On Friday, 3 February 2023, Saint Michael wrote:
> I have a reverse proxy but the newspaper that I am proxying is
> protected by cloudflare, and the block me immediately, even if I use a
> different IP. So somehow they know how to identify my reverse-proxy.
> How is my request different than a
On Mon, 14 Nov 2022 at 22:56, James Read wrote:
>> So the file needs to contain first your certificate and then the
>> intermediate one.
>
>
> OK. Thanks. I rearranged the file and deleted some certificates. Now sslabs
> is reporting no chain issues for Certificate #1: RSA 2048 bits
On Mon, 14 Nov 2022 at 21:33, James Read wrote:
>> For nginx you need the base64 encoding, which is:
>>
>> https://ssl-ccp.secureserver.net/repository/sfig2.crt.pem
>>
>
> I tried adding that certificate but sudo nginx -t now returns the following
> error:
>
> nginx: [emerg]
On Mon, 14 Nov 2022 at 21:09, Lukas Tribus wrote:
>
> On Mon, 14 Nov 2022 at 21:00, James Read wrote:
> >
> >
> >
> > On Mon, Nov 14, 2022 at 5:58 PM Lukas Tribus wrote:
> >>
> >> On Mon, 14 Nov 2022 at 17:31, James Read wrote:
> >>
On Mon, 14 Nov 2022 at 21:00, James Read wrote:
>
>
>
> On Mon, Nov 14, 2022 at 5:58 PM Lukas Tribus wrote:
>>
>> On Mon, 14 Nov 2022 at 17:31, James Read wrote:
>> >
>> > I have configured SSL on a number of subdomains including
>> >
On Mon, 14 Nov 2022 at 17:31, James Read wrote:
>
> I have configured SSL on a number of subdomains including
> https://us.wottot.com
>
> On my PC I can view the resulting web page without any problems so this leads
> me to believe the SSL configuration is correct.
Wrong, the intermediate
Hello,
the *client* you are using to test this is just as important. Adjust
CipherString in /etc/ssl/openssl.cnf or the client parameters (-cipher
"DEFAULT:@SECLEVEL=0") too.
~# grep SEC /etc/ssl/openssl.cnf
CipherString = DEFAULT:@SECLEVEL=2
~#
~# openssl s_client -connect www.google.com:443
On Sun, 27 Mar 2022 at 15:58, Sergey A. Osokin wrote:
>
> Hi,
>
> On Sun, Mar 27, 2022 at 02:04:10AM -0400, sukeerthiadiga wrote:
> > The Mainline version of Nginx i.e 1.12.6 has the OpenSSL version 1.1.1m and
> > it is vulnerable.
>
> That's a bit far from true. NGINX, as many other products,
On Mon, 3 May 2021 at 18:47, Kaushal Shriyan wrote:
>
> Hi,
>
> Is there a way to verify if the below cipher suites set are accurate
> and are free from any vulnerabilities?
I suggest you use tools like the public Qualys ssltest:
https://www.ssllabs.com/ssltest/
or testssl:
Hello,
> I'm currently testing nginx 1.13.6 x64 on my development machine, which is
There is no 1.13.6.
> I've tested 5a3ab1b5804b, 46ddff109e72, and 924b6ef942bf and they have the
> same problem.
Ah so you are running directly from the development tree. In that case, I
suggest
to bisect it
> After some researching i've decided to go with individual nginx
> nodes for now . If we encounter too much request to our
> upstream, i'm gonna set up the multi layer architecture you
> mentioned probably
While multi layers of nginx cache may help with bandwidth, it
wastes huge amount of
Hello,
starting with nginx 1.11.11 you can use worker_shutdown_timeout
to limit the amount of time workers stall the shutdown.
However, you will still have increased memory usage.
You will always have increased memory usage while soft reloading.
If you cannot accept that, then you have to stop
Hello,
> thanks for your comment Roman, do you know how these guys did it?
> https://www.maxcdn.com/one/tutorial/pseudo-streaming-maxcdn/
Why is pseudo streaming still a thing?
With HTML5 video players, everything is handled with RFC compliant
range requests and HTML5 video should be supported
Hello,
> Also, has anyone tried using nginx for DNS load balancing in production?
I would not recommend using nginx to load-balance DNS traffic at all.
nginx is just a dumb UDP proxy and I doubt it performs well enough
in a DNS setup.
dnsdist [1] is written with this purpose in mind and used
Hello!
