I have set up my server with the following settings:
server {
server_name www.example.com
listen 443;
listen 80;
location /login\.php
{
rewrite ^(.*) https://www.example.com/login.php$1 last;
}
.. other settings
}
However, with this setup I receive a redirect error (too many redirects). Is there a way to tell nginx that if I have the file login.php that I want SSL and all other files are being served without it?
I have set my server up my nginx server like this:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
server_name example.com;
... other things down here..
}
How can I exclude directories from SSL? For example, under /static/tour I have a tour explaining the web application and there is no need to encrypt that.
OS: Ubuntu 10.04
I have a support system installed with a different hoster and want the address from my web application to contain a link to that support system. However, the domain name I registered together with this support system is completely unrelated to the name of my web application and might confuse people.
Is it possible to enter a link like www.example.com/support and then have nginx redirect to the designated domain without changing the address line itself?
I tried rewrite, but it completely redirects you.
Where are MySQL passwords stored and are they encrypted or even hashed?
If I limit my nginx worker processes to 1 and allow for 500 connections, what happens if I exceed this limit? Does the server return a 503 Service Unavailable?
Basically, I'm trying to secure my system against DoS and do not expect more than 500 simultaneous connections per second.
I want to serve invoices for download. Currently I'm using a simple numbering scheme (invoice-01.pdf, invoice-02.pdf, and so on). I know that I could use hashes instead to obscure the data.
Is it also possible to use PHP and serve the invoices by not directly having the user point to them?
I installed cron with sudo apt-get install cron, started it as root and confirmed that it is running with
ps -ef
I then created a simple script with the following contents:
touch /home/username/cron-test.txt
I made this script file executable and put it into
mv cron-test.sh /etc/cron.hourly
For some reason though, it does not get executed and the file is not being created. I tried running it manually and it works.
I also tried other cron scripts and they do not seem work. Did I miss something or am I using cron incorrectly?
My system is Ubuntu 10.10 and my hoster has stripped it down so it came with only a few processes installed (not even cron).
Currently I'm using
location /login {
rewrite ^/login/$ /login.php last;
rewrite ^/login$ /login.php last;
}
to rewrite www.example.com/login and www.example.com/login/. I was wondering if this was also possible in one statement. I tried rewrite ^/login(/)$ /login.php last; but it didn't work.
Also I noticed since I started using rewrites that some of my css paths are broken because I used a relative paths. I will convert all of them to absolute paths but asked myself if there a more implications when using rewrites that I would need to be aware of.
EDIT:
This is how I handle the .php
location ~ \.php$ {
if (!-f $request_filename) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
try_files $uri $uri/ /index.php;
}
I want to install cron on my live web server to run a daily backup script of a local folder. Are there any security considerations I need to be aware of when installing cron?
My web server uses Ubuntu Linux 10.10.
Basically, I want the ".php" to be replaced with a "/". I tried to just put my rule in the same location where the fastcgi is located.
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
rewrite ^(.+)\.php$ /$1;
}
However, when I restart nginx with these settings, it gives me an 500 Internal Server Error and I can't even get the server to show me anything. Is this because of fast cgi? How can I work around this?
My system: nginx / php5-fpm / apc / php5-memcache / Ubuntu 10.10
These are the permission for my www folder:
drwxr-xr-x 18 root root 4096 Jul 16 00:21 www
Are they correct? I'm wondering: Why does it have to be an x (for execute) in there, isn't that risky? When I try to set them to remove the execute flag for others, my web server is not able to load any files anymore:
chmod o-x www
Am I doing it correctly or would I need to change something?
In my config file I use
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
root /var/www;
}
However, I have a PHP script that generates a captcha image which does not have an ending. nginx does not display the image. What can I do to solve this?
I have always used MySQL locally using sockets. Now I need to access a database remotely. How safe is it and what would I need to consider? Is it sufficient to just use the bind-address or should I set up a firewall as well to block traffic?
I want to use nginx for local development. This means I want to prevent other machines from being able to access my web server so it can only be accessed via localhost.
Under the server settings in sites-enabled/default I changed my code to
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
allow 127.0.0.1;
deny all;
try_files $uri $uri/ /index.html;
}
Is there anything else I need to do to prevent third parties from accessing my web server?
I'm developing on my laptop which is constantly connected to the Internet while I'm working. I installed Apache2 with Ubuntu default settings, MySQL and PHP. How safe is it for me to develop when I'm connected to the Internet? Couldn't sb get access to my system somehow?