Tag Archive for nginx

Hardening Nginx SSL/TSL Configuration

Days ago I had to investigate a SSL issue in one of my customer’s servers, he installed a SSL certificate but the Nginx SSL configuration was not hardened at all, so he was getting a very poor grade while checking his site at SSL Server Test.

In the same case, if you have a grade lower than A, you should try to optimize your Nginx SSL configuration. Here are some tips to harden your Nginx SSL Configuration.
Read more

Handle X-Forwarded-Proto in backend nginx

When nginx is being used as backend server, it will talk plain «http» to the frontend server only (for performance reasons and to simplify setup).

But web applications often need to know, if the traffic between the browser and server is encrypted (https), e.g. when checking if a particular part of the site is being accessed securely.

Since only the frontend proxy (the one between nginx and the browser) knows about this, this information has to be forwarded to the backend.
Read more

The repository for Debian-based LAMP servers

The latest versions of NGINX server

Instructions
Using Dotdeb is very simple:

For the main Dotdeb repository, depending on your distribution (lenny/oldstable or squeeze/stable), add these two lines to your /etc/apt/sources.list file (choosing a mirror near you) :
Read more

Nginx rewrite parameters

Regular expressions to match, of which:
~ For the case-insensitive match
~ * For the case-insensitive match
!~ And !~* Are case-sensitive does not match and are not case-sensitive documents and directories do not match to match, of which:
-F and !-F used to determine the existence of a document
-D and !-D used to determine the existence of directory
-E and !-E used to determine the existence of files or directories
-X and !-X used to determine whether the executable fileflag markers are:
* Last equivalent to Apache’s [L] tag that complete rewrite, no longer match the back of the rules
* Break with the last similar
* Redirect the return of 302 temporary redirect
* Permanent return of 301 permanent redirect some of the available global variables can be used to determine the conditions (to be completed)
Read more

Веб-сервер на Debian. Nginx

Статья не моя. Внизу указан источник.
Скопировал к себе на всякий случай.

 

Решился написать продолжение, по настройке полноценного веб сервера на базе Debian Lenny. Хоть и прошло это радостное событие, Squeeze теперь stable. Я все еще не готов оновлять свои продакшн сервера на 6-чку. В данном топике, расскажу, как собрать свежый пакет для nginx ветки 0.8 не прибегая к скучным чтениям документации. Все ужа давно сделали за нас. Итак, приступим:Перво-наперво, рекомендую полностью обновить систему, так как могли выйти обновления:

 

aptitude update
aptitude safe-upgrade

Read more