Hello,
I have a closed-source Webapp that run on an IIS-Webserver and send a
“X-Frame-Options: SAMEORIGIN” header.
I also have to implement this Webapp in my own, Frame based Application.
So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
is still send.
How can I remove his header?
I have try “proxy_hide_header X-Frame-Options;” without success.
Regards,
Basti
On 9 January 2014 10:03, basti [email protected] wrote:
Hello,
I have a closed-source Webapp that run on an IIS-Webserver and send a
“X-Frame-Options: SAMEORIGIN” header.
I also have to implement this Webapp in my own, Frame based Application.So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
is still send.
How can I remove his header?
I have try “proxy_hide_header X-Frame-Options;” without success.
You’ll find the answer in the documentation:
http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header
J
Hello!
On Thu, Jan 09, 2014 at 11:03:11AM +0100, basti wrote:
Hello,
I have a closed-source Webapp that run on an IIS-Webserver and send a
“X-Frame-Options: SAMEORIGIN” header.
I also have to implement this Webapp in my own, Frame based Application.So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
is still send.
How can I remove his header?
I have try “proxy_hide_header X-Frame-Options;” without success.
The proxy_hide_header directive is expected to work (and works
here, just tested). If it doesn’t work for you, you may want to
provide more details, see Debugging | NGINX for some
hints.
–
Maxim D.
http://nginx.org/
Hello!
On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan M. wrote:
I have try “proxy_hide_header X-Frame-Options;” without success.
You’ll find the answer in the documentation:
Module ngx_http_proxy_module
The X-Frame-Options header is returned by a server-side
application, hence the proxy_hide_header is correct solution,
while proxy_set_header isn’t.
And, being pedantic, wiki != documentation. Here are
links to the documentation:
http://nginx.org/r/proxy_set_header
http://nginx.org/r/proxy_hide_header
–
Maxim D.
http://nginx.org/
On 9/01/2014 11:12 PM, Jonathan M. wrote:
I also have to implement this Webapp in my own, Frame based Application.
application, hence the proxy_hide_header is correct solution,couldn’t find IfIsEvil anywhere but the wiki. The presence of a
nginx mailing list
[email protected]
nginx Info Page
I share your opinion regarding nginx documentation. It is woeful.
Particularly when compared to other exemplary open source projects, such
as Postfix and FreeBSD. My inability to easily transfer my webservers to
nginx from Apache, due to (my own shortcomings compounded by) terribly
inadequate documentation, nearly made the transition impossible. Insult
was only added to injury when, after transferring some sites to the
recommended nginx, I found very little performance enhancement.
Admittedly, I am most probably not properly utilizing the application
and will only see improvements when my own abilities allow it.
Nevertheless, the documentation needs work. It is prudent to accommodate
less technically aware users.
–
On 9 January 2014 12:24, nano [email protected] wrote:
I share your opinion regarding nginx documentation. It is woeful.
Sorry chap - I didn’t say that and I don’t think that. There may well
be some specific target audiences not well served by the aggregate of
the current (psuedo-)documentation sources, but that doesn’t mean they
themselves are /that/ bad. My problems with them are specific and
fixable, and not just “make it better!”
J
Hello!
On Thu, Jan 09, 2014 at 12:12:09PM +0000, Jonathan M. wrote:
I also have to implement this Webapp in my own, Frame based Application.
application, hence the proxy_hide_header is correct solution,couldn’t find IfIsEvil anywhere but the wiki. The presence of a
top-level pointer on each wiki page to nginx documentation is
pretty useless, too - it needs to point to the appropriate place in
the docs to get people to start using them.Didn’t you guys pick up several millions a while ago, which was
announced as being somewhat earmarked for improving documentation?
And that’s why we actually have the documentation in English. 
Additionally, compared to what we have previously it is already
significantly imporoved.
As I already explained, the problem with wiki pages which
duplication documentation is a bit rot. There are lots of
improvements in the documentation which isn’t in wiki, most
obviously - there are no new directives. And this bit rot confuse
people more and more.
The generic plan is to avoid the duplication altogether,
preserving wiki for useful additional content.
–
Maxim D.
http://nginx.org/
On 9 January 2014 11:57, Maxim D. [email protected] wrote:
while proxy_set_header isn’t.
My bad. I was pretty sure I’d had success with ‘set foo “”’ where
‘hide’ hadn’t worked in the past.
And, being pedantic, wiki != documentation. Here are
links to the documentation:
Ack that. I’ll personally keep linking to the wiki until the
documentation
I may be wrong about that third one still needing doing, but I
couldn’t find IfIsEvil anywhere but the wiki. The presence of a
top-level pointer on each wiki page to nginx documentation is
pretty useless, too - it needs to point to the appropriate place in
the docs to get people to start using them.
Didn’t you guys pick up several millions a while ago, which was
announced as being somewhat earmarked for improving documentation?
Hello,
On 1/9/14, 7:24 AM, nano wrote:
[snip]
Nevertheless, the documentation needs work. It is prudent to accommodate
less technically aware users.
