Re: Restarting service takes too much time
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295945,295964#msg-295964 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Restarting service takes too much time
Yes - He is right; everything is revolves around DNS and even my error is with DNS resolving as it was not able to resolve the ocsp.godaddy.com hence please troubelshoot from DNS perspetive. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295945,295963#msg-295963 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Restarting service takes too much time
Hi, Did you check error log or syslog? Is that spitting out any errors? Do you have SSL_OCSP settings configured and it might not be able to reach to the protocol? I mean I had 45 portals and was facing a same issue. Later when I done the debug I found that ocsp.godaddy.com was not reachable and it verifies every time we reload the service. Just a heads up though. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295945,295946#msg-295946 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Content Security Policy Headers are not appearing
I see - that;s a nice suggestion. Let me see how this goes. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295928,295939#msg-295939 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Content Security Policy Headers are not appearing
Well this is particularly I noticed for https vhost config. The CSP headers are properly being displayed for http but not https. Here is my config more /etc/nginx/conf.d/sec-headers.conf add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" always; server { include /etc/nginx/apploxconf.d/applox-bots-declare.conf; include /etc/nginx/conf.d/sec-headers.conf; listen 80; . .. . And here is https server { include /etc/nginx/apploxconf.d/applox-bots-declare.conf; include /etc/nginx/conf.d/sec-headers.conf; listen 443 ssl http2; However https properly gets reflected but not with https. curl -I http://www..xxx HTTP/1.1 301 Moved Permanently Date: Wed, 30 Nov 2022 03:20:23 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://www.. Server: applox-waf Content-Security-Policy: default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; HTTP/1.1 200 OK Date: Wed, 30 Nov 2022 03:33:47 GMT Content-Type: text/html Content-Length: 37579 Connection: keep-alive Cache-Control: private Set-Cookie: ASPSESSIONIDSGSTSTQQ=KOMPLPOCKOFKKCOELBNALAKE; secure; path=/ Server: applox-waf Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade X-Frame-Options: SAMEORIGIN Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295928,295929#msg-295929 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Content Security Policy Headers are not appearing
Hi All, I am trying to set a CSP headers in my nginx reverse proxy and those are not appearing even after multiple attempts. Any idea what is wrong or why the header is not getting added? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295928,295928#msg-295928 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: nginx listen port 8443, redirect 8080 port to another IP
Yes - with Proxy_pass you can and if not use Iptables to port forward the traffic. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295923,295924#msg-295924 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Can someone guide me about building a CSP Server on Nginx?
Hi Guys, I am about to implement a CSP policy for my servers on my nginx reverse proxy server. Since those are production websites as per guidelines I need to put the policy in report only mode and send a report to another webserver which would accept the POST response. However I tried building a simple webserver on nginx but no luck. Can someone please help me about building an CSP report only server on nginx? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295921,295921#msg-295921 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Running ssl on custom port and its not working
Nothing interesting as such however below is the curl output from nginx server curl -I https://xxx..xxx:8081/neutrino-sso-web HTTP/1.1 302 Found Date: Thu, 17 Nov 2022 17:57:10 GMT Server: JBoss-EAP/7 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Powered-By: Undertow/1 X-Powered-By: JSP/2.3 X-Frame-Options: DENY Location: https://..:8081/neutrino-sso-web/login Strict-Transport-Security: max-age=15768000 ; includeSubDomains X-Content-Type-Options: nosniff Content-Type: text/html; charset=UTF-8 Set-Cookie: JSESSIONID="nhsQqmnRHPaYQMdNjhkMIQ7HL6vo-fWCrPTfC8Zd.master:aeon"; Version=1; Path=/neutrino-sso-web; Secure; HttpOnly;HttpOnly;Secure;SameSite=strict Access-Control-Allow-Origin: * Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295782,295805#msg-295805 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Running ssl on custom port and its not working
Hi Team, I have current URL as https://xxx.xxx.xxx:8081/neutrino-sso-web/ which is directly natted on firewall on pot 8081 However I now would like to put this URL behind nginx reverse proxy. Since the above URL is given to lot many customers it would not be possible to change the URL. we are planning to change it graudally. However mean time I installed the nginx and trying to relay the same setup; so that from internet if some accessed https://xx..xxx:8081/neutrino-sso-web/ it would proxy_pass to orignial server My stanza is as below; however this is not working and I am getting ## This site can’t provide a secure connection xxx...xxx sent an invalid response. ERR_SSL_PROTOCOL_ERROR ## server { listen 443; listen 8081 ssl; server_name xx..; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/nginx/certs/xx.xx/216560a7cbdc5937.crt; ssl_certificate_key /etc/nginx/certs/xx.xx/.key; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA -AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384: ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256 -SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3 -SHA:!DSS'; ssl_dhparam /etc/nginx/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; ssl_session_timeout 1d; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; keepalive_timeout 70; if ( $request_method !~ ^(GET|POST|HEAD)$ ) { return 403; break; } access_log /var/log/nginx/xxx./access.log; error_log /var/log/nginx/xxx.xxx/error.log; { location / { client_max_body_size700m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_http_version 1.1; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_pass https://xxx.xxx.xxx:8081/neutrino-sso-web/login; proxy_ssl_server_name on; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "no-referrer-when-downgrade"; add_header X-Frame-Options "SAMEORIGIN" always; } } Am I doing anything wroing? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295782,295782#msg-295782 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Rewrite rules not working
Thanks appreciate it. Will have to check and confirm. By the way which one would you confirm is preferable method rewrite or return? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295715,295725#msg-295725 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Rewrite rules not working
Hi Team, I am trying to write a below rewrite rule but somehow this is not working and I would really appreicate if someone can help me on this? I have a website http://web1.example.local/web1 Instead I need a rewrite so that if user enters http://web1.example.local it will be diverted to http://web1.example.local/web1 server { listen 80; server_name web1.example.local; add_header X-Frame-Options "SAMEORIGIN"; access_log /var/log/nginx/web1/access.log; error_log /var/log/nginx/web1/error.log; rewrite ^ http://web1.example.local Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295715,295715#msg-295715 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: SSL Acceleration or Offloading with Nginx
Any specific card or hardware device that you can suggest for the setup? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294862,294871#msg-294871 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: SSL Acceleration or Offloading with Nginx
Thanks a lot for your input Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294862,294870#msg-294870 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
SSL Acceleration or Offloading with Nginx
Hi Team, I wanted to know the possibilities with Nginx SSL offloading to separate CPU card or any other hardware? How do I achieve better performance with Nginx SSL offloading? Do I need to go with more CPU cores? or dedicated card or any other mechanism? Can someone please suggest? TIA Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294862,294862#msg-294862 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Nginx reverse proxy gzip for json payload
This is fine - I need a part from Nginx to client. And thanks for clarifying about nginx compressing the request which are only in responses. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294276,294305#msg-294305 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Keepalived with nginx open source
Thanks for input; much appreciated. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294275,294294#msg-294294 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Nginx reverse proxy gzip for json payload
Thanks for the reply. Let me try doing that. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294276,294293#msg-294293 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Nginx reverse proxy gzip for json payload
Hi Team, I currently have IIS server and I am planning to put reverse proxy server in front of that IIS server. Since this IIS server carries a huge request in every request that is around 40-50 Mb of data is being uploaded at every transaction I need to enable gzip on for the server. However I see only html/text files can be gzipped and if any specific other data needs to be gzipped then needs to be defined. Can someone please tell me if json data can be achieved with gzip on? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294276,294276#msg-294276 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Keepalived with nginx open source
Hi Team, I am going to deploy two nginx reverse proxy servers and I wanted them in HA mode. I see keepalived is available with Plus version however keepalived being an open source can be used with Open source version as well? Can someone please confirm if keepalived or any other approach can help me in achieving Active-Passive setup of nginx reverse proxies? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,294275,294275#msg-294275 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Change customer Server Header without compiling it?
Right - And that helped a lot. Thanks for the quick help Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293801,293829#msg-293829 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Change customer Server Header without compiling it?
Hi Team, I have Ubuntu 20.04 and Nginx 1.20.1 installed from Official Nginx repository. I already have made the server_tokens to off however wondering if customer header can be added without recompiling it? With any modules or packages on ubuntu 20.04? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293801,293801#msg-293801 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Getting weird issue with Nginx reverse Proxy
Thanks team for your help but I had to find an alternative and instead I hosted the site on Nginx server itself. Which currently is working fine. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293780,293795#msg-293795 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Getting weird issue with Nginx reverse Proxy
user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; load_module modules/ngx_http_modsecurity_module.so; events { worker_connections 768; # multi_accept on; } http { map $http_upgrade $connection_upgrade { default upgrade; '' close; } ## # Basic Settings ## sendfile on; tcp_nopush on; types_hash_max_size 2048; server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; #include /etc/nginx/sites-enabled/*; geoip_country /usr/share/GeoIP/GeoLite2-Country.mmdb; map $geoip_country_code $allowed_country_isn { default yes; PK no; CN no; AF no; KP no; LY no; UA no; } } # configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf: load_module modules/ngx_http_auth_pam_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf: load_module modules/ngx_http_dav_ext_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf: load_module modules/ngx_http_echo_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf: load_module modules/ngx_http_geoip_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf: load_module modules/ngx_http_image_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf: load_module