Hi Alex,
our device is unattended, not always on, and in some cases in only semi-secured
locations. Besides preventing root access, we also need to protect against the
hacking of a stolen device (or disk).
Human interaction is not practical (other than in exceptional situations).
Roger
>
> Опция --local устанавливает NXT_NODE_LOCAL.
Хм... Значит текст в node-local-check обманывает :)
> echo "error: to make ${NXT_NODE}-local-install you need **either**";
> either
:)
> ну и судя по тому, что было приведено в предыдущем письме, npm install
> вызывается с флагом -g, а это
Hi,
I didn't forget about this. I am pretty swamped at the moment and
there's a holiday freeze coming up. Will get to his in December.
- Ka-Hing
On Thu, Nov 8, 2018 at 6:19 AM Maxim Konovalov wrote:
>
> Hi Ka-Hing,
>
> would you mind to test Roman's most recent patches that add
> "aio_open"
HI
isn't this a bit futile, if they can get onto the box that has nginx they
can get either the private key or secret to get the private key.
safer would be to make it that you need human interact to start nginx.
But till a memory dump of the app would get you the private key.
On Fri, 16
On Thursday, 15 November 2018 23:46:33 MSK Vadim A. Misbakh-Soloviov wrote:
> В письме от пятница, 16 ноября 2018 г. 3:32:03 +07 пользователь Валентин
> Бартенев написал:
> > А make install делается из под рута?
> да
> Но в sandbox (который пресекает попытки вылезти куда не следует) и,
В письме от пятница, 16 ноября 2018 г. 3:32:03 +07 пользователь Валентин
Бартенев написал:
> А make install делается из под рута?
да
Но в sandbox (который пресекает попытки вылезти куда не следует) и, возможно,
с fakeroot (завтра поконкретнее подебажу, используется ли он именно на этой
On Thursday, 15 November 2018 21:43:26 MSK Vadim A. Misbakh-Soloviov wrote:
> >*) Изменение: команда "make install" теперь также устанавливает модуль
> > Node.js, если он был настроен.
> >
> >*) Добавление: параметр "--local" в ./configure для локальной установки
> > модуля
I have a question regarding the ticket.
What if different TLSv1.3 ciphers need to be configured in different server
blocks?
In this case, changing openssl.conf will not help right.
Thanks,
Ramprasad
> On Nov 15, 2018, at 10:55 AM, nginx-devel-requ...@nginx.org wrote:
>
> Send nginx-devel
Hello,
I have an NGINX instance that listens on a tunnel (and some other interfaces).
When NGINX was restarted while the tunnel was down (tun device and address did
not exist), NGINX failed to start.
[emerg] 1344#1344: bind() to 38.88.78.19:443 failed (99: Cannot assign
requested address)
Коллеги, добрый вечер.
Есть задача спроксировать соединение до сервера с Exchange 2013,
который не умеет TLSv1.2 и выше -- он просто обрывает соединение.
Это выяснено с помощью "openssl s_client" перебором ключей -tlsXXX.
Openssl с ключами -tls1 и -tls1_1 соединение устанавливает.
Смотрим
Thanks for the clarification.
In this case, I think the patch is not required.
Regards,
Ramprasad
> On Nov 15, 2018, at 9:32 AM, nginx-devel-requ...@nginx.org wrote:
>
> Send nginx-devel mailing list submissions to
> nginx-devel@nginx.org
>
> To subscribe or unsubscribe via the World
>*) Изменение: команда "make install" теперь также устанавливает модуль
> Node.js, если он был настроен.
>
>*) Добавление: параметр "--local" в ./configure для локальной установки
> модуля Node.js.
1) я пока не смог вычислить, каким именно образом, но в новом релизе сборка
details: http://hg.nginx.org/nginx/rev/9ca82f273967
branches:
changeset: 7395:9ca82f273967
user: Maxim Dounin
date: Thu Nov 15 21:28:02 2018 +0300
description:
Core: ngx_explicit_memzero().
diffstat:
src/core/ngx_string.c | 8
src/core/ngx_string.h | 2
Hello!
On Thu, Nov 15, 2018 at 12:17:39PM -0500, kmansoft wrote:
> Cross posting from https://unix.stackexchange.com/questions/481963, this
> seems to be the better place to ask.
>
> ---
>
> Just updated Debian from "stable" 9.* to "testing" 10.*.
