I have two lxc containers. One is the proxy with nginx and this config:
server {
server_name cloud.malte-kiefer.de;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://cloud.lxd;
}
real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;
listen [::]:443 ssl http2 proxy_protocol;
listen 443 ssl http2 proxy_protocol;
ssl_certificate /etc/nginx/ssl/cloud.malte-kiefer.de/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/cloud.malte-kiefer.de/privkey.key;
}
server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;
server_name cloud.malte-kiefer.de;
location / {
return 301 https://cloud.malte-kiefer.de$request_uri;
}
return 404;
}
Then I have the cloud container with nextcloud with this config:
upstream php-handler {
server unix:/var/run/php/php7.3-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
set $base /var/www/html;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name cloud.malte-kiefer.de;
fastcgi_hide_header X-Powered-By;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location = /.well-known/carddav {
return 301 https://cloud.malte-kiefer.de/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://cloud.malte-kiefer.de/remote.php/dav;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
When I try to open the URL I see the installation page from nextcloud. When I enter information and send it reload from page and this in the nextcloud log:
Unknown: POST Content-Length of 213 bytes exceeds the limit of 16
bytes at Unknown#0
This is the nginx log from the nextcloud container
2020/01/13 17:32:20 [error] 416#416: *8 FastCGI sent in stderr: "PHP
message: PHP Warning: Unknown: POST Content-Length of 213 bytes
exceeds the limit of 16 bytes in Unknown on line 0" while reading
response header from upstream, client: 89.204.135.199, server:
cloud.malte-kiefer.de, request: "POST /index.php HTTP/1.0", upstream:
"fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host:
"cloud.malte-kiefer.de"
I check my PHP ini file:
root#cloud:~# grep -R "post_max_size" /etc/php/
/etc/php/7.3/fpm/php.ini:post_max_size = 16GB
/etc/php/7.3/cli/php.ini:post_max_size = 16GB
/etc/php/7.3/phpdbg/php.ini:post_max_size = 8M
root#cloud:~# grep -R "memory_limit" /etc/php/
/etc/php/7.3/fpm/pool.d/www.conf:;php_admin_value[memory_limit] = 32M
/etc/php/7.3/fpm/php.ini:memory_limit = 512M
/etc/php/7.3/cli/php.ini:memory_limit = 512M
/etc/php/7.3/phpdbg/php.ini:memory_limit = 128M
I can't find the issue. Maybe you guys can help me.
Ok, it was a missconfig in the php.ini file.
I totally removed PHP vom the nextcloud container, reinstalled and it works now.
Related
Our application server is getting down or slow randomly throughout the day, CakePHP 2 application with Mysql is running on this server. We have some cronjobs set up and all are working perfectly.
This performance issue mostly occurs at business time (Day time)
Server configuration: AWS instance t2.large, FreeBSD 10.3-RELEASE-p11, Disk space 20% free (30GB)
I go through many server logs as well as application logs like below
Nginx error log (Few lines from the log)
2020/04/30 23:04:57 [info] 66440#101049: *71645 client closed connection while waiting for request, client: XX.XX.XX.XX, server: 0.0.0.0:80
2020/04/30 23:05:01 [info] 66440#101049: *71820 kevent() reported that client XX.XX.XX.XX closed keepalive connection
2020/04/30 23:05:42 [info] 66440#101049: *72494 peer closed connection in SSL handshake while SSL handshaking, client: XX.XX.XX.XX, server: 0.0.0.0:443
dmesg.today Log (Few lines)
sonewconn: pcb 0xfffff800a70cf7a8: Listen queue overflow: 193 already in queue awaiting acceptance (62 occurrences)
sonewconn: pcb 0xfffff800a70cf7a8: Listen queue overflow: 193 already in queue awaiting acceptance (57 occurrences)
sonewconn: pcb 0xfffff80115d9e7a8: Listen queue overflow: 193 already in queue awaiting acceptance (63 occurrences)
sonewconn: pcb 0xfffff80115d9e7a8: Listen queue overflow: 193 already in queue awaiting acceptance (126 occurrences)
HTOP outcome
PHP-fpm: pool www, sometimes consumes 100% of CPU and memory
NodePing Alert (Receiving continuous notification in day time)
failed the HTTP check. It is down as of Thu Apr 30 2020 12:29:09 GMT-0700.Timeout.
