This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.

Please visit our production wiki at https://wiki.gentoo.org

Talk:Nginx

From Gentoo Wiki (test)
Jump to:navigation Jump to:search
Note
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (~~~~). When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}} so it will show up in the list of open discussions.

Module configuration

Talk status
This discussion is done.

The example line: NGINX_ADD_HTTP="fastcgi" is not valid, because doesn't has any effect when building nginx package. If one uses line: NGINX_MODULES_HTTP="auth_pam security stub_status sub upload upload_progress" than it is also wrong, because then the default modules will be blocked at build time. So, what is the correct syntax? How to add more modules to the existing ones?

Hi Csanyipal, before I respond to your observation, please remember to sign any entries you leave on the discussion page (click the signature button in the edit box above). Now, to respond to your questions: I will look into this when I get some time. It may be a while before I get back to you, but I expect it will be some point in the future as I do use Nginx... If this is a high concern and you believe the package (not just the documentation) is broken, then I advise you to open a bug on our Bugzilla. Cheers! --Maffblaster (talk) 22:52, 11 January 2016 (UTC)
Hi Maffblaster, thank you for your respond. I shall open a bug as you advice me. --Best, Pál (talk) 06:54, 12 January 2016 (UTC)
I have added instructions for enabling nginx modules by using a special USE flag notation in package.use, which preserves the original value of NGINX_MODULES_HTTP.--BT (talk) 02:54, 17 March 2016 (UTC)
After setup of USE flags, nginx install and verification of it's proper running, I realized that that there is no /var/www/localhost/htdocs directory at all. Should be mentioned this for newbies? Should then one create this directory? --Best, Pál (talk) 15:59, 11 March 2016 (UTC)
If you look at the nginx ebuild, you will see that only /var/www/localhost is created because of bug #449136. The wiki should be updated to instruct users to create the /var/www/localhost/htdocs directory since the default nginx.conf references it.--BT (talk) 00:15, 12 March 2016 (UTC)
I have added a instructions for creating the /var/www/localhost/htdocs directory and an index file.--BT (talk) 02:54, 17 March 2016 (UTC)
Should be mentioned also there that that with which owner:group should be setup the htdocs directory? --Best, Pál (talk) 05:56, 12 March 2016 (UTC)
Also should be mentioned that that when adding 'security' to the NGINX_MODULES_HTTP variable emerge wants to install apache2 also. --Best, Pál (talk) 08:33, 12 March 2016 (UTC)

ssl_ciphers

Talk status
This discussion is still ongoing as of 11 September 2018.

Hi, with the given ssl_ciphers https://www.ssllabs.com/ssltest/ only gives a B rating, it complains about RC4. So I have used https://mozilla.github.io/server-side-tls/ssl-config-generator/ to get the a list of ciphers that grants an A rating.

There should not be a recommendation for weak ciphers without a warning or at least an explanation, imo. Also, using TLS 1 and 1.1 is at least questionable. I will delete harmful information in week from now on, if no one objects --Tastytea (talk) 21:38, 11 September 2018 (UTC)

I think you're safe to delete the weak cipher content. If you could mention strong cipher configuration, that would be of great help here! --Maffblaster (talk) 07:07, 12 September 2018 (UTC)

The problem with strong cipher configurations is they don't necessarily stay strong. Even if the wiki will be updated timely, I doubt that many users check back here regularly. I think we should recommend using the default configuration and include a reference to a resource that covers hardening nginx. --Tastytea (talk) 13:53, 12 September 2018 (UTC)
Content removed previously. Closing --Grknight (talk) 17:52, 8 November 2018 (UTC)