>
> Have nginx 1.14 - used to come from
details: http://hg.nginx.org/njs/rev/93ef4b20c674
branches:
changeset: 656:93ef4b20c674
user: Dmitry Volyntsev
date: Thu Nov 15 20:31:35 2018 +0300
description:
Fixed local scope this.
diffstat:
njs/njs_parser.c | 23 +--
njs/test/njs_unit_test.c |
details: http://hg.nginx.org/njs/rev/e11011d45499
branches:
changeset: 655:e11011d45499
user: Dmitry Volyntsev
date: Thu Nov 15 20:31:35 2018 +0300
description:
Fixed global objects.
1) Making it extensible.
2) Adding default properties according to ES5.1:15.1.1.
diffstat:
details: http://hg.nginx.org/njs/rev/46632012ac03
branches:
changeset: 653:46632012ac03
user: Artem S. Povalyukhin
date: Wed Nov 14 18:14:49 2018 +0300
description:
console.time() and console.timeEnd() methods.
This fixes #62 issue on Github.
diffstat:
njs/njs_shell.c
details: http://hg.nginx.org/njs/rev/76e139b439ad
branches:
changeset: 658:76e139b439ad
user: Dmitry Volyntsev
date: Thu Nov 15 20:31:35 2018 +0300
description:
Handling non-object values in Object.keys().
This fixes #54 issue on Github.
diffstat:
njs/njs_object.c | 133
details: http://hg.nginx.org/njs/rev/5f0090c02589
branches:
changeset: 657:5f0090c02589
user: Dmitry Volyntsev
date: Thu Nov 15 20:31:35 2018 +0300
description:
Extended Object.defineProperty() spec conformance.
1) non-primitive property names.
2) support of array index
details: http://hg.nginx.org/njs/rev/2711e84ede6a
branches:
changeset: 654:2711e84ede6a
user: Dmitry Volyntsev
date: Wed Apr 04 17:38:10 2018 +0300
description:
Improved handling of builtin objects.
The handling of njs_object_init_t arrays is unified across
njs_builtin.c functions.
Cross posting from https://unix.stackexchange.com/questions/481963, this
seems to be the better place to ask.
---
Just updated Debian from "stable" 9.* to "testing" 10.*.
Have nginx 1.14 - used to come from "stable backports" now included in
Debian itself.
Seeing a strange issue with TLS
Hello!
On Wed, Nov 14, 2018 at 03:54:20PM +0100, aquilinux wrote:
> Hi all,
> i'm seeing a strange behaviour in nginx rewrite involving encoded urls for
> *%27*
> I have this type of rewrite:
>
> rewrite "^/brands/l-oreal$"
> > https://somedomain.tld/L%27Or%C3%A9al-Paris/index.html? permanent;
On Thu, 2018-11-15 at 09:27 -0500, Olaf van der Spek wrote:
> Jim Popovitch Wrote:
> ---
> > On Thu, 2018-11-15 at 08:36 -0500, Olaf van der Spek wrote:
> > So a specific use case. What about port 443 (you haven't mentioned
> > it
>
> What
Hello!
On Wed, Nov 14, 2018 at 05:24:52PM -0800, Ramprasad Tamilselvan wrote:
> # HG changeset patch
> # User Ramprasad Tamilselvan
> # Date 1542241466 28800
> # Wed Nov 14 16:24:26 2018 -0800
> # Node ID 83b05772dbd657b31df16d712a64c908c371f0d9
> # Parent
Здравствуйте.
Рад сообщить о выпуске новой версии NGINX Unit.
Этот выпуск в основном посвящен улучшениям совместимости модуля Node.js с
приложениями; благодаря активной помощи сообщества нам удалось добиться
существенных успехов.
Пожалуйста сообщайте нам обо всех найденных проблемах и
Hi Francis and Maxim,
Cheers, that solved it. Used 127.0.0.1 and works like a charm. Will remove the
resolver from my config.
Thanks for the explanations.
Kind regards
Simon
> On 15 Nov 2018, at 14:24, Maxim Dounin wrote:
>
> Hello!
>
> On Thu, Nov 15, 2018 at 11:10:08AM +, rough
Hello,
I'm glad to announce a new release of NGINX Unit.
This release primarily focuses on improvements in Node.js module compatibility;
thanks to our vibrant community, we made great progress here.
Please don't hesitate to report any problems to:
- Github:
Jim Popovitch Wrote:
---
> On Thu, 2018-11-15 at 08:36 -0500, Olaf van der Spek wrote:
> So a specific use case. What about port 443 (you haven't mentioned it
What about it?
> yet), except what if it's on a non-routable subnet perhaps 8443
Hello!
