When you saw “Windows Auth” did you mean NTLM?
From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Brian W.
Sent: Monday, September 24, 2018 2:50 PM
To: nginx@nginx.org
Subject: [IE] Re: Nginx with windows auth
I saw a post this morning claiming that only paid versions supported it. I
FWIW when I debug this sort of thing I like to emit a response header
identifying which rule is routing the request, like this:
location /a/ {
add_header X-nginx-debug /a/
proxy_pass http://whatever/;
}
That way you can use F12 tools or some other inspection on the result and see
exactly
Last year I gave a talk at nginx.conf describing some success we have had using
Octopus Deploy as a CD tool for nginx configs. The particular Octopus features
that make this good are
* Octopus gives us a good variable replacement / template system so that I can
define a template along with
Have you considered using something like mod_security to manage this sort of
thing?
From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Friscia, Michael
Sent: Monday, March 19, 2018 9:17 AM
To: nginx@nginx.org
Subject: [IE] Re: Aborting malicious requests
Thank you Gary, I really
add_header is used to add a header to a response. It’s not entirely clear to
me that that’s what you want to do. But if so, add_header won’t run for
non-200 return values by default. If you want to propagate the header for
error conditions add the “always” option:
add_header
I posted this a few weeks ago – I hope it helps you. I did this with nginx
plus, so it may not work if you are using the open-source product.
NTLM authentication authenticates connections instead of requests, and this is
somewhat contradicts HTTP protocol, which is expected to be stateless.
One easy newbie mistake to make is leaving out trailing slashes for location
and proxy_pass blocks. I'd expect the location block to look something like
this:
location /app/ {
proxy_pass http://tomcatdomain/application_name/;
}
Note the trailing slashes after /app/ and /application_name/.
I would think "location=" would solve this. What about something like the
following?
server {
listen 443 ssl http2;
server_name localhost;
ssl_certificate ...
ssl_certificate_key ...
ssl_session_cache shared:SSL:1m;
include
Yes - SSL and Client certs are completely orthogonal. However nginx needs to
know about whatever cert is used to sign the client certs. Each client can't
create completely distinct self-signed certs; they have to be signed by an
issuer that nginx trusts. The blog posts at [1] and [2] do a
I find that add_header always works well to verify that the location is being
chosen the way you think.
Try something like
add_header X-NGINX-Route always;
to some of your location blocks and specify different distinct values for
.
Then in your browser you can use F12 tools to verify
Try adding the server name you are using to the server_name directive. You can
specify multiple, e.g:
server_name dog cat dogcat;
Jason
-Original Message-
From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Credo
Sent: Tuesday, February 06, 2018 9:30 AM
To: nginx@nginx.org
I haven’t done it for sharepoint but I have done it for TFS. If I had to guess
you are probably being bitten by NTLM.
NTLM authentication authenticates connections instead of requests, and this is
somewhat contradicts HTTP protocol, which is expected to be stateless. As a
result it doesn't
If you control Frontend Server A I would suggest not using X-Forwarded-For for
this purpose. Can you have the front end server send a distinct header to
server B? X-Real-IP would be a good choice of header. Then Server B could key
off that header instead of XFF.
You might find this page
If you have a github account you can fork the nginx wiki troubleshooting and
send them a pull request ☺
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
Look for “Edit this page” in the rightmost column.
Jason
From: nginx [mailto:nginx-boun...@nginx.org] On
advertised?
Hello!
On Tue, Dec 12, 2017 at 04:34:36PM +0000, Jason Whittington wrote:
> I have a rule like the following where I am trying to replace
> instances of /spf/ with /ec/apps/symmetry/spf/. I’ve used
> sub_filter to do this sort of thing before and had luck with it.
>
>
reference – has anyone seen sub_filter only make one
substitution even when sub_filter once off is specified?
Jason Whittington | Architect, PD Shared Services
[cid:image001.jpg@01CD7B01.8E79C0A0]
WORKFORCE
SOLUTIONS
(o) 314.214.7163 | (m) 636.284.4082
jason.whitting...@equifax.com
Are you trying to do something like this?
server foo {
listen 443 ssl;
...other settings elided...
location /foo/ {
https://external_site/;
}
}
If https://external_site/ traverses a proxy then the answer is “no” – nginx
can’t deal with proxy situations where it has to issue
17 matches
Mail list logo