Show all posts by user
A portal to and from the mailing list.
Page 1 of 2 Pages: 12
Results 1 - 30 of 34
Re: Nginx Support required - 25 days ago
You accepted when you installed it, no one is your support, but if you ask nicely and stop with the FN demands, you may get a little help, as this nice person did. This is not what this type of software is about, and its your bad for not understanding. This is not only for you, but would like it to live on...you're not the first, you can still turn your thinking around. I can tell how much thesby jeffdyke - Nginx Mailing List - English
Re: How to run a shell script on every request? - 5 weeks ago
Can you explain why? I would never tie a script to a request. I post process logs all of the time. If it needs to be in the application, don't force it into Nginx. Strong statement, but would love to hear why? On Fri, Aug 18, 2023 at 9:47 AM Kaushal Shriyan <kaushalshriyan@gmail.com> wrote: > Hi, > > I am running nginx version: nginx/1.24.0 on CentOS Linux release 7.9.2009 &by jeffdyke - Nginx Mailing List - English
Re: Is this an attack or a normal request? - 3 years ago
I've seen the rest of this thread, and there are many good ideas, fail2ban is great, i actually use it with wazuh. The best security measure i ever made with wordpress is changing the name of the /admin/login.php and disabling or at least access listing the api. If no one needs api access, shut it off. With fail2ban with wazuh, perhaps fail2band handles this on its own, you can set up volume rby jeffdyke - Nginx Mailing List - English
Re: Removing Null Character from Query Parameter - 3 years ago
no offense to the OP, but i love Maxim. Direct and to the point, and in this case, as usual, he is correct. You should not look at what the requester wants, before understanding what the sender should provide. On Thu, Jun 25, 2020 at 2:18 PM Maxim Dounin <mdounin@mdounin.ru> wrote: > Hello! > > On Thu, Jun 25, 2020 at 02:02:35PM -0400, anish10dec wrote: > > > Thanks Maxby jeffdyke - Nginx Mailing List - English
Re: right config for letsencrypt - 3 years ago
since i do this through haproxy, it will be a little different, but where ever port 80 is open to you can have a block that does the following so in the http block of haproxy i send it to a backend when it meets these requirements. acl letsencrypt-request path_beg -i /.well-known/acme-challenge/ redirect scheme https code 301 unless letsencrypt-request use_backend letsencrypt-backend if letsencrby jeffdyke - Nginx Mailing List - English
Re: How to do location /test/place?id=2 - 3 years ago
I know this is not an answer to your question, but it begs another, mainly due to the if statement. How many of these are you going to have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ You've likely considered this, but if not wanted to throw it out there. Even if you are moving domains, could you create a separate route that you could key off rather than arg_id? Random thby jeffdyke - Nginx Mailing List - English
Re: packages built for Ubuntu 18.04 - 4 years ago
Given what that post states and since openssl 1.1.1 hit 18.04 the other day, i'd assume the next build would be based off of 1.1.1? While i use nginx, i terminate SSL at HAProxy, and that is what occurred last week. On Tue, Jun 18, 2019 at 2:17 PM Zeev Tarantov <zeev@initech.co.il> wrote: > The openssl package for Ubuntu 18.04 (bionic) was recently upgraded to > openssl 1.1.1 with Tby jeffdyke - Nginx Mailing List - English
Re: I'm about to embark on creating 12000 vhosts - 4 years ago
Hi Richard. HAProxy defaults to reading all certs in a directory and matching hosts names via SNI. Here is the top of my haproxy config, you can see how i redirect LE requests to another server, which solely services up responses to acme-challenges: frontend http mode http bind 0.0.0.0:80 #if this is a LE Request send it to a server on this host for renewals acl letsencrypt-request patby jeffdyke - Nginx Mailing List - English
Re: I'm about to embark on creating 12000 vhosts - 4 years ago
I use haproxy in a similar way as stated by Rainer, rather than having hundreds and hundreds of config files (yes there are other ways), i have 1 for haproxy and 2(on multiple machines defined in HAProxy). One for my main domain that listens to an "real" server_name and another that listens to `server_name _;` All of the nginx servers simply listen on 80 and 81 to handle non H2 clientsby jeffdyke - Nginx Mailing List - English
Re: no TLS1.3 with 1.15.5 - 4 years ago
Hi. I know this does not solve the problem, but curious if you found a package that was compiled with 1.1.1 or compile it yourself. Generally i like to avoid the later as everything is managed through salt, but am interested in TLSv1.3 Thanks, Jeff On Tue, Nov 6, 2018 at 1:19 PM Maxim Dounin <mdounin@mdounin.ru> wrote: > Hello! > > On Sat, Nov 03, 2018 at 06:14:15PM +0000, Bogby jeffdyke - Nginx Mailing List - English
