Just discovered this open source tool screeenly that takes screenshots of webpages. (Found it when I was looking at what bots were hitting my site via my nginx logs).

http://screeenly.com/

Vanochtend is aan het licht gekomen dat een kwetsbaarheid in de Kubernetes Ingress NGINX Controller (ingress-nginx) kwaadwillenden in staat stelt een ongeauthenticeerde remote code execution (RCE) uit voeren.

Alle organisaties die gebruik maken van ingress-nginx dienen deze zo snel mogelijk te patchen naar versie 1.11.5. Meer info vind je op: https://advisories.ncsc.nl/advisory?id=NCSC-2025-0095

Are you concerned that your online content is getting scraped-up without your permission by search engines or #AIML training models?

Are you torn between sharing openly and feeling like others are freely taking advantage of your work to enrich themselves?

#RoboNope is here to help: https://github.com/raminf/RoboNope-nginx

Ignore at your peril! Feel free to share.

In my journey on #selfhosting and securing my VPS, I was able to setup #mTLS on #nginx , but on a Mac it’s barely usable.
Browser keeps asking for username and password to access system keychain, no matter what I do.
Am I missing something?

Question: Nginx or HAProxy as a reverse proxy? I’ve tested both. In some cases, I still need nginx, while in others, after a closer look, it’s not necessary.
Performance, etc.
Opinions from those who use/have used both?

Setting up Nginx Proxy Manager was easier than I thought! A few hurdles at first (longer blog post in the works) but I got it all working without much issue.

I am seeing things timeout every now and then but it seems a common problem so hopefully I can get that fixed.

Coming up on my task list is getting multiple/different containers running on a single domain using subdomains… can that work?

So app1.example.com is one Podman container and app2.example.com is a different Podman container… (both using port 80)

I’ve found this guide I might try, but if you have a better way please let me know!

https://www.redhat.com/en/blog/podman-nginx-multidomain-applications

I give up. No matter what I try, I cannot get #nginx to serve #php from two different locations, one being /var/www/phpmyadmin/html (mount from another container) and another being /var/www/hosting. The paths are all visible inside the container and accessible.

Yet, it doesn't work.

```
server {
listen 80;
listen [::]:80;

index index.php index.html;

location / {
alias /var/www/hosting/;
}

location /phpmyadmin/ {
alias /var/www/phpmyadmin/html/;

location ~ \.php$ {
fastcgi_pass phpmyadmin:9000;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
}
```

This *should* just work, yet it does not. Baffled.

Highway Robbery 2.0: How Attackers Are Exploiting Toll Systems in Phishing Scams

A massive SMS phishing campaign targeting U.S. drivers exploits various toll systems, including E-ZPass, SunPass, and TxTag. The scam uses fake payment alerts sent via iMessage and SMS from foreign numbers to lure victims to fraudulent websites. Analysis reveals a pattern in domain names and infrastructure, with most phishing sites hosted on Chinese ASNs like Tencent and Alibaba Cloud. The campaign employs nginx web servers and constantly shifts tactics to evade detection. Over 2,000 complaints have been filed with the FBI's Internet Crime Complaint Center, prompting warnings from the FTC and toll authorities. The scam's effectiveness stems from the inconsistency in legitimate toll collection domain names, making it challenging for users to distinguish between real and fake websites.

Pulse ID: 67cee3481de685393015d1b3
Pulse Link: https://otx.alienvault.com/pulse/67cee3481de685393015d1b3
Pulse Author: AlienVault
Created: 2025-03-10 13:04:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Really struggling getting an #nginx config to do what I want.

It's easy imho:

```
root /var/www/blank;

location /pma/ {
alias /path/to/phpmyadmin;
}

location / {
alias /path/to/my/webroot;
}

yet, it always keeps resolving paths from the root. I don't get it.

It's probably gotta be something really silly.

Oh no, the land Down Under isn't down with Tesla! Turns out, Australians aren't buying "forbidden" electric dreams, with #sales plummeting faster than a kangaroo in freefall. Maybe they need a reminder that "nginx" isn't a new electric car model.
https://thedriven.io/2025/03/04/tesla-electric-car-sales-plunge-again-in-australia-model-3-down-more-than-81-per-cent/ #Tesla #Australia #ElectricVehicles #Nginx #Humor #HackerNews #ngated

I seem to have a #DNS problem (unheard of, right?).
I've got #nginx working with #HTTPS, using #certbot, and there's an A record that points at the IP address of the server. So I can go to https://mydomain.com and it's all dandy (thank you @eff).
Now I want a TLS certificate for the #Dovecot mail server. I've set up a virtual server for mail.mydomain.com like this:
```
server {
listen 80;
listen [::]:80;
server_name mail.mydomain.com;

root /usr/share/nginx/html/;

location ~ /.well-known/acme-challenge {
allow all;
}
}
```
But when I run certbot I get this:
```
NoRecords
Fatal
No valid A or AAAA records could be ultimately resolved for mail.mydomain.com. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.
No A or AAAA records found.
```
On my domain registrar's dashboard it says that I don't need to set up a MX record if I have only one mail server and it is on the same IP address as my Domain Record. But I'm thinking the certbot error doesn't sound like it's looking for an MX record.
Should I temporarily make a subdomain record for mail.mydomain.com?
#ImSoConfused #AskFedi #FediTechSupport

C’est un peu des bourrins les robots des voleurs de l’intelligence artificielle, ça tape plusieurs fois par seconde.

J’ai bien tenté d’ajouter des entêtes X-Robots-Tag

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Robots-Tag

…mais ils n’en ont rien à faire, qui aurait pu prédire.

Je suis donc passé à l’étape suivante « block-user-agent » :

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#block-user-agents

> What is your #SuperhumanPower?

> I use so many custom ports in #Nginx and haven't used 8080 yet.

Why would #nginx clear the .conf files on both /sites-available and /sites-enabled upon start, and crash?