ngx_ssl_dhparam and dh1024_p
Hi All, ngx_event_openssl.c hs the following around line 535: ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) { ... /* * -BEGIN DH PARAMETERS- * MIGHAoGBALu8LcrYRnSQfEP89YDpz9vZWKP1aLQtSwju1OsPs1BMbAMCducQgAxc * y7qokiYUxb7spWWl/fHSh6K8BJvmd4Bg6RqSp1fjBI9osHb302zI8pul34HcLKcl * 7OZicMyaUDXYzs7vnqAnSmOrHlj6/UmI0PZdFGdX2gcd8EXP4WubAgEC * -END DH PARAMETERS- */ static unsigned char dh1024_p[] = { 0xBB, 0xBC, 0x2D, 0xCA, 0xD8, 0x46, 0x74, 0x90, 0x7C, 0x43, 0xFC, 0xF5, 0x80, 0xE9, 0xCF, 0xDB, 0xD9, 0x58, 0xA3, 0xF5, 0x68, 0xB4, 0x2D, 0x4B, 0x08, 0xEE, 0xD4, 0xEB, 0x0F, 0xB3, 0x50, 0x4C, 0x6C, 0x03, 0x02, 0x76, 0xE7, 0x10, 0x80, 0x0C, 0x5C, 0xCB, 0xBA, 0xA8, 0x92, 0x26, 0x14, 0xC5, 0xBE, 0xEC, 0xA5, 0x65, 0xA5, 0xFD, 0xF1, 0xD2, 0x87, 0xA2, 0xBC, 0x04, 0x9B, 0xE6, 0x77, 0x80, 0x60, 0xE9, 0x1A, 0x92, 0xA7, 0x57, 0xE3, 0x04, 0x8F, 0x68, 0xB0, 0x76, 0xF7, 0xD3, 0x6C, 0xC8, 0xF2, 0x9B, 0xA5, 0xDF, 0x81, 0xDC, 0x2C, 0xA7, 0x25, 0xEC, 0xE6, 0x62, 0x70, 0xCC, 0x9A, 0x50, 0x35, 0xD8, 0xCE, 0xCE, 0xEF, 0x9E, 0xA0, 0x27, 0x4A, 0x63, 0xAB, 0x1E, 0x58, 0xFA, 0xFD, 0x49, 0x88, 0xD0, 0xF6, 0x5D, 0x14, 0x67, 0x57, 0xDA, 0x07, 0x1D, 0xF0, 0x45, 0xCF, 0xE1, 0x6B, 0x9B }; ... Searching on the web for the strings ("MIGHAoGBALu8Lcr", "0xBB, 0xBC, 0x2D, 0xCA, 0xD8, 0x46, 0x74, 0x90" and "bbbc2dcad8467490") returned hits for nginx (but no hits in a standard somewhere). Would anyone happen to know where that prime and generator came from? Does anyone know the subgroup order (or what is the q)? Is q at least 160-bits (or 2k, where k is 80-bits for the security level offered in the 1024-bit DH prime)? Thanks in advance. Jeff ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
ngx_http_limit_req_module questions
Hello, I have a requirement to rate limit requests to one of my customer facing API's. At present Nginx is a proxy point directing traffic to network internal servers based on endpoint URL. I am interested in integrating more tightly with Nginx to do this rate limiting before the traffic is passed to my upstream resources. I'm in research phases and theres a lot of moving pieces to the project, so in the interest of clarity I've tried to organize the below into sensible lists. Please let me know if if I'm not providing enough detail. Implementation specific limitations: - Our user base traffic tends to originate from networks where NAT is heavily used. Unfortunately, rate limiting by IP address would generate massive amounts of false positives as a result. - Our API is not 'open' and requires a successful authentication handshake (Oauth) to continue. Further requests utilize an auth token in headers to maintain session state. Auth tokens are alpha numeric strings with a length of 64 characters. - High Traffic! (30k+ req/sec) Questions: - Is it feasible to do rate limiting based on an auth token? - Is it feasible to insert strings of this length as keys into the zone? - Is the zone an in memory 'object' (for lack of a better word)? - Is there a performance drawback for create one large in memory zone that is GB as opposed to MB? - How long do keys live in the zone? If I set a 1+ GB zone file, what happens if our aggregate request volume bursts and the zone runs out of storage space? There is a sentence in the documentation I find frightening, "If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests." ( http://nginx.org/en/docs/http/ngx_http_limit_req_module.html) - Are there better alternatives? Thank You ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
RE: NGINX Module - create variables?
