IMHO you did the right thing with fail2ban. I don't see how a firewall is "expensive" other than they they are a little RAM heavy. Half the internet traffic is bots. That doesn't even count the hot linkers. So the reality is you will need a firewall to block what doesn't have eyeballs, namely datacenters. At a bare minimum you should be blocking all of AWS from everything except port 25.by gariac - Nginx Mailing List - English
You could test the cert using SSL labs. https://www.ssllabs.com/ You might have a drop your firewall if it doesn't work at first. It never hurts to do dumb stuff like boot the server again. Original Message From: wizard@bnnorth.net Sent: October 3, 2019 8:55 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: PR_END_OF_FILE_ERROR after kernel update I hope someone more kby gariac - Nginx Mailing List - English
What shows up in the log files? Do you really need to use Cloudflare? Have you been DDoSed? I view Cloudflare as a man in the middle. I've been using Let's Encrypt for about a year with no drama. Original Message From: nginx-forum@forum.nginx.org Sent: September 27, 2019 2:53 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: ssl setup please Hello, I'm old and have beby gariac - Nginx Mailing List - English
Nginx does detect these traversal attacks. They come up as a 400 error. I got two yesterday. But out of paranoia, I wouldn't leave the web root. There is always some zero day. That traversal attack was from some new to me Hong Kong hosting company and earned a place on my firewall block. Blocking just keeps the log file size down. There will be others. https://null-byte.wonderhowto.com/how-to/peby gariac - Nginx Mailing List - English
I've been following this thread not really out of need but rather that it is really interesting. That said, I don't think for security you want to "escape" the web root. The risk is that might aid a traversal attack. Original Message From: hobson42@gmail.com Sent: August 30, 2019 12:01 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Re: Allow internal redirectby gariac - Nginx Mailing List - English
Tracing or interprocess communication? Original Message From: nginx@nginx.org Sent: June 14, 2019 2:17 PM To: nginx@nginx.org; mdounin@mdounin.ru Reply-to: nginx@nginx.org Cc: vgrinshp@akamai.com Subject: Re: nginx use of UDP ports? On 6/12/19 4:31 AM, Maxim Dounin wrote: > Hello! Hi! Thanks for responding. > On Mon, Jun 10, 2019 at 03:59:46PM -0400, Vadim Grinshpun via nginxby gariac - Nginx Mailing List - English
https://gist.github.com/xameeramir/a5cb675fb6a6a64098365e89a239541d This claims to be the original. Original Message From: wizard@bnnorth.net Sent: May 11, 2019 6:40 AM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: nginx stopped working Can someone give me a copy of the original nginx.conf file? I modified mine and nginx stopped working, but (fool that I am) I failedby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
I use three maps to kick out the usual clowns trying to misuse the web server. (I detect odd urls, bad user agents, and references from shady websites.) Any change to a map requires a reload. Or am I wrong? Original Message From: nginx@nginx.org Sent: March 12, 2019 10:44 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Cc: peter_booth@me.com Subject: Re: Possible memory leak? Pby gariac - Nginx Mailing List - English
On Fri, 08 Mar 2019 10:42:28 -0500 "wkbrad" <nginx-forum@forum.nginx.org> wrote: > Thanks for that info. It's definitely harder to notice the issue on > small servers like that. But you are still seeing about a 50% > increase in ram usage there by your own tests. > > The smallest server I've tested this on uses about 20M during the > first start and about 50Mby gariac - Nginx Mailing List - English
On Thu, 07 Mar 2019 13:33:39 -0500 "wkbrad" <nginx-forum@forum.nginx.org> wrote: > Hi all, > > I just wanted to share the details of what I've found about this > issue. Also thanks to Maxim Dounin and Reinis Rozitis who gave some > really great answers! > > The more I look into this the more I'm convinced this is an issue > with Nginx itself. I've testedby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
On Thu, 10 Jan 2019 08:50:33 +0000 Francis Daly <francis@daoine.org> wrote: > On Wed, Jan 09, 2019 at 06:14:04PM -0800, lists@lazygranch.com wrote: > > Hi there, > > > location / { > > if ($badagent) { return 403; } > > } > > location = /feeds { > > try_files $uri $uri.xml $uri/ ; > > } > > > Theby gariac - Nginx Mailing List - English
On Wed, 9 Jan 2019 08:20:05 +0000 Francis Daly <francis@daoine.org> wrote: > On Tue, Jan 08, 2019 at 07:30:44PM -0800, lists@lazygranch.com wrote: > > Hi there, > > > Stripping down the nginx.conf file: > > > > server{ > > location / { > > root /usr/share/nginx/html/mydomain/public_html; > > if ($badagent) { return 403; } >by gariac - Nginx Mailing List - English
Stripping down the nginx.conf file: server{ location / { root /usr/share/nginx/html/mydomain/public_html; if ($badagent) { return 403; } } location = /feeds { try_files $uri $uri.xml $uri/ ; } } The "=" should force an exact match, but the badagent map is checked. _______________________________________________ nginx mailing list nginx@nginx.org http://mailby gariac - Nginx Mailing List - English
