Show all posts by user
Discussions in Russian
Page 1 of 3
Pages: 123
Results 1 - 30 of 89
Hi Team,
I just setup nginx version on Ubuntu 24.0 and configured proxy_pass settings however page is not getting opened and consistently getting below error
2024/04/01 18:10:37 73898#73898: *5247 SSL_do_handshake() failed (SSL: error:0A0000BF:SSL routines::no protocols available) while SSL handshaking to upstream, client: xx.xx.xx, server: eb.example.com, request: "GET / HTTP/2.0&quo
by
blason
-
Nginx Mailing List - English
Hi Team,
I am designing reverse proxy and below are counts for 12 hours. Total IIS logs captured around 29061202. I am considering almost double of those for 24 Hours.
The portal is completely HTTPS and its a bank main website but not net banking one. My concern is how many cores and RAM would needed eventually to cater the requests.
TIA
Blason R
by
blason
-
Nginx Mailing List - English
Hi Team,
I have my nginx reverse proxy set on IPv6 and my backend website is listening on IPv4. Wondering if the requests comes in for IPv6 with FQDN can nginx route the requests back to backend server on IPv4 FQDN?
e.g.
Fronend test.example.com --- > NGINX Ipv6
Backend test.exmaple.com ==> 192.168.5.4
by
blason
-
Nginx Mailing List - English
I guess I found java script on github but not sure how do I use this with nginx to detect the headless Browsers
by
blason
-
Nginx Mailing List - English
Hi Team,
I am running Nginx as a reverse proxy with modsec as a waf; wondering if we can block requests generated by Headless browser in nginx config?
TIA
by
blason
-
Nginx Mailing List - English
Hi team,
Can any one enlighten me on sizing a hardware for my below setup? I have one portal which has got around 40RPS i.e. Request Per Second.
The application is http.
So if I calculate this considering 40 RPS
40x24 = Around 1000 Hits/Min
60000 / Hour x 12 = 720000 (Since my application is majorly accessible in day time only)
Can someone please help? How much RAM and CPU Cores should
by
blason
-
Nginx Mailing List - English
Any way guys - Finally I achieved it using modsecurity custom rules. I could not accomplish it using nginx stanza though.
by
blason
-
Nginx Mailing List - English
Hi Guys,
Any luck on this; surprisingly I am still struggling on the blockage part.
Can someone please help?
by
blason
-
Nginx Mailing List - English
Hi Team,
My website is at https://www.example.com and I have a CMS Panel at
https://www.example.com/administrator -> 301 -> https://www.example.com/administrator/ -> 302 https://www.example.com/administrator/Login.aspx?Session=Out
And I am trying to restrict the access to /administrator but this is not working - Can someone please help?
location ~*/administrator {
allow 10.
by
blason
-
Nginx Mailing List - English
Hi Team,
Is there any third party patch or protection against slowloris attack or does any one know how do I protect my Reverse proxy against such attacks?
TIA
Blason R
by
blason
-
Nginx Mailing List - English
Hi Team,
Ref to the tweet and wondering if we can block those on Nginx reverse proxy?
https://twitter.com/0x0SojalSec/status/1622998359920488448?s=20&t=CxvlX1phoHnMfZOhk7j-5w
by
blason
-
Nginx Mailing List - English
Just to clear doubts this is SAP HANA Fiori portal and I wanted to put that behind Nginx reverse proxy.
by
blason
-
Nginx Mailing List - English
Hi Team,
Here is the some weird issue I am facing and I really appreciate if someone can help?
I have portal test.example.com which is currently being accessed as https://test.example.com:44300/sap/bc/ui2/flp
I need to put this behind Nginx reverse proxy however I want user to access only
http://test.example.com --> It will be redirected to https://test.example.com//sap/bc/ui2/flp
Th
by
blason
-
Nginx Mailing List - English
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive.
by
blason
-
Nginx Mailing List - English
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive.
by
blason
-
Nginx Mailing List - English
Hi,
Did you check error log or syslog? Is that spitting out any errors? Do you have SSL_OCSP settings configured and it might not be able to reach to the protocol?
I mean I had 45 portals and was facing a same issue. Later when I done the debug I found that ocsp.godaddy.com was not reachable and it verifies every time we reload the service.
Just a heads up though.
by
blason
-
Nginx Mailing List - English
Well this is particularly I noticed for https vhost config. The CSP headers are properly being displayed for http but not https.
Here is my config
more /etc/nginx/conf.d/sec-headers.conf
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" always;
server {
include /etc/nginx/apploxconf.d/applox-bots-decla
by
blason
-
Nginx Mailing List - English
Hi All,
I am trying to set a CSP headers in my nginx reverse proxy and those are not appearing even after multiple attempts. Any idea what is wrong or why the header is not getting added?
TIA
Blason R
by
blason
-
Nginx Mailing List - English
Hi Guys,
I am about to implement a CSP policy for my servers on my nginx reverse proxy server. Since those are production websites as per guidelines I need to put the policy in report only mode and send a report to another webserver which would accept the POST response. However I tried building a simple webserver on nginx but no luck.
Can someone please help me about building an CSP report o
by
blason
-
Nginx Mailing List - English
Nothing interesting as such however below is the curl output from nginx server
curl -I https://xxx.xxxx.xxx:8081/neutrino-sso-web
HTTP/1.1 302 Found
Date: Thu, 17 Nov 2022 17:57:10 GMT
Server: JBoss-EAP/7
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Powered-By: Undertow/1
X-Powered-By: JSP/2.3
X-Frame-Options: DENY
Location: https://xxxx.xxxx.xxxx:8081/neutr
by
blason
-
Nginx Mailing List - English
Hi Team,
I have current URL as https://xxx.xxx.xxx:8081/neutrino-sso-web/ which is directly natted on firewall on pot 8081
However I now would like to put this URL behind nginx reverse proxy. Since the above URL is given to lot many customers it would not be possible to change the URL. we are planning to change it graudally.
However mean time I installed the nginx and trying to relay the sa
by
blason
-
Nginx Mailing List - English
Thanks appreciate it. Will have to check and confirm.
By the way which one would you confirm is preferable method rewrite or return?
by
blason
-
Nginx Mailing List - English
Hi Team,
I am trying to write a below rewrite rule but somehow this is not working and I would really appreicate if someone can help me on this?
I have a website http://web1.example.local/web1
Instead I need a rewrite so that if user enters http://web1.example.local it will be diverted to http://web1.example.local/web1
server {
listen 80;
server_name web1.example.local
by
blason
-
Nginx Mailing List - English
Hi Team,
I wanted to know the possibilities with Nginx SSL offloading to separate CPU card or any other hardware? How do I achieve better performance with Nginx SSL offloading? Do I need to go with more CPU cores? or dedicated card or any other mechanism?
Can someone please suggest?
TIA
by
blason
-
Nginx Mailing List - English
This is fine - I need a part from Nginx to client. And thanks for clarifying about nginx compressing the request which are only in responses.
by
blason
-
Nginx Mailing List - English
Page 1 of 3
Pages: 123