modules/ngx_http_subs_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf: load_module modules/ngx_http_upstream_fair_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf: load_module modules/ngx_http_xslt_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf: load_module modules/ngx_mail_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-ssl-ct.conf: load_module modules/ngx_ssl_ct_module.so; load_module modules/ngx_http_ssl_ct_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf: load_module modules/ngx_stream_module.so; # configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip.conf: load_module modules/ngx_stream_geoip_module.so; # configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf: load_module modules/ngx_stream_geoip2_module.so; # configuration file /etc/nginx/mime.types: types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpegjpeg jpg; application/javascriptjs; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plaintxt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; image/png png; image/tifftif tiff; image/vnd.wap.wbmpwbmp; image/x-icon ico; image/x-jng jng; image/x-ms-bmpbmp; image/svg+xml svg svgz; image/webpwebp; application/font-woff woff; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; application/msworddoc; application/pdf pdf; application/postscriptps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; application/vnd.wap.wmlc
Re: Getting weird issue with Nginx reverse Proxy
Here is Apache config ServerAdmin webmas...@example.com DocumentRoot /var/www/fs/ ServerName fs.example.com ServerAlias fs.example.com ErrorLog /var/log/apache2/fs/error.log CustomLog /var/log/apache2/fs/access.log combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy #SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded #CustomLog "logs/access_log" combined env=!forwarded #CustomLog "logs/access_log" proxy env=forwarded Options Indexes FollowSymLinks Includes ExecCGI Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293780,293788#msg-293788 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Getting weird issue with Nginx reverse Proxy
Here are the debug logs - If that would help https://pastebin.com/K3521Cnk Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293780,293781#msg-293781 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Getting weird issue with Nginx reverse Proxy
Hi Team, My portal name is lets say fs.example.com and it is configured on apache server which is then proxied to internet using Nginx reverse proxy. However I tried everything I was aware of and I am consistently getting below error whenever this URL is accessed. I am running out of ideas about troubleshooting the issue and I need a help on it. Here is Nginx config file ``` server { listen 443 http2 ssl; server_name fs.example.com; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/nginx/ssls/isncert/isnwild.crt; ssl_certificate_key /etc/nginx/ssls/isncert/star.key; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:E CDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256 -SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RS A-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA: DES-CBC3-SHA:!DSS'; ssl_dhparam /etc/ssl/dhparams2048.pem; ssl_session_timeout 1d; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; include /config/nginx/authelia.conf; access_log /var/log/nginx/fs/access.log; error_log /var/log/nginx/fs/error.log; location / { client_max_body_size10m; #proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_buffers 4 256k; proxy_buffer_size 16k; proxy_pass http://fs.example.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "no-referrer-when-downgrade"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; include /config/nginx/auth.conf; include /config/nginx/restconfig.conf; } } ``` And here is the error Bad Request Your browser sent a request that this server could not understand. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293780,293780#msg-293780 ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Can nginx act as a load-balancer for IBM Aspera?
Thanks for message. Let me test that and revert. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292505,292512#msg-292512 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Can nginx act as a load-balancer for IBM Aspera?
Hi Team, I am trying to build a reverse proxy as well as load balancer using below link. Can someone please confirm if below scenario can be achieved? I would really appreciate if someone can go through the links and wanted to understand if sticky or persistence connection can be possible with Nginx LB? https://www.ibm.com/docs/en/aspera-faspex/4.4.1?topic=systems-expected-load-balancer-behavior Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292505,292505#msg-292505 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Port redirection is not working as expected
Hi Team, Here is one more issue I am facing. I have portal running on http://test.example.com:8080/AppWise and http://test.example.com/WebAdmin Now I diverted that portal through Nginx reverse proxy here is my config ** server { listen 8080; listen 80; server_name test.example.com; access_log /var/log/nginx/twprod/access.log; error_log /var/log/nginx/twprod/error.log; include /etc/nginx/applox/feeds/badips.txt; location /AppWise/{ client_max_body_size10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_pass http://test.example.com:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /WebAdmin/{ client_max_body_size10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_pass http://test.example.com:8080; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } *** The thing is First page open properly and then it asks for username password; this is fine. now after login suddenly I receive 302 and page is diverted to http://test/example.com/Appwise/<...REST of the URI.> # 10.0.22.99 - - [20/Sep/2021:18:41:05 +0530] "POST /AppWise/servlet/TeamAccess/Login HTTP/1.1" 302 0 "http://test.example.com:8080/AppWise/servlet/TeamAccess/Login; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" 10.0.22.99 - - [20/Sep/2021:18:47:42 +0530] "POST /AppWise/servlet/TeamAccess/Login HTTP/1.1" 302 0 "http://test.example.com:8080/AppWise/servlet/TeamAccess/Login; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" 10.0.22.99 - - [20/Sep/2021:18:51:04 +0530] "POST /AppWise/servlet/TeamAccess/Login HTTP/1.1" 302 0 "http://test.example.com:8080/AppWise/servlet/TeamAccess/Login; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" ### I expected for this page to stay at http://test.example.com:8080 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292448,292448#msg-292448 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Websocket is not working with Nginx Reverse Proxy
