Maxim Dounin Wrote: ------------------------------------------------------- > On Fri, Nov 23, 2018 at 08:43:03AM -0500, Olaf van der Spek wrote: > > > > Why isn't 1.3 enabled by default (when available)? > > > > Syntax: ssl_protocols > > ; > > Default: > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > > > > http://nginx.org/en/dby Olaf van der Spek - Nginx Mailing List - English
> rewrite ^(.*)$ $1?ra=$remote_addr break; The ra argument is inserted before the original query string. Is it possible to append it to the original query string? Is this behavior documented somewhere? Couldn't find it. Can one also remove certain arguments from the query string this way?by Olaf van der Spek - Nginx Mailing List - English
Ian Hobson Wrote: ------------------------------------------------------- > If you place your php files outside the main root directory, and > then do something like this That'd good but unfortunately not common practice. It'd be nice to have better safety by default.by Olaf van der Spek - Nginx Mailing List - English
Ian Hobson Wrote: > http://forumm.nginx.org/read.php?2,88846,page 3 This link doesn't work.. > try_files $uri =404; > fastcgi_split_path_info ^(.+\.php)(/.+)$; > include /etc/nginx/fastcgi_params; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > fastcgi_pass 127.0.0.1:9000; > } > } Unix sockeby Olaf van der Spek - Nginx Mailing List - English
Francis Daly Wrote: > I don't think that stock-nginx has a configuration directive for this. > > "Not putting files that you don't want sent, into a directory that > nginx > has been told to send files from", would probably be the safest way to > avoid external misconfiguration. Sure, but as that's bound to happen anyway sometime somewhere, some defense in depby Olaf van der Spek - Nginx Mailing List - English
Hi, Is there a way to protect against php files being send as static files / source due to some php specific configuration being missed (by accident)? Another web server has this by default: static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )by Olaf van der Spek - Nginx Mailing List - English
Lucas Rolff Wrote: ------------------------------------------------------- > There's nothing wrong with testing the configuration before starting > the web server. Sure, but what effect does it have in the .service file? > The config is tested during restart, by the ExecStartPre. If you But only after the old instance is stopped.. so again, what's the purpose? > modifyby Olaf van der Spek - Nginx Mailing List - English
What's the purpose of testing the configuration file in the systemd example? Just starting the server seems simpler.. and the test isn't run prior to a restart request. ExecStartPre=/usr/sbin/nginx -t https://www.nginx.com/resources/wiki/start/topics/examples/systemd/by Olaf van der Spek - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > > OK, but that file sets some settings differently from documented > defaults, > > which is kinda confusing. > > Wouldn't it make sense to not do that? > > > > I'd prefer the nginx.conf to be as clean and simple as possible. > > As I already tried to explain in Trac tickeby Olaf van der Spek - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > There is no such thing as "defaults from the stock nginx.conf". > The nginx.conf file can be used to set various configuration > parameters. > > Obviously enough, distributions may need to set something in > nginx.conf they ship with nginx packages differently from what is > cby Olaf van der Spek - Nginx Mailing List - English
Olaf van der Spek Wrote: ------------------------------------------------------- > Maxim Dounin Wrote: > ------------------------------------------------------- > > Hello! > > > > On Fri, Nov 23, 2018 at 01:05:55PM -0500, Olaf van der Spek wrote: > > > > > What's the recommendation for distros? Should they explicitly > enable > > > TLSby Olaf van der Spek - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Fri, Nov 23, 2018 at 01:05:55PM -0500, Olaf van der Spek wrote: > > > What's the recommendation for distros? Should they explicitly enable > > TLSv1.3? > > Ideally they'd just stick to upstream defaults, hence my question > about the > > default. > &gby Olaf van der Spek - Nginx Mailing List - English
What's the recommendation for distros? Should they explicitly enable TLSv1.3? Ideally they'd just stick to upstream defaults, hence my question about the default.by Olaf van der Spek - Nginx Mailing List - English
