Comments (5)
peterkimzz
commented on May 14, 2024
1
I found it is because default nginx ssl_protocols value is TLSv1.3.
Almost search engine crawlers try to scrap metadata by using TLSv1.2.
PR #18 .
from bunkerweb.
fl0ppy-d1sk
commented on May 14, 2024
1
Hello @peterkimzz, version 1.1.1 should now support both TLS 1.2 and 1.3. Please note that crawlers may not work when using the antibot feature through the USE_ANTIBOT env var.
from bunkerweb.
fl0ppy-d1sk
commented on May 14, 2024
Hello @peterkimzz can you try the new (and current) 1.1.0 version ? The logging bug should now be fixed in this version. Please note that nginx now listens on ports 8080 for HTTP and 8443 for HTTPS. Then try again to see if we have any logs ?
from bunkerweb.
peterkimzz
commented on May 14, 2024
Hi @bunkerity.
I used 1.1.0 version, still got same result.
Looks all of crawler are blocked.
I think the reason why no any log is that some security tool or rule block ONLY for the crawlers before requesting to nginx.
nginx log (still using curl and browser work)
myreverse_1 | [*] Running nginx ...
myreverse_1 | ==> /var/log/access.log <==
myreverse_1 |
myreverse_1 | ==> /var/log/error.log <==
myreverse_1 |
myreverse_1 | ==> /var/log/access.log <==
myreverse_1 | 211.176.129.xx - - [29/Oct/2020:02:02:14 +0000] "HEAD / HTTP/1.1" 301 0 "-" "curl/7.64.1"
myreverse_1 | 211.176.129.xx - - [29/Oct/2020:02:06:40 +0000] "GET / HTTP/2.0" 200 11357 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Whale/2.8.107.17 Safari/537.36"
docker-compose.yml (adapted by v1.1.0)
version: "3.8"
services:
myreverse:
image: bunkerity/bunkerized-nginx:1.1.0
restart: always
ports:
- 80:8080
- 443:8443
volumes:
- ./letsencrypt:/etc/letsencrypt
- ./nginx/http-configs:/http-confs
- ./nginx/server-configs:/server-confs
environment:
- SERVER_NAME=www.example.com
- SERVE_FILES=no
- REDIRECT_HTTP_TO_HTTPS=yes
- AUTO_LETS_ENCRYPT=yes
- PROXY_REAL_IP=yes # doesn't affect the result.
- USE_DNSBL=no
- USE_FAIL2BAN=no
- USE_MODSECURITY=no
- USE_MODSECURITY_CRS=no
- USE_CLAMAV_UPLOAD=no
- USE_CLAMAV_SCAN=no
- CLAMAV_SCAN_REMOVE=no
- BLOCK_USER_AGENT=no
- BLOCK_TOR_EXIT_NODE=no
- BLOCK_PROXIES=no
- BLOCK_ABUSERS=no
- USE_WHITELIST_IP=no
- USE_WHITELIST_REVERSE=no
- USE_BLACKLIST_IP=no
- USE_BLACKLIST_REVERSE=no
- USE_LIMIT_REQ=no
app1:
image: "${DOCKER_REGISTRY}:www"
restart: always
command: yarn start
# ...from bunkerweb.
peterkimzz
commented on May 14, 2024
I found when nginx catches a log.
When I paste a link with http:// (not https://) in Slack chat, nginx returns a log with 301 status.
But Slack still doesn't show the preview.
myreverse_1 | 3.95.174.215 - - [29/Oct/2020:02:37:35 +0000] "GET / HTTP/1.1" 301 162 "-" "Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)"
myreverse_1 | 3.95.174.215 - - [29/Oct/2020:02:37:36 +0000] "GET / HTTP/1.1" 301 162 "-" "Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)"
from bunkerweb.
Related Issues (20)
- [BUG] HOT 2
- [FEATURE] Official support for REHL 9? HOT 4
- [DOC] Country security feature HOT 2
- [FEATURE] Add option to force redirect to https when inbound request scheme is http. HOT 1
- [question] Bunkerweb & mailcow: How can I mount the generated certs for an external service? Where are they saved ? HOT 6
- [BUG] using an underscore as server_name in the env vars fails LE and all sites. HOT 3
- [BUG] letsencrypt handshake not working on IPv6 only HOT 3
- [FEATURE] support uwsgi_params in reverse proxy default configuration HOT 5
- [FEATURE] adding open-appsec HOT 2
- [BUG] REVERSE_PROXY_URL results in too many redirects HOT 2
- [BUG] scheduler error _getdefaultlocale HOT 5
- [BUG] Scheduler Crash on Reloading Plugins HOT 3
- [BUG] Get empty page after reload page with challenge HOT 4
- [BUG] After the first unsuccessful attempt to complete the captcha challenge, the remaining attempts become failures HOT 2
- [DOC] Web-UI K8S "Advanced Installation" bunkerweb-ui isn't using correct serviceaccount HOT 6
- [FEATURE] allow to modify nginx default buffer setting to handle "upstream sent too big header" HOT 1
- [BUG] IPs in WHITELIST_IP gets banned for Bad Behavior in the middle of the night HOT 10
- [BUG] bunkerweb.service reported that there is missing configuration file HOT 6
- [BUG] whitelist bypass not effective HOT 7
- [FEATURE] K8S - Ability to ignore/use Ingresses based on IngressClass HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bunkerweb.