> This issue often happens when a cipher is missing in your cipher list and
> Chrome tries to use another cipher forbidden in the HTTP/2 spec.
Wrong. In that case, Chrome would return:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
which is different than ERR_SPDY_PROTOCOL_ERROR.
Also note
Hello!
> One of the bcrypt scheme main properties is that it allows to
> control number of rounds, and thus control hashing speed. With
> low number of rounds it is reasonably fast. For example, with 2^5
> rounds (default used by htpasswd) it takes about 4 milliseconds
> here on a test
> Please watch the clip at https://youtu.be/QpLtBftqM04?t=34m51s until
> about 36m12s where Simone Bordet, a Jetty developer, claims that
> HA Proxy is a better proxy solution than nginx because it talks
> HTTP/2 to the Upstream.
This statement is misleading.
As of now, haproxy does not support
> I think the main question here: is it ok to just drop support for
> spaces, or we have to introduce some option to preserve the old
> behaviour.
My opinion: I think we will need the configuration knob, so there is time
to fix the problem, as a client bug is not always immediatly fixable.
Hello list,
in Ticket #196 [1], Maxim Dounin suggested that spaces in URI's could be
disallowed by default.
As far as I can tell, current code still does not "disallow" those requests
(not by default and not via specific configuration either), is that correct?
Could this be improved, as per
> But, just curios, why IPv6 upstream can't serve the traffic?
Because if you configure IPv6 on your system but don't have
IPv6 connectivity, it will try and fail.
> If I access the IP Address using browser, it's normal.
Because the browser probably recognizes the broken
configuration and
> Did anyone have a solution for this? I also have many of these errors logged
> because I am using Google Container Engine that does not support IPv6.
Try ´man gai.conf´ to configure getaddrinfo behavior [1].
You could also try forcing a ipv6=no nginx resolver by using a variable:
set
> Why should I? I clearly defined the problem/misconfiguration. I don't
> really see the need to justify why I want to fix it.
To help others, myself included to comprehend a possible problem in similar
configurations and learn more about it. After all, this is a community.
> Well, you told
> > Does it cause warnings in the webmaster tools? Who cares?
> > Does it affect your ranking? I doubt it.
> > Does it index pages or error pages from the default website and assign to
> > your website? I doubt that even more.
>
> Does it upset my customer? YES.
>
> That's all the justification
> > Any real life experience and evidence backing this?
> yes
Care to elaborate?
> Not sure why you're doubting me here Lukas. Yes, this is a problem. No
> I'm not making it up.
We know that crawlers like Googlebot try HTTPS as well, even if there is no
https link towards the website. That
> It seems that search engines are probing https: even for sites that
> don't offer it
Which is fine.
> just because it's available for others, with the end
> result that pages are being attributed to the wrong site.
Sounds like an assumption. Any real life experience and
evidence backing
> 4 threads and 4 CPU (both for apache and nginx) with 100% CPU load on test
> So, what's the answer now about the http/https (4600/550) ratio for the
> specific case I presented?
It should perform the same as Apache in this case.
___
nginx mailing list
> I agree but I think that separate/different simultaneous users won't use a
> common connection so for this very specific scenario keep-alive won't
> matter. Of course for every individual user keep-alive will matter but this
> aspect for the moment I won't to ignore in testing.
It does matter,
> Yes the links are generated correctly but because their plugin does not
> currently contain the regex to understand ampersands in HTML. If they was to
> fix their plugin and use regex to replace the ampersand with & then
> the link would work correctly.
>
> It bothers me because the fix is as
I have a question: secure_link is correctly blocking those requests so its not
generating any traffic.
Why does it bother you then, if it is already blocked?
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
> @Lukas do you mean something like this
Yes, that's what I mean.
Lukas
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
> This is a false statement, nginx doesn't do any restriction
> regarding HTTP/2 and TLS ciphers configuration.
Good thing, likely the restriction is on the browser side and Apache was not
configured with the same exact cipher suite.
> The list you are mentioning and which is directly linked
Hello,
On 08/16/16 07:37, Lukas Tribus wrote:
>> I use nginx 1.11.3 with nginx upload module.The problem is that Nginx upload
>> module don't support HTTP/2 and thus when you upload you get 500 Internal
>> Error.
>
>> Use a dedicated subdomain, like upload.mywebsite.
> I use nginx 1.11.3 with nginx upload module.The problem is that Nginx upload
> module don't support HTTP/2 and thus when you upload you get 500 Internal
> Error.