Great. Thanks! This was in fact helpful. Alex > Date: Fri, 6 Dec 2013 04:13:53 +0400 > From: mdou...@mdounin.ru > To: nginx@nginx.org > Subject: Re: NGINX Module - create variables? > > Hello! > > On Fri, Dec 06, 2013 at 12:25:48AM +0100, Alex Koch wrote: > > [...] > > > What I would like is being able to define a couple > > of config variables once my module is loaded. Is this possible at all? > > If so, could you point me to a sample/module which does this so I can > > learn from it? > > You may try looking into the stub status module, > src/http/modules/ngx_http_stub_status_module.c. It defines > several variables ($connections_active, $connections_reading, > $connections_writing, $connections_waiting) and it's easy enough > to follow. > > http://hg.nginx.org/nginx/file/tip/src/http/modules/ngx_http_stub_status_module.c > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Configure, make and self tests?
On Sun, Dec 8, 2013 at 6:21 AM, Maxim Dounin wrote: > Hello! > > On Sun, Dec 08, 2013 at 06:18:40AM -0500, Jeffrey Walton wrote: > >> `make check` and `make test` results in "no rule to make target". >> >> Does nginx include any self test? If so, how does on run them? > > As of now, tests are available as a separate repository, see here: > > http://hg.nginx.org/nginx-tests perfect, thanks. (almost perfect - mercurial.selenic.com/wiki/Tutorial‎ is down from my location). Jeff ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Configure, make and self tests?
Hello! On Sun, Dec 08, 2013 at 06:18:40AM -0500, Jeffrey Walton wrote: > `make check` and `make test` results in "no rule to make target". > > Does nginx include any self test? If so, how does on run them? As of now, tests are available as a separate repository, see here: http://hg.nginx.org/nginx-tests -- Maxim Dounin http://nginx.org/en/donation.html ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Configure, make and self tests?
`make check` and `make test` results in "no rule to make target". Does nginx include any self test? If so, how does on run them? Thanks in advance. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx module developer documentation?
On Sun, Dec 8, 2013 at 3:14 AM, Homutov Vladimir wrote: > On Sun, Dec 08, 2013 at 12:46:45AM -0500, Jeffrey Walton wrote: >> Hi All, >> >> I'm interested in exploring nginx as the basis for a proxy. >> >> I'm having trouble locating reading material on nginx from a >> development perspective. I found [0,1], but it looks like its for >> administrators. I also found [2], but it looks like its interpreted. >> For performance reasons, I'd prefer to use C/C++. Finally, Amazon does >> not list any books related to development. >> >> Would anyone know of a few good references for a C/C++ developer? >> >> ... > > Take a look here: > > http://nginx.org/en/links.html perfect, thanks. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx module developer documentation?
On Sun, Dec 08, 2013 at 12:46:45AM -0500, Jeffrey Walton wrote: > Hi All, > > I'm interested in exploring nginx as the basis for a proxy. > > I'm having trouble locating reading material on nginx from a > development perspective. I found [0,1], but it looks like its for > administrators. I also found [2], but it looks like its interpreted. > For performance reasons, I'd prefer to use C/C++. Finally, Amazon does > not list any books related to development. > > Would anyone know of a few good references for a C/C++ developer? > > Thanks in advance. > > Jeffrey Walton > Baltimore, MD, US > > [0] http://nginx.org/en/docs/http/ngx_http_proxy_module.html > [1] http://wiki.nginx.org/3rdPartyModules > [2] http://wiki.nginx.org/HttpEchoModule Take a look here: http://nginx.org/en/links.html ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx