Hi Whats considered the best way to auth again crowd. I see some old module - 6-7 year untouched https://github.com/kare/ngx_http_auth_crowd_module trying this one but can't compile it also noted crowd does openid https://www.nginx.com/blog/authenticating-users-existing-applications-openid-connect-nginx-plus/ but .. what are others doing ? _______________________________________________ nby alexsamad - Nginx Mailing List - English
HI isn't this a bit futile, if they can get onto the box that has nginx they can get either the private key or secret to get the private key. safer would be to make it that you need human interact to start nginx. But till a memory dump of the app would get you the private key. On Fri, 16 Nov 2018 at 00:03, Maxim Dounin <mdounin@mdounin.ru> wrote: > Hello! > > On Wed, Nov 14,by alexsamad - Nginx Mailing List - English
Hi Don't you need a openssl that works with 1.3 as well. My sticking point is centos 6 - no openssl that comes with 1.3 - as far as i know A On Mon, 5 Nov 2018 at 06:10, Bogdan via nginx <nginx@nginx.org> wrote: > Hi, Andreas! > > > I disabled NPN (Next Protocol Negotiation) because, as far as I know (not > very far and it comes from what I've read, since I am not an experby alexsamad - Nginx Mailing List - English
an oldie but helpful for me thanksby alexsamad - How to...
Hi Not sure where to put this. But I would like to have the ability to add client cert required any where on the URI tree so www.abc.com.au/ you can access with out a cert but www.abc.com.au/private/ you need a cert www.abc.com.au/public/ no cert needed A _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby alexsamad - Nginx Mailing List - English
Look at sticky session, a routing code in a cookie that helps you decide where to send the packet. So on the 443 set the cookie and on the udp use the cookie in the header to route on the back end On 20 June 2018 at 17:16, nov1ce <nginx-forum@forum.nginx.org> wrote: > Hello, > > 1.14.0-1 running on Debian Stretch: > > # dpkg -l | grep nginx > ii nginxby alexsamad - Nginx Mailing List - English
Silly question why not use postfix for this ? On 20 February 2018 at 18:56, Azusa Taroura <nginx-forum@forum.nginx.org> wrote: > Hi everyone, > > I’m trying to optimize mail-proxy. > My performance test is 1 client sends many request to 1 nginx server. > > > This is my current settings: > > worker_processes auto; > worker_rlimit_nofile 100000; > > #eby alexsamad - Nginx Mailing List - English
Why not just change the log format to exclude the ip address or put in static ip On 14 February 2018 at 12:46, Tom <tom@keepschtum.win> wrote: > Hi, > > I'm wondering if anyone has successfully masked ip addresses in nginx > before they are written to a log file. > > I understand there are reasons why you would and would not do this. > > Anyway, my config so far, whby alexsamad - Nginx Mailing List - English
Hi can you give an example of using a map instead of the if statement ? Thanks On 21 May 2017 at 02:35, c0nw0nk <nginx-forum@forum.nginx.org> wrote: > gariac Wrote: > ------------------------------------------------------- > > I had run Naxsi with Doxi. Trouble is when it cause problems, it was > > really hard to figure out what rule was the problem. I suppose if you &gby alexsamad - Nginx Mailing List - English
Well at least in my case, I can ask the application to make an orderly reconnect. Where if nginx does it it just closes the connection. The option to do it seems like better than having no option. Alex On 20 May 2017 at 21:11, B.R. via nginx <nginx@nginx.org> wrote: > ... and you would end up with connections serving different content (as > per different configuration) on the longby alexsamad - Nginx Mailing List - English
On 20 May 2017 at 08:00, <lists@lazygranch.com> wrote: > My experience with deny in nginx is the url isn't hidden So you don't want to just restrict access but you want to send a 404 not found unless they come from a specific ip address. I think you should be able to ... but my nginx skills are not that good for now.. :) _______________________________________________ nginx mailing lby alexsamad - Nginx Mailing List - English
Yes this exactly, I ended up been schooled by support :) Seems like my understanding of graceful shutdown / reload .. for the list and the archives No keep alive for http1.0, has to be http1.1 client -> nginx keep alive session - these are shutdown once the current request is completed nginx -> backend server keep alive session - these are shutdown once the current request is completedby alexsamad - Nginx Mailing List - English
wouldn't you use location /secret-page/ { deny all allow 1.1.1.1/32; } a On 19 May 2017 at 17:24, ohmykot <nginx-forum@forum.nginx.org> wrote: > Hi! > I've got a server with nginx and a wordpress website running on it. > > On the web-site, I have a wordpress page, i.e. domain.com/secret-page/, > that > I want to restrict access to everybody but 1 specific IP addressby alexsamad - Nginx Mailing List - English
Hi so I have lots of clients on long lived tcp connections , getting rp into 2 back end app servers I had a line in my error log, saying one of the upstream was failed caused it timeout - then I got this 2017/05/18 13:30:42 2662#2662: exiting 2017/05/18 13:30:42 2662#2662: exit 2017/05/18 13:30:42 2661#2661: signal 17 (SIGCHLD) received 2017/05/18 13:30:42 2661#2661: worker process 2662 eby alexsamad - Nginx Mailing List - English
Thats what support have advised me, reload finished the current request and then closes the connection. No longer honors the long lived Alex On 27 April 2017 at 19:21, shivramg94 <nginx-forum@forum.nginx.org> wrote: > We have a persistent connection to Nginx on which we are issuing https > requests. Now when we do a reload, the persistent connections (the requests > which are alby alexsamad - Nginx Mailing List - English
