Hi
Whats considered the best way to auth again crowd.
I see some old module - 6-7 year untouched
https://github.com/kare/ngx_http_auth_crowd_module trying this one but
can't compile it
also noted crowd does openid
HI
isn't this a bit futile, if they can get onto the box that has nginx they
can get either the private key or secret to get the private key.
safer would be to make it that you need human interact to start nginx.
But till a memory dump of the app would get you the private key.
On Fri, 16
Hi
Don't you need a openssl that works with 1.3 as well.
My sticking point is centos 6 - no openssl that comes with 1.3 - as far as
i know
A
On Mon, 5 Nov 2018 at 06:10, Bogdan via nginx wrote:
> Hi, Andreas!
>
>
> I disabled NPN (Next Protocol Negotiation) because, as far as I know (not
>
Hi
Not sure where to put this.
But I would like to have the ability to add client cert required any where
on the URI tree
so
www.abc.com.au/ you can access with out a cert but
www.abc.com.au/private/ you need a cert
www.abc.com.au/public/ no cert needed
A
Look at sticky session, a routing code in a cookie that helps you decide
where to send the packet. So on the 443 set the cookie and on the udp use
the cookie in the header to route on the back end
On 20 June 2018 at 17:16, nov1ce wrote:
> Hello,
>
> 1.14.0-1 running on Debian Stretch:
>
> #
Silly question why not use postfix for this ?
On 20 February 2018 at 18:56, Azusa Taroura
wrote:
> Hi everyone,
>
> I’m trying to optimize mail-proxy.
> My performance test is 1 client sends many request to 1 nginx server.
>
>
> This is my current settings:
>
>
Why not just change the log format to exclude the ip address or put in
static ip
On 14 February 2018 at 12:46, Tom wrote:
> Hi,
>
> I'm wondering if anyone has successfully masked ip addresses in nginx
> before they are written to a log file.
>
> I understand there are
Hi
can you give an example of using a map instead of the if statement ?
Thanks
On 21 May 2017 at 02:35, c0nw0nk wrote:
> gariac Wrote:
> ---
> > I had run Naxsi with Doxi. Trouble is when it cause problems, it
On 20 May 2017 at 08:00, wrote:
> My experience with deny in nginx is the url isn't hidden
So you don't want to just restrict access but you want to send a 404 not
found unless they come from a specific ip address.
I think you should be able to ... but my nginx skills
te:
> Hello!
>
> On Fri, May 19, 2017 at 11:28:05AM +1000, Alex Samad wrote:
>
> > Hi
> >
> > so I have lots of clients on long lived tcp connections , getting rp
> into 2
> > back end app servers
> >
> > I had a line in my error log, saying one
wouldn't you use
location /secret-page/ {
deny all
allow 1.1.1.1/32;
}
a
On 19 May 2017 at 17:24, ohmykot wrote:
> Hi!
> I've got a server with nginx and a wordpress website running on it.
>
> On the web-site, I have a wordpress page, i.e.
Hi
so I have lots of clients on long lived tcp connections , getting rp into 2
back end app servers
I had a line in my error log, saying one of the upstream was failed caused
it timeout -
then I got this
2017/05/18 13:30:42 [notice] 2662#2662: exiting
2017/05/18 13:30:42 [notice] 2662#2662:
Thats what support have advised me, reload finished the current request and
then closes the connection. No longer honors the long lived
Alex
On 27 April 2017 at 19:21, shivramg94 wrote:
> We have a persistent connection to Nginx on which we are issuing https
>
Hi
I am using
https://gist.github.com/wilhelmy/5a59b8eea26974a468c9
for
location /ts/ {
#autoindex on;
#autoindex_format html;
try_files $uri @autoindex;
}
# need xlst module
location @autoindex {
autoindex on;
autoindex_format xml;
On 26 April 2017 at 00:32, Maxim Dounin wrote:
>
> *) Change: SSL renegotiation is now allowed on backend connections.
>
What does this mean ?
reason I am asking is I would like to setup a site say example.com, that is
SSL, with no need for client certs at root URI
Will it not be logged as a timeout either in access or error/log ?
On 20 April 2017 at 03:46, aT wrote:
> HI ,
>
> Is there a way to log all incoming requests on Nginx .
>
> Regardless of them being served or not .
>
> For example, In case of surge of crawler hits , if the
But long live sessions are closed and I've had lua session information
persist with a reload. Needed a restart
A
On Sun, 9 Apr 2017 at 21:35, B.R. via nginx wrote:
> You could have got your answer yourself by Reading The... Fine? Manual:
> https://nginx.org/en/docs/control.html
Hi
I have started to use lua file for some dynamic stuff.
Whats the best practice to secure them
How do I stop them from being downloaded
location ~ \.lua$ {
send error back
}
is it best to place all of them into a different directory that isn't under
a root ?
