Show all posts by user
A portal to and from the mailing list.
Re: trying to disable gzip - 5 weeks ago
On Thu, Oct 19, 2023 at 12:36 AM alienmega via nginx <nginx@nginx.org> wrote: > > Thank you for the information. I didnt notice I was lookgin at the wrong place. It turns out that the culprit is cloudflare. If I dont use it, I can see the gzip going on and off(as expected), but as soo as I use cloudflare, it overwrites that response. Now I need to check on cloudflare if there is anyby noloader - Nginx Mailing List - English
Re: OT: Rapid Reset attacks on HTTP/2 - 6 weeks ago
On Tue, Oct 10, 2023 at 3:04 PM Maxim Dounin <mdounin@mdounin.ru> wrote: > > On Tue, Oct 10, 2023 at 02:50:37PM -0400, Jeffrey Walton wrote: > > > This just made my radar: > > https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html. > > > > From the article: > > > > F5, in an independent advisory of its own, said the attack impactsby noloader - Nginx Mailing List - English
OT: Rapid Reset attacks on HTTP/2 - 6 weeks ago
Hi Everyone, This just made my radar: https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html. From the article: F5, in an independent advisory of its own, said the attack impacts the NGINX HTTP/2 module and has urged its customers to update their NGINX configuration to limit the number of concurrent streams to a default of 128 and persist HTTP connections for up to 10by noloader - Nginx Mailing List - English
Re: Compatibility of X25519Kyber768 ClientHello - 7 weeks ago
On Mon, Oct 9, 2023 at 11:55 AM Gentry Deng via nginx <nginx@nginx.org> wrote: > > ... > I'm able to reproduce the problem. It looks like a bug in www.paypal.cn's server. They didn't implement TLS 1.2 correctly. Specifically, they do not correctly handle when the ClientHello comes in in two reads. Before Kyber, this wasn't very common because ClientHellos usually fit in a packet.by noloader - Nginx Mailing List - English
Re: TLS 1.2 and TLS1.3 extensions supported by nginx - 7 months ago
On Wed, Apr 19, 2023 at 8:03 AM preetham g <preetham.1si12is030@gmail.com> wrote: > > I wanted the list of the TLS 1.2 and TLS 1.3 extensions that are currently being supported by the Nginx. Can you please provide the same. > Nginx uses OpenSSL for TLS. You may want to ask the OpenSSL folks. Be sure to tell them which version of OpenSSL you are using. Jeff ______________________by noloader - Nginx Mailing List - English
Re: Nginx using HTPPS but without SSL ??? - 10 months ago
On Thu, Jan 26, 2023 at 8:26 PM Gus Flowers Starkiller <relectgustfs@gmail.com> wrote: > > I need test some pages in my office but with a different domain and I don't have SSL certificates. > > Is there any way to publicate a web site with an alias? > For example mysite1.com (using nginx) to siteok.domain.com ??? You can add an alias or cname record in DNS that says mysite1by noloader - Nginx Mailing List - English
Re: Is there a conflict between Debian Bullseye and nginx? - 11 months ago
On Fri, Dec 16, 2022 at 11:23 AM Mike Lieberman <mike@netwright.net> wrote: > > On Fri, 2022-12-16 at 15:59 +0000, Francis Daly wrote: > > > On Fri, Dec 16, 2022 at 04:27:15PM +0800, Mike Lieberman wrote: > > > > You have configured your nginx to listen on port 80 on all IP addresses. > > > > You have configured your apache to listen on port 80 on all Iby noloader - Nginx Mailing List - English
Re: Your connection is not private error on Android device - 1 year ago
On Mon, Nov 14, 2022 at 4:59 PM James Read <jamesread5737@gmail.com> wrote: > ... > OK. Thanks. I rearranged the file and deleted some certificates. Now > sslabs is reporting no chain issues for Certificate #1: RSA 2048 bits > (SHA256withRSA) but for Certificate #2: RSA 2048 bits (SHA256withRSA) it > is reporting > Chain issues > *Incomplete, Extra certs, Contains anchoby noloader - Nginx Mailing List - English
Re: Help with nginx.conf - 1 year ago
On Fri, Nov 11, 2022 at 1:43 PM Gus Flowers Starkiller < relectgustfs@gmail.com> wrote: > > Hi ! Thanks a lot for your explanation ! Well I've installed some Nginx servers all cases like configured like Proxy Reverse, But, at first I installed Nginx from pages different from Nginx.org but the source were get from nginx too (i think) and cases like nginx.conf is happening, different filby noloader - Nginx Mailing List - English
Re: Client can't negotiate with TLS 1.0 and 1.1 - 1 year ago
On Wed, Aug 24, 2022 at 4:25 PM Fabiano Furtado Pessoa Coelho <fusca14@gmail.com> wrote: > > Hi... > > I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server > with one NIC and 2 IPs, with the following config: > > * config based on > https://ssl-config.mozilla.org/#server=nginx&version=1.22.0&config=intermediate&openssl=3.0.5&guideline=5by noloader - Nginx Mailing List - English
Spurious DNS lookups due to Host header? - 1 year ago
Hi Everyone, I'm examining a webapp which had a scan looking for security related errata and vulnerabilities. The app is hosted on Google Cloud (GPC) and the webserver is Nginx. Only the app was scanned. GPC and Nginx were not scanned. The scan produced an interesting finding I have not seen before. The finding is, a HTTP Request using a fake Host: header produces a DNS lookup. I think the conceby noloader - Nginx Mailing List - English
Re: NGINX "--with-zlib=..." linker error - 1 year ago