Use a dedicated subdomain, like upload.mywebsite.com.
> For now i am trying to use a separate server block to disable http2 just
Hi,
> for a test environment I successfully set up an nginx webserver (1.11.2)
> with HTTP/2.
>
> But for further tests I need to decrypt traffic with wireshark using the
> servers private key.
The way to do this is to use keyfile from your browser, so wireshark is aware
of the symmetric
> I was anticipating such a compatibility problem to be fixed in feature stable
> but so far it’s looking like we will have to bite the bullet and move to
> mainline.
> Would I be correct here? It seems for our case at least, feature stable HTTP2
> is not stable for production use at this time.
> Any solution other than switching to
> https://launchpad.net/~nginx/+archive/ubuntu/development (wich scares the
> skull out of me, since this is a production server)?
Use nginx provided binaries if compiling from source is not an option:
http://nginx.org/en/linux_packages.html#mainline
>> if (setsockopt(s, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT
> Isn't this a SOL_IP socket option?
Actually SOL_IP and IPPROTO_IP are the same thing, so it doesn't make any
difference.
Sorry for the noise,
Lukas
___
nginx-devel mailing list
Hello,
> if (setsockopt(s, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT,
Isn't this a SOL_IP socket option?
Also, does this cover IPv6?
Thanks,
Lukas
___
nginx-devel mailing list
nginx-devel@nginx.org
> Even adding the valid parameter the issue was not solved.
And what is the issue actually? Just saying "DNS caching issue"
and "problem" isn't really helpful.
___
nginx mailing list
nginx@nginx.org
> I updated nginx but the problem persists.
>
> Could it be some sort of misconfiguration of my nginx?
No, but I suggest you try reconfiguring your cipher suites anyway to
exclude anything kerberos related like previously suggested.
Lukas
> nginx version: nginx/1.2.6
> built by gcc 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC)
> [...]
> CentOS 6.7 server
Try disabling kerberos cipher suites [1], you may be hitting
some obscure CentOS/RedHat libc issues [2].
[1]
> When ssllabs tests for deprecated cipher suites, it stays there forever.
> I have to close the ssllabs test page and then my nginx server stays down
> until i restart it.
Please provide the output of nginx -V.
___
Hi,
> Just to be perfectly clear: does that mean that session tickets are
> supported for any version of nginx (including OpenSSL 0.9.8f is available?
Yes.
> So the directive would be kind of 'intercepting' TLS commands, a man in
> the middle of client and OpenSSL?
Hi!
> I found these two opinions. They suggest to disable session tickets.
>
> - https://www.farsightsecurity.com/Blog/20151202-thall-hardening-dh-and-ecc/
> -
> https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/
>
> what do others think about
> I also get a compile error related to Pagespeed:
> [...]
> /root/ngx_pagespeed-release-1.10.33.4-beta/src/ngx_pagespeed.cc:3148:1:
> error: deprecated conversion from string constant to ‘char*’
> [-Werror=write-strings]
> };
> ^
> cc1plus: all warnings being treated as errors
Apply this patch:
> also stated "In Linux (and most other Unix based systems) ports below 1024
> need to be opened using the root user. So you need to start NGINX as root
> which will open the port and then drop down to an unprivileged user for the
> port."
>
> Is there a way to achieve this?
Configure the user
>> diffs (truncated from 1720 to 300 lines):
>
> makes this and other mail in the series a bit useless.
You are supposed to checkout the mercury repository, not
apply committed patches from the dev list manually if
they are committed anyway.
Just clone it:
hg clone http://hg.nginx.org/nginx
and
> Hello,
>
> I'm currently investigating an issue with Linux (3.13.0), nginx (1.6.2),
> vmxnet3 (1.2.0.0-k-NAPI), IPv6 connections and large receive offload (LRO)
> enabled. The workflow we are investigating is a POST of a small file (jpg)
> towards a php5-fpm pool.
>
> From a network (tcpdump)
Hi Maxim,
>>> It only can be useful for proxying big amounts of data without any
>>> processing. But if you need compression, or TLS, or SSI, or even some
>>> simple substitution, then splice() cannot be used.
>>>
>> It should fit in our stream quite nicely.
>
> Not really, as stream is able to
Hi,
> listen 80;
Afaik this will make nginx listen to both IPv4 and IPv6 family.
Specify the real IPv4 adress you want to listen to, to avoid the IPv6 bind.
> listen [::]:80;
This will make nginx to listen to both IPv6 and IPv4 family.
Specify ipv6only=on [1] as a keyword to avoid the
> The server header gives more information but what's displayed in the xhtml
> body
> of the 403 response is "nginx" only which is what will be displayed in the
> user
> www browser, and that's mis-leading and unfair for nginx. Maybe somebody
> should contact CloudFlare to make them modify their
> shahzaib1232 Wrote:
> ---
>> So we're thinking to have some condition in place that if the request
>> for
>> HTTP embedded link comes from any HTTPS domain , nginx will detect
>> that
>> source $scheme and redirect that request to HTTPS.
What
> Yes I know,
> but it's very strange situation that can't understand. Code is the same,
> nothing is changed. Only nginx version and http2 support on host.
nginx 1.9.5 has a bug (#800): $server_protocol is empty on HTTP2.
This is fixed in nginx 1.9.6, so with 1.9.6 PHP/FCGI for
the first time
> Thanks Lukas! I tried configtest but with 100k files in conf.d, it
> takes 3 minutes to finish, during which time there may be another file
> dropped in conf.d and trigger another configtest. This sometimes causes
> several config test running at the same time.
> A reload on the other hand
> Hi all,
>
> Is there a way to configure nginx to ignore bad conf files?
No, that would lead to inconsistencies all over the place.
> My master nginx.conf has a include elsewhere/*.conf towards the end.
> Other people and programs can drop new configs into "elsewhere"
> directory. nginx
> I'm attempting to deploy http2 with nginx 1.9.6 using teward's Ubuntu
> packages (https://launchpad.net/~nginx/+archive/ubuntu/development). I've
> got openssl 1.0.2d on both client and server and I'm testing with Chrome
> Canary and Firefox 41.0.2.
Post "nginx -V" output.
> Ah, this is probably the problem:
>
> built with OpenSSL 1.0.1f 6 Jan 2014
It is. ALPN is supported only in the 1.0.2 branch.
Lukas
___
nginx mailing list
nginx@nginx.org
> I was under the impression that SPDY support had been dropped from
> NGINX altogether -
> however http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
> seems to suggest it might still be possible to select it.
Yeah up until 1.9.4:
> The spdy parameter (*1.3.15-1.9.4*) allows
> [root@kackkiste]/home/dkraemer# telnet nginx.org 80
> Trying 2606:7100:1:69::3f...
> Connected to nginx.org.
> Escape character is '^]'.
> HEAD / HTTP/1.0
>
> Connection closed by foreign host.
You will see the same exact behavior on IPv4:
telnet -4 nginx.org 80
Use HTTP/1.1 to get proper
> Thank you so far!
>
>
> Looks like a problem in our network at work:
>
> [dkraemer@castleblack:~/] echo -ne "HEAD / HTTP/1.1\nHost:
> nginx.org\n\n" |nc -6 nginx.org 80
> HTTP/1.1 200 OK
> Server: nginx/1.7.7
> Date: Tue, 20 Oct 2015 11:06:02 GMT
> Content-Type: text/html; charset=utf-8
>
> I'm apparently trying to do something that apache can, but so far,
> nothing has worked - everything just ends in a loop.
No, you cannot do this, see [1]:
> If the target URI's path component is empty, the client MUST
> send "/" as the path within the origin-form of request-target.
An empty
> You can, see my map example, used here to redirect http to https except root
> (/).
Thats not what this thread is about.
> site.com => tell user we've gone to ssl in plain http
> site.com/ => tell user we've gone to ssl in plain http
The original poster needs to differentiate between
Hi,
> I'm running a SAAS service running via NGINX and have been running tcpdump
> to look at the incoming packets for HTTP queries. Many of the HTTP queries
> are bigger than the MTU of 1,500 bytes and therefore arrive as 2, 3, or 4
> packets. I noticed that for some customers there are
> Does not seem to do what the GP asked, from the docs:
>
> $request_time
> request processing time in seconds with a milliseconds resolution
> (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client
"request time" would imply the time (with our without parsing) of the
actual
Hi All:
I am using Nginx as a reverse proxy which provide a web API (HTTP GET
) to client.
and the backend application will get request from nginx and do some
time-consuming processing (1-2 seconds) then response result to nginx,
Nginx return result to client.
I think this is synchronize
Hi,
?php
header('Content-Type: text/html;');
Thats invalid. Either:
text/html; charset=iso-8859-1
or
text/html
but not with a trailing semicolon.
breaks proper Content-Type detection.
