How to Setup a Reverse #Proxy with HTTPS Using #Nginx and #Certbot (5 Minute Quick-Start Guide)

This article outlines how to setup a reverse proxy with HTTPS using Nginx and Certbot.
What is a Reverse Proxy?
A reverse proxy is a server that sits between client devices and a backend server, forwarding client requests to the backend server and returning the server's response to the clients. Unlike a forward proxy, ...
Continued 👉 https://blog.radwebhosting.com/how-to-setup-a-reverse-proxy-with-https-using-nginx-and-certbot-5-minute-quick-start-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #proxyserver #reverseproxy #letsencrypt

Ok, I think I managed to fix the caching config for Skythread in Nginx so that things are always reloaded and not cached after I make a deploy 😮‍💨

Does this make sense? (index.html is patched on deploy to link to e.g. /skythread.js?123123 where 123123 is timestamp of deploy)

#nginx #webdev

Me and Kubernetes are not friends

Kubernetes in all its gloryWe are not enemies either. These days I'm mostly indifferent, that's all. I used to oppose K8S with every inch of my body. Not anymore, at least. Frankly, it's not K8S [...]

🔗 https://chbk.co/3IlGK

#bash #debian #docker #ghost #linux #nginx #prometheus #shell #kubernetes

@dvl @ronnie_bonkers @freshports Hm, well, if you use #nginx, you *could* check out #swad as well (after I made another release to avoid unnecessary sessions). It's much smaller, and leaves the actual reverse proxying to nginx.

I'm just still unsure how it would scale to more traffic. I tried to stress-test it with jmeter now and what I can say is simulating 1000 concurrent clients really hammering the login endpoint for quite a while, I managed to inflate resident size to 171MiB, which is probably a result of 1000 sessions plus quite some metadata for the rate-limiting (most responses ended up 429).

I now decided I'll at least aim for some middle grounds: Rework #swad so it only needs a (server-side) #session once a user is #authenticated!

This does have some implications, e.g. passing a redirect argument to the authentication endpoint won't work any more. But experimentation shows a workaround would be to use an "internal redirect" to the login endpoint in #nginx.

We'll see where I end up. Having sessions only for authenticated users should reduce the need for server-side RAM significantly, so I hope 😉

I think I'm going to end up hosting the flask application on #Oracle #cloud free tier, because I don't feel that the amount of website hits to the flask application should crash the server.

It's a bit of a shame because now I have to remember how to do #nginx and #gunicorn on a straight VM because I think that's all that's available in the Oracle free tier.

HEY! I just found the fix for the webfinger "403 forbidden” problem I have been having to get my wordpress blog working fully with ActivityPub @pfefferle!

Looks like for nginx based servers if you are rolling your own or you have a strict web host you need to create a location statement in your nginx config options

The code to add to your options is:

location ^~ /.well-known/webfinger {
auth_basic off;
allow all;
default_type text/plain;
try_files $uri $uri/ /index.php?$args;
break;
}

From this wordpress support question:

https://wordpress.org/support/topic/i-think-i-tried-everything-403-on-well-known/

After adding this, the test at https://webfinger.net/lookup outputs a proper response and Wordpress clears the 'webfinger' error in SiteHealth.

Yay!
#ActivityPub #Wordpress #Mastodon #Fediverse #nginx #selfhost

I added some of the infrastructure resources to my repo, this includes the configuration for Systemd and Nginx, both are used to run my website gerben.dev.

Created a readme for that folder with some more information and a diagram. It's not a full on guide, but for anyone on the #IndieWeb who wants to learn more, you can use it as a learning resource.

You can find it on GitHub or Codeberg.

#Infra #Systemd #Nginx #IndieWeb

You cannot login to your #nextcloud installation in your browser?
Your instance is located in a sub directory (say yoursubdir)?
And your browser fails to load logo.svg (status 500) which causes oauth token invalidation?

#TIL Three lines in your nginx.conf work as a workaround:

location = /core/img/logo/logo.svg {
try_files $uri /yoursubdir$request_uri;
}

Alternatively put a (custom) logo.svg at the expected place.