HTTP is back up after being down for 4 minutes as of Thu Apr 30 2020 23:28:19 GMT-0700.
Nginx.conf file
user www;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_header_timeout 3000;
client_body_timeout 3000;
fastcgi_read_timeout 3000;
client_max_body_size 32m;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
server_name_in_redirect on;
server_names_hash_bucket_size 64;
server_names_hash_max_size 8192;
#access_log logs/access.log main;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
include /etc/nginx/ssl/*.conf;
server {
listen 80;
autoindex off;
server_name localhost;
add_header X-Frame-Options "SAMEORIGIN";
root /usr/local/www/html/webroot;
index index.html index.php;
# redirect server error pages to the static page /50x.html
location / {
# try_files $uri $uri/ /index.php?$uri&$args;
# set $new_uri $uri;
# try_files $uri $uri/ /index.php?$args;
try_files $uri $uri?$args $uri/ /index.php?$uri&$args /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include /etc/nginx/fastcgi_params;
#fastcgi_param PATH_INFO $new_uri;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass /var/run/php5-fpm.sock;
fastcgi_read_timeout 300;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
error_page 500 502 503 504 /50x.html;
location = /50.html {
root /etc/nginx/html;
}
location ~ /(\.ht|\.user.ini|\.git|\.hg|\.bzr|\.svn) {
deny all;
}
}
# HTTPS server
#
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name *.XXXX.com;
ssl on;
ssl_certificate /XXXXX.crt;
ssl_certificate_key /XXXXX.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2; # Dropping
root /usr/local/www/html/webroot;
index index.html index.php;
# redirect server error pages to the static page /50x.html
location / {
# try_files $uri $uri/ /index.php?$uri&$args;
# set $new_uri $uri;
# try_files $uri $uri/ /index.php?$args;
try_files $uri $uri?$args $uri/ /index.php?$uri&$args /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 3000;
}
location = /favicon.ico { log_not_found off; access_log off;}
location = /robots.txt { log_not_found off; access_log off;}
location ~ /.well-known { allow all; }
}
##
# Cache Proxy
##
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=512m;
proxy_temp_path /var/tmp;
}
below are Some CPU utilization screens from AWS console
Above are some of my findings to found the issue, but I don't know what is causing poor server performance. Please suggest
UPDATE
I observe that in business hours (TTFB) is taking too much time (20 -25 sec)
I check the log of Mysql queries running on that page took Total Time: 1441 ms
So, Something else taking up time to load the page.
HTOP outcome at that time
I've installed nginx on a fresh Ubuntu 18.04 server. Its for an osTicket installation if that matters at all. I put all the files in the /var/www/html directory and setup my sites-available/enabled. But when I go to the site I get an Access Denied message and the error log shows:
2019/04/07 13:50:24 [error] 17708#17708: *1 FastCGI sent in stderr:
"PHP message: PHP Warning: Unknown: failed to open stream: Permission
denied in Unknown on line 0
Unable to open primary script: /var/www/html/upload/index.php
(Permission denied)" while reading response header from upstream,
client: [my IP], server: server.domain.local, request: "GET / HTTP/1.1",
upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock:", host: "server.domain.local"
Already made sure all directories from /var/www/html down have www-data:www-data and +x.
/etc/nginx/sites-available/osticket.conf
server {
listen 80;
server_name server.domain.local;
root /var/www/html/upload/;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
index index.php;
client_max_body_size 2000M;
client_body_buffer_size 100M;
client_header_buffer_size 10M;
large_client_header_buffers 2 10M;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/x-javascript text/xml text/css application/xml;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param PATH_INFO $path_info;
}
}
User portion of /etc/php/7.2/fpm/pool.d/www.conf
; Unix user/group of processes
user = www-data
group = www-data
Well, I jumped straight to configs and other ideas. Forgot to KISS. For whatever reason, the files from the osTicket download came with 755 permissions on the folders, but absolutely no permissions on the files. Did a chmod 755 on everything and now its good.