Bummer!! I am not that pro - but would really appreciate if you can give me certain reference links or configuration? Please Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292420,292447#msg-292447 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Websocket is not working with Nginx Reverse Proxy
Well - I tried that as well location /SNX/ { proxy_pass https://websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; And in nginx.conf file http { map $http_upgrade $connection_upgrade { default upgrade; '' close; } And still no luck - Here is what I see in access.log and it just stops there 182.48.206.98 - - [20/Sep/2021:07:59:32 +0530] "GET /Login/ComponentFrame?nPageMode=2=80,0,0064,18 HTTP/1.1" 200 1150 "https://vpn..com/SNX/extender; "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292420,292425#msg-292425 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Websocket is not working with Nginx Reverse Proxy
My bad - Just a typo with this topic. I want to add Nginx reverse proxy in front of my checkpoint mobile access portal not behind Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292420,292421#msg-292421 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Websocket is not working with Nginx Reverse Proxy
Hi Team, I am trying to add nginx reverse proxy behind Check Point Mobile access portal which is a SSL VPN portal. Somehow this not working and when I captured and analyzed the har file I observed that the portal is accepting websocket calls. I tried implementing the same with nginx but I am still unable to find the solution. Here is what I am seeing with Har file and then I have given my config General: Request URL: https://vpn..com/7D8B79A2-8974-4D7B-A76A-F4F29624C06BMCNu92Dm4l-Zi00Q9XmCAEP2W0TG236BR4s3ROIfxiy7ICrrEllGkIikmth2jOjkklZMt4z1porwm5BgBNByrQ/websocket?url=https%3A%2F%2Fvpn..com%2FPortal%2FMain=1632059231484HTTP Version: HTTP/1.1Request method: GET Headers: Cache-Control no-cache Connection Upgrade Cookie selected_realm=ssl_vpn; CPCVPN_SESSION_ID=e27df7fe2b0ce359198a5b703b9402d235668bb3; CPCVPN_BASE_HOST=vpn..com; CPCVPN_OBSCURE_KEY=23f63321355ce5d11767b258178d9775 DNT 1 Host vpn..com Origin https://vpn..com Sec-WebSocket-Key ehTLIcXsKwaddkSug5rN9Q== Sec-WebSocket-Version 13 Upgrade websocket User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Query arguments: url https://vpn..com/Portal/Main nocache 1632059231484 ## And here is my config * upstream websocket { server vpn..com:443; } server { listen 443 ssl; server_name vpn..com; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/nginx/ssls/labcerts/wild.crt; ssl_certificate_key /etc/nginx/ssls/labcerts/wild.key; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_dhparam /etc/ssl/dhparams2048.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; ssl_session_timeout 1d; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; access_log /var/log/nginx/sslvpn/access.log; error_log /var/log/nginx/sslvpn/error.log; error_page 404 403 /custom_404.html; location = /custom_404.html { root /usr/share/nginx/html; internal; } location /SNX/ { proxy_pass https://websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; } location / { proxy_send_timeout 90; proxy_http_version 1.1; proxy_read_timeout 90; proxy_connect_timeout 30s; proxy_pass https://websocket; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_ssl_server_name on; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292420,292420#msg-292420 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx reverse proxy regex help
Hi Team, Looks like my issue is resolved by adding this line after proxy_pass proxy_ssl_server_name on; Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292405,292419#msg-292419 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx reverse proxy regex help
Well actually while doing a curl request site is being moved and here is I am getting curl -vk https://xx.xx.xx/TestPage/ Object moved Object moved to here. * Connection #0 to host xx.xx.xx left intact Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292405,292418#msg-292418 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx reverse proxy regex help
Sure I'll note that. and I feed something is not right at remote end server. Thanks for your help. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292405,292417#msg-292417 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx reverse proxy regex help
Oh my bad those xxx. and sss consider those are single url. I just typed while creating this post randomly Here are my error.log - 2021/09/17 11:23:09 [error] 9429#9429: *1814357 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.0.22.99, server: xxx..xxx.xxx, request: "GET /TestPage/ HTTP/1.1", upstream: "https://10.0.20.77:443/TestPage/;, host: "xx.xxx.xxx.xx" Wondering why this is making connection to host when my proxy_pass says https:// Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292405,292414#msg-292414 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Nginx reverse proxy regex help
Hi Team, I have server whose URL is https://xx.xx.xx.xx/TestPage/ which gets generated as https://.xxx.xxx/TestPage/(S(0inoxzi14rxqq1uix1tiyp1t))/index.aspx Now I have implemented nginx reverse proxy in front this server and then I have done the config proxy_pass as proxy_pass https://xxx..sss.ss/TestPage; Now if you see after TestPage there is a unique value gets added and then index.aspx however whenever request is passed through nginx I get 502 badgateway. Wondering how do I pass that unique value through regex? Please help here is lcoation location /TestPage { client_max_body_size10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_http_version 1.1; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_pass https://xx.ss.xx.ss/TestPage; proxy_redirect default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "no-referrer-when-downgrade"; } } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292405,292405#msg-292405 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Citrix server deployment behind nginx reverse proxy?
