similar to: [Infrastructure Design] Questions about Puppet behind SSL reverse proxy

Displaying 20 results from an estimated 4000 matches similar to: "[Infrastructure Design] Questions about Puppet behind SSL reverse proxy"

2013 May 17
3
client connection errors: SSL, SNI and DNS_ALT_NAMES Oh My
Hi All, I''ve run into a bit of a tangle. I currently have two puppet masters which are "load balanced" with round robin DNS (one is also the CA). I''m using dns_alt_names to let them each answer to puppet.my.domain.com For the past year this has been fine. About a week ago I tried to add a third & while all my Linux clients are happy with the new arrangement,
2018 Jul 20
0
Is there any way I can deploy cPanel web hosting control panel with Microsoft Exchange 2016 groupware behind one static public IP?
You can use bind your cPanel web server to a different port or (better) you can put your services behind a reverse proxy/load balancer. In this scenario, for web servers running on the standard ports (ie TCP 80 and 443), you can use HTTP host headers/SNI to redirect requests to the appropriate backend web server based on the domain name used. So yes, you can have a whole bunch of stuff running
1997 Oct 21
0
SNI-19: BSD lpd vulnerabilities (UPDATE)
-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory
2018 Aug 31
0
SNI Dovecot
FYI? dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't send SNI.?As you are using version 2.2.27 you might encounter the same behaviour. If the client won't send SNI, my server randomly answers with any cert instead of?the default cert,? --Perhaps dovecot just utilises the last used cert? One speciality?of my certs is, that both share the same Common Name (CN) but differ
2016 Oct 20
0
logging TLS SNI hostname
On Thursday 20 of October 2016, Aki Tuomi wrote: > On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote: > > On Thursday 20 of October 2016, Aki Tuomi wrote: > >> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: > >>> On Monday 17 of October 2016, KT Walrus wrote: > >>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> >
2009 Dec 06
3
virtual domains and SSL certificates
Hi, This topic has been discussed before e.g: <QUOTE> On 2008-08-07, at 1143, Kacper Wysocki wrote: The problem is that the configuration file specifies only one certificate file for dovecot, which means only one Common Name, which means one cannot provide one server cert that will match mail.foo.com AND mail.bar.com, and either ma... at foo.com or bo... at bar.com will get a
2016 Oct 18
0
logging TLS SNI hostname
On Monday 17 of October 2016, KT Walrus wrote: > > On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >> Is there a way to log SNI hostname used in TLS session? Info is there in > >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to > >>
2016 Oct 20
0
logging TLS SNI hostname
On Thursday 20 of October 2016, Aki Tuomi wrote: > On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: > > On Monday 17 of October 2016, KT Walrus wrote: > >>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> > >>> wrote: > >>> > >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >>>> Is there
2018 Jul 20
0
Is there any way I can deploy cPanel web hosting control panel with Microsoft Exchange 2016 groupware behind one static public IP?
Hi, Based on further research, it appears that Squid can only reverse proxy HTTP and HTTPs but NGINX is able to reverse proxy IMAP, POP3, and SMTP protocols. Please correct me if I am wrong. Thank you. ===BEGIN SIGNATURE=== Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ <https://tdtemcerts.wordpress.com/>[2]
2016 Oct 20
2
logging TLS SNI hostname
On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: > On Monday 17 of October 2016, KT Walrus wrote: >>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: >>> >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >>>> Is there a way to log SNI hostname used in TLS session? Info is there in >>>>
2016 Oct 20
2
logging TLS SNI hostname
On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote: > On Thursday 20 of October 2016, Aki Tuomi wrote: >> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: >>> On Monday 17 of October 2016, KT Walrus wrote: >>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> >>>>> wrote: >>>>> >>>>> On Monday 30
2003 Jun 28
1
rsync does not sync files older than current year
Dear sirs, I installed rsync from www.sunfreeware.com on a Solaris 8 box, which seems to be 2.5.6, but it does not sync files correctly, which elder than the current year. see the following # ls -al httpd.conf -rw-r--r-- 1 bin bin 36935 Nov 9 2002 httpd.conf # hostname anui23 # ls -al /net/anui24/usr/local/apache/conf/httpd.conf -r--r--r-- 1 root other 41435 Jun 25
2016 Nov 11
0
lazy-load SNI?
On Friday 11 of November 2016, Felipe Gasper wrote: > Hello, > > We?re rolling out large SNI deployments for our mail servers. Each domain > gets an entry like this in the config: > > local_name mail.foo.com { > ssl_cert = </ssl/domain_tls/*.foo.com/combined > ssl_key = </ssl/domain_tls/*.foo.com/combined > } Lack of glob/regexp support here is also a
1997 Oct 22
1
SNI-20: Telnetd tgetent vulnerability
[mod: Executive summary: SNI found recent linux-distributions not-vulnerable -- REW] -----BEGIN PGP SIGNED MESSAGE----- ###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######.
2018 Jul 23
0
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
Can you provide some details on what those openssl commands returned? Aki On 20.07.2018 12:14, Martin Johannes Dauser wrote: > Hi, > > I recognised some funny behaviour on my server. IMAP clients which > won't send an Server Name Indication (SNI) sometimes get the wrong > certificate. I would expect that those clients always get the default > certificate (of my new
2016 Oct 17
2
logging TLS SNI hostname
> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >> Is there a way to log SNI hostname used in TLS session? Info is there in >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to >> ssl_io->host. >> >> Unfortunately I don't see it expanded to any
2016 Nov 11
1
lazy-load SNI?
> On November 11, 2016 at 12:22 PM Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > > On Friday 11 of November 2016, Felipe Gasper wrote: > > Hello, > > > > We?re rolling out large SNI deployments for our mail servers. Each domain > > gets an entry like this in the config: > > > > local_name mail.foo.com { > > ssl_cert =
2020 Jan 12
3
Adding SNI support to SSH
Hey Thorsten, Thorsten Glaser <t.glaser at tarent.de> writes: > On Sun, 12 Jan 2020, Nico Schottelius wrote: > >> I was wondering what you think about SNI (server name indication) >> support to OpenSSH? > > Oh, please absolutely not. SNI is a privacy violation in HTTP, and > otherwise just a poor excuse to continue running NAT and/or IPv4. you might have
1997 Dec 23
1
Junk e-mail .... help needed!!!
Hi!! Of late, I'm getting a lot of un-solicited mails from this list, and inspite of un-subscribing mails, messages, threats , nothing really seems to work... My question: 1. Is there any way I can 'avoid' or 'bounce' incoming messages at the mail-server level?? 2. I cannot change my address (alias) as such... since this involves sending reminders to God knows how many
2016 May 30
2
logging TLS SNI hostname
Is there a way to log SNI hostname used in TLS session? Info is there in SSL_CTX_set_tlsext_servername_callback, dovecot copies it to ssl_io->host. Unfortunately I don't see it expanded to any variables ( http://wiki.dovecot.org/Variables ). Please consider this to be a feature request. The goal is to be able to see which hostname client used like: May 30 08:21:19 xxx dovecot: