Re: Nginx Rate limiting for HTTPS requests

>>Please show "uname -a", "nginx -V", and "ps -alxww | grep nginx" >>output. #uname -a Linux localhost.localdomain 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux #nginx -V nginx version: nginx/1.14.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16)

Re: Reverse proxy for multiple domains

On Mon, May 21, 2018 at 01:57:07PM +, Mik J via nginx wrote: Hi there, > I would like to know what is the best practice to setup a web proxy. > > I do it like this > - 1 virtual host per application on the reverse proxy and the proxy_pass > points to one IP+path > - 1 virtual host

Re: Необъяснимый 503 при limit_conn

Hello! On Tue, May 22, 2018 at 07:45:35PM +0300, Иван wrote: > Периодически nginx начинает отдавать 503 там где не должен. А именно. > Есть следующая конфигурация limit_conn: > > geo $binaddrnotownproxy { >     default $binary_remote_addr; >     51.ipv4/32 ""; >     2001:ipv6::/56

Re: Nginx Rate limiting for HTTPS requests

Hello! On Tue, May 22, 2018 at 12:37:18PM -0400, rickGsp wrote: > >>- Make sure the $host variable you use for the limiting is not > >>empty and not changed between requests created by your testing > >>tool. Try logging the variable to see if it changes or not. > >>Alternatively, replace it

Необъяснимый 503 при limit_conn

Здравствуйте! Периодически nginx начинает отдавать 503 там где не должен. А именно. Есть следующая конфигурация limit_conn: geo $binaddrnotownproxy {     default $binary_remote_addr;     51.ipv4/32 "";     2001:ipv6::/56 "";     10.ipv4/32 ""; } limit_conn_zone

Re: Nginx Rate limiting for HTTPS requests

>>- Make sure the $host variable you use for the limiting is not >>empty and not changed between requests created by your testing >>tool. Try logging the variable to see if it changes or not. >>Alternatively, replace it with a static string to see if it helps. Checked. $host variable is set

how are port number in $host handled if I specify $host:

Hi, if I read the Module ngx_http_proxy_module documentation I will find e.g. an possible header rewrite in this way proxy_set_header Host $host:$proxy_port; but what would happens here if $host contains already a port number because the server does not listen on a default port. Maybe

Re: [PATCH] SSL: Add ENGINE_init() calls before using engines.

Hello! On Fri, May 18, 2018 at 04:36:53AM -0400, Anderson Sasaki wrote: > Hello, > > > The patch looks correct to me. Though it causes a segmentation > > faults within pkcs11 engine when using such loaded keys at least > > on Ubuntu 18.04 (OpenSSL 1.1.0g, pkcs11 engine from libp11 0.4.7). > >

[nginx] Core: silenced getsockopt(TCP_FASTOPEN) messages on FreeBSD.

details: http://hg.nginx.org/nginx/rev/66aa2c1e82e6 branches: changeset: 7274:66aa2c1e82e6 user: Maxim Dounin date: Mon May 21 23:11:27 2018 +0300 description: Core: silenced getsockopt(TCP_FASTOPEN) messages on FreeBSD. FreeBSD returns EINVAL when

Re: Nginx chunked response

Hello! On Tue, May 22, 2018 at 09:22:44AM -0400, satishkori wrote: > Nginx some times does not serve whole response but only first chunk. We > don't see this kind of behaviour all the times. Below our configuration. > > http { > include mime.types; > default_type

Nginx chunked response

Nginx some times does not serve whole response but only first chunk. We don't see this kind of behaviour all the times. Below our configuration. http { include mime.types; default_type application/octet-stream; sendfileon; keepalive_timeout 65; location "/" {

Re: POST redirection with NGINX

Hi Pedro On 18/05/2018 16:02, pedrobrigatto wrote: > Hi guys, > > The base name of a web application has changed and now I need to implement a > redirection of POST requests so that, whenever clients already using the old > base path are not affected by this modification. So, let's say the old

Re: Block countries - Nginx

Instead of the default nginx geoip module , I suggest you switch to third party geoip2 module for two reasons: 1) maxmind deprecated geoip1 db. 2)geoip2 module can do what you wanted, and the geo lookup can be based on any variables, such as $http_x_forwarded_for Frank On Mon, May 21, 2018 at

Re: Block countries - Nginx

On 21/05/2018 11:49, Sathish Kumar wrote: > Hi All, > > I have a requirement to block certain countries coming to our website. I > managed to achieved it using the ngx_http_geoip_module. I have a problem > now, if the request comes through Amazon API Gateway, how can I read the > X-forwarded-for

Re: Block countries - Nginx

Hello, if you have access to this load balancer, the best way would be to block it there. This also drop down the system load on your load balancer. Am 22.05.2018 um 03:37 schrieb Sathish Kumar: > Hi All, > > Is there a way, I can block the clients which is coming through load > balancer using