Hi Team, Wondering if anyone has deployed Citrix server behind nginx reverse proxy server? Or if anyone has success about implementing Check Point Mobile Access VPN portal behind nginx reverse proxy? I am still wondering if such encryption technology can work with Nginx reverse proxy? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292360,292360#msg-292360 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx geoip module with reverse proxy in multi tenant
Thanks appreciated your response. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291069,291077#msg-291077 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx geoip module with reverse proxy in multi tenant
Oh Ok - Thanks for the pointer and if my understanding is clear then define map $geoip_country_code $allowed_country_A map $geoip_country_code $allowed_country_B map $geoip_country_code $allowed_country_C under http section in /etc/nginx/nginx.conf and then use if ($allowed_country_A = no) in server section? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291069,291072#msg-291072 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
nginx geoip module with reverse proxy in multi tenant
Hi Team, This is nginx 1.19.5 I have reverse proxy server where I am hosting around 20 sites behind nginx reverse proxy server. This reverse proxy server only used for reverse proxy purpose and no local web server is running on it. I need to implement geoip blocking but what I understood from the document is map $geoip_country_code $allowed_country variable to has to be set in http section and then if ($allowed_country = no) { return 444; } Can be called in server section. This is fine if I am hosting one site what if in case of mutiple sites? In this case suppose siteA.exampe.com need to have access blocked from CN While siteB.example.com needs to have access allowed from CN How do I achieve it? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291069,291069#msg-291069 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Stuck in weird issue - need help pls
Well - That was not the nginx issue and was an apache2 issue. I had virtual hosts defined on apache2 server and apache2 was not finding a match even through config was there. Hence I added the entry in hosts file and it worked. Plus moved my vshost config file to apache2.conf file. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,290958,290973#msg-290973 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Stuck in weird issue - need help pls
Hi Team, I am stuck in this weird issue. I have nginx as my reverse proxy set in front of Apache web server Some how my proxy_pass is not working as expected and getting 404 not found error while retrieving page. Can someone pls help? Reve Proxy IP - 10.122.0.4 Apache 10.122.0.3 On my Rev Proxy /etc/hosts file 10.122.0.3 ipbl..xxx Here is my nginx stanza server { listen 80; server_name threat.list.xxx.xxx; # return 301 https://$server_name$request_uri; add_header X-Frame-Options "SAMEORIGIN"; modsecurity on; modsecurity_rules_file /etc/nginx/modsec/main.conf; error_page 404 403 /custom_404.html; location = /custom_404.html { root /usr/share/nginx/html; internal; } access_log /var/log/nginx/threatlist/access.log; error_log /var/log/nginx/threatlist/error.log; location / { if ($request_method !~ "GET") { return 403; break; } include /etc/nginx/threatlistacl/ipacls; deny all; client_max_body_size10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_pass http://ipbl..; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } Now if I access ipbl.xxx.xxx/ipbl.txt page it gets accessed successfully Request URL: http://threat.list.xxx.xxx/ipbl.txt Request Method: GET Status Code: 404 Not Found Remote Address: xxx.xx.xx.xx:80 Referrer Policy: strict-origin-when-cross-origin Connection: keep-alive Content-Type: text/html; charset=iso-8859-1 Date: Sat, 13 Mar 2021 04:50:53 GMT Server: nginx Transfer-Encoding: chunked Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-GB,en;q=0.9 Connection: keep-alive DNT: 1 Host: threat.list.xxx.xxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36 And my access.log xx.xx.xx.xx - - [13/Mar/2021:10:31:17 +0530] "GET /ipbl.txt HTTP/1.1" 404 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36" Posted at Nginx Forum: https://forum.nginx.org/read.php?2,290958,290958#msg-290958 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Can we use JWT authentication with Nginx Open source version?
Hi Folks, I was referring lot of other articles on internet and seems that jwt authentication is only possible with Nginx plus version; wondering if this is possible with Nginx Open source version as well? TIA Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285190,285190#msg-285190 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Need help on Oauth-2.0 Token with Nginx reverse proxy
Hi Folks, Really no solution for this? Can someone please help? Now I am seeing beloe error in access.log and my file is like this 11.22.33.44 - - [05/Aug/2019:14:50:58 +0530] "POST /connect/token HTTP/1.1" 404 191 "https://test.example.net/; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36" location = /connect/token { internal; proxy_set_header Authorization "bearer x"; proxy_set_header Content-Type "application/x-www-form-urlencoded"; proxy_method POST; # proxy_pass_header Authorization; proxy_pass https://test.example.net:99/connect/token; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285048,285108#msg-285108 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Need help on Oauth-2.0 Token with Nginx reverse proxy
Hi Folks, Really no solution for this? Can someone please help? Now I am seeing beloe error in access.log and my file is like this 11.22.33.44 - - [05/Aug/2019:14:50:58 +0530] "POST /connect/token HTTP/1.1" 404 191 "https://test.example.net/; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36" location = /connect/token { internal; proxy_set_header Authorization "bearer x"; proxy_set_header Content-Type "application/x-www-form-urlencoded"; proxy_method POST; # proxy_pass_header Authorization; proxy_pass https://test.example.net:99/connect/token; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285048,285107#msg-285107 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: How do I add multiple proxy_pass
yeah that's a good point and let me try out that. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284983,285078#msg-285078 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Need help on Oauth-2.0 Token with Nginx reverse proxy
Here are the error messages I am seeing in access.log 1.2.3.4 - - [31/Jul/2019:10:07:58 +0530] "POST /connect/token HTTP/1.1" 400 80 "https://test.example.net/; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" 1.2.3.4 - - [31/Jul/2019:10:07:58 +0530] "POST /AdsvaluAPI/api/Authentication/UpdateLoginAttemptFailed HTTP/1.1" 201 132 "https://test.example.net/; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285048,285050#msg-285050 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Need help on Oauth-2.0 Token with Nginx reverse proxy
