How to hide nginx version in elastic beanstalk - ruby

I am running an app on the platform Ruby 2.2 (Passenger Standalone) and wish to hide the nginx version from the HTTP headers. I am not using Docker. Other Stack Overflow answers have recommended adding this to my .ebextensions:
00_nginx.conf:
files:
"/etc/nginx/conf.d/proxy.conf":
mode: "000644"
content: |
http {
server_tokens off;
passenger_show_version_in_header off;
}
However this does nothing. Should I be putting the file in a different spot?

AWS Elastic Beanstalk with Ruby 2.2 + Passenger Standalone 1.4.3 doesn't use (original) Nginx 1.6.2. It uses Passenger Standalone 1.4.3 server, which is modified version of Nginx 1.6.2.
So, if you want to modify the Nginx config, you must edit the Passenger Standalone config. The Passenger Standalone config is located at $(passenger-config about resourcesdir)/templates/standalone/config.erb.
You can use following .ebextensions:
00-passenger.config:
files:
"/home/ec2-user/hide_passenger_version.sh" :
mode: "000777"
owner: ec2-user
group: ec2-user
content: |
#!/bin/bash
CONFIG_FILE=$(/opt/rubies/ruby-2.2.2/bin/passenger-config about resourcesdir)/templates/standalone/config.erb
if ! grep -q "server_tokens off;" $CONFIG_FILE; then
sed -i '/http {/a\
server_tokens off;\
passenger_show_version_in_header off;' $CONFIG_FILE
fi
commands:
00-hide-passenger-version:
command: sh /home/ec2-user/hide_passenger_version.sh
cwd: /home/ec2-user
The above config will check the Passanger config for server_tokens off;. If server_tokens off; isn't set, we add server_tokens off; and passenger_show_version_in_header off; just below (append) http {.
Before:
$ curl -I http://itmustbeasecret.elasticbeanstalk.com/hello
HTTP/1.1 200 OK
Content-Length: 12
Content-Type: text/html;charset=utf-8
Date: Sat, 25 Jul 2015 14:21:27 GMT
Server: nginx/1.6.2 + Phusion Passenger 4.0.59
Status: 200 OK
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: Phusion Passenger 4.0.59
X-XSS-Protection: 1; mode=block
Connection: keep-alive
After:
$ curl -I http://itmustbeasecret.elasticbeanstalk.com/hello
HTTP/1.1 200 OK
Content-Length: 12
Content-Type: text/html;charset=utf-8
Date: Sat, 25 Jul 2015 14:03:23 GMT
Server: nginx + Phusion Passenger
Status: 200 OK
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: Phusion Passenger
X-XSS-Protection: 1; mode=block
Connection: keep-alive
NOTE: The above config only affect if the Passenger is (re)-started. So, you need to terminate your current instance.

Related

Nginx Brotli header not added

I'm pulling my hairs for days trying to serve brotli compressed files through my local nginx install.
My configuration :
MacOS 12.6, Homebrew, Laravel Valet for managing sites and ssl
default nginx install replaced with nginx-full homebrew formulae that allows recompiling nginx with modules -> installed with the brotli module
I have tried different nginx brotli configuration, like this one
I think I do not have to do this, but I still tried to add specific proxy configurations for the files I want served with brotli
location ~ [^/]\.data\.br(/|$) {
add_header Content-Encoding br;
default_type application/octet-stream;
}
location ~ [^/]\.js\.br(/|$) {
add_header Content-Encoding br;
default_type application/javascript;
}
In the end, the http response does not contain content-encoding:br
nginx shows the module is installed :
$ nginx -V 2>&1 | tr ' ' '\n' | egrep -i 'brotli'
--add-module=/usr/local/share/brotli-nginx-module
When testing with curl it works for gzip but not for brotli :
HTTP/2 200
server: nginx/1.23.1
date: Thu, 20 Oct 2022 09:57:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.10
access-control-allow-origin: *
content-encoding: gzip
HTTP/2 200
server: nginx/1.23.1
date: Thu, 20 Oct 2022 09:57:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.10
access-control-allow-origin: *
HERE IT SHOULD BE "content-encoding: br" BUT IT'S NOT
Any idea is welcome, I don't understand what is going on... cheers.

Why do I see nginx headers when ddev is configured to use apache?

I updated ddev to version 1.3.0 and ran ddev config. After that I changed the configuration from nginx-fpm to apache-fpm. After starting ddev and checked the HTTP headers, there is nginx/1.15.3 used. Is there something else to do, to get Apache working?
My config.yaml:
APIVersion: v1.3.0
name: example
type: typo3
docroot: public
php_version: "7.2"
webserver_type: apache-fpm
router_http_port: "8080"
router_https_port: "8443"
xdebug_enabled: true
additional_hostnames: []
additional_fqdns: []
provider: default
hooks:
post-start:
- exec: composer install -d /var/www/html
- exec: ../vendor/bin/typo3cms cache:flush
- exec: ../vendor/bin/typo3cms database:updateschema
- exec: yarn --cwd typo3conf/ext/theme/Resources/Private install
That is such a good question! I know because I already got stumped by it myself when writing tests.
The answer is: Apache runs in the web container but when you use the http://*.ddev.local URL, it goes through ddev-router, which is an nginx reverse proxy, and that's why you see the nginx headers. But rest assured you are using Apache. You can confirm that these ways:
ddev ssh and ps -ef to see what's running
Hit the 127.0.0.1 URL reported by ddev start and ddev describe. That URL goes directly to the web container, for example http://127.0.0.1:33221 - You'll see the apache headers on that one.
Your question is so good - Could you please edit the title to something like "Why do I see nginx headers when ddev is configured to use apache?" - I think other people will find it that way.
$ curl -I http://127.0.0.1:33224
HTTP/1.1 200 OK
Date: Fri, 12 Oct 2018 02:18:26 GMT
Server: Apache/2.4.25 (Debian)
Cache-Control: must-revalidate, no-cache, private
X-Drupal-Dynamic-Cache: HIT
X-UA-Compatible: IE=edge
Content-language: en
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Vary:
X-Generator: Drupal 8 (https://www.drupal.org)
X-Drupal-Cache: MISS
Content-Type: text/html; charset=UTF-8

Varnish won't cache - Age 0

I seem to be having some problems with my Varnish set up. I have a clean install of Varnish and Nginx running on ubuntu, everything seems to be running, but I don't seem to be actually caching anything.
This is what im seeing:
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Cache-Control: no-cache
Date: Tue, 02 Feb 2016 10:15:17 GMT
Content-Encoding: gzip
X-Varnish: 196655
Age: 0
Via: 1.1 varnish-v4
Accept-Ranges: bytes
Connection: keep-alive
I'm almost certain the problem is to do with the "age" response being 0. I have read that the Cache-Control header can be the culprit and have spent some time configuring both nginx and my vcl file with solutions I have read on-line, none of which have worked.
I'm open to any ideas even ones I have tried before (hence why im not listing the steps I have already taken).
Thanks in advance for any thoughts you might have.
Remove "no-cache" and set "max-age=120" (in seconds) in the Cache-Control header instead.
Also note that if the request contains any cookies or if the response sets any cookies than by default varnish is not gonna cache.

artifact is not uploaded to Nexus repository via curl command

Follow instruction on this page:
https://support.sonatype.com/entries/22189106-How-can-I-programatically-upload-an-artifact-into-Nexus-
I was able to upload artifact to repository Australia by using this command:
curl -v -u admin:admin123 --upload-file RE_0.0.0.19.tar.gz http://nexus1.ccorp.com/nexus/content/repositories/Australia/RE_0.0.0.19.tar.gz
That doesn't create POM file or has artifactId associate with, which mean I won't able to query for latest build in that repository.
I then tried this command:
curl -v -F r=releases -F hasPom=false -F e=tar.gz -F g=Australia -F a=RE -F v=0.0.0.19 -F p=tar.gz -F file=RE_0.0.0_19.tar.gz -u admin:admin123 http://nexus1.ccorp.com/nexus/service/local/artifact/maven/content
I got this log with no error, but artifact is not uploaded:
Hostname was NOT found in DNS cache
Trying 10.10.5.92...
Connected to nexus1.ccorp.com (10.10.5.92) port 80 (#0)
Server auth using Basic with user 'admin'
POST /nexus/service/local/artifact/maven/content HTTP/1.1
Authorization: Basic YWRtaW46YWRtaW4xMjM=
User-Agent: curl/7.35.0
Host: nexus1.ccorp.com
Accept: /
Content-Length: 852
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------929d6986ddb3024d
HTTP/1.1 100 Continue
HTTP/1.1 201 Created
Date: Tue, 20 Oct 2015 20:29:11 GMT
Server Nexus/2.11.4-01 Noelios-Restlet-Engine/1.1.6-SONATYPE-5348-V8 is not blacklisted
Server: Nexus/2.11.4-01 Noelios-Restlet-Engine/1.1.6-SONATYPE-5348-V8
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Content-Length: 85
Connection #0 to host nexus1.ccorp.com left intact
{"groupId":"Australia","artifactId":"RE","version":"0.0.0.19","packaging":"tar.gz"}

