JK01's questions

With ssl_verify_client on in my nginx, I would expect that requests that have no client cert are denied. But they are allowed.

eg use a web browser to GET /foo/bar, response is 200 OK. I would expect it to be 401 or 403 instead. Because of course the web browser does not send the client cert with the request.

Have I configured this incorrectly? Or is there another step also required to deny these requests?

My server is api.example.com and I have a wildcard cert *.example.com. The client has provided their cert and CA cert.

server {
  listen 443 default_server ssl;
  server_name _;

  # bundle = my cert + CA cert
  ssl_certificate /etc/ssl/example.com.bundle.pem;
  ssl_certificate_key /etc/ssl/example.com.key;

  # bundle = other side's client cert + CA cert
  # ssl_client_certificate /etc/ssl/client/client-bundle.pem;
  
  ssl_verify_client on;
  ssl_verify_depth 2;
  ssl_protocols TLSv1.2;
}

I've just set up a new Postgres 9.6 on a db.t2.small with 100gb SSD in AWS Sydney region. I can connect to it through psql and pgAdmin using the master user and password, so it has been setup correctly, and the security groups allow access. But after running a few commands it throws:

psql: could not connect to server: Operation timed out Is the server running on host "xyz.ap-southeast-2.rds.amazonaws.com" (54.xxx.xxx.xxx) and accepting TCP/IP connections on port 5432?

So given that I can connect and can issue commands like CREATE EXTENSION postgis successfully, why would it drop the connection so frequently?

I am trying to restore a 300mb dump file, but it drops connection even when running basic SELECTs, or refreshing the object list in pgAdmin. When attempting a restore, it drops connection in less than 30 seconds.

With reference to this serverfault blog post: A Few Speed Improvements where it talks about how static content for stackexchange is served from a separate cookieless domain...

How would someone go about doing this on IIS7.5 for a ASP.NET MVC site?

The plan so far:

• Register domain eg static.com, create a new website in IIS
• Manually copy the js / css / images folders from MVC as is so that they have the same paths on the new server
• Enable IIS gzip settings (js/css = high compression, images = none)
• Set caching with far future expiry dates
• <clientCache cacheControlCustom="public" /> in the web.config
• Never set any cookies on the static.com site
• Combine and minimize js / css
• Auto deploy changes in static content with WebDeploy

Is this plan correct?

And how can you use WebDeploy to deploy the whole web app to one server and then only the static items to another?

I can see there is a similar question, but for apache: Creating a cookie-free domain to serve static content so it doesn't apply

Are there any decent open source web server monitor app for IIS? Something decent that could track for example:

• Activity/throughput
• Response time
• CPU usage
• Memory usage
• Disk usage
• Anything other useful stats

I've searched around code.google, codeplex, etc and haven't found much so far.

I'm trying to install KB 980368 A update is available that enables certain IIS 7.0 or IIS 7.5 handlers to handle requests whose URLs do not end with a period on a new Windows 2008 R2 server, but no matter which of the download packages I try, they all say "The update is not applicable to your computer"

I have Windows 2008 R2 Standard on an Intel Xeon E5520. I need that KB to have extenstionless URLs in ASP.NET MVC2.

How can I fix this?

On IIS 7.5 I am trying to achieve this with two websites:

Default Web Site is bound to:

(blank host header port 80 - http)
(blank host header port 443 - https)
go.example.com
www71.example.com
the IP address of go.example.com

2nd web site "Beta" is bound to:

beta.example.com
(blank host header port 443 - https)
* using blank only because it doesn't seem to be possible to 
  bind https to a named host header

And both need to work with SSL. But I have these problems:

1. When I type in beta.example.com, I see the go.example.com site instead
2. I can not seem to add the SSL binding to both websites at once (I have a single *.example.com wildcard certificate). The beta site will not even start if I add the https binding to it.

This is how I have set it up:

What is the correct way to set it up?

I am suddenly getting this error connecting to localhost IIS on my development machine. It has been working fine for ages, and now suddenly has this error in Firefox:

Secure Connection Failed An error occurred during a connection to localhost. 
SSL received a record that exceeded the maximum permissible length. 
(Error code: ssl_error_rx_record_too_long)

I have googled and found no clear explanation.

In IE it says:

Internet Explorer cannot display the webpage\

In Chrome it says:

Oops! This link appears to be broken.

I'm about to install a wildcard SSL cert *.example.com (from digicert) over top of an existing single domain cert www.example.com (from thwate).

Are there any potential problems to watch out for when doing this? Any special steps required?