blason Wrote: --- > Hi Folks, > > I am trying to setup a reverse proxy on nginx with server at backend > and from HAR file I understand it uses Oauth-Token-2.0 with POST > method. > > However I am unable to set the stuff and seeking help here. > > My original server here is assuming > > https://test.example.net:9084 > And for Outh from har file I can see the request goes to > https://test.example.net:99/connect/token > > Here is my config > * > server { > listen 443 ssl; > listen 8084; > listen 88; > server_name test.example.net; > ssl_protocols TLSv1.1 TLSv1.2; >ssl_certificate /etc/nginx/certs/star_.com.crt; >ssl_certificate_key /etc/nginx/certs/server.key; >ssl on; > ssl_ciphers > 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; > gzip on; > gzip_proxied any; > gzip_types text/plain text/xml text/css > application/x-javascript; > gzip_vary on; > gzip_comp_level 6; > gzip_buffers 16 8k; > gzip_http_version 1.1; > gzip_min_length 256; > gzip_disable "MSIE [1-6]\.(?!.*SV1)"; > ssl_prefer_server_ciphers on; > ssl_session_cache shared:SSL:10m; > access_log /var/log/nginx/test/access.log; > error_log /var/log/nginx/test/error.log; > > > location / { > proxy_pass https://test.example.net:9084; > proxy_redirect https://test.example.net:99/ /; >client_max_body_size10m; > client_body_buffer_size 128k; > #proxy_redirect off; > proxy_send_timeout 90; > proxy_read_timeout 90; > proxy_buffer_size128k; > proxy_buffers 4 256k; > proxy_busy_buffers_size 256k; > proxy_temp_file_write_size 256k; > proxy_connect_timeout 30s; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > add_header Strict-Transport-Security "max-age=31536000; > includeSubDomains" always; > add_header X-Content-Type-Options nosniff; > add_header X-XSS-Protection "1; mode=block"; > add_header Referrer-Policy "no-referrer-when-downgrade"; > add_header X-Frame-Options "SAMEORIGIN" always; > } Here are HAR file Headers Date Tue, 30 Jul 2019 07:56:26 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Connection keep-alive Content-Length 919 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy no-referrer-when-downgrade Server nginx X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods * Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, max-age=0, private Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept Request Headers Accept application/json, text/plain, */* Referer https://test.example.net/ Origin https://test.example.net User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Content-Type application/x-www-form-urlencoded Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285048,285049#msg-285049 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Need help on Oauth-2.0 Token with Nginx reverse proxy
Hi Folks, I am trying to setup a reverse proxy on nginx with server at backend and from HAR file I understand it uses Oauth-Token-2.0 with POST method. However I am unable to set the stuff and seeking help here. My original server here is assuming https://test.example.net:9084 And for Outh from har file I can see the request goes to https://test.example.net:99/connect/token Here is my config * server { listen 443 ssl; listen 8084; listen 88; server_name test.example.net; ssl_protocols TLSv1.1 TLSv1.2; ssl_certificate /etc/nginx/certs/star_.com.crt; ssl_certificate_key /etc/nginx/certs/server.key; ssl on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; gzip on; gzip_proxied any; gzip_types text/plain text/xml text/css application/x-javascript; gzip_vary on; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_min_length 256; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log /var/log/nginx/test/access.log; error_log /var/log/nginx/test/error.log; location / { proxy_pass https://test.example.net:9084; proxy_redirect https://test.example.net:99/ /; client_max_body_size10m; client_body_buffer_size 128k; #proxy_redirect off; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "no-referrer-when-downgrade"; add_header X-Frame-Options "SAMEORIGIN" always; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285048,285048#msg-285048 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
How do I add multiple proxy_pass
Hi, I have nginx with version 1.10.1 and have below scenario which I am not able to figure it out. My reverse proxy set it up as www.example.com and location / is set it as location / { proxy_pass https://www.example.com:8084; Now URL is getting opened properly when I login it again diverts to port 88 on the same server so my query is how do I add multiple proxy pass for same server like proxy_pass https://www.example.com:88 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284983,284983#msg-284983 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
How to implement below config on nginx Reverse Proxy mode
Hi Team, My nginx is configured in Reverse Proxy mode and catering to internet. However I have been tasked to add one e server with below config and I am facing difficulty while putting that in production. My scenario is I have internal server which accessed then gets diverted on to other port and long URL Internal IP address/URL is and mapped to external URL as https://xyz.example.com https://xyz.example.com Once this URL accessed it get turned into https://xyz.example.com:8443/PortalLgin/action.do?portal=a8550fd2-24bb-11e6-a111 I have tried configuring Proxy_pass as https://xyz.example.com:8443/PortalLgin/action.do?portal=a8550fd2-24bb-11e6-a111 But no luck Tried listen Directive 8443 still no luck Can someone please suggest? Thanks and Regards, Blason R Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282809,282809#msg-282809 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: In Nginx revers proxy unable to disable TLS1
Hello, Do you mean I need to mention in each and every reverse proxy stanza or in default config? Is this right? [root@xx conf.d]# vi default.conf server { listen 80 default_server; #server_name ""; server_name _; return 444; ssl_protocols TLSv1.2; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,28,282316#msg-282316 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
In Nginx revers proxy unable to disable TLS1
Hi Team, I have deployed nginx in reverse proxy mode and trying to disable TLS1 and1.1 in configuation file but somehow it still shows when site is scanned by SSLlabs. Any idea why? nginx version: nginx/1.10.1 ssl_prefer_server_ciphers On; ssl_protocols TLSv1.2; ssl_ciphers ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS; ssl_dhparam /etc/ssl/stest.pem; Posted at Nginx Forum: https://forum.nginx.org/read.php?2,28,28#msg-28 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Unable to use bcrypt with nginx 1.12.2 on CentOS 74
Hi Nginx Team, I am unable to use bcrypt function on CentOS 7.4 with nginx version 1.12.2. Any idea what could be the reason? This is working fine with MD5 nginx -v nginx version: nginx/1.12.2 CentOS Linux release 7.4.1708 (Core) nginx version: nginx/1.12.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279645,279645#msg-279645 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: RE: [IE] Re: Has anyone implemented Nginx as a reverse proxy with Microsoft Sharepoint?
