nginx-reverse-proxy

Nginx SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share

by

This isn’t your problem. The best thing you can do in this situation is just to keep your server reasonably updated and secured. At best for you, the client side of a request was running seriously outdated software, and at worst your server is simply being scanned for vulnerabilities by compromised devices connected to the … Read more

Difference between X-Forwarded-For and X-Real-IP headers

by

What is the difference between these headers? Did you check the $proxy_add_x_forwarded_for variable documentation? the X-Forwarded-For client request header field with the $remote_addr variable appended to it, separated by a comma. If the X-Forwarded-For field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable. If the incoming … Read more

How to run NUXT (npm run dev) with HTTPS in localhost?

by

HTTPS on local dev – NUXT style Solution is described in NUXT documentation: https://nuxtjs.org/api/configuration-server/#example-using-https-configuration This may be achieved with: Go to project main dir; Create private and public key; openssl genrsa 2048 > server.key chmod 400 server.key openssl req -new -x509 -nodes -sha256 -days 365 -key server.key -out server.crt Add requirements to the top of … Read more

Nginx TCP forwarding based on hostname

by

This is now possible with the addition of the ngx_stream_ssl_preread module added in Nginx 1.11.5 and the ngx_stream_map module added in 1.11.2. This allows Nginx to read the TLS Client Hello and decide based on the SNI extension which backend to use. stream { map $ssl_preread_server_name $name { vpn1.app.com vpn1_backend; vpn2.app.com vpn2_backend; https.app.com https_backend; default … Read more