server-side-tls | Server side TLS Tools | TLS library
kandi X-RAY | server-side-tls Summary
kandi X-RAY | server-side-tls Summary
Server side TLS Tools
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of server-side-tls
server-side-tls Key Features
server-side-tls Examples and Code Snippets
Community Discussions
Trending Discussions on server-side-tls
QUESTION
Hello fellow Overflowers,
I have 2 Nginx Webservers in my OpenStack Enviroment. I'm trying to set up load balancing with HAProxy right now. Ubuntu 18 is the OS on all servers.
Added the backend IP's to the default config. When I try connect to my LB via Browser I get:
"503 Service Unavailable"
What I know so far:
- Backends are available when I connect directly to them.
- I opened the correct ports in the OpenStack GUI
- I checked the HAProxy logs and found the following:
ANSWER
Answered 2020-Oct-21 at 09:50If you're getting a cannot bind socket error message then try to run the below command
setsebool -P haproxy_connect_any=1
Or else kill the service which was running on the port you want to use and then restart the haproxy
$fuser -k /tcp
$sudo systemctl restart haproxy
QUESTION
I'm following the instructions to install Nextcloud on an nginx server. I copy the configuration from the offical documentation, i set my server name and my ssl certificate path, and when i try to reach nextcloud from my browser i get
"500 Internal server error".
When i check in the error.log i get
rewrite or internal redirection cycle while processing "/index.php"
This is my configuration file:
...ANSWER
Answered 2020-Apr-27 at 15:05I solved the issue by re-uploading the configuration file via ftp, pasting it in nano on the ssh shell was a bad idea!
QUESTION
I've searched for this problem, but haven't get solution yet.
I have Nextcloud installed on https://example.com/nextcloud.
Yesterday I installed Seafile, that works on https://example.com (I simply don't know, how to make it accessible from, for example, https://example.com/seafile)
While I was setting it, Nextcloud was switched off by deleting link to corresponding file in sites-enabled directory. Seafile worked. But when I enabled Nextcloud, I got error 403 forbidden trying to access Seafile. I also enabled info level in Nginx and there I got next message:
ANSWER
Answered 2020-Feb-02 at 11:18As said Lars Stegelitz, I have to run these services on different ports. I did that and now Nextcloud runs on 445 port, at the same time Seafile on 443. I've added location /nextcloud and there is directive proxy_pass https://192.168.1.134:445;
Here are my updated configs.
seafile.conf:
QUESTION
I know I have asked this question before but i didn't get any answers for it.
How to install HAProxy and configure it in an Ubuntu server. I want to use it to map applications listening on various ports to specific URLs.
For example, if an app called page-designer is listening at http://IP:5000, then it should map it to http://IP/page-designer.
I have already installed the HAProxy package using sudo apt-get -y install haproxy. But what changes do I have to do in HAProxy main configuration file located at /etc/haproxy/haproxy.cfg before restarting the HAProxy service for the changes to take effect. And mainly after this how can I map my apps running on various ports to specific URLs like mentioned above?
haproxy.cfg
...ANSWER
Answered 2019-Sep-19 at 07:25To understand how haproxy works, you can find the essential config in:
https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/
In your case, you can try something like this...
QUESTION
I'm looking for a recommended configuration for SSL/TLS in Traefik. I have set minVersion = "VersionTLS12" to avoid the weaker older versions and found the supported ciphers in Go. Cross-checking that with the recommendations from SSLLabs I came up with the following sequence (order matters):
ANSWER
Answered 2019-Jul-06 at 08:26Looks good. I'm running the same config as in your update and everything looks secure and compatible according to the SSL Labs tests.
Update 05-07-19:
The CBC ciphers are now also weak according to SSL Labs. You can remove these, but if your certificate is signed with RSA you won't be able to view your website on IE 11 with Windows 7. I signed my certificate with ECDSA with the current ciphers above (wihout CBC) to get it working on IE 11 Windows 7.
QUESTION
I am using Let's Encrypt to install a free TLS/SSL certificate in my server. I followed the suggestion of Mozilla SSL Configuration Generator and configured nginx like this:
...ANSWER
Answered 2017-Jun-07 at 09:24From OpenSSL's cipher list or this nice table from testssl.sh, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA corresponds to ECDHE-RSA-AES128-SHA. So you'd set your ssl_ciphers directive to
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-SHA";
QUESTION
Hardware
- Raspberry Pi 2
Software
- Debian
- YunoHost
- Duniter
- YunoHost
When I try accessing Duniter's web application page https://duniter-folatt.nohost.me/webui, I receive the typical nginx 502 Bad Gateway error.
I've also tried accessing the webui after starting duniter webstart with the same result.
...ANSWER
Answered 2017-Oct-29 at 12:57The original settings were correct and I probably did not start duniter, then started duniter after changing the settings.
The important thing is that duniter needs to be running..
QUESTION
I have an nginx 1.10.3 server running NextCloud and access it from various clients. The certificate is provided by Lets Encrypt and uses a 2048-bit RSA key.
All clients work fine, including web browsers, except those running on iOS 11 on an iPad or iPhone. The working browsers are Firefox 56 on MacOS and Linux, and Safari 11 on MacOS Sierra. The NextCloud client on Linux also works fine. On iOS, GoodReader has no problem accessing NextCloud as a webdav client. But Safari will not access it, claiming it could not access a secure connection to the server. The iOS NextCloud client returns an SSL error when it tries to connect (I presume it uses the same library as Safari to connect).
The error in the nginx log for when iOS (Safari or the NextCloud app) tries and fails to connect is:
...ANSWER
Answered 2017-Oct-27 at 02:48I have found the source of the problem. The server was constrained to only accept secp521r1 for the elliptical curve (the ssl_ecdh_curve setting). I don't remember why it was set like that; some guide in the past told me to do so and I blindly complied.
Adding an additional curve of lower strength, secp384r1, allows iOS to make a successful handshake and communicate using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384. ssl_ecdh_curve is now set to secp521r1:secp384r1.
I'm not sure what changed between iOS 10 and 11 to cause this. My best guess, from digging through the OpenSSL code and some further research, is that iOS 11 is trying to comply with Suite B. Suite B restricts the curves to P-256 and P-384. But that's just an amateur's guess.
QUESTION
I use Mozilla SSL Configuration Generator(https://mozilla.github.io/server-side-tls/ssl-config-generator/) to generate a configuration.
My selections are nginx and modern,the configuration has a piece of code like this:
ANSWER
Answered 2017-Sep-10 at 15:341. There are two listens, what is the difference between them?
One is listen IPv4 on port 80 and other is IPv6 on port 80. You only need second one when you want to use IPv6
2. Do I not need to add server_name in this server block
Yes you should define server_name for the names that your website should be reached on. Also if you only want to allow www or non-www then you should change below
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install server-side-tls
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