Hi there, I guess it was not an issue with NTLM where I am successfully able to authenticate with sharepoint the front page loads successfully while sub-site pages does not load up and I am not able to figure out the issue. Will soon share the config and logs I would really appreciate if help can be offered to eliminate the issue. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278193,278202#msg-278202 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Has anyone implemented Nginx as a reverse proxy with Microsoft Sharepoint?
Can I DM you or send you to email address? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278193,278197#msg-278197 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Has anyone implemented Nginx as a reverse proxy with Microsoft Sharepoint?
Wow man!! Thanks I am struggling with configuration as Subsites does not show anything it shows blank page i.e only for blank page while Front page gets open successfully. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278193,278195#msg-278195 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Has anyone implemented Nginx as a reverse proxy with Microsoft Sharepoint?
Hi Guys, Keen to know if there was any success rate for implementing Nginx as a reverse proxy for Sharepoint? I mean I did implement however I am finding issues with Sub-sites and wanted to know if there is any solution for the same? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278193,278193#msg-278193 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Nginx reverse proxy with Sharepoint web
Hi Guys, I am kindaa facing an issue with sharepoint sub-sites authentication with nginx as a reverse proxy. Somehow primary site is perfectly getting authenticated with upstream and ntlm however subsites shows 401 and 404 error. Does anyone have any use case or working configuration with sharepoint and nginx as reverse proxy? Thanks and Regards, Blason Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277165,277165#msg-277165 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Content Spoofing vulnerability
Hi Guys, We have multiple webservers behind Nginx Reverse Proxy and at one of the server we have discovered Content spoofing, the vulnerability is patched on Apache but also needs to be patchef on Nginx server. I googled a lot but unable to find a relevant information. Can someone please suggest the way to mitigate the same on Nginx? here is the Apache remediation RewriteEngine on RewriteCond %{HTTP_HOST} !^abc\.biz RewriteCond %{HTTP_HOST} !^www\.abc\.biz RewriteRule ^(.*)$ - [L,R=404] ErrorDocument 404 "Page Not Found" RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ [a-zA-Z0-9\.\+_/\-\?\=\&\%&\,]+\ HTTP/ #RewriteRule .* - [F,NS,L] RewriteRule ^(.*)$ - [L,R=404] ErrorDocument 404 "Page Not Found" Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276023,276023#msg-276023 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Modsecurity dynamic module with Nginx-plus
Unfortunately we do not have budget at this moment and we were unsure at the time of purchasing that paid nginx option does not give source codes to compile hence we are now struggling. Can someone please help us here? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276008,276011#msg-276011 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Modsecurity dynamic module with Nginx-plus
Hi All, I just purchased nginx-plus and since it is delivered in binaries, since this is a case I am unable to install Modsecurity with nginx-plus. I followed various guides and able to compile dynamic_module However when I am enabling the modesecurity in conf file the nginx worker process is getting crashed with below error. Can someone please help!!! 2017/08/10 22:44:57 [notice] 1980#1980: signal 17 (SIGCHLD) received 2017/08/10 22:44:57 [alert] 1980#1980: worker process 1983 exited on signal 11 2017/08/10 22:44:57 [notice] 1980#1980: start worker process 1987 2017/08/10 22:44:57 [notice] 1980#1980: signal 29 (SIGIO) received 2017/08/10 22:44:57 [notice] 1980#1980: signal 17 (SIGCHLD) received 2017/08/10 22:44:57 [alert] 1980#1980: worker process 1984 exited on signal 11 2017/08/10 22:44:57 [notice] 1980#1980: start worker process 1988 2017/08/10 22:44:57 [notice] 1980#1980: signal 29 (SIGIO) received 2017/08/10 22:44:57 [notice] 1980#1980: signal 17 (SIGCHLD) received 2017/08/10 22:44:57 [alert] 1980#1980: worker process 1987 exited on signal 11 2017/08/10 22:44:57 [notice] 1980#1980: start worker process 1989 2017/08/10 22:44:57 [notice] 1980#1980: signal 29 (SIGIO) received 2017/08/10 22:44:57 [notice] 1980#1980: signal 17 (SIGCHLD) received 2017/08/10 22:44:57 [alert] 1980#1980: worker process 1988 exited on signal 11 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276008,276008#msg-276008 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Nginx reverse proxy issue -- Plz help
Hello Guys, I have nginx running as a reverse proxy and this is been running find for other 10 sites however this one site is causing me an issue. I have URL like this. http://abc.xyz.com/EasyPAY/view/LoginMain.aspx And here is the my directive ### server { listen 80 ; server_name abc.xyz.com ; # index LoginMain.aspx; access_log /var/log/nginx/abc/access.log; error_log /var/log/nginx/abc/error.log; location / { client_max_body_size10m; client_body_buffer_size 128k; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 30s; proxy_pass http://abc.xyz.com/EasyPAY/view/LoginMain.aspx; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } But from the log it seems there are other directives as well which are not loading properly. Can some one pls help here? * Access.log file xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET / HTTP/1.1" 200 3747 