I would like to cache (fast_cgi) 404 response.
error_page 404 = /url_rewriting.php;
In my url_rewriting.php I generate image with php:
if(strpos($_SERVER['REQUEST_URI'], 'render/framed/file') !== FALSE) {
$urlBlocks = ['VR', 'sizePixels', 'image', 'ver', 'frame', 'borderSize', 'mat', 'matSize', 'maxSize', 'frameGlass', 'minSize'];
foreach($urlBlocks as $oneBlock) {
if($pos = array_search($oneBlock, $urlParts)) {
if(isset($urlParts[($pos+1)]) && $urlParts[($pos+1)] != '') {
$_GET[$oneBlock] = urldecode($urlParts[($pos+1)]);
}
}
}
chdir('include/php/render/framed');
header('Status: 200 OK', false, 200);
require ('include/php/render/framed/render_img.php');
}
By this way, I can have image src URL in the HTML like this :
https://mywebsite.com/include/php/render/framed/file/VR/1/size/300/image/U3dpwK/the-cat.jpg
which jpg file does not exist but is generated by PHP.
But I didn't find any way with Nginx to cache theses php generated images.
I tried this:
set $no_cache 0;
location ~ /render/ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_buffers 8 16k; # increase the buffer size for PHP-FTP
fastcgi_buffer_size 32k; # increase the buffer size for PHP-FTP
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache PROD;
fastcgi_cache_valid any 20d;
fastcgi_cache_valid 404 20d;
fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_hide_header "Set-Cookie";
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
expires 10M;
access_log off;
add_header Cache-Control "public";
add_header X-Cache-Status $upstream_cache_status;
}
It's working for image URL
https://mywebsite.com/include/php/render/framed/img.php?VR=1&size=300&image=U3pmwKi
but not for image URL
https://mywebsite.com/include/php/render/framed/file/VR/1/size/300/image/U3dpwK/the-cat.jpg
Yet I have put fastcgi_cache_valid 404 20d;
So, how to cache scripts going on error_page 404 = /url_rewriting.php;?
EDIT
Here are 2 curl -I output:
Non working URL (For cache)
curl -I "https://mywebsite.com/include/php/render/framed/file/VR/1/sizePixels/300/image/SzDuehqyda%3D/ver//frame/black-e91-2/borderSize/1.70/mat/zkadhtcoz/matSize/10/maxSize/800/minSize/600/freedom.jpg"
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 04 May 2018 14:59:24 GMT
Content-Type: image/jpeg
Connection: keep-alive
Set-Cookie: Mywebsite=vmegg0qk7udtmkmcathd329kkp; expires=Sun, 03-Jun-2018 14:59:24 GMT; Max-Age=2592000; path=/
Cache-Control: private, max-age=31536000, pre-check=31536000
Pragma: private
Last-Modified: Sat, 01 Apr 2000 13:13:45 GMT
Content-transfer-encoding: binary
Expires: Sat, 08 Jun 19 15:59:24 +0100
Strict-Transport-Security: max-age=31536000
Working URL (For cache)
curl -I "https://mywebsite.com/include/php/render/framed/render_img.php?VR=1&sizePixels=360&image=SzDuehqyda%3D&ver=&frame=black-e91-2&borderSize=1.70&mat=zkadhtcoz&matSize=10&maxSize=800&minSize=600"
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 04 May 2018 14:59:59 GMT
Content-Type: image/jpeg
Connection: keep-alive
Cache-Control: max-age=25920000
Pragma: private
Last-Modified: Sat, 01 Apr 2000 13:13:45 GMT
Content-transfer-encoding: binary
Expires: Thu, 28 Feb 2019 14:59:59 GMT
Cache-Control: public
X-Cache-Status: HIT
EDIT2
Output of nginx -t
root#mywebsite-london-01:/var/www/mywebsite.com/prod# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Adding GeoIP for Matomo
##
geoip_country /var/www/geoip/GeoIP.dat;
geoip_city /var/www/geoip/GeoLiteCity.dat;
# Max File upload
client_max_body_size 100m;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
# gzip on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# CACHE (Images rendering)
fastcgi_cache_path /var/www/cache/l7 levels=1:2 keys_zone=L7:1m max_size=100m inactive=20d;
fastcgi_cache_path /var/www/cache/prod levels=1:2 keys_zone=PROD:100m max_size=10000m inactive=30d; # For PROD
add_header X-Cache $upstream_cache_status; #To check what is that for
# SSL
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name mywebsite.com www.mywebsite.com l7.mywebsite.com cdn.mywebsite.com dev.mywebsite.com;
set $rootfolder "prod";
set $ask_auth "Restricted Area";
if ($host ~ "l7.mywebsite.com") {
set $rootfolder "l7";
set $ask_auth off;
}
root /var/www/mywebsite.com/$rootfolder;
access_log /var/log/nginx/mywebsite.com-access.log compression buffer=32k;
error_log /var/log/nginx/mywebsite.com-error.log;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
