I want to look up the #CIDR associated with #network #IPs which appear in my #nginx logs (for the purpose of limiting ranges).

So many tools have this sort of thing built in that I assume there is a "best" #API or method for doing those lookups - but blowed if I can figure out where to go.

Does anyone have a suggestion?
#infosec #bots

Edit: forgot to say, I'm running on #Debian so if there is a db in some package I can install that.

#Freenginx 1.27.6 has been released (#nginx / #http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://freenginx.org/

#nginx 1.27.5 (dev) has been released (#http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://nginx.org/

The nginx parser is the worst part about nginx...

> [emerg] "map_hash_bucket_size" directive is duplicate in /etc/nginx/nginx.conf:62

In real world this means that before map_hash_bucket_size there was a map...

A pic I took on the streets of #Portland
# 363 days ago, area within walking distance of #Revolution Hall.

I've remained publicly silent on my #WriteTheDocs conference attendance last year because it was .... a shitty conference.

And today I'll tell you why it was a shitty conference.

There was a self-proclaimed "extrovert" who got up on stage and vomited bullshit about how she was representing #Nginx.

I did not plan to give a talk, but when I woke up the last day of the conference, I really had this pressing intuition that I should speak up for the talent that was maybe intimidated ... that NO, you don't need a fucking Macbook to be a technical writer... not all technical writing is about computer-related things.

But then did I find out ... what that Nginx "extrovert" was really there to do was be the shithead #censoring the indigenous voice that wanted to get on stage and tell everybody that not all #TechnicalWriting has to be about #technology.

But that snooty white supremacist bitch rejected this talk.

GRRRR!!!

I just spent the last hour of my life chasing round in circles just because #nginx wouldnt serve up my css file for some reason. I forced the mime types in the nginx config and everything...

Weirdly, Chrome was fine but firefox wasnt when loading this?

Anyway, turns out the reason why is because nginx has this *14 year old* bug that means it falls apart whenever there's a dash in a file name. Wtf?! How has no one looked at that yet

Ive built a setup for hosting websites which consists of:
* Host running #microos with #podman
* #Treafik and #sshpiper at the edge
* #Nginx, php-fpm, #mariadb + phpmyadmin + nginx or #postgres + dbadmin, openssh for each site

It actually works quite well, openssh keybased access is to transfer files into the containers, traefik does the reverse proxying.

I'm just wondering if its a sustainable and maintainable setup. Sometimes just going with a "standard" solution seems so much easier.

Проксирование из коробки: сравнительный анализ HAProxy, Envoy, Nginx, Caddy и Traefik

Всем привет, меня зовут Стас, я техлид в Mish Product Lab. Тема возникла не просто так: внутри команды у нас было немало споров и дискуссий о том, какой инструмент для проксирования и терминации SSL лучше использовать в различных ситуациях. Изначально все наши гипотезы были основаны больше на личных предпочтениях, чем на реальных данных. Мы долго спорили, надеясь, что истина будет где-то рядом с нашими любимыми решениями. Но в итоге пришли к выводу, что единственный способ получить действительно объективный ответ — это протестировать и сравнить различные варианты на практике. Именно так родилась идея провести сравнительный анализ производительности HAProxy, Envoy, Nginx, Caddy и Traefik с поддержкой SSL/TLS. Мы хотели понять, какой из инструментов «из коробки» предоставляет наилучшую производительность и минимальные накладные расходы, особенно при обработке SSL-трафика, который, как известно, требует дополнительных ресурсов из-за шифрования и дешифрования.

https://habr.com/ru/articles/900438/

When you self-host immich behind an nginx reverse proxy, be aware that the nginx default configuration blocks uploads of big files!

I fell into that trap!

https://discussion.scottibyte.com/t/immich-how-to-bust-the-upload-limits/475

Need help installing #NGINX? If so, then you need, "Load Balancing Graylog with Nginx: The Ultimate Guide". Ensure that your #Graylog is at peak performance with Nginx load balancing capability! Get the guide to learn about:

How Nginx and Graylog go together
Load balancing a sample configuration
Installing Nginx
Changes to an Nginx configuration
Enabling HTTPS for Nginx
Load balancing Graylog Inputs
Diving deeper Into Nginx
...and more.

https://graylog.org/post/load-balancing-graylog-with-nginx-ultimate-guide/ #cybersecurity #infosec #GraylogLabs @nginx

Just released: #swad v0.2

SWAD is the "Simple Web Authentication Daemon", meant to add #cookie #authentication with a simple #login form and configurable credential checker modules to a reverse #proxy supporting to delegate authentication to a backend service, like e.g. #nginx' "auth_request". It's a very small piece of software written in pure #C with as little external dependencies as possible. It requires some #POSIX (or "almost POSIX", like #Linux, #FreeBSD, ...) environment, OpenSSL (or LibreSSL) for TLS and zlib for response compression.

Currently, the only credential checker module available offers #PAM authentication, more modules will come in later releases.

swad 0.2 brings a few bugfixes and improvements, especially helping with security by rate-limiting the creation of new sessions as well as failed login attempts. Read details and grab it here:

https://github.com/Zirias/swad/releases/tag/v0.2

I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.

And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.

I think I'm in love..

Gibt es jemanden oder mehrere die #nginx als Reverse Proxy UND Webserver unter Docker laufen lassen?
Hab es heute einen Tag lang versucht und nicht hinbekommen...
Kein Plan warum es nicht funktionieren will.

Released: #swad v0.1

Looking for a simple way to add #authentication to your #nginx reverse proxy? Then swad *could* be for you!

swad is the "Simple Web Authentication Daemon", written in pure #C (+ #POSIX) with almost no external dependencies. #TLS support requires #OpenSSL (or #LibreSSL). It's designed to work with nginx' "auth_request" module and offers authentication using a #cookie and a login form.

Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: #PAM. But as pam already allows pretty flexible configuration, I already consider this pretty useful

If you want to know more, read here:
https://github.com/Zirias/swad

Проброс сайта, не имеющего глобального IP-а́дреса, из локальной сети на свой сервер в Интернете (обратный прокси) через сеть Yggdrasil
https://multed.com/2024/04/03/nginx-and-yggdrasill.html