Hi,
In the nginx documentation (https://www.nginx.com/blog/websocket-nginx), it
is recommended to set the 'Connection' header to 'close' (if there is no
upgrade header) - from my understanding, this disables keep alive from
nginx to the upstream - is there a reason for this?
Additionally, is
Hello!
On Mon, Sep 12, 2016 at 09:55:32PM +0200, Ondřej Nový wrote:
> I want to use OpenSSL 1.0.2 static linked with nginx. So I'm using
> --with-openssl option. But I want to set OpenSSL configure options. Option
> OPENSSL_OPT looks like correct way.
>
> If I set this variable:
> export
>> location ~ (^/[^/]*|.html)$ {}
>
> Yes, that should do what you describe.
I realize now that I didn't define the requirement properly. I said:
"match requests with a single / or ending in .html" but what I need
is: "match requests with a single / *and* ending in .html, also match
/". Will
On Mon, Sep 12, 2016 at 01:55:35PM -0700, Grant wrote:
Hi there,
> > If you want to match "requests with a second slash", do just that:
> >
> > location ~ ^/.*/ {}
> >
> > (the "^" is not necessary there, but I guess-without-testing that
> > it helps.)
>
> When you say it helps, you mean for
limit_req works with multiple connections, it is usually configured per IP
using $binary_remote_addr. See
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
- you can use variables to set the key to whatever you like.
limit_req generally helps protect eg your backend
>> My site doesn't have any folders in its URL structure so I'd like to
>> have nginx process any request which includes a folder (cheap 404)
>> instead of sending the request to my backend (expensive 404).
>
>> Currently I'm using a series of location blocks to check for a valid
>> request.
On Mon, Sep 12, 2016 at 10:17:06AM -0700, Grant wrote:
Hi there,
> My site doesn't have any folders in its URL structure so I'd like to
> have nginx process any request which includes a folder (cheap 404)
> instead of sending the request to my backend (expensive 404).
The location-matching
> https://www.nginx.com/blog/tuning-nginx/
>
> I have far more faith in this write up regarding tuning than the anti-ddos,
> though both have similarities.
>
> My interpretation is the user bandwidth is connections times rate. But you
> can't limit the connection to one because (again my
Hi,
I want to use OpenSSL 1.0.2 static linked with nginx. So I'm using
--with-openssl option. But I want to set OpenSSL configure options. Option
OPENSSL_OPT looks like correct way.
If I set this variable:
export OPENSSL_OPT=no-idea
After OpenSSL configure I got message:
*** Because of
On Mon, Sep 12, 2016 at 1:37 PM, A. Schulze wrote:
>
>
> Am 12.09.2016 um 21:33 schrieb Joshua Schaeffer:
>
>> Any chance anybody has played around with Kerberos auth? Currently my SSO
>> environment uses GSSAPI for most authentication.
>>
>
> I compile also the module
Am 12.09.2016 um 21:33 schrieb Joshua Schaeffer:
Any chance anybody has played around with Kerberos auth? Currently my SSO
environment uses GSSAPI for most authentication.
I compile also the module
https://github.com/stnoonan/spnego-http-auth-nginx-module
but I've no time to configure /
>
>
>> I'm using that one to authenticate my users.
>
> auth_ldap_cache_enabled on;
> ldap_server my_ldap_server {
> url ldaps://ldap.example.org/dc=u
> sers,dc=mybase?uid?sub;
> binddn cn=nginx,dc=mybase;
> binddn_passwd
Am 12.09.2016 um 21:04 schrieb Joshua Schaeffer:
- https://github.com/kvspb/nginx-auth-ldap
I'm using that one to authenticate my users.
auth_ldap_cache_enabled on;
ldap_server my_ldap_server {
url
ldaps://ldap.example.org/dc=users,dc=mybase?uid?sub;
Greetings Nginx list,
I've setup git-http-backend on a sandbox nginx server to host my git
projects inside my network. I'm trying to get everything setup so that I
can require auth to that server block using SSO, which I have setup and
working with LDAP and Kerberos.
I have all my accounts in
details: http://hg.nginx.org/nginx/rev/6acbe9964ceb
branches:
changeset: 6688:6acbe9964ceb
user: Maxim Dounin
date: Mon Sep 12 20:11:06 2016 +0300
description:
OCSP stapling: fixed using wrong responder with multiple certs.
diffstat:
My site doesn't have any folders in its URL structure so I'd like to
have nginx process any request which includes a folder (cheap 404)
instead of sending the request to my backend (expensive 404).
Currently I'm using a series of location blocks to check for a valid
request. Here's the last one
details: http://hg.nginx.org/nginx/rev/dfa626cdde6b
branches:
changeset: 6687:dfa626cdde6b
user: Sergey Kandaurov
date: Mon Sep 12 18:57:42 2016 +0300
description:
SSL: improved session ticket callback error handling.
Prodded by Guido Vranken.
diffstat:
details: http://hg.nginx.org/nginx/rev/f28e74f02c88
branches:
changeset: 6686:f28e74f02c88
user: Sergey Kandaurov
date: Mon Sep 12 18:57:42 2016 +0300
description:
SSL: factored out digest and cipher in session ticket callback.
No functional changes.
diffstat:
Hello!
On Wed, Aug 17, 2016 at 05:29:32PM -0700, Piotr Sikora wrote:
> # HG changeset patch
> # User Piotr Sikora
> # Date 1471265532 25200
> # Mon Aug 15 05:52:12 2016 -0700
> # Node ID 40765d8ee4dd29089b0e60ed5b6099ac624e804e
> # Parent
Hello!
On Sun, Sep 11, 2016 at 06:56:17AM -0400, jchannon wrote:
> I have nginx and its cache working as expected apart from one minor issue.
> When a request is made for the first time it hits the origin server, returns
> a 200 and nginx caches that response. If I make another request I can see
gariac Wrote:
---
> This page has all the secret sauce, including how to limit the number
> of connections.
>
> https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-ngin
> x-plus/
>
> I set up the firewall with a higher number as
+1 to that.
Connection reuse to an upstream is a very important metric for Edge->DC
communication.
In our production since we have nginx on both sides we are are gathering that
metric from the other side of the other side of a connection. I assume not
everybody have that luxury, therefore that
I picked 444 based on the following, though I see your point in that it is a
non-standard code. I guess from a multiplier standpoint, returning nothing is
as minimal as it gets, but the hacker often sends the message twice due to lack
of response. A 304 return to an attempt to log into
>From what I understand, 304 answers should not try to modify headers, as
the cache having made the conditional request to check the correctness of
its entry will not necessarily update it:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5.
The last sentence sums it all: '*If* a
You could also generate 304 responses for content you won't provide (cf.
return).
nginx is good at dealing with loads of requests, no problem on that side.
And since return generates an in-memory answer by default, you won't be
hammering your resources. If yo uare CPU or RAM-limited because of
25 matches
Mail list logo