Posted innginx tls

Nginx enabling TLS SNI support on centos 5

By default centos 5.x has openssl-0.9.8e which is not have tls extention for  sni support. this is workaround on how to get nginx 0.8.48 rpm with TLS SNI enabled

Step 1:

download openssl source, example  openssl-0.9.8l. extract it in /usr/src

$ cd /usr/src
$ wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz
$ tar xvzf openssl-0.9.8l.tar.gz

Step 2:

Download nginx rpm source, example nginx-0.8.49-1.el5.src.rpm

$ wget http://centos.alt.ru/pub/nginx/0.8/RHEL/SRPMS/nginx-0.8.49-1.el5.src.rpm
$ rpm -Uvh nginx-0.8.49-1.el5.src.rpm

Move to directory where the spec file is in and edit nginx.spec

$ cd /path/to/rpm/SPECS/
$ vi nginx.spec
Tags: , , No Comments
Posted inc dns roundrobin

test the round robin DNS features of the resolver functions

Date: 3 Nov 2005
Author: Daniel Stenberg
License: freely available to do whatever you want with.

roundrobin.c – test the round robin DNS features of the resolver functions

Note: this test script is written to be compiled and run on Linux. It is
not as portable as it could be, but that is just to make it a simpler test
case.

$ gcc roundrobin.c

This source snippet resolves a name with multiple IP addresses and prints them out in the order the addresses were returned by the resolving function. It first uses getaddrinfo() (called GAI) and then gethostbyname() (called GHBN).

On my three test machines they both show the same sympthoms:

The GAI list is a lot less “random” than the GHBN one. The GAI list almost always returns the same first entry on repeated invokes (while the subsequent entries comes somewhat more random). The GHBN list is returned in a much more random fashion.

The test machines are all running Debian Unstable glibc 2.3.5

What this program does:

It runs N resolves of a given host names. It stores the order it gets the returned addresses. When all N resolves are done, it checks how the returned addresses were distributed. The procedure is first done with GAI and then with GHBN. The output is presented in list index order. That means: ‘index 0’ is the first address in the returned list and ‘index 1’ is the second address and so on. We have found out that in the GAI case you very often get 100% of the same address in index 0.

We have three hosts names that resolves to multiple IP addresses:

bad2.haxx.se
bad10.haxx.se
bad11.haxx.se

As you will see, none of them resolves any sensible data for other purposes
than resolve tests or similar.

Tags: , , No Comments
Posted infastcgi nginx

Nginx, fastcgi, ‘Hello World’ in C

Here is a simple example of a hello world program for FastCGI written in C. Before you can compile this, you will need to install the FastCGI devkit. At the time of writing the latest version is available from www.fastcgi.com

extract, compile and install fcgi-current.tar.gz

$ tar xvzf fcgi-current.tar.gz
$ cd  fcgi-2.x.x/
$ ./configure
$ make
$ sudo make install

the c code

#include <fcgi_stdio.h>
int main( int argc, char *argv[] )
{
   while( FCGI_Accept() >= 0 ) {
      printf( "Content-Type: text/plain\n\n" );
      printf( "Hello world in C\n" );
   }
   return 0;
}
Tags: 11
Posted innginx

Change Nginx Version Header

Edit nginx.h [bash] $ vi src/core/nginx.h [/bash] find lines: [text] #define NGINX_VERSION "0.7.64" #define NGINX_VER "nginx/" NGINX_VERSION [/text] Change them as follows: [text] #define NGINX_VERSION "0.7.64" #define NGINX_VER "kutukupret/" NGINX_VERSION [/text] Save and close the file. Now, you can compile the server. Add the following in nginx.conf to turn off…
Tags: , , 3
Posted innginx

Nginx Limit Available Methods

GET and POST are the most common methods on the Internet. Web server methods are defined in RFC 2616. If a web server does not require the implementation of all available methods, they should be disabled. The following will filter and only allow GET, HEAD and POST methods: [xml] ##…
2
Posted inhttps nginx ssl

Nginx SSL/HTTPS

HTTP is a plain text protocol and it is open to passive monitoring. You should use SSL to to encrypt your content for users. Create an SSL Certificate Type the following commands: [bash] $ cd /usr/local/nginx/conf $ openssl genrsa -des3 -out server.key 1024 $ openssl req -new -key server.key -out…
Tags: , , No Comments
Posted innginx

Nginx Image Hotlink Prevention

how to prevent image hotlinking with nginx? this will return 403 error when someone trying to use image directly from oursite. [xml] location ~* (\.jpg|\.png|\.gif|\.jpeg|\.png)$ { valid_referers none blocked www.example.com example.com; if ($invalid_referer) { return 403; } } [/xml] or we can change every images which hotlinked with our custom…
Tags: , No Comments
Posted innginx

Nginx – Customizing 404 page

You can setup a custom error page for every location block in your nginx.conf, or a global error page for the site as a whole. To redirect to a simple 404 not found page for a specific location: [xml] location /my_blog { error_page 404 = /article_not_found.html; } [/xml] A site…
Tags: No Comments
Posted indns ipv6

Using IPv6 with Custom and Secondary DNS

source: http://www.dyndns.com/support/kb/ipv6_with_custom_secdns.html

As part of Dyn Inc.’s IPv6 implementation plan, DynDNS.com has recently made a new IPv6 nameserver available for Custom DNS and Secondary DNS customers. Whether you’re looking to get a jump on the transition to IPv6 or you’re simply curious, we’ve created this short tutorial to help you make use of the new nameserver.

Disclaimer

Before we begin, please note that the information in this article is purely for testing and educational purposes. DynDNS.com does not currently guarantee the availability of its IPv6 test servers, so please exercise caution when adding them to the delegation of a domain. Additionally, this article does not provide instructions for configuring IPv6 in your environment, and assumes that you have already done so.

Tags: , No Comments