Re: FIPS support in nginx?

Thanks for this reply, Vladimir! Where can I find nginx' use of openssl explained in the nginx documentation? I searched but didn't find it. Also, kirti mentioned re-compiling nginx to achieve a FIPS-compliant environment; is that necessary? Thanks! tl Posted at Nginx Forum:

Does nginx use unique session identifiers

Hi Our product uses nginx to front-end inbound web access. To enhance our product's security posture, we have been examining the rules in the DISA Web Server Security Requirements Guide. One of the rules

How to properly log a bug

Hi, I have been working with NGINX for about a year now. I have some 40 instances of NGINX running and I am running into a core dump with 2 new ones. I have a repeatable process that generates my .conf and my .map files. I have powershell scripts that runs and read from a database and

Re: How to configure Nginx LB IP-Transparency for custom UDP application

Hi, On Tue, Jul 09, 2019 at 05:55:39PM +0530, Jeya Murugan wrote: > Hi all, > > > I am using *NGINX 1.13.5 as a Load Balancer for one of my > CUSTOM-APPLICATION *which will listen on* UDP port 2231,67 and 68.* > > I am trying for Load Balancing with IP-Transparency. > > > > When I using the

Re: [PATCH] Contrib: vim syntax, update core and 3rd party module directives.

Hello! On Sun, Jun 30, 2019 at 10:44:14AM +0300, Gena Makhomed wrote: > # HG changeset patch > # User Gena Makhomed > # Date 1561880341 -10800 > # Sun Jun 30 10:39:01 2019 +0300 > # Node ID f298b850ea1a8499b3ea51bde571d010dc7dfc69 > # Parent 35ea9229c71a9207a24e51f327e1749e3accb26c >

[nginx] Version bump.

details: https://hg.nginx.org/nginx/rev/58ec5c9da8cb branches: changeset: 7520:58ec5c9da8cb user: Maxim Dounin date: Tue Jul 09 16:01:32 2019 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines):

[nginx] Typo.

details: https://hg.nginx.org/nginx/rev/b0245dbd3655 branches: changeset: 7521:b0245dbd3655 user: Maxim Dounin date: Tue Jul 09 16:03:25 2019 +0300 description: Typo. diffstat: docs/xml/nginx/changes.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines):

[nginx] Contrib: vim syntax, update core and 3rd party module directives.

details: https://hg.nginx.org/nginx/rev/97ce2512373d branches: changeset: 7522:97ce2512373d user: Gena Makhomed date: Sun Jun 30 10:39:01 2019 +0300 description: Contrib: vim syntax, update core and 3rd party module directives. diffstat: contrib/vim/syntax/nginx.vim | 5 + 1

Re: too long parameter

Hello! On Tue, Jul 09, 2019 at 12:21:44PM +0100, Anton Kiryushkin wrote: > Здравствуйте. > > Пока не получается воспроизвести проблему, но в логе ошибок переодически > возникает сообщение вида: > > too long parameter "# > На строке, которая, и является комментарием: > # this is search location

How to configure Nginx LB IP-Transparency for custom UDP application

Hi all, I am using *NGINX 1.13.5 as a Load Balancer for one of my CUSTOM-APPLICATION *which will listen on* UDP port 2231,67 and 68.* I am trying for Load Balancing with IP-Transparency. When I using the proxy_protocol method the packets received from a remote client is modified and send to

Re: [Unit] Миграция с fastcgi и её подводные камни

On Tuesday, 2 July 2019 10:21:53 MSK Vadim A. Misbakh-Soloviov wrote: > Здравствуйте! > > Пытаясь смигрировать очередной проект с PHP-FPM на Unit я в очередной раз > столкнулся с проблемой того, что у fastcgi есть такая полезная штука как > split_path_info, где можно задать какая часть URI

too long parameter

Здравствуйте. Пока не получается воспроизвести проблему, но в логе ошибок переодически возникает сообщение вида: too long parameter "# На строке, которая, и является комментарием: # this is search location for service srv784 Таких строчек-комментариев (конфиг генерируется скриптом) у меня в

Re: TLS 1.3 support in nginx-1.17.1 binary for Ubuntu 18.04 "bionic" provided by nginx.org

Hi Zeev, 03.07.2019 18:49, Zeev Tarantov wrote: > I've installed the nginx package provided by nginx.org > (https://nginx.org/en/linux_packages.html#Ubuntu) > specifically the binary provided by  >

Re: location

Hello! On Tue, Jul 09, 2019 at 12:07:52PM +0300, Slawa Olhovchenkov wrote: > On Tue, Jul 09, 2019 at 11:51:19AM +0300, Maxim Dounin wrote: > > > Hello! > > > > On Mon, Jul 08, 2019 at 07:24:33PM +0300, Slawa Olhovchenkov wrote: > > > > > On Mon, Jul 08, 2019 at 07:11:59PM +0300, Maxim Dounin

Re: FIPS support in nginx?

Hello! On Tue, Jul 09, 2019 at 02:09:47AM -0400, kirti maindargikar wrote: > Hi, We are using 1.10.3 nginx in FIPS mode. As discussed above we already > have FIPS enabled on RHEL and we have recompiled nginx with OpenSSL FIPS. > However we still see that Nginx is using MD5 algorithms ( which is

Re: location

On Tue, Jul 09, 2019 at 11:51:19AM +0300, Maxim Dounin wrote: > Hello! > > On Mon, Jul 08, 2019 at 07:24:33PM +0300, Slawa Olhovchenkov wrote: > > > On Mon, Jul 08, 2019 at 07:11:59PM +0300, Maxim Dounin wrote: > > > > > > > > action тут разный. я на этом внимание не заострил, думал и так > >

Re: location

Hello! On Mon, Jul 08, 2019 at 07:24:33PM +0300, Slawa Olhovchenkov wrote: > On Mon, Jul 08, 2019 at 07:11:59PM +0300, Maxim Dounin wrote: > > > > > > action тут разный. я на этом внимание не заострил, думал и так понятно > > > > > > > > Понятно. И также понятно, что даже при одном и том же

deny vs limit_req

Hi, I have a few `deny` rules set in global scope, sometimes I add spammers there to block annoying attacks. I also have a couple of `limit_req` rules in global scope, and 1 in a local scope, that is more restrictive and I put it inside a `location` directive. Last time an attack happened the

Re: FIPS support in nginx?

This is the entry in the nginx.conf which is using proxy cache . I dont see any option here to configure hashing algorithm location /nginx-picture { internal; proxy_buffering on; proxy_cache media; proxy_cache_key $uri$args; proxy_cache_valid 200 43200s; proxy_ignore_headers

Re: FIPS support in nginx?

Hi, We are using 1.10.3 nginx in FIPS mode. As discussed above we already have FIPS enabled on RHEL and we have recompiled nginx with OpenSSL FIPS. However we still see that Nginx is using MD5 algorithms ( which is not allowed in FIPS mode ) when we use proxy_cache to cache pictures . Looks like