точнее шелл правильно показывает высшую папку, как сервер рут и папку с сайтом, как документ рут. Но как сделать open_basedir?Хостинг Ру-Центр. 18.08.2013, 10:30, "Русанов Олег" lavan...@ya.ru:Здравствуйте. Есть ли способ предотвратить просматривать шелом другие сайты на виртуальном хосте?В
Вам нужно добиться, чтобы php-скрипты запускались с правами пользователя,
которому принадлежит сайт. На остальные сайты соответственно поставите
права 0750 а апача и nginx добавите в группу пользователя, чтобы они могли
читать файлы.
Как добиться? Разные способы есть. Например использование
Это слишком сложно, как я это сделаю на хостинге Ру-Центра? В конфиг Апача не помогает:Directory /home/идентификатор/домен/docsphp_admin_value open_basedir /home/идентификатор/домен/docsphp_admin_value upload_tmp_dir /home/идентификатор/домен/docs/tmp/Directoryможет это надо как-то в конфиг
Directory /home/идентификатор/домен/docsphp_admin_value open_basedir /home/идентификатор/домен/docsphp_admin_value upload_tmp_dir /home/идентификатор/домен/docs/tmp/Directory Вот это работает все-таки, только если прописывать не в /home/user/d.ru/conf/virtual.conf.manual, а в
Да, отруби ты уже этот html. Глаза сломать можно.
On Sun, Aug 18, 2013 at 10:58:13AM +0400, Русанов Олег wrote:
divЭто слишком сложно, как я это сделаю на хостинге Ру-Центра? /divdiv
/divdivВ конфиг Апача не помогает:/divdivspan
продолжаю играться с кешированием
на тестах (в том числе конкурентных, ab) все было хорошо - попробовали
под нагрузкой.
nginx 1.2.1
да видимо есть бага какая-то.
причем похоже бага с обработкой 'X-Accel-Expires'
прорывает кеш периодически и на бакенд идет толпища запросов.
убрал в
Здравствуйте, Maxim.
set на уровне http был бы очень удобен порой. Обходить это через
map 1 $var {
default value;
}
неудобно.
http://nginx.org/en/docs/faq/variables_in_config.html
Признаюсь, что не въехал в ответ по ссылке. Все слова
Hello!
On Sun, Aug 18, 2013 at 01:34:03PM +0400, Vladislav Shabanov wrote:
Добрый день.
Подскажите, пож-ста, есть ли какое-нибудь готовое решение для аутентификации
одноразовыми
паролями в nginX. Предполагается использовать что-то наподобие вот этого:
Hello!
On Sun, Aug 18, 2013 at 11:42:24PM +0400, Dmitry E. Oboukhov wrote:
продолжаю играться с кешированием
на тестах (в том числе конкурентных, ab) все было хорошо - попробовали
под нагрузкой.
nginx 1.2.1
да видимо есть бага какая-то.
причем похоже бага с обработкой
php_value open_basedir /home/user/1.ru/docs
такое спасает только от PHP. Но если запустить perl или ещё чего - проблема
остаётся, потому что на них ограничения PHP не распространяются.
Так что правильное решение - это разделение прав доступа по сайтам - всё
остальное лишь полумеры
18 августа
I'm trying to follow this tutorial:
http://www.howtoforge.com/using-ngx_pagespeed-with-nginx-on-debian-wheezy to
build nginx with ngx_pagespeed on a Debian Wheezy machine. Unfortunately so
far I have been using nginx from dotdeb so I'm trying to use their sources.
The error occurs when building:
Use the official instructions from
https://github.com/pagespeed/ngx_pagespeed and you'll have no problems.
Well, I haven't upgraded from 1.4.1 yet, but that works fine.
Steve
On 18/08/13 19:46, ovidiu wrote:
I'm trying to follow this tutorial:
Thanks, I knew about those instructions but I was trying to build it hte
Debian way :-(
Found this page with some more instructions/hints:
http://wiki.debian.org/IntroDebianPackaging but no luck.
So I guess if nobody can help me do it this way, in a few days I'll give it
a try with the
Hi,
Is is alright to have two installations of nginx on the same machine?
I have a running instance of nginx with php installed from distribution package
manager.
Instead of writing another config, I would like to compile and install nginx
from source code and run as second instance.