... in a Browser, you mean?
At least in the 1.6.3 version.
What has nginx to do with it and why is
Some errors are still present:
[emerg] 19351#19351: duplicate listen options for 0.0.0.0:80 in ...
Is there a way to use reuseports for multiple locations?
You have to declare it once and only once.
Please read:
http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
Lukas
my server is windows server.
windows + nginx1.7.10 + tomcat
Openssl 1.02 updates have been completed.
How, are you recompiling nginx on your own? Nginx
binary comes bundled with openssl, not sure you
are able to update openssl on your own. Get nginx
1.7.12, it bundles with openssl-1.0.1m.
i was update nginx-1.7.12 version.
but, same error.
What error? How exactly do you come to the
conclusion that your site is vulnerable?
___
nginx mailing list
nginx@nginx.org
i testing this site, https://tools.keycdn.com/freak;
result message : Vulnerable! The domain www.ktkumhorent.com:443 is
vulnerable to the SSL FREAK attacks.
Right, also see:
https://www.ssllabs.com/ssltest/analyze.html?d=ktkumhorent.com
Your site is extremely vulnerable, it even allows
Hello
I'm running Nginx installed from the nginx.org repos on a Ubuntu Server
14.04.
There are about a dozen different sites running on this server, mostly using
PHP-FPM backend.
They are gonna need a backtrace from that coredump:
http://wiki.nginx.org/Debugging#Core_dump
Lukas
installed on a openVZ VPS with 24GB Ram and 12 Cores also tested on a
physical machine with 32GB ram and 8 cores. both managed with ISPconfig3.
PHP 5.4.39-1~dotdeb.1 (fpm-fcgi) (built: Mar 22 2015 08:08:54)
nginx/1.6.2
mysql
PHP crashes, report the problem to whoever is providing support
I'm very interested in this issue
I have a problem with use openssl version and engine AES-NI
Detail my question:
http://stackoverflow.com/questions/28939825/how-to-config-openssl-engine-aes-ni-in-nginx
Please suggest a solution for me.
Use official openssl distributions, not some github
Hello,
I get the following error when I try to build nginx 1.7.10 against boringssl
latest revision :
What do you mean by latest revision? Latest 2.1.3 or a the current git tree
on github, or cloned from CVS?
I don't really see how this could happen, libressl didn't remove this
definition.
https://boringssl.googlesource.com/boringssl
They didn't release yet so I just cloned the repo !
Sorry, I was thinking about libressl instead.
BoringSSL removed SSL_R_BLOCK_CIPHER_PAD_IS_WRONG return
errors in commits 1e52ecac4d and 29b186736c, and the definition was
finally removed in commit
We've been unable to reproduce it with any one browser or IP address. It
really is very intermittent. Fortunately, I believe we've gotten to the
bottom of this. It looks like our data center switched us over to anti-DDoS
route. This means all of our traffic has been passing through hardware
Hello.
I am well aware that CVE-2011-4968 had a fix included for it (based on
http://trac.nginx.org/nginx/ticket/13 and
http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx)
however I do not see an entry for it in the changelog.
With what release/version did
allowing demand-driven, request-time loading of certificate files
I don't think thats possible with openssl, especially in a event-driven
application
like nginx.
That having said, haproxy has a nice functionality: you can just point to one
or more directories and haproxy will load every
I did an ssldump and this is the conversation between both servers:
This ssldump seems incomplete, there is no response. Please post the
full ssldump.
The bug is probably neither in openssl nor in nginx, but in the origin
server (but we don't have the full handshake here).
Since nginx 1.5.6,
Hi,
I am compiling and installing NGinx from source
[...]
checking for sys/filio.h ... not found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for F_READAHEAD ... not found
checking for F_NOCACHE ... not found
checking
Hi All
I'm trying to use nginx to also proxy to owa. I am getting the error
peer closed connection in SSL handshake while SSL handshaking to upstream
I have read that this is due to a bug and that the solution is to
downgrade to openssl 1.0
Where did you read that? From the
Hi. Thanks for replying.
I read it in two places. Here are the links.
1.
http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server
2.
http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/
I guess are running with an nginx executable from a third party, that has
been linked to an older release of openssl.
Since you can reproduce it with openssl s_client, it probably is more
complicated than that.
can you provide an ssldump of the failed connection attempt?
