Show all posts by user
A portal to and from the mailing list.
Re: SPDY Installed but not working? - 10 years ago
I did a replace on OpenSSL using YUM which should have removed all of the existing 0.98 version I presume. Nginx was a clean install (from source) so shouldnt have clashed with anything? I'm not sure where to go from here, nothing in the error logs. Previously when I tried to run spdy/nginx and the wrong version was installed, it showed this in the error logs, but this no longer happens on thisby benseb - Nginx Mailing List - English
Re: RE: SPDY Installed but not working? - 10 years ago
$ ldd /usr/sbin/nginx linux-vdso.so.1 => (0x00007fffbe7ff000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fe08af81000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fe08ad49000) libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fe08ab1d000) libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fe08a8b8000) libcrypto.so.10 => /usr/lby benseb - Nginx Mailing List - English
Re: RE: SPDY Installed but not working? - 10 years ago
Yes - if you tell me how?by benseb - Nginx Mailing List - English
Re: SPDY Installed but not working? - 10 years ago
The compile command I used was: --user=nginx --group=nginx --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --httpby benseb - Nginx Mailing List - English
Re: RE: SPDY Installed but not working? - 10 years ago
Also, does this help? # nginx -V nginx version: nginx/1.4.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabled See 'TLS NSI support enabled'?by benseb - Nginx Mailing List - English
Re: RE: SPDY Installed but not working? - 10 years ago
It was installed via yum -(IUS) I installed both OpenSSL10 and openssl10-libs.x86_64 : A general purpose cryptography library with TLS implementation # openssl version -a OpenSSL 1.0.1e 11 Feb 2013 built on: Wed Feb 13 11:31:32 EST 2013 platform: linux-x86_64 options: bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIBby benseb - Nginx Mailing List - English
SPDY Installed but not working? - 10 years ago
We have installed Nginx on CentOS 6. This is a new install using Nginx 1.4.1 and OpenSSL 1.0.1e We then confgured our vhosts to use SPDY, however using a few different tests, it's showing that SPDY is not enabled? There are no messages in the logs and it restarts fine? spdycheck.com: ----------------------- Missing NPN Extension in SSL/TLS Handshake Sorry, but this server is not includby benseb - Nginx Mailing List - English
Re: SPDY Installed but not working? - 10 years ago
Hmm, still not working. I'm implementing this on a load balancer. Will it make any difference? We use HTTPS between the LB and the web nodes, but I presume the SPDY element only needs to be in place between the client and the load balancer?by benseb - How to...
SPDY Installed but not working? - 10 years ago
We have installed Nginx on CentOS 6. This is a new install using Nginx 1.4.1 and OpenSSL 1.0.1e We then confgured our vhosts to use SPDY, however using a few different tests, it's showing that SPDY is not enabled? There are no messages in the logs and it restarts fine? spdycheck.com: ----------------------- Missing NPN Extension in SSL/TLS Handshake Sorry, but this server is not includby benseb - How to...
Re: Load Balancer -> Reverse Proxy - help with IP Address X-Forwarded-For - 11 years ago
Can anyone help?by benseb - How to...
Re: Load Balancer -> Reverse Proxy - help with IP Address X-Forwarded-For - 11 years ago
I have just seen this patch, would it work for my setup? http://forum.nginx.org/read.php?29,227703,227947#REPLY Is there any alternative to patching?by benseb - How to...
Load Balancer -> Reverse Proxy - help with IP Address X-Forwarded-For - 11 years ago
Hi I have the following setup: INTERNET \/ LOAD BALANCER RUNNING NGINX WITH UPSTREAM MODULE \/ 2 x WEB SERVERS WITH NGINX REVERSE PROXY + APACHE BACKEND I have set up the X-Forwarded-For headers on both the load balancer and the web servers, however, the LB shows the correct IP in the logs. On the web servers, it only shows the IP address of the Load Balancer. I presume I needby benseb - How to...
Re: Sanity check of my config - is it secure? - 12 years ago
That would be a nice simple solution. I'll give that a go!by benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
Thanks for the advice Seems strange that this isn't an easy thing to do. After all, ALL security advise always recommends whitelisting what you want and denying everything else!by benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
Thanks people So there's no way to say "If the file ISNT a jpeg/gif/css/js" deny. The only way is to say 'if .php' deny, 'if .txt deny' etc? I'd prefer to whitelist the files i DO want to return and block everything else, incase I forget something to block? Benby benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
I presume in that case, if there was a script and no interpreter, it would just display the contents of the file - which again could be a security risk. So I need to perhaps limit the mime types that can be served, or the file extensions - which ever is most secure? I basically don't want a php script in that directory being served and the source code being visibleby benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
Thanks, in your opinion what's the best way to approach this? I basically want to ensure that our static.domain.com subdomain ONLY servers image/js/css files. Whilst I have set 'location' for only the folders which have images, etc in, I want to ensure that if someone put a script into one of those directories, it would not be executed.by benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
Can anyone help with the above request, regarding checking if a filename DOESNT match the whitelist above (block all other filetypes)by benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
For our static subdomain (which should only serve static content) I'd like to add a whitelist of content - so if the filename doesn't match jpg/png/gif/css/js etc it will return a 444 What's the correct syntax to do this: location !~* \.(?:ico|css|js|gif|jpe?g|png)$ { #dont serve any other files return 444; } The above doesnt work as !~* isn't allby benseb - Nginx Mailing List - English
Re: Sanity check of my config - is it secure? - 12 years ago
Thanks for those tips. I'll have a read around those bits My main concern is that by combining different locations, etc i may have accidentally exposed a security issue - I need to ensure everything that's not an image/css file/javascript file etc is either denied or proxied to apache.by benseb - Nginx Mailing List - English
Sanity check of my config - is it secure? - 12 years ago
Hi We had Nginx setup on a domain serving static content (images[0-9].domain.com). Recently we've made our main domain also use the same Nginx installation and proxy any php requests to Apache. All is working fine. We've set it to serve all static content from our images.domain.com domains, and it will also catch any static content served from the main www.domain.com as well, before finallyby benseb - Nginx Mailing List - English
 |
 |
 |
 |
|