Skip to content

Category: Webservers

How to get the real IP address on Nginx when you use Cloudflare

How to get the real IP address on Nginx when you use Cloudflare. If you want to get the real IP address on Nginx when you use Cloudflare, you can use the ngx_http_realip_module module. You can find here more information regarding this module: http://nginx.org/en/docs/http/ngx_http_realip_module.html On Nginx, http section: http { …… … other options ……

Build options to improve the performance and security of Nginx

Without any optimization option, the compiler’s goal is to reduce the cost of compilation and to make debugging produce the expected results. Statements are independent: if you stop the program with a breakpoint between statements, you can then assign a new value to any variable or change the program counter to any other statement in…

ACME Challenge support on all HTTP virtual hosts

To enable ACME Challenge support on all HTTP virtual hosts and avoid errors due to configuration/rewrite on generation or renewing SSL certificates from Let’s Encrypt you must configure a location alias. For Apache: Alias /.well-known/acme-challenge/ /var/www/default/.well-known/acme-challenge/ <Directory “/var/www/default/.well-known/acme-challenge/”> Options None AllowOverride None ForceType text/plain RedirectMatch 404 “^(?!/\.well-known/acme-challenge/[\w-]{43}$)” </Directory> For Nginx: location “/.well-known/acme-challenge” { allow all;…

Proxy image server with nginx

You can quickly use Nginx as a proxy image server. For your server security, you can use ‘nginx-accesskey’ module. Configuration example: server { listen a.b.c.d:443 rcvbuf=64000 sndbuf=120000 backlog=4096 ssl http2; server_name mydomain.tld www.mydomain.tld; keepalive_timeout 60; ssl on; ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers ‘ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!RC4’; ssl_prefer_server_ciphers on; ssl_session_cache shared:TLSSL:30m; ssl_session_timeout 60m; ssl_buffer_size 4k; ssl_certificate /etc/letsencrypt/live/mydomain.tld/fullchain.pem; ssl_certificate_key…