Lukas
Now I'm curious.
I have a setup that uses nginx to terminate SSL (listen 443 ssl spdy)
that proxies to varnish, which in turn proxies and routes to various
nginx servers with only a listen 80 directive.
If I'm understanding your statement correctly, if varnish and the
backend nginx
# HG changeset patch
# User Lukas Tribus luky...@hotmail.com
# Date 1418825570 -3600
# Wed Dec 17 15:12:50 2014 +0100
# Node ID 923f5d7061b6df59fb1d28c70379da8b9daf1c8c
# Parent a23c35496c2fc0ba9a34d968c2ca6d1f9374f8a8
SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
OpenSSL or its
Hi,
I am trying to compile boringssl against nginx.
I've got an error while compiling:
This is due to:
https://boringssl.googlesource.com/boringssl/+/e319a2f73a30147ae118190397a558b8a2a24733%5E%21/
Can you try the attached patch against nginx which
safeguards
I have a few users that are having issues with my website now that I
disabled SSLv3. Turns out the only cipher that would/should work with
XP/IE8 is TLS1.0: TLS_RSA_WITH_3DES_EDE_CBC_SHA (there are two RC4's
that also work, but I understand that is really not recommended).
Can anyone
thanks for your note -- i totally forgot to give specifics:
- CentOS 6.5, x64, totally up2date
- OpenSSL 1.0.1e-fips 11 Feb 2013
- nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
- openssl-1.0.1e-16.el6_5.15.x86_64
- openssl-devel-1.0.1e-16.el6_5.15.x86_64
i did rebuild your src rpm on my
btw, it seems impossible to have
...
ssl_protocols TLSv1.2;
...
and a testresult of
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or the call itself can be #ifdef'ed
Hi,
We currently have a backend server that listens for SSL requests, and (using
SNI) chooses to pass them on to the correct place, or alternatively will
serve the requested HTTPS.
Our current configuration is slow (not painfully, just slower than we'd
like), and we figured having NGINX do
Hi,
Hi Lukas,
While HAProxy is able to do some of those things (not sure about
X-FORWARDED-FOR workarounds?)
Yes, haproxy supports and pushes the PROXY protocol for this exact reason.
I'd still prefer to use NGINX where possible
(for other reasons, such as PageSpeed support, etc)
Hi,
Hello. We recently renewed our SSL certificate. After reloading nginx the
number of connections increased significantly even if the number of requests
remained the same.
Does ssltest [1] show any chain issues? Any other warnings from that report?
Regards,
Lukas
[1]
Hello.
No, our site's grade is A.
Grade is irrelevant. Does it have chain issues or not (read: does ssltest
report chain issues: none)?
___
nginx mailing list
nginx@nginx.org
anyone ? Help please. I am pretty much stuck. Thanks
- try without third party module
- update the third party module
lukas
___
nginx mailing list
nginx@nginx.org
Yes, you're right. glibc was the problem. I tried to build an nginx deb
package on a development machine with updated glibc libs and installed it
on the production server.
Don't upgrade libc because of this (it will mess your system up).
Just define it manually when compiling nginx by passing
Hello,
Can someone please look into this.. I need it for proper website
functionality.
I don't see why you would need it once you properly setup the
proxy whitelist?
___
nginx mailing list
Hi,
@Lukas, we're using nginx-1.6 and byte range caching is already enabled
by default(i guess). Below is the curl request :-
curl -H Range:bytes=16- -I
http://videos.files.com/files/videos/2014/06/20/14032606291de19-360.mp4
HTTP/1.1 206 Partial Content
Server: nginx
Date:
we're using two servers (one proxy and one backend). Proxy server
is using proxy_cache to cache mp4 files from backend server and working
fine. When i stream a full video from cache, the header response gives
me the cache-status: HIT but whenever i seek the mp4 file i.e
Hello,
I have a 128 MB RAM VPS with 1 vcore of 2,2 GHz x86_64 CPU. The CPU is much
faster than the Rapsberry one so that is not a problem but the RAM usage, I
think, is.
Could You help me optimize my Nginx installation?
Is this really needed? Nginx doesn't use much RAM usually. How much
Hi,
ok, but i have no idea why ISP is asking for BGP and matter of fact is,
i'll have to make BGP work somehow, so local caching server will fetch
the new subnets from ISP router automatically (and i don't know how).
I strongly suggest you hire some consultant who can help you setting
all
1 - 100 of 157 matches
Mail list logo