Collaborate Disseminate
My setup consists of a public-facing VPS running NGINX, and a local machine running certain services. The VPS and the local machine are connected using WireGuard, and NGINX on the VPS is using WireGuard IPs to serve content from the servic… Continue reading Can a NGINX reverse proxy reveal the backend if serving non-static content?
My setup consists of a public-facing VPS running NGINX, and a local machine running certain services. The VPS and the local machine are connected using WireGuard, and NGINX on the VPS is using WireGuard IPs to serve content from the servic… Continue reading Can a NGINX reverse proxy reveal the backend if serving non-static content?
I have small home server that runs a qBittorrent in docker container, and I was wondering how bad/risky it is if I’d forward the port for the web UI so I can access it from outside my network.
I know that it’s not wise to open ports mindle… Continue reading How bad it is to open qBittorrent web UI port
I am trying to install modsecurity in nginx 1.18.0 in ubuntu jammy 22.04.1 for a project by following hackersploit’s tutorial:
https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/
When building the modsecurity module for ngi… Continue reading Nginx 1.18.0. ModSecurity WAF installation ./configure error [migrated]
I’m not a Docker specialist, I know how to install, configure and do only basic Docker hardening based on Docker official documentation.
I know nothing about AppArmor,SELinux and GRSEC.
But i need to put my C# app backend in production; My… Continue reading Is better for security to not run Nginx and Backend inside docker but use docker only for database and not external exposed services?
I have this kind of entries in my nginx log. If I read them correctly, someone is trying to call index.php script that is trying to download some shell script, but I don’t have any PHP on this server (at least not that I know of), and it s… Continue reading Suspicious log entries [duplicate]
For the past 2 weeks, I have observed 4-5 spikes in 5xx responses. After looking into the logs, I found a series of:
> 51.159.150.125 – – [16/Sep/2022:06:37:55 +0200] "GET /some-legitimate-page-path/?bb=uNiX:AAAAA…AAAAAAAAAAAAAAA… Continue reading Suspicious looking requests to my NGINX server
I have an AKS cluster running multiple applications.I am using a single Nginx ingress controller to manage/accept traffic to all Kubernetes pods. All the subdomains are mapped to this Nginx.
Does it make any difference if I use single cert… Continue reading Wildcard cert with single Nginx Ingress controller [closed]
Stripe says I need to have a publicly accessible success route in my app.
My domain has SSL but when I go to my success route, it says the route does not. This causes the page not to be displayed. Im running my app with Flask. Im not very … Continue reading Stripe says I need to have a publicly accessible success route in my app
I’m using nginx here as an example, but this is really more of a conceptual question about SSL termination and TCP that could apply to any web server.
Basically, if web server A receives TCP traffic on port 443 (the first nginx config) and… Continue reading When passing through SSL from web server A to web server B (via nginx), does web server A need SSL configured as well, or just web server B?