Hi I am using https://gist.github.com/wilhelmy/5a59b8eea26974a468c9 for location /ts/ { #autoindex on; #autoindex_format html; try_files $uri @autoindex; } # need xlst module location @autoindex { autoindex on; autoindex_format xml; xslt_stylesheet xslt/dirlist.xslt path='$uri'; } my problem is, i have a file with a % inby alexsamad - Nginx Mailing List - English
On 26 April 2017 at 00:32, Maxim Dounin <mdounin@mdounin.ru> wrote: > > *) Change: SSL renegotiation is now allowed on backend connections. > What does this mean ? reason I am asking is I would like to setup a site say example.com, that is SSL, with no need for client certs at root URI but I would like to force a reneg at say /private/<...> is that possible ..(I knowby alexsamad - Nginx Mailing List - English
Will it not be logged as a timeout either in access or error/log ? On 20 April 2017 at 03:46, aT <atif.ali@gmail.com> wrote: > HI , > > Is there a way to log all incoming requests on Nginx . > > Regardless of them being served or not . > > For example, In case of surge of crawler hits , if the upstream backend > cannot perform and requests hang , nginx will not loby alexsamad - Nginx Mailing List - English
But long live sessions are closed and I've had lua session information persist with a reload. Needed a restart A On Sun, 9 Apr 2017 at 21:35, B.R. via nginx <nginx@nginx.org> wrote: > You could have got your answer yourself by Reading The... Fine? Manual: > https://nginx.org/en/docs/control.html > > There are tons of interesting pieces of informations there, by the nature >by alexsamad - Nginx Mailing List - English
Hi I have started to use lua file for some dynamic stuff. Whats the best practice to secure them How do I stop them from being downloaded location ~ \.lua$ { send error back } is it best to place all of them into a different directory that isn't under a root ? A _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nby alexsamad - Nginx Mailing List - English
so (have a stab at this) location = /mini { equals http://10.21.169.13/mini and not http://10.21.169.13/mini/ or anything else http://10.21.169.13/mini/* try location /mini { or location /mini/ { A On 28 March 2017 at 12:43, Jun Chen via nginx <nginx@nginx.org> wrote: > > I am configuring a nginx revser proxy. The result should be when user type > http://10.21.169.1by alexsamad - Nginx Mailing List - English
Hi If you asking if some part of the tree can have no ssl client verification, then no https://a.b.c.d/ https://a.b.c.d/This/Some https://a.b.c.d/Not/here Once you turn on client verififcation its on for / and down, no way to turn it off for https://a.b.c.d/Not/here of its on. Shame, I would like to see this feature, but not possible with current code base, I understand. Alex On 28 March 20by alexsamad - Nginx Mailing List - English
Hi I got something like this error_page 404 /stderror404.html; location = /stderror400.html { root /var/www/error; content_by_lua_file /var/www/error/stderror400.lua; internal; allow all; } and the lua file has ngx.say( "Your source ip address is: " .. ngx.var.remote_addr .. ":" .. ngx.var.remote_port .. "<br>&quby alexsamad - Nginx Mailing List - English
Do those pages have access to the previous pages details ? Like for example client_verify ? Thanks A On 22 March 2017 at 21:52, B.R. via nginx <nginx@nginx.org> wrote: > RTFM? :o) > > https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page > --- > *B. R.* > > On Tue, Mar 21, 2017 at 11:18 PM, Alex Samad <alex@samad.com.au> wrote: > >> Hi &gby alexsamad - Nginx Mailing List - English
Hi How would I added custom info to the error page. Say like for 400 if its a cert error, how can I add that to the page and maybe to add in the clients ip address as well A _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby alexsamad - Nginx Mailing List - English
Hi Firstly, I am fairly new to nginx. From what I understand you have a standard sort of setup. 2 nodes (vm's) with haproxy, allowing nginx to be active / passive. You have SSL requests which once nginx terminates the SSL, it injects a security header / token and then I presume it passes this on to a back end, i presume that the nginx to application server is non SSL. You are having performby alexsamad - Nginx Mailing List - English
Hi if I am reading this right, you currently have too much load on 1 nginx server and you wish to releave this by adding another nginx server in front of it ? What I have is 2 nodes, but I use pacemaker instead of keepalive - i like it as a better solution - but thats for another thread. what you can do with pacemaker is have 1 ip address distributed between multiple machines - up to 16 nodes Iby alexsamad - Nginx Mailing List - English
Hi I have a cron script that generates a crl file and places it a file for nginx to read... I believe I reload nginx after doing this I don't think - happy to be proved wrong - that nginx checks for a oscp or crl attribute in the cert and makes the relevant request Alex On 11 January 2017 at 03:44, woodyweaver <nginx-forum@forum.nginx.org> wrote: > I need to use nginx with client valby alexsamad - Nginx Mailing List - English
Hi I do a lot of stuff with client certs, we have just moved from an inhouse RP to using NGINX. But I find that the amount of information about the client cert is very limited. compared to say squid / apache. For example I looking for end date for the client cert. It would be nice if this sort of information could be provided by env variables .. instead of me having to process the raw pem formby alexsamad - Nginx Mailing List - English
Just when through this. your nginx server makes a requets to the OCSP url for information. My nginx servers can't make requests to the internet so I had to use the offline method 2016-11-08 22:36 GMT+11:00 Christian Cioni <christian.cioni@staff.aruba.it>: > Hi, > > on my server have activated a SSL in SNI configuration without problems, > but for the OCSP stapling configuratiby alexsamad - Nginx Mailing List - English