https://github.com/nginx/nginx/pull/840

If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.

#EncryptedClientHello#TLS#OpenSSL

https://github.com/nginx/nginx/pull/840

If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.

#EncryptedClientHello#TLS#OpenSSL

I know #iocaine doesn't have a fully fledged howto for using #nginx as the reverse proxy, but I have a lot in my nginx config currently, so I want to try and get it working there
After figuring out that the different configuration pages don't agree on what socket path for the client connections to iocaine, I now have the 421 error being returned to the browser, but I don't understand what I need to fix to get to a working set up
I have no log outputs when accessing blog.cerberos.id.au
#askFedi

He afegit dues gràfiques més al panell de Grafana que mostra totes les peticions que gestiona nginx d'aquest servidor mastodont.cat.
"avg request time" mostra el temps total promig en atendre una petició, per exemple, actualitzar la línia de temps. "avg upstream time" mostra el temps promig que necessita el "back-end" per a gestionar-la.

#manteniment #nginx #logs

It doesn’t occur often, but when it does, it brings a smile to my face. This is my error page served from the proxy when the backend can't process the requests (or is unavailable).

#manpageblog #devops #nginx #proxy #backend #linux #freebsd #tux #beastie

It doesn’t occur often, but when it does, it brings a smile to my face. This is my error page served from the proxy when the backend can't process the requests (or is unavailable).

#manpageblog #devops #nginx #proxy #backend #linux #freebsd #tux #beastie

Competition is a funny thing. #nginx finally introduces native support fort the #ACME protocol.

Competition is a funny thing. #nginx finally introduces native support fort the #ACME protocol.

Just edited our #nginx configs and added

if ($http_user_agent ~* "Meta-ExternalAgent") {
return 403;
}

to the server block

#AI#NoAI #Meta

When protecting a set of small static websites against the onslaught of AI crawler bots, something like Anubis is a lot of effort to install.

So, I knocked up something that might help against the dumber bots, coded entirely inside nginx config so there's no other moving parts to install.

I've done some isolated testing but haven't installed it in anger yet - but I might add it to e.g. my blog and #Faircamp sites.

https://evilgeniusrobot.uk/posts/a-simple-bot-gatekeeper-for-nginx.html

#AIbots#botnet#badBot #nginx

When protecting a set of small static websites against the onslaught of AI crawler bots, something like Anubis is a lot of effort to install.

So, I knocked up something that might help against the dumber bots, coded entirely inside nginx config so there's no other moving parts to install.

I've done some isolated testing but haven't installed it in anger yet - but I might add it to e.g. my blog and #Faircamp sites.

https://evilgeniusrobot.uk/posts/a-simple-bot-gatekeeper-for-nginx.html

#AIbots#botnet#badBot #nginx

What if...

http {
  server {
    iocaine /run/iocaine/iocaine.socket;
    # rest of your server config
  }
}

Just a wee #nginx plugin. Or one for your favourite reverse proxy, or tool that can integrate with iocaine one way or another!

Anyone else use NGINX Proxy Manager in their homelab? I’ve had some real issues with caching enabled on some self hosted fedi apps.

#HomeLab#Nginx

A recent apache update broke a bunch of nginx-based sites this morning. If you're getting a 421 error, you'll need to add some proxy_ssl config to nginx's setup quickly.

https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request

#nginx #apache #linux #421

Just released: #swad 0.11 -- the session-less swad is done!

Swad is the "Simple Web Authentication Daemon", it adds cookie/form #authentication to your reverse #proxy, designed to work with #nginx' "auth_request". Several modules for checking credentials are included, one of which requires solving a crypto challenge like #Anubis does, to allow "bot-safe" guest logins. Swad is written in pure #C, compiles to a small (200-300kiB) binary, has minimal dependencies (zlib, OpenSSL/LibreSSL and optionally libpam) and should work on many #POSIX-alike systems (#FreeBSD tested a lot, #Linux and #illumos also tested)

This release is the first one not to require a server-side session (which consumes a significant amount of RAM on really busy sites), instead signed Json Web Tokens are now implemented. For now, they are signed using HMAC-SHA256 with a random key generated at startup. A future direction could be support for asymmetric keys (RSA, ED25519), which could open up new possibilities like having your reverse proxy pass the signed token to a backend application, which could then verify it, but still not forge it.

Read more, grab the latest .tar.xz, build and install it ... here: 😎

https://github.com/Zirias/swad

Just released: #swad 0.10

https://github.com/Zirias/swad/releases/tag/v0.10

Swad is the "Simple Web Authentication Daemon". If you're looking for a way to add #authentication (and/or proof-of-work access as known from #anubis) to your #nginx reverse proxy -- without adding yet another reverse proxy -- swad could be for you! It's written in pure #C, has few external dependencies (just zlib, and optionally OpenSSL/Libressl and/or libpam) and compiles to a pretty small binary. It's designed for usage with nginx' 'auth_request'.

Swad is tested on #FreeBSD, some basic functionality tests were also done on #Linux and #illumos (descendant from #solaris). It should build and work on most #POSIX-alike systems.

This release mainly brings performance improvements and a few bugfixes. It's now stress-tested with Apache jmeter, verifying it can deal with at least 1000 requests per second on my personal (somewhat limited) FreeBSD host machine.