#selfhost #homeserver #nginx #owncloud #heimserver

New treat incoming: I played around with #Podman and #Nginx as a #ReverseProxy. And as usual I ended up creating a new vagrant-libvirt setup...

https://codeberg.org/johanneskastl/nginx_reverse_proxy_podman_vagrant_libvirt_ansible
https://github.com/johanneskastl/nginx_reverse_proxy_podman_vagrant_libvirt_ansible

One container running as a server (with a very valuable index.html...) and another container as reverse proxy.

Two branches, one with quadlets (where everything worked out of the box) and another running "normal" containers.

#DevOps #Nginx #Ansible #vagrant #libvirt #podman #containers #hellyeah

Just released: #swad 0.7! 😎

Swad is the "Simple Web Authentication Daemon". If you're looking for a solution to add cookie/form #authentication to your #nginx reverse proxy, or maybe even a #lightweight alternative to #Anubis which leaves the actual proxying to nginx, this might be for you! It is designed for use with nginx' auth_request, written in pure C, with minimal dependencies (zlib and, depending on build options, openssl/libressl and/or libpam), and compiles to a small binary (currently between 150kiB and less than 300kiB depending on compiler and target platform).

Swad should work on many #posix (and almost) systems. It's actually tested on #FreeBSD (in "production" use, but on a very low-traffic private site), and quick functionality tests also done on #Debian (#Linux) and #OpenIndiana (#Illumos, open-source #Solaris descendant).

As announced, this release doesn't bring any new features (in terms of WHAT it can do), but great improvements "under the hood", that should help performance at least on some platforms, see release notes for swad 0.7.

Read more, and download the .tar.xz (to build and install it 😆) here:
https://github.com/Zirias/swad

While at the https://compost.party picnic the other day @computersandblues showed me how to edit the #nginx file responsible for redirecting domain.tld/index.html to domain.tld and I added a line to support index.txt and index.svg which was so easy. But one thing I then thought, is there any way to tell a browser to use a different font then the default other then thru CSS or HTML?

Anyone know of a way to get view counter on your website served via Caddy?

#caddy #smallweb #nginx #reverseproxy #viewcounter #neocities #css #html #nginx

Krótki i przyjemny artykuł dla adminów i osób zajmujących się ustawianiem NGINX na serwerze, przy czym z porad mogą skorzystać pewnie też osoby mające do czynienia z innymi serwerami HTTP.

#CyberSec #Cyberbezpieczeństwo #NGINX #HTTP

https://medium.com/@js_9757/advanced-nginx-hardening-15bf96058327

Oh, the irony! A website called 'The Beam' shines a light on... absolutely nothing. 🚫🔦 Apparently, the only thing beaming is the "403 Forbidden" message served up by our good friend, #nginx. 😂
https://www.erlang-solutions.com/blog/the-beam-erlangs-virtual-machine/ #TheBeam #403Forbidden #irony #webhumor #HackerNews #ngated

Введение в Angie: краткая история и отличия от Nginx

Это первая из статей, посвященных веб-серверу Angie. Мысль создать цикл статей возникла в процессе разработки курса по администрированию Nginx и Angie. Приходилось сталкиваться с темами, которые довольно слабо описаны в открытых источниках, либо не описаны вообще. В планах описать типичные области его использования с реальными примерами доступным языком. Так как большинство решений и конфигов будет совместимо с Nginx, надеюсь цикл будет полезен сообществу.

https://habr.com/ru/articles/905990/

#angie #nginx #angie_pro #nginx_plus

Mystery maybe kind of solved? 16k+ sessions stuck in FIN_WAIT_1, _2 and growing over time with our webserver, Nginx.

After a lot of fiddling with sysctl timeouts nothing made a difference, after a restart the numbers always started climbing again.

Removing the dataready accept filter seems to have done the trick, now numbers have been stable for the past hour. I'll check again later and see if that solves it!

#FreeBSD #Nginx #AdminLife

💡 #DWDsTips

If you use CloudFlare to reverse proxy to your server, they add the header "CF-Connecting-IP" and "CF-Connecting-IPv6"to supply you with the originator IP address.

In NGINX, you can access these headers via:

:terminal: $http_CF_Connecting_IP
:terminal: $http_CF_Connecting_IPv6

🌐 https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#web-server-instructions

#NGINX #CloudFlare #ReverseProxy #Webhosting #Ubuntu