Show all posts by user
Any other nginx or tech related discussion may be entered here.
How to block X-Forwarded-For : 127.0.0.1 - 5 weeks ago
Hi Team, Ref to the tweet and wondering if we can block those on Nginx reverse proxy? https://twitter.com/0x0SojalSec/status/1622998359920488448?s=20&t=CxvlX1phoHnMfZOhk7j-5wby blason - Nginx Mailing List - English
Re: Unable to redirect portal, can someone please help - 2 months ago
Just to clear doubts this is SAP HANA Fiori portal and I wanted to put that behind Nginx reverse proxy.by blason - Nginx Mailing List - English
Unable to redirect portal, can someone please help - 2 months ago
Hi Team, Here is the some weird issue I am facing and I really appreciate if someone can help? I have portal test.example.com which is currently being accessed as https://test.example.com:44300/sap/bc/ui2/flp I need to put this behind Nginx reverse proxy however I want user to access only http://test.example.com --> It will be redirected to https://test.example.com//sap/bc/ui2/flp Thby blason - Nginx Mailing List - English
Re: Restarting service takes too much time - 3 months ago
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive.by blason - Nginx Mailing List - English
Re: Restarting service takes too much time - 3 months ago
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive.by blason - Nginx Mailing List - English
Re: Restarting service takes too much time - 3 months ago
Hi, Did you check error log or syslog? Is that spitting out any errors? Do you have SSL_OCSP settings configured and it might not be able to reach to the protocol? I mean I had 45 portals and was facing a same issue. Later when I done the debug I found that ocsp.godaddy.com was not reachable and it verifies every time we reload the service. Just a heads up though.by blason - Nginx Mailing List - English
Re: Content Security Policy Headers are not appearing - 3 months ago
I see - that;s a nice suggestion. Let me see how this goes.by blason - Nginx Mailing List - English
Re: Content Security Policy Headers are not appearing - 3 months ago
Well this is particularly I noticed for https vhost config. The CSP headers are properly being displayed for http but not https. Here is my config more /etc/nginx/conf.d/sec-headers.conf add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" always; server { include /etc/nginx/apploxconf.d/applox-bots-declaby blason - Nginx Mailing List - English
Content Security Policy Headers are not appearing - 3 months ago
Hi All, I am trying to set a CSP headers in my nginx reverse proxy and those are not appearing even after multiple attempts. Any idea what is wrong or why the header is not getting added? TIA Blason Rby blason - Nginx Mailing List - English
Re: nginx listen port 8443, redirect 8080 port to another IP - 3 months ago
Yes - with Proxy_pass you can and if not use Iptables to port forward the traffic.by blason - Nginx Mailing List - English
Can someone guide me about building a CSP Server on Nginx? - 3 months ago
Hi Guys, I am about to implement a CSP policy for my servers on my nginx reverse proxy server. Since those are production websites as per guidelines I need to put the policy in report only mode and send a report to another webserver which would accept the POST response. However I tried building a simple webserver on nginx but no luck. Can someone please help me about building an CSP report oby blason - Nginx Mailing List - English
Re: Running ssl on custom port and its not working - 4 months ago
Nothing interesting as such however below is the curl output from nginx server curl -I https://xxx.xxxx.xxx:8081/neutrino-sso-web HTTP/1.1 302 Found Date: Thu, 17 Nov 2022 17:57:10 GMT Server: JBoss-EAP/7 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Powered-By: Undertow/1 X-Powered-By: JSP/2.3 X-Frame-Options: DENY Location: https://xxxx.xxxx.xxxx:8081/neutrby blason - Nginx Mailing List - English
Running ssl on custom port and its not working - 4 months ago
Hi Team, I have current URL as https://xxx.xxx.xxx:8081/neutrino-sso-web/ which is directly natted on firewall on pot 8081 However I now would like to put this URL behind nginx reverse proxy. Since the above URL is given to lot many customers it would not be possible to change the URL. we are planning to change it graudally. However mean time I installed the nginx and trying to relay the saby blason - Nginx Mailing List - English
Re: Rewrite rules not working - 4 months ago
Thanks appreciate it. Will have to check and confirm. By the way which one would you confirm is preferable method rewrite or return?by blason - Nginx Mailing List - English
Rewrite rules not working - 4 months ago