On Thu, Nov 15, 2018 at 11:10:08AM +, rough lea wrote:
> I am a newbie running tusd server on macos High Sierra behind an
> Nginx Proxy running within a docker container. In the logs, I
> notice that before an _UploadCreated_ event is received there is
> an attempt to connect to
чт, 15 нояб. 2018 г. в 18:55, kpoxa :
> У меня на сервере 200 IP адресов, на части из 443 портов висят HTTP
> сервера, на второй части 443 портов висят стримы.
>
если у вас systemd-шное, посмотрите в сторону "instantiated units"
мы разнесли http и stream на разные инстансы, красота
>
details: http://hg.nginx.org/nginx/rev/650574a44505
branches:
changeset: 7394:650574a44505
user: Ruslan Ermilov
date: Thu Nov 15 15:28:54 2018 +0300
description:
Core: free shared memory on cycle initialization failure.
diffstat:
src/core/ngx_cycle.c | 64
Руками пересчитал количество bind в выводе strace, да, их стало меньше.
Да, этот вариант действительно не рабочий.
Пока что сделано через fake bind, загружаемый через LD_PRELOAD. Костыль,
конечно.
чт, 15 нояб. 2018 г. в 16:55, Maxim Dounin :
> Hello!
>
> On Thu, Nov 15, 2018 at 12:42:51PM +0300,
On Thu, Nov 15, 2018 at 11:10:08AM +, rough lea wrote:
Hi there,
> I am a newbie running tusd server on macos High Sierra behind an Nginx Proxy
> running within a docker container. In the logs, I notice that before an
> _UploadCreated_ event is received there is an attempt to connect to
On Thu, 2018-11-15 at 08:36 -0500, Olaf van der Spek wrote:
> > (see, this is why posting via forums is like cancer. Hint: the forum
> > rarely sends the context, also not to forget the quoted first line
> > in the thread opener)
>
> A proper forum would do that..
A proper forum poster would
Hello!
On Thu, Nov 15, 2018 at 12:42:51PM +0300, kpoxa wrote:
> Добрый день.
>
> Не помогает такой вариант:
>
> http {
> server {
> server_name bind_only;
> listen 80;
> listen 443 ssl;
> location / { return 200;}
> }
> server {
> listen ip10:443;
> }
> server {
> listen
У меня на сервере 200 IP адресов, на части из 443 портов висят HTTP
сервера, на второй части 443 портов висят стримы.
Соответственно ведут каждый из серверов в разные места. В моем случае
нельзя сделать вилдкардный сервер в одном модуле, не пересекающийся с
другим модулем.
Перечитал ответ Максима,
> (see, this is why posting via forums is like cancer. Hint: the forum
> rarely sends the context, also not to forget the quoted first line in
> the thread opener)
A proper forum would do that..
> To address your concerns about nginx configuration, simply put it's not
> worth the developers time
On Thu, 2018-11-15 at 08:05 -0500, Olaf van der Spek wrote:
> Why so hostile?
Why so vague?
(see, this is why posting via forums is like cancer. Hint: the forum
rarely sends the context, also not to forget the quoted first line in
the thread opener)
To address your concerns about nginx
Why so hostile?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,281948,281963#msg-281963
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
В письме от четверг, 15 ноября 2018 г. 16:42:51 +07 пользователь kpoxa
написал:
> Добрый день.
>
> Не помогает такой вариант:
>
> http {
...
> listen 80;
...
> }
> stream {
> }
А теперь, пожалуйста, вернитесь на пару писем назад по цепочке, и прочитайте
ответ Максима.
http и stream -
Hello!
On Wed, Nov 14, 2018 at 12:17:57PM -0800, Roger Fischer wrote:
> Hello,
>
> does NGINX support any mechanisms to securely access the private
> key of server certificates?
>
> Specifically, could NGINX make a request to a key store, rather
> than reading from a local file?
>
> Are
Hi,
I am a newbie running tusd server on macos High Sierra behind an Nginx Proxy
running within a docker container. In the logs, I notice that before an
_UploadCreated_ event is received there is an attempt to connect to tusd using
ipv6 loopback address which fails.
_[crit] 23#23: *4
Добрый день.
Не помогает такой вариант:
http {
server {
server_name bind_only;
listen 80;
listen 443 ssl;
location / { return 200;}
}
server {
listen ip10:443;
}
server {
listen ip11:443;
}
}
stream {
server {
listen ip1:443;
}
server {
listen ip2:443;
}
server {
Hi Lucas,
On Wed, Nov 14, 2018 at 06:50:23PM +, Lucas Rolff wrote:
> Hi Roman,
>
> I can confirm that indeed does fix the problem, thanks!
>
> I do wonder though, why not let nginx make the decision instead of relying on
> what the origin sends or does not send?
nginx tries to be
44 matches
Mail list logo
