KutuKupret

Nginx enabling TLS SNI support on centos 5

leenoux — Mon, 30 Aug 2010 06:22:37 +0000

By default centos 5.x has openssl-0.9.8e which is not have tls extention for sni support. this is workaround on how to get nginx 0.8.48 rpm with TLS SNI enabled Step 1: download openssl source, example openssl-0.9.8l. extract it in /usr/src $ cd /usr/src $ wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz $ tar xvzf openssl-0.9.8l.tar.gz Step 2: Download nginx rpm [...]

test the round robin DNS features of the resolver functions

leenoux — Tue, 24 Aug 2010 06:58:03 +0000

Date: 3 Nov 2005 Author: Daniel Stenberg License: freely available to do whatever you want with. roundrobin.c – test the round robin DNS features of the resolver functions Note: this test script is written to be compiled and run on Linux. It is not as portable as it could be, but that is just to [...]

Nginx, fastcgi, ‘Hello World’ in C

leenoux — Fri, 20 Aug 2010 02:27:29 +0000

Here is a simple example of a hello world program for FastCGI written in C. Before you can compile this, you will need to install the FastCGI devkit. At the time of writing the latest version is available from www.fastcgi.com extract, compile and install fcgi-current.tar.gz $ tar xvzf fcgi-current.tar.gz $ cd fcgi-2.x.x/ $ ./configure $ make [...]

Change Nginx Version Header

leenoux — Thu, 19 Aug 2010 02:19:14 +0000

Edit nginx.h $ vi src/core/nginx.h find lines: #define NGINX_VERSION "0.7.64" #define NGINX_VER "nginx/" NGINX_VERSION Change them as follows: #define NGINX_VERSION "0.0.7" #define NGINX_VER "kutukupret/" NGINX_VERSION Save and close the file. Now, you can compile the server. Add the following in nginx.conf to turn off nginx version number displayed on all auto generated error pages: server_tokens [...]

Nginx Limit Available Methods

leenoux — Thu, 19 Aug 2010 02:01:38 +0000

GET and POST are the most common methods on the Internet. Web server methods are defined in RFC 2616. If a web server does not require the implementation of all available methods, they should be disabled. The following will filter and only allow GET, HEAD and POST methods: ## Only allow these request methods ## [...]

Nginx SSL/HTTPS

leenoux — Thu, 19 Aug 2010 01:15:37 +0000

HTTP is a plain text protocol and it is open to passive monitoring. You should use SSL to to encrypt your content for users. Create an SSL Certificate Type the following commands: $ cd /usr/local/nginx/conf $ openssl genrsa -des3 -out server.key 1024 $ openssl req -new -key server.key -out server.csr $ cp server.key server.key.org $ [...]

Nginx Image Hotlink Prevention

leenoux — Wed, 18 Aug 2010 03:37:23 +0000

how to prevent image hotlinking with nginx? this will return 403 error when someone trying to use image directly from oursite. location ~* (\.jpg|\.png|\.gif|\.jpeg|\.png)$ { valid_referers none blocked www.example.com example.com; if ($invalid_referer) { return 403; } } or we can change every images which hotlinked with our custom banner. valid_referers none blocked www.example.com example.com; if [...]

Extract ipv6 prefix in python

leenoux — Wed, 18 Aug 2010 01:36:48 +0000

See http://code.google.com/p/ipaddr-py/ With this, we can do py> p=ipaddr.IPv6("2001:888:2000:d::a2") py> p.SetPrefix(64) py> p IPv6('2001:888:2000:d::a2/64') py> p.network_ext '2001:888:2000:d::'

Nginx – Customizing 404 page

leenoux — Mon, 16 Aug 2010 03:24:49 +0000

You can setup a custom error page for every location block in your nginx.conf, or a global error page for the site as a whole. To redirect to a simple 404 not found page for a specific location: location /my_blog { error_page 404 = /article_not_found.html; } A site wide 404 page: server { listen 80; [...]

Using IPv6 with Custom and Secondary DNS

leenoux — Fri, 06 Aug 2010 13:16:35 +0000

source: http://www.dyndns.com/support/kb/ipv6_with_custom_secdns.html As part of Dyn Inc.’s IPv6 implementation plan, DynDNS.com has recently made a new IPv6 nameserver available for Custom DNS and Secondary DNS customers. Whether you’re looking to get a jump on the transition to IPv6 or you’re simply curious, we’ve created this short tutorial to help you make use of the new nameserver. [...]