I've got the skeleton of a companion container for nginx-proxy/nginx-proxy that will use RFC2136 to add/remove CNAME entries for proxied containers as they are created/removed.

I'll push it to GitHub from my Forgejo instance once it's a little bit more polished

This is in a similar vein to my one that adds mdns/avahi CNAME to the host machine.

https://github.com/hardillb/nginx-proxy-avahi-helper

https://github.com/nginx-proxy/nginx-proxy

#nginx #dns

I've got the skeleton of a companion container for nginx-proxy/nginx-proxy that will use RFC2136 to add/remove CNAME entries for proxied containers as they are created/removed.

I'll push it to GitHub from my Forgejo instance once it's a little bit more polished

This is in a similar vein to my one that adds mdns/avahi CNAME to the host machine.

https://github.com/hardillb/nginx-proxy-avahi-helper

https://github.com/nginx-proxy/nginx-proxy

#nginx #dns

What #OpenSource and #SelfHost can do. Had an idea, discussed it here. Seemed to rhyme with people. Booked two domains. Created a landing page with #Jekyll and CI/CD from a #git repo on my #Forgejo instance. Created logo with #Inkscape. Added #letsencrypt certificate. Put it on my VPS (Virtual Private Server) running Red Hat Enterprise Linux, (#RHEL) where it is now served with #Nginx. Git repo mirrored to #Codeberg so all can join. In under 8h.

https://devbnb.eu

https://codeberg.org/jwildeboer/devbnb

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

What #OpenSource and #SelfHost can do. Had an idea, discussed it here. Seemed to rhyme with people. Booked two domains. Created a landing page with #Jekyll and CI/CD from a #git repo on my #Forgejo instance. Created logo with #Inkscape. Added #letsencrypt certificate. Put it on my VPS (Virtual Private Server) running Red Hat Enterprise Linux, (#RHEL) where it is now served with #Nginx. Git repo mirrored to #Codeberg so all can join. In under 8h.

https://devbnb.eu

https://codeberg.org/jwildeboer/devbnb

https://github.com/nginx/nginx/pull/840

If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.

#EncryptedClientHello#TLS#OpenSSL

https://github.com/nginx/nginx/pull/840

If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.

#EncryptedClientHello#TLS#OpenSSL

I know #iocaine doesn't have a fully fledged howto for using #nginx as the reverse proxy, but I have a lot in my nginx config currently, so I want to try and get it working there
After figuring out that the different configuration pages don't agree on what socket path for the client connections to iocaine, I now have the 421 error being returned to the browser, but I don't understand what I need to fix to get to a working set up
I have no log outputs when accessing blog.cerberos.id.au
#askFedi

He afegit dues gràfiques més al panell de Grafana que mostra totes les peticions que gestiona nginx d'aquest servidor mastodont.cat.
"avg request time" mostra el temps total promig en atendre una petició, per exemple, actualitzar la línia de temps. "avg upstream time" mostra el temps promig que necessita el "back-end" per a gestionar-la.

#manteniment #nginx #logs

It doesn’t occur often, but when it does, it brings a smile to my face. This is my error page served from the proxy when the backend can't process the requests (or is unavailable).

#manpageblog #devops #nginx #proxy #backend #linux #freebsd #tux #beastie

It doesn’t occur often, but when it does, it brings a smile to my face. This is my error page served from the proxy when the backend can't process the requests (or is unavailable).

#manpageblog #devops #nginx #proxy #backend #linux #freebsd #tux #beastie

Competition is a funny thing. #nginx finally introduces native support fort the #ACME protocol.

Competition is a funny thing. #nginx finally introduces native support fort the #ACME protocol.

Just edited our #nginx configs and added

if ($http_user_agent ~* "Meta-ExternalAgent") {
return 403;
}

to the server block

#AI#NoAI #Meta

When protecting a set of small static websites against the onslaught of AI crawler bots, something like Anubis is a lot of effort to install.

So, I knocked up something that might help against the dumber bots, coded entirely inside nginx config so there's no other moving parts to install.

I've done some isolated testing but haven't installed it in anger yet - but I might add it to e.g. my blog and #Faircamp sites.

https://evilgeniusrobot.uk/posts/a-simple-bot-gatekeeper-for-nginx.html

#AIbots#botnet#badBot #nginx