Is it possible to set the additional-nginx web-server-settings via Plesk API per Subscription?
As from the docs i only can see this changes can be made per ServicePlan.
The Subscription-User is able to modify the additional nginx parameters over the webinterface - (how) is it possible over the Plesk XML API?
As I see there is no physical-hosting-descriptor in API to set or change custom directives for Apache or Nginx
Related
I have an Express app used by several companies. Each company has its own subdomain to call the app api, such as company1.mydomain.com, company2.mydomain.com. In Express we read the value of the subdomain to determine the custom operation that we have to do for that company.
We are moving this app to GCP using Cloud Run with a GCP Load Balancer, setting all subdomains on the latter. We are now trying to read the subdomain but it contains the subdomain value of the Cloud Run URL (xxxxx.a.run.app). We are trying to figure out how to get the subdomain the user is requesting (the one configured in the Load Balancer) but that value doesn't seem to be forwarded to Cloud RUN.
Are there any settings that we are missing or something that help us to read the subdomain value from Cloud Run?
PD: We tried using Load Balancer's Custom Header but there is no option related to subdomain value
PD2: We also tried checking the other headers (including the X-Somethingxx GCP headers) and found nothing
I found a solution. It's based on a recent article that I wrote.
The solution is:
Create a HTTPS load balancer
Define an internet NEG that call run.app
In the backend, use this NEG and add custom header host, with the value of the fully qualified URL of your Cloud Run service xxxxx.a.run.app (like described in my article)
Add another custom header (this one that you want, for example x-forwarded-host) with the value {tls_sni_hostname}
I have purchased a domain name successfully on google domains. I have the website and server deployed on Heroku, which has provided us with a DNS target and a positive ACM status. When navigating to the site by clicking the link provided by the google search, SSL is not active. However, typing into the address bar "https" will cause it to use SSL as will just typing [domain-name].ca, BUT typing "http", it will not use SSL. Why is google defaulting to the non-SSL version?
I have set up the synthetic record:
#.[domain-name] -> https://www.[domain-name].ca
on google domains
Shouldn't this forward every request to https?
I do not have any http calls in my code.
Depending on what enviornment you are using, you need to enable force ssl config.
Rails
Use config.force_ssl = true in your config/environments/production.rb or similar.
Node (Express.js)
Use a package to set this up for your app. Some options can be found here: https://www.npmjs.com/search?q=express+ssl
PHP
You can add directives to the .htaccess file at the root of your project to do this. See this SO post for an example https://stackoverflow.com/a/34065445
Django
Set SECURE_SSL_REDIRECT to True.
Flask
You can use https://github.com/kennethreitz/flask-sslify to handle this for you.
How to configure gradle.properties for adding SSL templates config ? Also, I'd like to add SSL to the REST App Server.
I have looked into https://github.com/marklogic-community/ml-gradle/wiki/Property-reference but couldn't find out from the README too. Any help would be appreciated.
Take a look at https://github.com/marklogic-community/ml-gradle/tree/master/examples/ssl-project for an example of how to set this up. This shows both a certificate template being created and used by a REST API server, and then modules being loaded via HTTPS and that same REST API server.
Is there any way to use HTTPS/SSL on GitHub Pages sites that use a custom domain? SSL is recommended for better search engine ranking and there are a lot of other uses for it beyond that.
Custom domains on GitHub Pages do support HTTPS / SSL:
GitHub Pages has supported custom domains since 2009, and sites on the *.github.io domain have supported HTTPS since 2016. Today, custom domains on GitHub Pages are gaining support for HTTPS as well, meaning over a million GitHub Pages sites will be served over HTTPS.
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
Go to https://github.com/**username**/**repo**/settings
Check the checkbox "Enforce HTTPS":
Prior to May 1, 2018, SSL was supported by GitHub Pages only on sites using a *.github.io domain: https://help.github.com/articles/securing-your-github-pages-site-with-https/
It's now possible to use HTTPS on GitHub Pages sites with a custom domain
If you are using CNAME or ALIAS records for your custom domain, you’re all set and your site should be accessible over HTTPS.
If you are using A records, you must update your site’s DNS records with new IP addresses. Please see our guide to setting up your custom domain with Pages and update any A records you might have set.
Once you have HTTPS working:
You can optionally “Enforce HTTPS” for your domain in your repository’s settings, ensuring users who request your site over HTTP are upgraded to HTTPS.
You can read the full announcement here: https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
I am useing quintolabs qlproxy for web filtering. How can I whitelist onedrive so it stays syncronized? What are the URLs and IPs to Whitelist?
Seems the issue is that OneDrive application uses SSL Pinning and thus does not accept mimicked SSL certificate from your Squid proxy. A similar issue for Dropbox is explained at http://docs.diladele.com/faq/squid/dropbox.html.
This same error will be present in all SSL inspecting web filters. For example from the message at Sophos (astaro) UTM support forum it seems the list of domain names to exclude is quite large (see https://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/56579-microsoft-onedrive.html):
skyapi.live.net
storage.live.com
skydrive.live.com
shared.live.com
onedrive.live.com
Please note the list may not be complete. The best is to fire up the WireShark or (better) Microsoft Message Analyzer on the machine where OneDrive is installed and try to see what domain names are sent to the proxy upon start of OneDrive application. Then exclude these from ssl bump.