@f4grx @nixCraft @torproject not really.
I do this with #pfSense & #pfBlockerNG for quite a while…
And the same #blocklist also works for other applications like #nginx, #HAproxy, #httpd, etc.
Unser IPS hat das DFN ausgesperrt – warum? Weil’s manchmal kracht im Maschinenraum. Wir erklären transparent, wie wir LinuxNews absichern, ohne Leser zu nerven.
Jetzt lesen: https://linuxnews.de/warum-das-internet-als-serverbetreiber-scheie-ist/
Sometimes I'm happy to tinker with #HomeLab stuff, and other times I just want it to work when I thought it'd be a quick job.
Related: If anyone knows why I'm getting a 500 error running git-http-backend in a #FreeBSD jail with #nginx that'd be great.
I've set up directory browsing as well, and that all works fine. Nginx logs show no errors. But cloning always results in a 500 response.
Just released: #swad 0.5
swad is the "Simple Web Authentication Daemon", meant to add authentication using a #cookie and a #login form to your reverse proxy. It's designed for #nginx' "auth_request" module. It's written in pure #C with very few external dependencies (zlib, and depending on build options OpenSSL/LibreSSL and #PAM).
And with this release, it also allows guest logins using the crypto puzzle you may already know from #Anubis!
Read more in the release notes, grab the .tar.xz and build/install it 
Just released: #swad v0.3!
https://github.com/Zirias/swad/releases/tag/v0.3
swad is the "Simple Web Authentication Daemon", your tiny, efficient and (almost) dependency-free solution to add #cookie + login #form #authentication to whatever your #reverse #proxy offers. It's written in pure #C, portable across #POSIX platforms. It's designed with #nginx' 'auth_request' in mind, example configurations are included.
This release brings a file-based credential checker in addition to the already existing one using #PAM. Also lots of improvements, see details in the release notes.
I finally added complete build instructions to the README.md:
https://github.com/Zirias/swad
And there's more documentation available: manpages as well as a fully commented example configuration file.
![New features:
New credential checker "file", using a password file with bcrypt
hashes
New tool "swadpw", for editing password files
Improvements:
[Performance] Support epoll, kqueue and poll in ...](https://cdn.masto.host/photog/cache/preview_cards/images/012/221/530/original/8efc70427ff2cba4.png "New features:
New credential checker \"file\", using a password file with bcrypt
hashes
New tool \"swadpw\", for editing password files
Improvements:
[Performance] Support epoll, kqueue and poll in ...")
I'll skip the rant and just tell you the result: I am looking into alternatives for #Nextcloud. All I really need is access to files on a homeserver from #GrapheneOS. I have not yet found an #sshfs client that works for me, so now I'll try #DAVx5 with the #WebDAV module of #nginx ...
#Freenginx 1.27.6 has been released (#nginx / #http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://freenginx.org/
#nginx 1.27.5 (dev) has been released (#http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://nginx.org/
GRRRR!!!
I just spent the last hour of my life chasing round in circles just because #nginx wouldnt serve up my css file for some reason. I forced the mime types in the nginx config and everything...
Weirdly, Chrome was fine but firefox wasnt when loading this?
Anyway, turns out the reason why is because nginx has this *14 year old* bug that means it falls apart whenever there's a dash in a file name. Wtf?! How has no one looked at that yet 
Ive built a setup for hosting websites which consists of:
* Host running #microos with #podman
* #Treafik and #sshpiper at the edge
* #Nginx, php-fpm, #mariadb + phpmyadmin + nginx or #postgres + dbadmin, openssh for each site
It actually works quite well, openssh keybased access is to transfer files into the containers, traefik does the reverse proxying.
I'm just wondering if its a sustainable and maintainable setup. Sometimes just going with a "standard" solution seems so much easier.
First switched from #Nginx to Ferron(#ferronweb) on one of my personal servers.
When you self-host immich behind an nginx reverse proxy, be aware that the nginx default configuration blocks uploads of big files!
I fell into that trap!
https://discussion.scottibyte.com/t/immich-how-to-bust-the-upload-limits/475
Mon serveur #yunohost est à nouveau opérationnel.
Cependant, j'ai l'impression de ne pas avoir trouvé la racine du problème. J'ai pu déterminer que Nginx était en cause (il est devenu lent à démarrer alors il timeout et ça a causé les problèmes de mises à jours des applications).
J'ai résolu en augmentant le temps avant qu'il timeout. Mais ça me semble un contournement du problème...
Il y a des spécialistes en #nginx dans le coin ? J'ai décris le problème là : https://forum.yunohost.org/t/applications-qui-se-desinstallent-parce-que-la-mise-a-jour-bloque-nginx-qui-ne-demarre-plus/36447/27
Gibt es jemanden oder mehrere die #nginx als Reverse Proxy UND Webserver unter Docker laufen lassen?
Hab es heute einen Tag lang versucht und nicht hinbekommen...
Kein Plan warum es nicht funktionieren will.
#Documentation ... better start early I guess. What would you think of this sample #configuration file?
Hint: the tokens surrounded by %% will be replaced by my build system before installing this thing.
For context, this is a web #authentication service offering cookie+forms login meant for e.g. #nginx' "auth_request".
DId lots of smaller improvements to #swad ... but first, I had to hunt down a crash 
. Finally found it was caused by my #poser lib (to be fixed later): A connection there can resolve the hostname of a remote end and does so in a thread job to avoid blocking. If the connection dies meanwhile, the job is canceled. Seems my canceling mechanism relying on a signal to the thread is, well, not reliable (the signal can arrive delayed). Ok, for now just disabled name resolution to sidestep that.
Now, integration with #nginx is much better. I intrdoduced (optional) custom headers to transport the authentication realm and the redirect URI, plus state management in the session, so these can be passed to the "auth" endpoint. This requires to make sure nginx always passes the session #cookie, Unfortunately, I still need a "hacky" redirect configuration for login in nginx. If auth_request could just pass the response body, this would be unnecessary .... 
The nginx configuration shows #swad running on "files" and another nginx running on "wwwint" serving #poudriere output there. This nginx instance helpfully adds cache hints, which I have to override, so a redirect works as expected when for example the swad session times out.
I've set up my new #inkscape website AI bot trap. It works by giving everyone a chance to not fall into it.
An anchor link that says "I am a bot" and links to /P3W-451/{datetime}/ it's got a fixed position at top -100px so should never be seen
The robots.txt says "Disallow: /P3W-451/" so if you were reading the robots, you'd know.
Then #nginx logs the requests to a log of their ip-addresses and browser strings and sends them a 301 redirect to google.com
1/2
