If you administer NGINX caching server serving static files content and redirecting some requests to Apache and you end up with errors when uploading big files (using HTTP PUT method), even though in Apache's PHP upload_max_filesize is set to relatively high number upload_max_filesize = 60M.
Here is what happens during hand shake of web-browser -> server interaction 'till status is returned:
Web browser or Webcrawler robot goes through the following phases while talking to Web server:
1. Obtain an IP address from the IP name of the site (base on site URL without the leading 'http://').
This is provided by domain name servers (DNSs) configured for PC.
2. Open an IP socket connection to that IP address.
3. Write an HTTP data stream through that socket
(4) Receive an HTTP data stream back from the Web server in response.
This data stream contains status codes whose values are determined by the HTTP protocol
whether successful.
In the case the is recognized and reported to client 'web browser', causing the error.
The fix is to also increase max file upload limit in NGINX this is done via:
client_max_body_size variable in /usr/local/nginx/nginx.conf (or /etc/nginx/nginx.conf whether Nginx is installed from package).
Here is extract from nginx.conf
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
client_max_body_size 60M;
listen 80;
server_name localhost;# Main location
location / {
proxy_pass http://127.0.0.1:8000/;
}
}
}
To make new configuration active Restart Nginx:
/etc/init.d/nginx restart
How to turn off telnetd on FreeBSD
Sunday, December 25th, 2011There is a brand new remote FreeBSD vulnerability in telnetd in all its versions starting from version 7 to 9. It is therefore advisable that the telnet daemon be completely disabled.
To disable telnetd on FreeBSD:
1. Open /etc/inetd.conf
freebsd# vi /etc/inetd.conf
2. Comment out the line
telnet stream tcp nowait root /usr/libexec/telnetd telnetd
e.g.:
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
3. Restart inetd
freebsd# /etc/rc.d/inetd restart
The whole remote root telnetd FreeBSD security advisory (SA), can be read here
Tags: brand, Comment, conf, daemon, freebsd, freebsd security, inetd, libexec, line, line telnet, nowait, Restart, root, security, security advisory, stream, tcp, Telnet, telnetd, usr, version, vulnerability
Posted in Computer Security, FreeBSD, System Administration | 1 Comment »