I have a map to check for bad user agents called badagent. I want to set up a RSS feed. The feedreaders can have funny agents, so I need to omit the bad agent check if the file is any xml type. This is rejected. if (($request_uri != [*.xml]) && ($badagent)) {return 444; } Suggestions? I can put the xml files in a separate location if that helps. _______________________________by gariac - Nginx Mailing List - English
On the second attempt, is the connection on port 443? Have you set up HSTS? Mayhe you can pastebin your conf file, sanitizing as appropriate. Original Message From: nginx-forum@forum.nginx.org Sent: December 13, 2018 6:20 PM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: ssl3_get_client_hello:no shared cipher Hello We have been having this strange issue. For the first time wheby gariac - Nginx Mailing List - English
The centos nginx from the repo lacks ngx_http_hls_module. This is a technique to add the module without compilation. https://dzhorov.com/2017/04/compiling-dynamic-modules-into-nginx-centos-7 Does anyone have experience with this? I'd like to avoid building nginx from scratch to make the updates go faster. When I ran freeBSD, I built nginx, so that isn't the problem. Rather I want to stay as "by gariac - Nginx Mailing List - English
Why wouldn't you just grep the regular log file? Original Message From: nginx-forum@forum.nginx.org Sent: April 19, 2018 5:53 AM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Nginx Log File from Specific PathName in link Hello everyone , Im new here , first post today , been using Nginx for a few years now. People are POST ing links like this to our server : POST https://doby gariac - Nginx Mailing List - English
On Tue, 20 Mar 2018 13:03:09 +0000 "Friscia, Michael" <michael.friscia@yale.edu> wrote: > This is great, thank you again, this is a huge jumpstart! Per NIST best practices, you should limit the HTML verbs that you allow. A very simple website can run on just GET and HEAD. Here is how you 444 websites trying to POST for example to your website. In this case, only GET and HEAD aby gariac - Nginx Mailing List - English
On Mon, 19 Mar 2018 12:31:20 +0000 "Friscia, Michael" <michael.friscia@yale.edu> wrote: > Just a thought before I start crafting one. I am creating a > location{} block with the intention of populating it with a ton of > requests I want to terminate immediately with a 444 response. Before > I start, I thought I’d ask to see if anyone has a really good one I > canby gariac - Nginx Mailing List - English
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginxby gariac - Nginx Mailing List - English
Yum install nginx gets you the binary. I'm not really sure how the dynamic module load works, but my understanding (or perhaps lack thereof) means you supplement the precompiled binary with the module. Solve your other problems first, then you can investigate this if you want to beat your head against the wall some more. Once you figure the dynamic module load, you could do a post about how itby gariac - Nginx Mailing List - English
I believe you shouldn't have to compile Nginx but use the disty binary. Then you do the dynamic load trick. This way you can do "yum update" periodically without having to compile Nginx, but rather just download the latest binary. However don't break what is working! Original Message From: nginx-forum@forum.nginx.org Sent: March 10, 2018 1:08 AM To: nginx@nginx.org Reply-to: nby gariac - Nginx Mailing List - English
I had a few neurons fire. I forgot nginx can load dynamic modules. https://www.nginx.com/blog/nginx-dynamic-modules-how-they-work/ I haven't done this myself, so you are on your own at this point. On Fri, 09 Mar 2018 11:59:30 -0500 "neuronetv" <nginx-forum@forum.nginx.org> wrote: > I've resigned myself to the fact that there is no rtmp module here > which leads me to theby gariac - Nginx Mailing List - English
I believe you need to compile with the appropriate module. If this was freeBSD, no problem. Just use ports. (Of course FreeBSD has many other problems.) With centos, you will need to compile the code and use all the "with" options for each module you want to install. Potentially you will need to set up systemd to run your version of Nginx. It wouldn't surprise me that this is complicatedby gariac - Nginx Mailing List - English
Grrr that swift keyboard. There is no space before the capital V. nginx -V I'd be surprised if that command doesn't work now. Any reason you haven't upgraded to Centos 7? Original Message From: nginx-forum@forum.nginx.org Sent: March 7, 2018 1:53 AM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: Re: newbie: nginx rtmp module thankyou for your feedback gariac. # nginx - V nginby gariac - Nginx Mailing List - English
nginx - V will show what modules are installed. Original Message From: nginx-forum@forum.nginx.org Sent: March 7, 2018 12:24 AM To: nginx@nginx.org Reply-to: nginx@nginx.org Subject: newbie: nginx rtmp module I'm running centos 6 and installed nginx using 'yum install nginx'. Videos are not working and I don't know whether I have the rtmp module or not. Here is the text from the yum inby gariac - Nginx Mailing List - English
I can't get the add_before_body feature to work. I have verified the module is installed. Here is what I am trying to accomplish. I want to add the following lines to the header of every html file: ------------------------ <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes=&qby gariac - Nginx Mailing List - English