$ https://$servername.smartdocsonline.com/$1; > could be the reason. > > Any other way to do this ? or Can I edit the existing rewrite rule to > avoid > double trailing slash ? > I suggest finding out what's being c

Re: Trailing slash issue with https redirect - Nginx

Hi On Wed, Sep 23, 2015, at 07:02 PM, linsonj wrote: > > Issue is that when I try to access http://webapp.mydomain.com using > current > setup, it is redirecting to https://webapp.mydomain.com// ( with two > trailing slash at the end of url). Looking for a solution to remove this > double slash i

Re: nginx 2,upstream question

Hi On Tue, Sep 22, 2015, at 04:59 PM, vps4 wrote: > i have 2 backend server A & B, i want the upstream only works with A, > when A > die then works with B, if A not die , only works with A > how can i do > this? upstream backend { server A; server B backup; } __