debian 13.5, kernel Linux 6.12.90+deb13.1-amd64 and Dirty Frag (CVE-2026-43284, CVE-2026-43500). Do I need to patch? by Ooops in c/linux@lemmy.ml
[-] Ooops@feddit.org 3 points 3 days ago

upgrade to next kernel version != patch the kernel with backported security fixes

6
Need some ELI5 on proxy_pass in Nginx, in particular regarding having Anubis in the chain (feddit.org)
submitted 1 month ago* (last edited 1 month ago) by Ooops@feddit.org to c/selfhosted@lemmy.world
5 comments fedilink

As this will -thanks to me being quite clueless- be a very open question I will start with the setup:

One nginx server on an old Raspi getting ports 80 and 443 routed from the access point and serving several pages as well as some reverse proxies for other sevices.

So a (very simplified) nginx server-block that looks like this:

# serve stuff internally (without a hostname) via http
server {
	listen 80 default_server;
	http2 on;
	server_name _; 
	location / {
		proxy_pass http://localhost:5555/;
                \# that's where all actual stuff is located
	}
}
# reroute http traffic with hostname to https
server {
	listen 80;
	http2 on;
	server_name server_a.bla;
	location / {
		return 301 https://$host$request_uri;
	}
}
server {
	listen 443 ssl default_server;
	http2 on;
	server_name server_a.bla;
   	ssl_certificate     A_fullchain.pem;
    	ssl_certificate_key A_privkey.pem;
	location / {
		proxy_pass http://localhost:5555/;
	}
}
#actual content here...
server {
	listen 5555;
	http2 on;
    	root /srv/http;
	location / {
        	index index.html;
   	} 
    	location = /page1 {
		return 301 page1.html;
	}
    	location = /page2 {
		return 301 page2.html;
	}
        #reverse proxy for an example webdav server 
	location /dav/ {
		proxy_pass        http://localhost:6666/;
	}
}

Which works well.

And intuitively it looked like putting Anubis into the chain should be simple. Just point the proxy_pass (and the required headers) in the "port 443"-section to Anubis and set it to pass along to localhost:5555 again.

Which really worked just as expected... but only for server_a.bla, server_a.bla/page1 or server_a.bla/page2.

server_a.bla/dav just hangs and hangs, to then time out, seemingly trying to open server_a.bla:6666/dav.

So long story short...

How does proxy_pass actually work that the first setup works, yet the second breaks? How does a call for localhost:6666 (already behind earlier proxy passes in both cases) somehow end up querying the hostname instead?

And what do I need to configure -or what information/header do I need to pass on- to keep the internal communication intact?

Reminder: System76 is not to be trusted by Ooops in c/linux@lemmy.ml
[-] Ooops@feddit.org 55 points 5 months ago

GNOME guys complaining about someone trying to force unilateral decisions upon them and being totally uncoopertaive must be satire...

[PastIllustrator] Dungeon Cop - Job Satisfaction by Ooops in c/rpgmemes@ttrpg.network
[-] Ooops@feddit.org 45 points 7 months ago

"not exactly missile magic" 🤣

White House Orders NASA to Destroy Important Satellite by Ooops in c/technology@beehaw.org
[-] Ooops@feddit.org 52 points 10 months ago

Don't Look Up was a documentary...

Car-brains: Bike lanes and public transportation is too expensive. Also Car-brains: by Ooops in c/fuckcars@lemmy.world
[-] Ooops@feddit.org 47 points 1 year ago* (last edited 1 year ago)

You wouldn't believe the secondary costs caused by thawing salt. And then there's the primary cost of operating vehicle park to spread a lot of salt each winter.

Although general streets would not be my first choice (you should start with bridges where corrosion is even more of an issue) every example of heated street I saw was just a matter of "yeah, simple math says this makes sense".

PS: And that's obviously not car-specific even. Every newly build bike lane should incorporate this idea. Modern bike and pedestrian bridges doubly so.

PPS: For reference: new bicycle-bridge in Germany... 16 million € to build, of which the added heating is a very small fraction (300k).

Torvalds Frustrated Over "Disgusting" Testing "Turd" DRM Code Landing In Linux 6.15 by Ooops in c/linux@programming.dev
[-] Ooops@feddit.org 47 points 1 year ago

Apparently this is about neither DRM

It's not about the DRM people think about... but the Direct Rendering Manager

Assassin Bug by Ooops in c/science_memes@mander.xyz
[-] Ooops@feddit.org 42 points 2 years ago

So what humans have done for millenia in the form of furs, leather and bone?

Gentlemen, I'm afraid there is not enough Kaliningrad for everyone by Ooops in c/noncredibledefense@sh.itjust.works
[-] Ooops@feddit.org 48 points 2 years ago* (last edited 2 years ago)

Germans are still suffering from having to integrate another failed quasi-soviet state more than 30 years later, so you couldn't pay them enough for taking Königsberg back.

Why block muting the OS? by Ooops in c/linuxmemes@lemmy.world
[-] Ooops@feddit.org 127 points 2 years ago* (last edited 2 years ago)

An immutable OS is fixed and mounted non-writable. Every update you get, every program you install is handled on top of it via containers or filesystem overlays so the underlying OS is untouched. Basically the same concept you know from smartphones or other devices with a "reset to factory settings" function. No matter how hard you screw up your system, you can always reset to the base OS, either by granulary deactivating things installed on top, or by a reset to the working base OS.

The Microsoft/CrowdStrike outage shows the danger of monopolization by Ooops in c/news@lemmy.world
[-] Ooops@feddit.org 103 points 2 years ago

No... the Crowdstrike debacle primarily shows the dangers of today's corporate culture in software development.

Ship as fast as possible, fix issues later if necessary...

CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed by Ooops in c/linux@programming.dev
[-] Ooops@feddit.org 46 points 2 years ago

The software is the problem if it's produced with a corporate mentality of "ship first, fix later".

More Tech and Venture Capital Execs Are Coming Out as MAGA Believers by Ooops in c/news@lemmy.world
[-] Ooops@feddit.org 77 points 2 years ago

"More Tech and Venture Capital Execs Are Coming Out as ~~MAGA~~ Believers of Tax Cuts, Deregulation and Corruption"

Fixed that headline...

view more: next ›

Ooops

joined 2 years ago