Hi Team, I am trying to write a below rewrite rule but somehow this is not working and I would really appreicate if someone can help me on this? I have a website http://web1.example.local/web1 Instead I need a rewrite so that if user enters http://web1.example.local it will be diverted to http://web1.example.local/web1 server { listen 80; server_name web1.example.localby blason - Nginx Mailing List - English
Re: SSL Acceleration or Offloading with Nginx - 7 months ago
Any specific card or hardware device that you can suggest for the setup?by blason - Nginx Mailing List - English
Re: SSL Acceleration or Offloading with Nginx - 7 months ago
Thanks a lot for your inputby blason - Nginx Mailing List - English
SSL Acceleration or Offloading with Nginx - 7 months ago
Hi Team, I wanted to know the possibilities with Nginx SSL offloading to separate CPU card or any other hardware? How do I achieve better performance with Nginx SSL offloading? Do I need to go with more CPU cores? or dedicated card or any other mechanism? Can someone please suggest? TIAby blason - Nginx Mailing List - English
Re: Nginx reverse proxy gzip for json payload - 9 months ago
This is fine - I need a part from Nginx to client. And thanks for clarifying about nginx compressing the request which are only in responses.by blason - Nginx Mailing List - English
Re: Keepalived with nginx open source - 9 months ago
Thanks for input; much appreciated.by blason - Nginx Mailing List - English
Re: Nginx reverse proxy gzip for json payload - 9 months ago
Thanks for the reply. Let me try doing that.by blason - Nginx Mailing List - English
Nginx reverse proxy gzip for json payload - 9 months ago
Hi Team, I currently have IIS server and I am planning to put reverse proxy server in front of that IIS server. Since this IIS server carries a huge request in every request that is around 40-50 Mb of data is being uploaded at every transaction I need to enable gzip on for the server. However I see only html/text files can be gzipped and if any specific other data needs to be gzipped then needby blason - Nginx Mailing List - English
Keepalived with nginx open source - 9 months ago
Hi Team, I am going to deploy two nginx reverse proxy servers and I wanted them in HA mode. I see keepalived is available with Plus version however keepalived being an open source can be used with Open source version as well? Can someone please confirm if keepalived or any other approach can help me in achieving Active-Passive setup of nginx reverse proxies? TIA Blason Rby blason - Nginx Mailing List - English
Re: Change customer Server Header without compiling it? - 1 year ago
Right - And that helped a lot. Thanks for the quick helpby blason - Nginx Mailing List - English
Change customer Server Header without compiling it? - 1 year ago
Hi Team, I have Ubuntu 20.04 and Nginx 1.20.1 installed from Official Nginx repository. I already have made the server_tokens to off however wondering if customer header can be added without recompiling it? With any modules or packages on ubuntu 20.04? TIA Blason Rby blason - Nginx Mailing List - English
Re: Getting weird issue with Nginx reverse Proxy - 1 year ago
Thanks team for your help but I had to find an alternative and instead I hosted the site on Nginx server itself. Which currently is working fine.by blason - Nginx Mailing List - English
Re: Getting weird issue with Nginx reverse Proxy - 1 year ago
user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; load_module modules/ngx_http_modsecurity_module.so; events { worker_connections 768; # multi_accept on; } http { map $http_upgrade $connection_upgrade { default upgrade; '' close; } ## # Basic Settings ##by blason - Nginx Mailing List - English
Re: Getting weird issue with Nginx reverse Proxy - 1 year ago
Here is Apache config <VirtualHost fs.example.com:80> ServerAdmin webmaster@example.com DocumentRoot /var/www/fs/ ServerName fs.example.com ServerAlias fs.example.com ErrorLog /var/log/apache2/fs/error.log CustomLog /var/log/apache2/fs/access.log combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Refby blason - Nginx Mailing List - English
Re: Getting weird issue with Nginx reverse Proxy - 1 year ago
Here are the debug logs - If that would help https://pastebin.com/K3521Cnkby blason - Nginx Mailing List - English
Getting weird issue with Nginx reverse Proxy - 1 year ago
Hi Team, My portal name is lets say fs.example.com and it is configured on apache server which is then proxied to internet using Nginx reverse proxy. However I tried everything I was aware of and I am consistently getting below error whenever this URL is accessed. I am running out of ideas about troubleshooting the issue and I need a help on it. Here is Nginx config file ``` server {by blason - Nginx Mailing List - English
 |
 |
 |
 |
|