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /EasyPAY/view/System.js?11 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /App_Themes/TemplateMonster/Custom/TabStrip.Custom.css HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /App_Themes/TemplateMonster/Master.css?12 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /App_Themes/TemplateMonster/TemplateMonster.css?16 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /EasyPAY/view/jquery.js?11 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /EasyPAY/view/jqHelper.js?14 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /EasyPAY/view/PageLoader.js?4 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /App_Themes/TemplateMonster/Custom/TabStrip.Custom.css HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /App_Themes/TemplateMonster/Master.css?12 HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /EasyPAY/view/img/signInButton.png HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:32 +0530] "GET /EasyPAY/view/img/signInButton2.png HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:33 +0530] "GET /EasyPAY/view/img/top.png HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:33 +0530] "GET /EasyPAY/view/img/signInButton.png HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:33 +0530] "GET /EasyPAY/view/img/signInButton2.png HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" xx.xx.xx.xx - - [29/Jan/2017:09:48:33 +0530] "GET /EasyPAY/view/img/LoginHeadBg.png HTTP/1.1" 404 1245 "http://abc.xyz.com/; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
Re: Pages rewrite
Hi Team, Any update I am still failing to achieve the same? How do I rewrite the URLs Posted at Nginx Forum: https://forum.nginx.org/read.php?2,264068,264120#msg-264120 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Pages rewrite
Hi Guys, I need a help on below topic and I wanted to achieve URL Rewrite like this We want to redirect our domain pages from source to destination one Source : Original Page www..com/index.php?id=news Destination : www.x.com/news.html Posted at Nginx Forum: https://forum.nginx.org/read.php?2,264068,264068#msg-264068 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Site should not be accessed through IP
Hi Finalx, you mean shall I create the .conf file by name default_server and add up this there? Or would you please tell me where shoudl I add the above stanza? Sorry I am being novice in nginx just would like to know more information about this. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257927,257930#msg-257930 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Site should not be accessed through IP
Hi Guys, I have my nginx box deployed as a reverse proxy serving almost more than 10 sites. But when I browse through 1 IP the first site configured gets accessed. I dont want anyone to access the sites through IP, by using only FQDN sites should be accesible. So anyone trying to access the site using IP should recieve a host not found or may be error like COnnection reset. Can we do that in nginx? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257927,257927#msg-257927 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Reverse Proxy for Microsoft RDP
Hi Guys, I do have couple of microsoft servers which are being accessed over the internet using RDP. Would like to know if nginx can be used as a reverse proxy for RDP servers without exposing my original servers? Can someone guide me plss Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257444,257444#msg-257444 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: How do I show 403 error
Thanks Max. I am just trying that on my test server. Also this proxy I am gonna use for MS Exchange OWA and thus would not want to publish /ActiveSync and /offlineaddressbok urls through my reverse proxy. How can I block certain urls or path in nginx so that those URLs would not be accessible or proxied from internet? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257041,257066#msg-257066 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
How do I show 403 error
Hi Guys, I just setup nginx reverse proxy for my webservers which has port 80/443 opened from internet and have very restircted access on firewall to the destination servers again those to particular servers on port 80 and 443. What I see in the logs is GET http://www.baidu.com/ HTTP/1.1 200 626 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) - I know people are trying to use my server as open proxy which is failing and even I am not able to browse the sites but I am not getting any error page on my browser and just see blank page that means server is accepting the request but unable to forward. Hence would like to know how do I throw error message in nginx so that those requests would not even accepted by my proxy. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257041,257041#msg-257041 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
nginx reverse proxy sizing
Hi Guys, This is my first forum and I am pretty new to nginx. What I am going to do here is planning to setup nginx as a reverse proxy for my certain websites on suse enterprise linux and I do have certain questions about sizing hence would appreciate if community can help me here? 1. How is sizing done for reverse proxy? Is it based on hits, IOs etc.. 2. Can we have redundancy built for reverse proxy since my proxy will be serving very critical resources 3. Do we have any GUI for log analysis like weblyzer or something which can show up nice log analysis? 4. is it advisable to introduce WAF modules with nginx like from trustwave or comodo? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256972,256972#msg-256972 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx