On 6/9/2016 7:00 PM, Brandon Black wrote:
> On Thu, Jun 9, 2016 at 4:53 PM, Richard Fussenegger
> wrote:
>> Note that a solution for session ticket key rotation is actually trivial:
> Definitely agreed that a ticket-based solution is much better. The
> problem is that we still
Note that a solution for session ticket key rotation is actually trivial:
https://github.com/Fleshgrinder/nginx-session-ticket-key-rotation
http://richard.fussenegger.info/ma/masters-thesis-web-signed.pdf#107
The second link contains some more info on the actual implementation and the
relevant
Does this change result in the rewrite log only being available in debug
builds? This is actually a very bad thing. I already have the problem
that some people have a problem with nginx because the try_files log
entries are only retrievable with debug builds.
Regards
On 5/27/2016 7:11 PM, Giovani
Thanks for the answer and solution!
Sorry for using the wrong mailing list, will not happen again.
Richard
On 11/17/2015 7:29 PM, Valentin V. Bartenev wrote:
> On Tuesday 17 November 2015 19:15:43 Richard Fussenegger wrote:
>> Hi guys!
>>
>> I have the following weird sit
Hi guys!
I have the following weird situation: Several files with .gz extension
are on disk and I have a location were requests are processed that do
not include it, so I set the option gzip_static to always and also
installed the gunzip module. The problem is, I still need to create
EMPTY files w
How does the shared session cache of nginx work, does it use FIFO? This
is especially interesting with long lived session entries, e.g. 12 hours.
Richard
smime.p7s
Description: S/MIME Cryptographic Signature
___
nginx-devel mailing list
nginx-devel@
Thanks, this answers my actual question. In this case I never need it,
since I only serve encrypted traffic to anyone.
Richard
On 1/15/2015 7:35 PM, Valentin V. Bartenev wrote:
On Thursday 15 January 2015 18:11:46 Richard Fussenegger wrote:
But isn't nginx advertising them without m
listening on a
different port and configure nginx to advertise this.
add_header Alt-Svc h2=":666"; # I love id software's reserved port.
Richard
On 1/15/2015 5:47 PM, Sergey Kandaurov wrote:
On Jan 15, 2015, at 6:21 PM, Richard Fussenegger
wrote:
I'm often seeing the ad
I'm often seeing the advice to add the following line to your SPDY
configuration:
add_header Alternate-Protocol 443:npn-spdy/3;
Is this actually necessary? I mean, my Firefox is connecting via SPDY to
my nginx and I don't have this in my configuration.
For example seen at:
https://github.c
On 10/30/2014 4:47 PM, Maxim Dounin wrote:
Hello!
There is still compatibility point of view, and from this point of
view it's important to be able to talk to old versions of
browsers. To be able to show a message like "update your browser,
it's too old", to deliver updates to them, or whatever
On 10/30/2014 4:26 PM, Maxim Dounin wrote:
And there are various clients which
don't support anything better, including IE6 on XP.
[...]
Talking about not updated versions from security point of
view is mostly pointless, as there are multiple security problems
fixed on a regular basis, and not up
The rationale may make sense depending on the priorities, but shouldn't
the default configuration target generic applications? Generic
applications don't need compatibility with ancient software (only IE6 on
XP actually /needs/ SSLv3, don't know about libraries though).
Administrators who need
Hello and many thanks for your reply.
On 10/10/2014 10:57 PM, Yichun Zhang (agentzh) wrote:
Hello!
Fortunately this does not have to be in the nginx core :)
I came to the conclusion that this shouldn't even be in nginx core.
OpenSSL should be updated. Of course a few nginx changes would come w
Hello Maxim!
On 9/22/2014 2:38 PM, Maxim Dounin wrote:
Hello!
On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
The main problem here is how to share keys between worker
processes, to ensure different workers will be able to decrypt
tickets. So automatic rotation of
On 9/22/2014 2:38 PM, Maxim Dounin wrote:
Hello!
On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
I'd like to implement built-in session ticket rotation. I know that it this
was discussed before but it was never implemented. Right now a custom
external ticke
On 9/22/2014 2:38 PM, Maxim Dounin wrote:
Hello!
On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
I'd like to implement built-in session ticket rotation. I know that it this
was discussed before but it was never implemented. Right now a custom
external ticke
instances?
On Mon, Sep 22, 2014 at 3:39 PM, Richard Fussenegger, BSc
mailto:rich...@fussenegger.info>> wrote:
I'd like to implement built-in session ticket rotation. I know
that it this was discussed before but it was never implemented.
Right now a custom external ticket ke
I'd like to implement built-in session ticket rotation. I know that it
this was discussed before but it was never implemented. Right now a
custom external ticket key system is supported. Admins with single
installations and not enough knowledge about the topic are left with
keys that are valid
On 9/9/2014 4:47 AM, Maxim Dounin wrote:
What make you think that there are any vulnerabilities? As far as
I know, OpenSSL 0.9.7* (the oldest branch nginx currently supports
compilation with) is still commercially supported as a part of at
least one OS, and will be supported till 2017.
Even if
On 9/8/2014 7:22 PM, Maxim Dounin wrote:
Hello!
On Mon, Sep 08, 2014 at 01:01:02PM +0200, Richard Fussenegger, BSc wrote:
Wouldn't it be better to drop support for ancient OpenSSL versions? It would
be a great step for performance and security. Are there any good reasons to
suppor
Wouldn't it be better to drop support for ancient OpenSSL versions? It
would be a great step for performance and security. Are there any good
reasons to support old OpenSSL versions?
Richard
On 9/8/2014 10:06 AM, Piotr Sikora wrote:
Hey Maxim,
After looking into http://trac.nginx.org/nginx/
Definitely not a legacy interoperability issue, e.g.:
https://bugzilla.mozilla.org/show_bug.cgi?id=665814#c59
Even with the 1/n-1 many problems arise but at least not as much as with
the 0/n approach:
https://www.imperialviolet.org/2012/01/15/beastfollowup.html
Richard
On 9/3/2014 11:53 PM,
ce but I had already
fight big challenges with some nginx stuffs. If you have any questions
and if you think I can help you, drop me a line by email.
On Aug 20, 2014 6:53 PM, "Richard Fussenegger, BSc"
mailto:rich...@fussenegger.info>> wrote:
Hi!
I'd like to start w
Hi!
I'd like to start working on the nginx source. I know my way around in C
(although I'm not a crack at all) but I'm totally new to nginx. Do you
have some starting points that would help a new developer to understand
how things work?
- Coding standards (already noticed an 80 character har
Hi Maxim,
thanks for your answer.
On 1/3/2014 5:18 AM, Maxim Dounin wrote:
Hello!
On Tue, Dec 31, 2013 at 01:35:52PM +0100, Richard Fussenegger, BSc wrote:
I also happen to have a LSB compliant init script for nginx. I think some
lines should be removed for inclusion in the nginx source
I also happen to have a LSB compliant init script for nginx. I think
some lines should be removed for inclusion in the nginx source
(everything that has to do with the temporary paths), but it's a rock
solid starting point.
https://github.com/MovLib/www/blob/master/bin/init-nginx.sh
The scrip
I've seen that the latest nginx release contains syntax highlighting for
vim. I created a simple syntax highlighting scheme for nano some time
ago. Maybe you'd like to include it as well. You can find it via the
following link:
https://github.com/Fleshgrinder/nano-editor-conf-syntax-highlighti
27 matches
Mail list logo
