Create accountLogin

Recent searches

No recent searches

Search options

Not available on radikal.social.
radikal.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
radikal.social was created by a group of activists to offer federated social media for the radical left in and around Denmark.

Administered by:

Server stats:

163
active users

radikal.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#nginx

3 posts3 participants0 posts today
Public
Felix Palmen :freebsd: :c64:

Released: #swad v0.1 🥳

Looking for a simple way to add #authentication to your #nginx reverse proxy? Then swad *could* be for you!

swad is the "Simple Web Authentication Daemon", written in pure #C (+ #POSIX) with almost no external dependencies. #TLS support requires #OpenSSL (or #LibreSSL). It's designed to work with nginx' "auth_request" module and offers authentication using a #cookie and a login form.

Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: #PAM. But as pam already allows pretty flexible configuration, I already consider this pretty useful 🙈

If you want to know more, read here:
github.com/Zirias/swad

Simple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
GitHubGitHub - Zirias/swad: Simple Web Authentication DaemonSimple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
Public
Martin Owens :inkscape:

I've set up my new #inkscape website AI bot tar-baby. It works by giving everyone a chance to not fall into it.

An anchor link that says "I am a bot" and links to /tar-baby/{datetime}/ it's got a fixed position at top -100px so should never be seen

The robots.txt says "Disallow: /tar-baby/" so if you were reading the robots, you'd know.

Then #nginx logs the requests to tar-baby/ to a log of their ip-addresses and browser strings and sends them a 301 redirect to google.com

#ai #Scraping

1/2

Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #13/2025 is out!

It includes the following and much more:

➝ DNA of 15 Million People for Sale in #23andMe Bankruptcy,

#Trump administration accidentally texted a journalist its war plans,

➝ Critical Ingress #NGINX controller vulnerability allows RCE without authentication,

#Cyberattack hits Ukraine's state railway,

➝ Troy Hunt's Mailchimp account was successfully phished,

#OpenAI Offering $100K Bounties for Critical #Vulnerabilities,

#Meta AI is now available in #WhatsApp for users in 41 European countries... and cannot be turned off

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 13/2025DNA of 15 Million People for Sale in 23andMe Bankruptcy, Trump administration accidentally texted a journalist its war plans, Critical Ingress NGINX controller vulnerability allows RCE without authentication, Cyberattack hits Ukraine's state railway, Troy Hunt's Mailchimp account was successfully phished, OpenAI Offering $100K Bounties for Critical Vulnerabilities, Meta AI is now available in WhatsApp for users in 41 European countries... and cannot be turned off
Public
Saustrup

After a lot of tinkering, we finally made it to the latest release of the #nginx ingress controller on the mstdn.dk cluster. The latest release addresses no less than FOUR #CVE records. Critical configuration areas had changed, the GeoIP database had to be cached to avoid rate limiting and the #LUA engine needed some tweaks before it could handle the relative large number of TLS certificates we're using in the cluster, but we finally made it. Sorry about the hick-ups. We're trying to keep expenses from going through the roof, so we've skipped the test setup in favor of gently tweaking things in production. Usually that goes well, but there is the rare exception.

Somewhat related, the #KubeCon / #KubeConEU #Kubernetes conference is next week, which means I'll be in #London for the first time for an entire week. Any suggestions for things worth visiting for a bunch of #nerds? :D

Mastodon hosted on mstdn.dkmstdn.dkJust your average friendly Danish Mastodon server. New users tooting in Danish/English welcome. Administered from Denmark. Hosted on bare-metal Kubernetes in the EU.
Public *
Developer Overheid

Vanochtend is aan het licht gekomen dat een kwetsbaarheid in de Kubernetes Ingress NGINX Controller (ingress-nginx) kwaadwillenden in staat stelt een ongeauthenticeerde remote code execution (RCE) uit voeren.

Alle organisaties die gebruik maken van ingress-nginx dienen deze zo snel mogelijk te patchen naar versie 1.11.5. Meer info vind je op: advisories.ncsc.nl/advisory?id

advisories.ncsc.nlNCSC Advisories
#security#nginx#kubernetes
Continued thread
Public
Terence Eden

Right!

#JellyFin installed. Most of my media reorganised and indexed.

#Tailscale deleted. I can't be bothered running it 24/7 on my phone.

#Docker and #NGINX reverse proxy manager installed. Probably done that right. No idea if it'll survive a reboot.

#LetsEncrypt set up with Dynamic DNS. No SSL errors!

HD Streaming over 5G works - but will have to see how adaptive it is on shitty hotel WiFi.

Bit of a faff, but seems to be working. Next step is configuring a Fire Stick to work with it.

Public
Thomas Frans 🇺🇦

The #Jellyfin adventure goes on, now running on a dedicated home server (and no longer on my desktop which is off half the time). I've been wanting to get a home server for a long time but never felt like the investment in the hardware was worth it. Jellyfin changed that and I'm so excited to see what this server can be used for. For now it's only a media server, but that will change very soon. Maybe #Pihole, #nginx, #HomeAssistant...

(It's running #Arch btw)

#SelfHosting#SelfHosted
Public
old sysops

Mon collègue DBA/sysadmin a annoncé son départ aujourd'hui...
Cela a deux conséquences :
- je vais passer une mauvaise semaine, de mauvaise humeur
- #jerecrute : un(e) libriste convaincu(e), qui aime #debian, #postgresql, #haproxy, #nginx, #python, #puppet (ou qui tolère puppet en tout cas). et qui aime/support le #télétravail #remote

Pas besoin d'être parfait ou de cocher toutes les cases... (annonce à venir, comme ça je vous laisse un peu de temps pour mettre à jour vos CV ).

Public
Michael Boelen

Using #nginx and #systemd on a system is more common nowadays. Did you already check out this #linuxsecurity hardening profile for nginx?

linux-audit.com/systemd/harden

It's a set of parameters that sandbox nginx. The best part of implementing is that you really start to learn what a process does or does not need very quickly. Good for your #linux knowledge 💪

Also interesting, unit settings: linux-audit.com/systemd/settin

If you implemented the profile, love to hear how you like it! Anything missing?

Linux Audit · Nginx hardening profileHarden the nginx configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.
ExploreLive feeds
About