Compile the latest nginx release from source with EasyEngine


#83

Hello @nschopra, about TLS 1.3 Draft 23, I will probably wait for the next openssl release, because draft 28 was already published and there are breaking changes with draft 23. So at the moment, it’s not possible to use TLS 1.3 with the most part of web browser because there are too many drafts.

I’m already working on the Cloudflare Headers Compression Patch.


#84

Hi Virtubox,

I have followed the instructions on your github, everthing is working except that when I write “ee info” I get the below message ; ‘Error while getting parameter.’

I think it happened after running that script

TLSv1.2 TLSv1.3 only

wget -O /etc/nginx/nginx.conf https://raw.githubusercontent.com/VirtuBox/ubuntu-nginx-web-server/master/etc/nginx/nginx.conf on instructions page.

Do u have any idea how to fix it? Pls keep ee updated and thanks for your all work.


#85

It doesn’t seems to be related to TLS v1.3 nginx.conf, because I’m still able to use it on some servers with this configuration. But on some other servers, I also have this error. I will take a look on this


#86

exactly, I have another server of mine with your script and it works perfect. Hard to tell what’s the difference between 2 servers.

thanks a lot, very good work, we were about to abondon ee.


#87

Thanks, almost all my servers setup steps are listed on


#88

Hi Virtubox,

I think the rules in your fail2ban script block ip’s in case of several password failures, where does it keep the blocked ips so that I can clear / check them out?

is it possible to say “safe ips” to jail settings?

Mine was blocked accidentally !


#89

Yes, you can list active jails with the command

fail2ban-client status

and you can whitelist an IP with the command :

fail2ban-client set <jail-name> addignoreip YOUR-IP

Example :

fail2ban-client set sshd addignoreip 192.168.1.1

#90

thanks for quick repsonse, much appreciated.

is it possible see and then clear out all blocked ips?


#91

Yes you can see all banned IPs by running :

iptables -L

I do not see another way than iptables -F to flush all banned IP, but it will also flush your firewall configuration. And Fail2ban ban IPs only for 600 seconds, and after 3 bans it ban them definitively with the recidive jail.


#92

thanks a lot for the detailed explanations Virtubox.


#94

I’ve managed to use the script and upgrading openssl I’ve managed to enable TLS 1.3. The point is that I get a lot of errors like this:​

Failed to load Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

How could I fix it keeping things safe?

Thanks.


#95

Just add something like :

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

In your vhost for the location of files you are trying to load


#96

It works perfectly. I’ve added jpg, png and gif too.

Thank you very much!