The second
you could specify the configure file by -c option or even specify prefix by
-p
and could compile anther nginx instance by --prefix configure option
2013/8/18 Edwin Lee edwin...@proxyy.biz
Hi,
Is is alright to have two installations of nginx on the same machine?
I have a running instance of
Hi,
Thanks for the insight.
Finally I solved by:
if ($scheme = https) {
gzip off;
}
Separating into two servers require to duplicate the rules like rewrite,
which is cumbersome.
Thanks anyway
On Sat, Aug 17, 2013 at 8:43 PM, Igor Sysoev i...@sysoev.ru wrote:
On Aug 17, 2013, at 8:59
I thought that if statements slowed nginx down?
On Sun, Aug 18, 2013 at 6:27 AM, howard chen howac...@gmail.com wrote:
Hi,
Thanks for the insight.
Finally I solved by:
if ($scheme = https) {
gzip off;
}
Separating into two servers require to duplicate the rules like rewrite,
Igor Sysoev Wrote:
---
Yes, modern nginx versions do not use SSL compression.
[...]
You have to split the dual mode server section into two server server
sections and set gzip off
SSL-enabled on. There is no way to disable gzip in dual mode
On 18 August 2013 18:09, itpp2012 nginx-fo...@nginx.us wrote:
Igor Sysoev Wrote:
---
Yes, modern nginx versions do not use SSL compression.
[...]
You have to split the dual mode server section into two server server
sections and set gzip
I think you mistake ssl/tls level compression with gzip http compression,
both are different.
If you put gzip in http section, all server sections under this http will
inherits this gzip config.
This is why Igor recommends you to split the server config for SSL and
non-SSL, and put 'gzip on'
This discussion started regarding concerns about the BREACH, which (if you
documented about it) attacks SSL-encrypted HTTP-level-compressed data, thus
implying the discussion around gzip.
---
*B. R.*
___
nginx mailing list
nginx@nginx.org
Hello!
On Sat, Aug 17, 2013 at 12:36:38PM -0400, B.R. wrote:
Hello,
On Sat, Aug 17, 2013 at 7:37 AM, Maxim Dounin mdou...@mdounin.ru wrote:
Hello!
I don't think that calling nginx -t as a mandatory step before
configuration reload is a good idea: nginx binary running and
nginx
Igor said:
You have to split the dual mode server section into two server server sections
and set gzip off
SSL-enabled on. There is no way to disable gzip in dual mode server section,
but if you really
worry about security in general the server sections should be different.
Adie said:
This is
On Sun, Aug 18, 2013 at 12:31 PM, Paul N. Pace paulnp...@gmail.com wrote:
Igor said:
You have to split the dual mode server section into two server server
sections and set gzip off
SSL-enabled on. There is no way to disable gzip in dual mode server section,
but if you really
worry about
I think we could all benefit from a nginx recommendation on using gzip with
single and dual mode server sections regarding a hardening approach against
breach. Maxim?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,241953,241993#msg-241993
Hello,
On Sun, Aug 18, 2013 at 3:14 PM, Maxim Dounin mdou...@mdounin.ru wrote:
Making any changes to the configuration isn't something
significant: even without changes at all new binary on disk might
not consider an old configuration as a valid e.g. due to some
module not compiled in. And
Hello!
On Sun, Aug 18, 2013 at 05:29:11PM -0400, B.R. wrote:
[...]
Testing conf is of course a duplicate of work, but that's a safe
operation.
The command output will determine if your new configuration will work
without having to carefully watch logs with anxiety.
As I already
Hello!
On Wed, Aug 14, 2013 at 06:56:32AM -0400, MKl wrote:
Hello,
to increase security of SSL I added some eliptic-curves-ciphers to the
chain. For HTTPS it's working fine, but for the mail proxy it does not work,
I only always get RC4-SHA instead of the ECDH ciphers.
See configuration
On Aug 18, 2013, at 21:09 , itpp2012 wrote:
Igor Sysoev Wrote:
---
Yes, modern nginx versions do not use SSL compression.
[...]
You have to split the dual mode server section into two server server
sections and set gzip off
SSL-enabled
On Aug 18, 2013, at 14:27 , howard chen wrote:
Hi,
Thanks for the insight.
Finally I solved by:
if ($scheme = https) {
gzip off;
}
This does not work on server level. And on location level it may work in wrong
way.
Separating into two servers require to duplicate the rules
30 matches
Mail list logo