Closing the connection wouldn't really solve the issue would it? There has to be a better way to solve this.by Olaf van der Spek - Nginx Mailing List - English
Why do you want to do this?by Olaf van der Spek - Nginx Mailing List - English
Hi, Why isn't 1.3 enabled by default (when available)? Syntax: ssl_protocols ; Default: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocolsby Olaf van der Spek - Nginx Mailing List - English
Jim Popovitch Wrote: ------------------------------------------------------- > On Thu, 2018-11-15 at 08:36 -0500, Olaf van der Spek wrote: > So a specific use case. What about port 443 (you haven't mentioned it What about it? > yet), except what if it's on a non-routable subnet perhaps 8443 should > be preferred then? Why? > Should nginx also look for certs in /eby Olaf van der Spek - Nginx Mailing List - English
> (see, this is why posting via forums is like cancer. Hint: the forum > rarely sends the context, also not to forget the quoted first line in > the thread opener) A proper forum would do that.. > To address your concerns about nginx configuration, simply put it's not > worth the developers time to reduce configuration to such a level of Are you a nginx developer? >by Olaf van der Spek - Nginx Mailing List - English
Why so hostile?by Olaf van der Spek - Nginx Mailing List - English
> If the directive is not present then either *:80 is used if nginx runs with the superuser privileges, or *:8000 otherwise. It'd be nice if http2 and ssl (if cert is configured) were enabled automatically instead of just listening on port 80.by Olaf van der Spek - Nginx Mailing List - English
Jim Ohlstein Wrote: > Letsencrypt allows multiple domain names in the same certificate. I know, just wondering if nginx supported multiple certs per server. My problem: I've got multiple servers and I'd like the servers to be accessible via the common name (ex.com) and via their dedicated name (a.ex.com, b.ex.com, etc). How do I do this with letsencrypt? If I use certbot the verificatiby Olaf van der Spek - Nginx Mailing List - English
I'm using letsencrypt and have multiple certs with a single name in them.. If I had one cert with multiple names we'd not be having this problem.by Olaf van der Spek - Nginx Mailing List - English
How do I set multiple certificates (for different names) in a single server block? I can easily set multiple server_names but there seems no way to set multiple certificates.. Is the only way to have all names in a single certificate? If so, is this an nginx, an openssl or a TLS limitation?by Olaf van der Spek - Nginx Mailing List - English
Does nginx use / depend on FCGI_GET_VALUES?by Olaf van der Spek - Nginx Mailing List - English
Thanks! I'll see if I can post the full response. The implementation is custom indeed, but I am sending FCGI_END_REQUEST.by Olaf van der Spek - Nginx Mailing List - English
Note the connect(13, ...) and close(13) right after the response has been received. For PHP it's working, but AFAIK there's nothing in the FastCGI protocol that the backend has to do other then keeping the connection open. gettimeofday({tv_sec=1498125120, tv_usec=540583}, NULL) = 0 recvfrom(3, "GET /v2/rides HTTP/1.1\r\nHost: de"..., 1024, 0, NULL, NULL) = 561 socket(AF_UNIX, SOCKby Olaf van der Spek - Nginx Mailing List - English
> proxy_pass http://backend; Is this an error in the docs? I think the http:// here isn't right. http://nginx.org/en/docs/http/ngx_http_upstream_module.htmlby Olaf van der Spek - Nginx Mailing List - English
This is what I've got: upstream backend { server unix:/tmp/backend.socket; keepalive 99; } location /v2 { include fastcgi.conf; fastcgi_keep_conn on; # fastcgi_pass unix:/tmp/backend.socket; fastcgi_pass backend; } I checked with strace and it appeared to close the backend connection right away. Perhaps I made a mistake, I'll check again.by Olaf van der Spek - Nginx Mailing List - English
What does it take to enable KeepAlive for FastCGI upstream servers? I've set upstream { keepalive 99; } and location { fastcgi_keep_conn on; ] but nginx is still closing the connection after each request.by Olaf van der Spek - Nginx Mailing List - English
Why does fastcgi_keep_conn default to off? On seems to be the faster option.by Olaf van der Spek - Nginx Mailing List - English
![]() |
![]() |
![]() |
![]() |
![]() |