You may not see much “performance enhancement” if your server was not
heavily loaded or if it is using PHP to serve static content, such as
WordPress used to do up until version 3.4 and continues to do on some
sites that were upgraded from older versions to the current version.
Also, if you are running a PHP daemon and a MySQL server on the same
server as you run nginx, they may contribute more to server load than
does nginx. Optimizing them, especially MySQL, may give you significant
“performance enhancement”. I mention WordPress because you link to a
WordPress site in your signature. Since your domain was first registered
in November and since you only have a few posts most of which are
rudimentary, I am going to doubt that you don’t have a lot of traffic.
Alexa does not even have data on your site yet, it’s so new. Plus using
a self signed certificate and creating SSL links on your home page -
http://bsdbox.co - give the big red page on Chrome. I have no desire to
add an exception for a two month old domain. Spring for $4.99/year at
https://www.cheapssls.com/domain-only.html and get a PositiveSSL
certificate.
The shortcomings are yours indeed. The documentation is for people who
understand the concepts and is not meant to be a replacement for a “for
Dummies” book. I believe that (almost) every directive is covered. If
you do not understand what the directives mean, there are many ways to
figure it out. In such a case, Google is your friend.
Comparing nginx documentation to FreeBSD documentation is a bit
unrealistic. FreeBSD documentation is written by volunteers of which
there are dozens if not hundreds. The entire project is a community
effort. Despite that, some is out of date. For instance, look at
http://www5.us.freebsd.org/doc/handbook/svn-mirrors.html. Do you see
svn0.eu.FreeBSD.org listed there, or its fingerprint? There may be other
servers missing as well. I have found many other examples but that’s the
first that comes to mind.
Anyone who wants to volunteer to improve the documentation should do
so. I’m sure the devs would at least look at any provided patches.
Of course, you can always create a community effort of your own and
organize your own wiki or alternate set of documentation. Or perhaps you
can apply for a job at Nginx.com to work on upgrading the documentation
to your standards.
The original purpose of the wiki was to serve as English documentation
when there was little to none. Sure, it had a bit more hand holding, but
it really has become superfluous at least in terms of providing up to
date documentation, at least IMMHO.
–
Jim O.
On 9/01/2014 11:47 PM, Jonathan M. wrote:
nginx mailing list
[email protected]
nginx Info Page
Nonetheless, I find the official documentation lacking. It is good that
you do not. Fortunately, there are alternative resources that make
deployment of nginx servers achievable for users lacking technical
proficiency, like myself.
–
Hello,
On 1/9/14, 12:14 PM, nano wrote:
as Postfix and FreeBSD. My inability to easily transfer my webservers to
You may not see much “performance enhancement” if your server was not
heavily loaded or if it is using PHP to serve static content, such as
WordPress used to do up until version 3.4 and continues to do on some
sites that were upgraded from older versions to the current version.
Also, if you are running a PHP daemon and a MySQL server on the same
server as you run nginx, they may contribute more to server load than
does nginx. Optimizing them, especially MySQL, may give you significant
“performance enhancement”.Thanks, Jim, for the suggestions. I may look into optimizing MySQL at a
later date.
Going to copy someone else’s procedures and write another “tutorial”?
certificate.
your concern and advice; however, I will not be purchasing a
“PositiveSSL certificate”.
Whatever. You put a link in your signature and very rudimentary (and
somewhat incorrect) “tutorials” in your blog.
In fact, on December 20, 2013 you wrote:
“I recently decided to build my first FreeBSD box. First order of
business: roll my own Apache server to host my ownCloud service. I also
decided to stand up this WordPress site to document my progress. Mostly
for posteritys sake; this way, I have tried-and-tested data to
reference during future UNIX operations. Why should I []”
Learn something about being a sysadmin before writing “tutorials”.
Anyway, opinions are like assholes. Everybody has one. Yours just
happens to be wrong.
utility of alternative resources; found through Google. If you have some
first that comes to mind.
It is analogous, as is the comparison to Postfix documentation. I did
not claim FreeBSD literature is absent error, but that it is simply more
comprehensive and accommodates “Dummies”. If nginx chooses to cater for
“for people who understand the concepts and is not meant to be a
replacement for a ‘for Dummies’ book”, that is the prerogative of the
maintainers and developers of nginx documentation.
See above.
I am certain there are people who value and appreciate the project
I am sure that multimillion dollar donations will contribute to further
improvements.
I’m not aware of any “multimillion dollar donations” but maybe you are.
Commercial funding is not a “donation”.
Sure, it had a bit more hand holding, but
it really has become superfluous at least in terms of providing up to
date documentation, at least IMMHO.You are entitled to your opinion, as am I. Your advice will be
considered. Thank you, Jim.
Again, see above.
Peace out.
–
Jim O.
On 10/01/2014 2:21 AM, Jim O. wrote:
nginx from Apache, due to (my own shortcomings compounded by) terribly
heavily loaded or if it is using PHP to serve static content, such as
WordPress used to do up until version 3.4 and continues to do on some
sites that were upgraded from older versions to the current version.