Re: A fatal 301 redirect... - 5 years ago
I think this problem is better solved allowing 80 to be open and a separate server block. Since i terminate from haproxy, from memory something like this, in the same vhost file. Obviously you can listen here on H/2 if you want to as well. server { listen 80 default_server; server_name test.ppp.fr; return 301 https://$server_name$request_uri; } Best, jeff On Mon, Sep 17, 2018 at 6:10 Pby jeffdyke - Nginx Mailing List - English
Re: rewrite rule: MediaWiki to static site - 5 years ago
Seems like you have a solution, but i've done this recently in the reverse and found this configuration to be incredibly helpful, with little reason to ever update. I check the primary (static in my case) site first and if it 404's it is sent to a different proxy_pass. As you can guess i use the Play Framework. location @corporate { proxy_pass http://corporate-server$uri; proxy_intercby jeffdyke - Nginx Mailing List - English
Re: HTTPS over port 443 - 5 years ago
how about adding server { listen 80; redirect https://$host$request_uri 301; //YYMV as to what destination you need them to end up at. } On Tue, Aug 7, 2018 at 3:58 PM, fugee ohu <fugee279@gmail.com> wrote: > What do you mean by "also have a port 80 config" ? The port 80 configs > are my other sites that I haven't created certificates for yet The > port 80 configby jeffdyke - Nginx Mailing List - English
Re: 301 Redirect from www version to non www. - 5 years ago
A couple things here guess. Is 80 even open in the firewall? Also could cloudflare be picking up 80 and redirecting to https, also this won't solve your problem, but having a server name prefixed with https is not valid, it may pass a configtest, but not sure that it would every match. On Fri, Mar 23, 2018 at 3:06 PM, lichandro <nginx-forum@forum.nginx.org> wrote: > Hello I have to redby jeffdyke - Nginx Mailing List - English
Re: domain only reachable with https:// in front - 5 years ago
I think it is unfortunate that certbot does it this way, with an if statement, which i believe is evaluated in every request. I use something like the following (with your names): server { listen 80 default_server; listen [::]:80 default_server; server_name pstn.host www.pstn.host; return 301 https://$host$request_uri; } server { listen 443 ssl default_server; ssl_certificate /etc/lby jeffdyke - Nginx Mailing List - English
Re: nginx cache growing well above max_size threshold - 6 years ago
You can actually can run H/2 through HAProxy, using ALPN to determine if the client understands H/2 I have the following (snippet of a) config that sends to different nginx ports based on the ALPN response. frontend https mode tcp bind 0.0.0.0:443 ssl crt /etc/haproxy/certs alpn h2,http/1.1 ecdhe secp384r1 http-response set-header Strict-Transport-Security "max-age=16000000; includeSuby jeffdyke - Nginx Mailing List - English
Re: Multiple certificates in one server block? - 6 years ago
Jim is correct, letsencrypt supports that ....wow, sorry for trying to help, that was a bit caustic, that information would be helpful in the original question. Enjoy the weekend. On Fri, Aug 4, 2017 at 9:40 AM, Jim Ohlstein <jim@mailman-hosting.com> wrote: > Hello, > > On 08/04/2017 09:36 AM, Olaf van der Spek wrote: > > I'm using letsencrypt and have multiple certs with aby jeffdyke - Nginx Mailing List - English
Re: Multiple certificates in one server block? - 6 years ago
i assume you have some sort of UCC certificate, if so you should be able to use it with multiple server_names, but have multiple ssl_certificates in a single server block is a limitation of nginx from what i understand. Most relavant information is here: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate, as there are too many quesitons regarding your certs, if you use SNI etby jeffdyke - Nginx Mailing List - English
Re: block google app - 6 years ago
I ended up digging a bit more and found that I believe Richard to be correct in both cases. I would check the ips and see who they belong to, you may just be hurting your mobile users. On Thu, Jun 22, 2017 at 11:03 AM, Richard Stanway <r1ch+nginx@teamliquid.net > wrote: > That user agent doesn't belong to a Google crawler - they are end-user > requests from the Google App (mobileby jeffdyke - Nginx Mailing List - English
Re: block google app - 6 years ago
I'm glad you found the solution, but being a Google crawler, it would likely respect a robots.txt file with Disallow: images/*, which if it worked would allow you to remove an if clause from being evaluated on every page load. You may have already tried it. But i have a feeling you'll start to find more that are after this directory. When i was at an image heavy start up, we had every one imagiby jeffdyke - Nginx Mailing List - English
Re: invalid default_server parrameter - 6 years ago
if you're using sni, you should be able to use _ as the server_name or remove default server b/c if this is going to represent many servers, from memory, default_server is not a value you want. for example i run nginx behind haproxy to create letsencrypt certs, which will listen to currently dozens of request: (of course you may not require proxy_protocol) ---- listen 8888 proxy_protocol; serveby jeffdyke - Nginx Mailing List - English
Re: Logging all requests onNginx - 6 years ago
this might be helpful - http://stackoverflow.com/questions/12315832/how-to-fix-nginx-throws-400-bad-request-headers-on-any-header-testing-tools/17289826#comment16555393_12315832 On Wed, Apr 19, 2017 at 7:53 PM, Jeff Dyke <jeff.dyke@gmail.com> wrote: > untested, but if you set error_log to the correct level, it should log > there as it likely received a > 300 response from the backby jeffdyke - Nginx Mailing List - English
Re: Logging all requests onNginx - 6 years ago
untested, but if you set error_log to the correct level, it should log there as it likely received a > 300 response from the backends. I don't think you want these in your access logs, but i am suprised you don't get some sort of non < 400 response in those logs. But it's been a long day.... On Wed, Apr 19, 2017 at 7:06 PM, Alex Samad <alex@samad.com.au> wrote: > Will it not be lby jeffdyke - Nginx Mailing List - English
nginx-extras - 6 years ago
I realize this may not be the best place to ask, but thought someone may know. I am using nginx-extras which runs 1.10, for some very helpful lua functionality, and nginx stable just hit the apt repositories on 1.12, does anyone know how quickly nginx-extras may be updated to 1.12? I would like to avoid self compilation as all machines are managed via saltstack. and i would like to take advantagby jeffdyke - Nginx Mailing List - English
Re: nginScript and accessing cookies - 6 years ago
at first glance i thought this may be dead, but perhaps you'd should look here: https://www.nginx.com/blog/introduction-nginscript/, which supports both Plus and OSS versions. I've been working with the lua module via nginx-extras on ubuntu, they suit my needs, but that page may help you. Jeff On Sun, Apr 9, 2017 at 6:42 PM, Unsay Mono via nginx <nginx@nginx.org> wrote: > Hey everyoneby jeffdyke - Nginx Mailing List - English
Re: upload xml file - 6 years ago
what do you want it to do? if you're talking nginx without any application backend you could do a lot with some lua locations, or you're going to pass that request to another process, or serve a static (xml) file from the file system. Nginx does support XML just fine, its all a matter of what you want your application to do. On Fri, Mar 10, 2017 at 12:01 PM, Ran Shalit <ranshalit@gmail.com>by jeffdyke - Nginx Mailing List - English
Re: another "bind() to 0.0.0.0:80 failed (98: Address already in use)" issue - 6 years ago
depending on the version you may want to look for /etc/nginx/conf.d/default.conf, when i have been building servers (i use salt for configuration management) i have in my state file that includes file.absent: - /etc/nginx/conf.d/default.conf which will ensure the file does not exist immediately after install, and when i startup my virtual hosts all is well. Based on your statements that may/nby jeffdyke - Nginx Mailing List - English
Re: Move from apacht to nginx - 6 years ago
There is an `allow all` in a location block, but i would recommend that you determine what part of All is really needed from your Apache config and apply only those rules that need to make the site work. I used apache in exactly this nature for a while and then dug in and found that i only needed one or two of the directives that can go after AllowOverride. This is not direct help i realize butby jeffdyke - Nginx Mailing List - English
Re: SNI and certs. - 6 years ago
Just a personal preference, but i put an https version in front of all sites(and redirect 80 to 443) and keep the certs up to date for free with lets-encrypt/certbot (i have nothing to do with the company), with SNI, one IP. This is simple as I keep the nginx configurations up to date with a configuration management tool (saltstack in my case). That's my philosophy on 80 vs 443 and a mixed case,by jeffdyke - Nginx Mailing List - English
Re: Blocking tens of thousands of IP's - 6 years ago
what is your firewall?, that is the place to block subnets etc, i assume they are not random ips, they are likely from a block owned by someone?? On Tue, Nov 1, 2016 at 5:37 PM, CJ Ess <zxcvbn4038@gmail.com> wrote: > I don't think managing large lists of IPs is nginx's strength - as far as > I can tell all of its ACLs are arrays that have the be iterated through on > each request.by jeffdyke - Nginx Mailing List - English
Page 1 of 2 Pages: 12
 |
 |
 |
 |
|