Serving Static Content NGINX

I'm new to NGINX. I don't know a lot about it yet, but I'm trying to.
I'm curious what is the best way to serve the static contents from my page using NGINX. The main reason why I want to serve the static contents is that I want put less load on my application servers, and increase the page load speed.
I came across
a couple good articles that help me put these together this post : here, here, here, and here.
But everything is still a little clear.
Configuration
File Path : etc/nginx/default
server {
listen 80 default_server;
server_name default;
root /home/forge/site/public;
location / {
proxy_pass http://43.35.49.160/;
try_files $uri $uri/ /index.php?$query_string;
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
}
Test/Result
After saving my file, I run service nginx reload.
Next, I tried run : curl -X GET -I http://45.33.69.160/index.php
I got:
HTTP/1.1 200 OK
Server: nginx/1.6.3
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Date: Fri, 08 May 2015 15:14:55 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkhPa2kwK1wvd2kxMFV0TURzYnMwSXFnPT0iLCJ2YWx1ZSI6IkFpSFpvakNjcGp0b0RWcVViYXJcLzRHbmo3XC9qbStYc2VzYVh4ZHVwNW45UGNQMmltZEhvSys1NjhZVzZmckhzOGRBUk5IU1pGK084VDF1ZmhvVkZ4MlE9PSIsIm1hYyI6IjliMzc5NWQ4MWRiMjM1NzUxNjcyNGNmYWUzMGQyMDk3MjlkYTdhYzgxYTI0OGViODhlMTRjZTI4MWE5MDU2MGYifQ%3D%3D; expires=Fri, 08-May-2015 17:14:55 GMT; Max-Age=7200; path=/
Set-Cookie: laravel_session=eyJpdiI6Iklhb041MkVBak0rVm5JeUZ0VVwvZ3pnPT0iLCJ2YWx1ZSI6IitRUFlzQzNmSm1FZ0NQVVFtaTJ4cG1hODlDa2NjVDgzdXBcLzRcL0ZSM1ZPOTRvRGo5QjQ1REluTUM3Vjd3cFptV3dWdHJweTY3QW5QR2lwTkZMUlNqbnc9PSIsIm1hYyI6IjIxOTZkYzM5ODE0N2E4YmQzODMxZGYzMDY3NjI4ODM1YWQxNGMxNDRlZDZmMGE1M2IwZWY2OTU4ZmVjOTIyMjkifQ%3D%3D; expires=Fri, 08-May-2015 17:14:55 GMT; Max-Age=7200; path=/; httponly
Then, I tried run curl -X GET -I http://45.33.69.160/css/custom.css
I got :
HTTP/1.1 200 OK
Server: nginx/1.6.3
Date: Fri, 08 May 2015 15:16:03 GMT
Content-Type: text/css
Content-Length: 2890
Last-Modified: Thu, 07 May 2015 03:02:38 GMT
Connection: keep-alive
ETag: "554ad5ce-b4a"
Accept-Ranges: bytes
Why do I see Cache-Control: no-cache and I just set up the cache ?
Everything is just unclear to me right now.
Questions
Can someone please make it clear on how to :
configure this properly
test that configuration if it is work
see the different between caching and not caching
benchmark it and print out that report on a page or CLI
?
Cache-Control: no-cache
As said in this answer about no-cache, which links to the spec, the Cache-Control: no-cache should tell the user agent and in-between caches which caching style to use (namely to revalidate each time with the server). This applies if you use nginx exclusively. If you use it as a pass-through, you need to set proxy_ignore_headers, like
proxy_ignore_headers Cache-Control;
Config
Apart from that: in the NGINX reference about content caching, it says to put the line
proxy_cache_path /data/nginx/cache keys_zone=one:10m;
in the http part, followed by
proxy_cache one;
in the server part.
Testing
In this SF question, it says to test caching behavior by adding the X-Cache-Status header via the config file
add_header X-Cache-Status $upstream_cache_status;
Its answer states that
You can view headers with
the Firefox addon firebug
the Chrome debugging console
cURL (curl -I )

Resources