Also, if you are running a PHP daemon and a MySQL server on the same
server as you run nginx, they may contribute more to server load than
does nginx. Optimizing them, especially MySQL, may give you significant
“performance enhancement”.
Thanks, Jim, for the suggestions. I may look into optimizing MySQL at a
later date.
That domain only hosts a personal blog documenting FreeBSD procedures,
and SOHO resource for colleagues, family and friends; in fact, the
server is still running Apache and is not relevant to my observations
pertaining to increased performance, or lack of, in transferring to
nginx on other sites. Further, I have no desire to satisfy your trust
concerns. My concern is to secure my own sensitive traffic. Moreover,
the paradigm of entrusting third parties is foolish and highly
susceptible to exploitation, but this, too, is irrelevant. Thank you for
your concern and advice; however, I will not be purchasing a
“PositiveSSL certificate”.
The shortcomings are yours indeed. The documentation is for people who
understand the concepts and is not meant to be a replacement for a “for
Dummies” book. I believe that (almost) every directive is covered. If
you do not understand what the directives mean, there are many ways to
figure it out. In such a case, Google is your friend.
I have no doubt, and iterated, my inadequacies affect my
(mis)understanding of the documentation. Similarly, I remarked on the
utility of alternative resources; found through Google. If you have some
“for Dummies” resources, please feel free to provide them. That would be
good.
Comparing nginx documentation to FreeBSD documentation is a bit
unrealistic. FreeBSD documentation is written by volunteers of which
there are dozens if not hundreds. The entire project is a community
effort. Despite that, some is out of date. For instance, look at
http://www5.us.freebsd.org/doc/handbook/svn-mirrors.html. Do you see
svn0.eu.FreeBSD.org listed there, or its fingerprint? There may be other
servers missing as well. I have found many other examples but that’s the
first that comes to mind.
It is analogous, as is the comparison to Postfix documentation. I did
not claim FreeBSD literature is absent error, but that it is simply more
comprehensive and accommodates “Dummies”. If nginx chooses to cater for
“for people who understand the concepts and is not meant to be a
replacement for a ‘for Dummies’ book”, that is the prerogative of the
maintainers and developers of nginx documentation.
Anyone who wants to volunteer to improve the documentation should do
so. I’m sure the devs would at least look at any provided patches.Of course, you can always create a community effort of your own and
organize your own wiki or alternate set of documentation. Or perhaps you
can apply for a job at Nginx.com to work on upgrading the documentation
to your standards.
I am certain there are people who value and appreciate the project
enough that will choose to contribute. When the values and objectives of
a project comport with my own, I often choose to contribute how I can;
such as, deploying Tor exit nodes, documenting up-to-date, basic
procedures, or making monetary donations to the FreeBSD Foundation. This
is a nice quality of open source communities. The good ones thrive, the
less valued do not.
The original purpose of the wiki was to serve as English documentation
when there was little to none.
I am sure that multimillion dollar donations will contribute to further
improvements.
Sure, it had a bit more hand holding, but
it really has become superfluous at least in terms of providing up to
date documentation, at least IMMHO.
You are entitled to your opinion, as am I. Your advice will be
considered. Thank you, Jim.
–
On 10/01/2014 4:33 AM, Jim O. wrote:
and will only see improvements when my own abilities allow it.
server as you run nginx, they may contribute more to server load than
does nginx. Optimizing them, especially MySQL, may give you significant
“performance enhancement”.Thanks, Jim, for the suggestions. I may look into optimizing MySQL at a
later date.Going to copy someone else’s procedures and write another “tutorial”?
I will record the procedure that results in a successful mission. That
typically involves documenting steps taken from a variety of sources, as
finding one that works without requiring changes is not commonplace. If
you have any resources, please feel free to provide them.
certificate.
your concern and advice; however, I will not be purchasing a
“PositiveSSL certificate”.Whatever. You put a link in your signature and very rudimentary (and
somewhat incorrect) “tutorials” in your blog.
Please, feel free to highlight what is incorrect, Jim. I would be happy
to make corrections.
In fact, on December 20, 2013 you wrote:
“I recently decided to build my first FreeBSD box. First order of
business: roll my own Apache server to host my ownCloud service. I also
decided to stand up this WordPress site to document my progress. Mostly
for posteritys sake; this way, I have tried-and-tested data to
reference during future UNIX operations. Why should I []”
As I said in the paragraph you quote above: “personal blog documenting
FreeBSD procedures.” I find it useful to record my progress. If it helps
somebody else, that is good.
Learn something about being a sysadmin before writing “tutorials”.
I hope to continue learning. Please, feel free to contribute in any way
you like.
Anyway, opinions are like assholes. Everybody has one. Yours just
happens to be wrong.
If that is your opinion. Good for you. Like you say, “everybody has
one.”
utility of alternative resources; found through Google. If you have some
first that comes to mind.
I am certain there are people who value and appreciate the project
I am sure that multimillion dollar donations will contribute to further
improvements.I’m not aware of any “multimillion dollar donations” but maybe you are.
Commercial funding is not a “donation”.
Then, that multimillion dollar funding will surely help.
Again, see above.
Peace out.
Likewise.
–
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs