Nginx

Nginx - IP

sometimes, you wanna restrict access to a webserver based on ip addresses. here a little howto. Update nginx Config for your vhost and forward temporary/permanent to a sorry host. --->8- snip -8<--- location / { allow 192.0.2.0/24; allow 2001:db8::/32; deny all; error_page 403 =301 https://sorry.your.domain; } or move the ip’s to a dedicated file and include it here … --->8- snip -8<--- location / { include incl/admin_ip.txt; deny all; error_page 403 =301 https://sorry.

HTMX & Nginx

Little Test with HTMX & Nginx recently, i saw the Keynote - “Full-Stack Python” (Andy “Pandy” Knight) and i read an article about html & websockets. So I thought why not give it a try? Preview Requirements the usual stuff: Virtual Machine (here: OpenBSD VM) FQDN Pointing to your Box SSL Cert Webroot on your webserver, create a new webroot wherever you have your pages located. su - webmaster mkdir -p /var/www/virtual/your.

Flask JWT - Sample

Flask & JWT getting your hands dirty with Flask and JWT Source https://dev.to/grahammorby/jwt-auth-in-flask-python-18i4 with some modifications by myself … Environment Test under macOS & OpenBSD, Poetry installed and working Script build virtual env export app="app100" export FLASK_APP="${app}/app" poetry new ${app} cd ${app} set python 3.10 poetry env use $(which python3.10) gsed -i "s/python = \"^3.*$/python = \"^3.10\"/" pyproject.toml poetry lock add packages wget -4 -O requirements.txt https://raw.githubusercontent.com/GrahamMorbyDev/jwt-flask/master/requirements.txt echo "marshmallow-sqlalchemy" >> requirements.

Nginx - Log Headers

How to enable Logging with Headers for Nginx Assuming you have a running setup and you want to enable logging with headers for debug and learning purposes ? Add Lua doas pkg_add nginx-lua-- and you get … doas pkg_info -L nginx-lua-- Information for inst:nginx-lua-1.20.1p0 Files: /var/www/modules/ndk_http_module.so /var/www/modules/ngx_http_lua_module.so Enable Modules in /etc/nginx/nginx.conf add two lines on Top load_module "modules/ndk_http_module.so"; load_module "modules/ngx_http_lua_module.so"; Enhance Logging add the following to the “http” Section log_format log_req_resp '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time req_header:"$req_header" ' 'resp_header:"$resp_header"'; Enable Logging add the following lines to your virtual Host Section

Nginx

Assuming you have a Website with some higher load, higher demand for availability, or both of them. You can do the following: Duplicate your Webserver (and the Content of Course) as much as you need Put a Loadbalancer in Front the Webserver, best in Combination with a Firewall Ruleset Terminate TLS on the Loadbalancer once, or on each Webserver directly. Whatever you prefer. You can also double the Loadbalancer with two Boxes the get redundancy on this level.

OpenBSD & PHP Stuff 7.4

Install NGINX & PHP pkg_add nginx php--%7.4 rcctl enable nginx php74_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.4.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.4.ini Stop 7.3 & Start 7.4 rcctl stop php73_fpm rcctl restart nginx php74_fpm Uninstall PHP 7.3 pkg_del php--%7.3 pkg_del -a Any Comments ? sha256: 850d0140d76843ff867fcf764ff3313d19cf8d967c611e180b6a264e7bc274c4

OpenBSD nginx cgi

… and you thought that cgi is dead … nginx.conf cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.html index.htm; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; access_log syslog:server=unix:/dev/log,severity=notice main; keepalive_timeout 65; server_tokens off; server { listen 80; listen [::]:80; server_name localhost; root /var/www/htdocs; # FastCGI to CGI wrapper server # location /cgi-bin/ { #error_log /var/log/slowcgi/errors; fastcgi_pass unix:run/slowcgi.

Tweak Nginx Webserver with limited Client Certificate

Install NGINX & PHP pkg_add nginx php--%7.3 rcctl enable nginx php73_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.3.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.3.ini nginx.conf mkdir /var/log/nginx cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.php index.html index.htm; keepalive_timeout 65; server_tokens off; proxy_cache_valid any 0s; log_format main '$remote_addr - $ssl_client_serial - [$time_local] - "$request" - $status - $body_bytes_sent'; map $ssl_client_serial $ssl_access { default 0; WFuDgzQBZXV740D3 1; # Hans Muster EDugUslEX1Et90WX 0; # Beat Breu 2DF3C663741296F5 1; # Ruedi Ruessel } # # HTTP -> Redirect to HTTPS # server { listen 80; server_name localhost; access_log logs/host.

Openbsd Nginx with Client Authentication

Requirement Webserver http Webserver https Protected Folder https://egal.com/protected with Client Certificate /etc/httpd.conf # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ server "*" { listen on * port 8080 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } } /etc/nginx/nginx.conf # Take note of http://wiki.nginx.org/Pitfalls #user www; worker_processes 1; #load_module "modules/ngx_stream_module.so"; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #error_log syslog:server=unix:/dev/log,severity=notice; #pid logs/nginx.pid; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.