A
so (have a stab at this)
location = /mini {
equals
http://10.21.169.13/mini and not http://10.21.169.13/mini/ or anything else
http://10.21.169.13/mini/*
try
location /mini {
or
location /mini/ {
A
On 28 March 2017 at 12:43, Jun Chen via nginx wrote:
>
> I am
Hi
I got something like this
error_page 404 /stderror404.html;
location = /stderror400.html {
root /var/www/error;
content_by_lua_file /var/www/error/stderror400.lua;
internal;
allow all;
}
and the lua file has
ngx.say( "Your source ip address
;
> On Tue, Mar 21, 2017 at 11:18 PM, Alex Samad <a...@samad.com.au> wrote:
>
>> Hi
>>
>> How would I added custom info to the error page.
>>
>> Say like for 400 if its a cert error, how can I add that
Hi
How would I added custom info to the error page.
Say like for 400 if its a cert error, how can I add that to the page and
maybe to add in the clients ip address as well
A
___
nginx mailing list
nginx@nginx.org
Hi
Firstly, I am fairly new to nginx.
>From what I understand you have a standard sort of setup.
2 nodes (vm's) with haproxy, allowing nginx to be active / passive.
You have SSL requests which once nginx terminates the SSL, it injects a
security header / token and then I presume it passes
Hi
I have a cron script that generates a crl file and places it a file for
nginx to read... I believe I reload nginx after doing this
I don't think - happy to be proved wrong - that nginx checks for a oscp or
crl attribute in the cert and makes the relevant request
Alex
On 11 January 2017 at
Hi
I do a lot of stuff with client certs, we have just moved from an inhouse
RP to using NGINX.
But I find that the amount of information about the client cert is very
limited. compared to say squid / apache.
For example I looking for end date for the client cert. It would be nice
if this sort
elying exclusively on one single opinion, e.g.
> Qualsys, as THE authoritative source of truth for a 'proper' secure config
> is dangerous).
>
> On Fri, Nov 4, 2016 at 2:20 PM, Alex Samad <a...@samad.com.au> wrote:
>>
>> Hi
>>
>> Any one got a write up on how t
Hi
Any one got a write up on how to get a A+ from this site.
I can get a A and I have to support tls1.0 which might be dragging me down !
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi
So you have done a setup ?
Alex
On 2 November 2016 at 08:42, CJ Ess <zxcvbn4...@gmail.com> wrote:
> Probably a better solution then most!
>
> On Fri, Oct 28, 2016 at 10:42 PM, Alex Samad <a...@samad.com.au> wrote:
>>
>> Hi
>>
>> Not reall
> happy to pay up.
>
>
>
> On Fri, Oct 28, 2016 at 1:29 AM, Alex Samad <a...@samad.com.au> wrote:
>>
>> Hi
>>
>> yeah I have had a very quick look, just wondering if any one on the
>> list had set one up.
>>
>> Alex
>>
>>
ee the parts about proxy_download_rate and proxy_upload_rate
>
> On Thu, Oct 27, 2016 at 11:22 PM, Alex Samad <a...@samad.com.au> wrote:
>>
>> Yep
>>
>> On 28 October 2016 at 11:57, CJ Ess <zxcvbn4...@gmail.com> wrote:
>> > FIX as in the financial information exc
Hi
any one setup nginx infront of a fix engine to do rate limiting ?
Alex
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
What I had to do was sent the depth to the number or greater than the
number of ca's and I had to get all the crl's for each CA and concat
into a crl file.
On 14 October 2016 at 16:49, Zeal Vora wrote:
> Thanks Maxim.
>
> I tried changing the ssl_verify_depth to 1 from
im Dounin <mdou...@mdounin.ru> wrote:
> Hello!
>
> On Wed, Oct 12, 2016 at 12:43:12PM +1100, Alex Samad wrote:
>
>> Hi
>>
>> I am trying to create a dynamic auth address
>>
>>
>> # grab ssoid
>> map $cookie_SSOID $ssoid_cookie {
>>
Hi
I am trying to create a dynamic auth address
# grab ssoid
map $cookie_SSOID $ssoid_cookie {
default "";
~SSOID=(?P.+) $ssoid;
}
location /imaadmin/ {
proxy_cache off;
proxy_pass http://IMAAdmin;
auth_request /sso/validate?SSOID=$ssoid_cookie=imaadmin;
Yep I think thats what i was asking.
We have a home grown RP at work that does it and IIS used to do it,
apply cert requirements on part of the tree.
On 2 February 2016 at 20:56, Aleksandar Lazic <al-ng...@none.at> wrote:
> Dear Alex.
>
> Am 02-02-2016 04:32, schrieb Alex
Hi
Is it possible with nginx to do this
https://www.abc.com
/
/noclientcert/
/clientcert/
so you can get to / with no client cert, but /clientcert/ you need a
cert, but for /noclientcert/ you don't need a cert.
Looks like from the config doco you can only set it for the whole tree ...
A
36 matches
Mail list logo