error_page 404 = /url_rewriting.php;
set $no_cache 1;
if ($request_uri ~* "render_img.php") {
set $no_cache 0;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
#auth_basic $ask_auth;
#auth_basic_user_file .htpasswd;
}
set $no_cache 0;
#location ~ render_img.php {
location ~ /render\/framed/ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_buffers 8 16k; # increase the buffer size for PHP-FTP
fastcgi_buffer_size 32k; # increase the buffer size for PHP-FTP
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache PROD;
fastcgi_cache_valid any 20d;
fastcgi_cache_valid 404 1d;
#fastcgi_cache_valid any 20d;
#fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503 http_404;
fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_hide_header "Set-Cookie";
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
expires 10M;
access_log off;
add_header Cache-Control "public";
add_header X-Cache-Status $upstream_cache_status;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_buffers 8 16k; # increase the buffer size for PHP-FTP
fastcgi_buffer_size 32k; # increase the buffer size for PHP-FTP
fastcgi_param GEOIP_ADDR $remote_addr;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_REGION_NAME $geoip_region_name;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_AREA_CODE $geoip_area_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
if ($rootfolder = "l7") {
access_log /var/log/nginx/mywebsite_l7.com-access.log;
}
}
location ~ /\.ht {
deny all;
}
}
server {
if ($host = dev.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cdn.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = l7.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mywebsite.com www.mywebsite.com l7.mywebsite.com cdn.mywebsite.com dev.mywebsite.com;
return 404; # managed by Certbot
}
# configuration file /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
# configuration file /etc/nginx/fastcgi.conf:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
SOLUTION
As said by Tarun Lalwani, the block priority and order matters. But also, when you want to cache 404 response, you have to check it on the filename of error_page:
location ~ (render_img.php|^/url_rewriting.php$) {
fastcgi_cache...stuffs to cache...
}
We cannot check location ^~ /render/framed/ { as it's a 404 response which corresponds to /url_rewriting.php.
Your issue is that you need to give priority to your block of .php and not /render/framed/ when a .php is called in that location. It is still caught by the .php block
So you need to use below for your location block. You need to use
location ^~ /render/framed/ {
...
}
For understanding the same in details refer to
Nginx location priority
I'm using Laravel (5.4) Forge for a web app that uploads Vimeo and Youtube videos from S3. In the past, before moving to Forge, this script worked correctly, and also still works correctly with smaller files today.
Now that I'm trying to upload larger files (~1gb), Im receiving a 502 Bad Gateway after just over 1 minute for the php upload script. The rest of the application runs fine.
Specifically, here is the error:
2017/04/24 20:36:48 [error] 2111#2111: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: X.X.X.X.X, server: myserver.com, request: "POST /recordings/vimeo/upload HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.1-fpm.sock:", host: "myserver.com", referrer: "http://myserver.com/recordings"
I have tried:
adding / editing fastcgi directives in the nginx config
upping output_buffering in php
adding the proxy_ and client_max_body items below
Here's my NGINX config:
include forge-conf/myserver.com/before/*;
server {
listen 80;
listen [::]:80;
server_name .myserver.com;
root /home/forge/myserver.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'hidden for SO';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
include forge-conf/myserver.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/myserver.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 3600;
fastcgi_buffers 8 512k;
fastcgi_buffer_size 512k;
include fastcgi_params;
client_max_body_size 128M;
proxy_buffer_size 256k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
}
location ~ /\.ht {
deny all;
}
}
include forge-conf/myserver.com/after/*;
What am I missing? I can't seem to figure this out at all. Thank you in advance for the help.