On Mon, Mar 28, 2022 at 3:35 PM Fabiano Furtado Pessoa Coelho <fusca14@gmail.com> wrote: > > Hi... > > I'm using https://nginx.org/packages/rhel/8/SRPMS/nginx-1.20.2-1.el8.ngx.src.rpm > to compile NGINX to RHEL 8.5, with "--with-openssl=/openssl_1_1_1n" > parameter in the "%define BASE_CONFIGURE_ARGS" .SPEC file, and it > works fine. The NGINX packageby noloader - Nginx Mailing List - English
Re: "SSL: error:0A0000B9:SSL routines::no cipher match" with Mozilla modern ciphers v5.5 - 1 year ago
On Fri, Feb 18, 2022 at 6:57 AM petecooper <nginx-forum@forum.nginx.org> wrote: > > I am following up with fresh eyes.The 3x ciphers that cause problems are: > > TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 > > I have just noticed each cipher name above has an underscore `_` character > as a separator. The working ciphers all use a dash `-`by noloader - Nginx Mailing List - English
Re: Obvious malware rejection module? - 1 year ago
On Mon, Feb 14, 2022 at 6:17 PM lists <lists@lazygranch.com> wrote: > ... > > I have plenty of transit capacity. I can serve 3TB a month and I do 30GB. > What I don't have is CPU power. I have a one CPU VPS. The CPU is shared > resource. I think the RAM used by the VPS is more "available," if that > makes any sense. That is they don't swap you out but let your VPby noloader - Nginx Mailing List - English
Re: ssl_reject_handshake disallow TLSv1.3 - 1 year ago
On Tue, Feb 8, 2022 at 8:02 AM Sergey Kandaurov <pluknet@nginx.com> wrote: > > > > On 8 Feb 2022, at 14:15, rjvbzeoibvpzie <nginx-forum@forum.nginx.org> wrote: > > > > ssl_protocols TLSv1.2 TLSv1.3; > > > > server { > > listen 443 ssl default_server; > > ssl_reject_handshake on; > > } > > > > This does not allow Aby noloader - Nginx Mailing List - English
Re: Strategies for large-file upload? - 1 year ago
On Tue, Feb 8, 2022 at 9:27 AM Alva Couch <ACouch@cuahsi.org> wrote: > > I’m new to this list but have been running an NGINX community stack including NGINX community/Gunicorn/Django for several years in production. > > My site is a science data repository. We have a need to accept very large files as uploads: 10 gb and above, with a ceiling of 100 gb or so. > > Whaby noloader - Nginx Mailing List - English
Re: Tuning client request buffering in ngx_http_proxy_module - 1 year ago
On Wed, Feb 2, 2022 at 12:45 PM bengalih <nginx-forum@forum.nginx.org> wrote: > > > Note that SSL is likely the most important contributor to CPU > > utilization in this setup. It might be a good idea to carefully > > tune ciphers used. > > I believe I have set this fairly appropriately. If you know of a resource > that would explain this in more detail I woulby noloader - Nginx Mailing List - English
Re: ktls nginx not working - 1 year ago
On Thu, Jan 27, 2022 at 8:52 AM Anoop Alias <anoopalias01@gmail.com> wrote: > > I am trying to implement/test ktls as per the blog article > > https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/#tls-protocol > > ########################### > This is done on CentOS8 VM > > # uname -r > 4.18.0-348.7.1.el8_5.x86_64 > #########################by noloader - Nginx Mailing List - English
Re: Use prebuilt Bzip, zLib and OpenSSL? - 1 year ago
On Mon, Jan 10, 2022 at 10:40 PM Jeffrey Walton <noloader@gmail.com> wrote: > > I need to build a modern Nginx from sources on an older platform. The > need arises because the organization can't upgrade a particular set of > machines. We want to set up a Nginx proxy to handle the front-end > work. Thanks Maxim and Thomas. I dropped back to PCRE and Nginx builds fine. If intby noloader - Nginx Mailing List - English
Re: Use prebuilt Bzip, zLib and OpenSSL? - 1 year ago
On Tue, Jan 11, 2022 at 4:02 PM Thomas Ward <teward@thomas-ward.net> wrote: > > Which NGINX are you attempting to compile? Last I checked only the 1.21.x branch (Mainline) has support for PRCE2, unless I missed a stable branch release note... > Thanks Thomas. Nginx version is 1.20.2. I guess I'll wait for 1.21 to become a stable release. Thanks. ________________________________by noloader - Nginx Mailing List - English
Re: Use prebuilt Bzip, zLib and OpenSSL? - 1 year ago
On Tue, Jan 11, 2022 at 8:27 AM Maxim Dounin <mdounin@mdounin.ru> wrote: > > Hello! > > On Mon, Jan 10, 2022 at 10:40:09PM -0500, Jeffrey Walton wrote: > > > I need to build a modern Nginx from sources on an older platform. The > > need arises because the organization can't upgrade a particular set of > > machines. We want to set up a Nginx proxy to handle thby noloader - Nginx Mailing List - English
Use prebuilt Bzip, zLib and OpenSSL? - 1 year ago
Hi Everyone, I need to build a modern Nginx from sources on an older platform. The need arises because the organization can't upgrade a particular set of machines. We want to set up a Nginx proxy to handle the front-end work. I've got Bzip, zLib and OpenSSL built and installed in /opt, but I am having trouble getting Nginx to compile and link against them. In this case we don't want Nginx buildby noloader - Nginx Mailing List - English
Git Plugin - 4 years ago
Hi Everyone, I'm running a Fedora 31 server. The server hosts one Nginx-based website on 80 and 443. The server also hosts one Git-project. The Git project is located at /var/myproject and only accessible over SSH at the moment. I'd like to put a web front-end on the Git project for browsing and diff'ing. Searching the forum I don't see discussions of Git plugins or Nginx front-ends for Gby noloader - Nginx Mailing List - English
 |
 |
 |
 |
|