"request_terminate_timeout" turned out to be the issue:
https://laracasts.com/discuss/channels/forge/502-bad-gateway-with-large-file-uploads
I had the same 502 problem and after some debugging discovered that I was hitting a limit inside nginx, not a problem in PHP.
Added the following to my site conf and things seem to be working now:
server{
fastcgi_temp_file_write_size 10m;
fastcgi_busy_buffers_size 512k;
fastcgi_buffer_size 512k;
fastcgi_buffers 16 512k;
#...our rest of config
}
typically you can find nginx config file inside
/etc/nginx/sites-available/default or
/etc/nginx/sites-available/your_domain.com
I'm getting 502 erros when I try to place an order in Magento, I also tried to disable Downloadable products and RSS feeds.
I receive the orde confirmation email, the stock is update and at the admin panel I can see the order correctly but I don't get the success message at checkout/onepage/success/ instead I get an 502 error caused by a timeout.
The only error message that I'm getting is os nginx log:
2013/12/21 18:49:47 [error] 18449#0: *191 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 177.103.69.141, server: dev.canalagricola.com.br, request: "GET /checkout/onepage/success/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dev.canalagricola.com.br", referrer: "http://dev.canalagricola.com.br/checkout/onepage/"
I'm using Amazon Linux (64 bits) on a small instance (PHP5.5, PHPFPM-5.5, Nginx 1.4.3, Mysql 5.5, Magento 1.8.1)
magento.conf (nginx)
server {
listen 80;
server_name dev.canalagricola.com.br;
access_log off;
root /var/www/canalagricola;
index index.php;
gzip on;
gzip_min_length 10240;
gzip_comp_level 9;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/xml+rss;
gzip_disable "MSIE [1-6]\.";
sendfile on;
tcp_nodelay on;
tcp_nopush on;
keepalive_timeout 30;
keepalive_requests 100000;
reset_timedout_connection on;
client_body_timeout 10;
send_timeout 2;
location / {
try_files $uri $uri/ #handler;
expires 30d;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
log_not_found off;
expires 1y;
}
location ^~ /(app|includes|lib|media/downloadable|pkginfo|report/config.xml|var)/ { internal; }
location /var/export/ { internal; }
location /. { return 404; }
location #handler { rewrite / /index.php; }
location ~* .php/ { rewrite ^(.*.php)/ $1 last; }
location ~* .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
fastcgi_read_timeout 300;
include fastcgi_params;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
location /lib/minify/ {
allow all;
}
}
www.conf (php-fpm)
[www]
listen = /var/run/php-fpm/php-fpm.sock
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
listen.mode = 0664
user = nginx
group = nginx
pm = dynamic
pm.max_children = 4
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 200
request_terminate_timeout = 300s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
php_admin_value[memory_limit] = 1024M
php_admin_value[max_execution_time] = 300000
php_admin_value[error_log] = /var/log/php-fpm/5.5/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/5.5/session
apc needs to be disabled few hours, then you can plug it in. and read logs again.
there is eaccelerator as well, works sometimes even better.
disable full page cache and apc and run
ab -c 1 -n 1 http://www.campsaver.com/
then restart with apc
see speed, read logs and enable full page cache if good.
Okay,
The above nginx error indicate that issue is related to the fastcgi(php-fpm).
After enabling the "catch_workers_output" on /etc/php5/fpm/pool.d/www.conf Got the relevant error on php5-fpm.log. Now understand that issue is related to AMQP module.
[21-Aug-2013 23:32:57] WARNING: [pool www] child 16091 said into stderr: "php-fpm: pool www: symbol lookup error: /usr/lib/php5/20090626/amqp.so: undefined symbol: amqp_open_socket"
Issue has been fixed afterrecompiled and install amqp module
I notice you are using PHP 5.5
According to the requirements the recommended PHP version to use is 5.2.13 - 5.3.24
http://magento.com/resources/system-requirements
Install the recommended PHP version to see if you have any issue.
Restart your PHP-FPM:
/etc/init.d/php55-php-fpm restart
If this issue persists, you can increase buffer and timeouts inside HTTP block:
http {
...
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
...
}