I would like to cache (fast_cgi) 404 response.
error_page 404 = /url_rewriting.php;
In my url_rewriting.php I generate image with php:
if(strpos($_SERVER['REQUEST_URI'], 'render/framed/file') !== FALSE) {
$urlBlocks = ['VR', 'sizePixels', 'image', 'ver', 'frame', 'borderSize', 'mat', 'matSize', 'maxSize', 'frameGlass', 'minSize'];
foreach($urlBlocks as $oneBlock) {
if($pos = array_search($oneBlock, $urlParts)) {
if(isset($urlParts[($pos+1)]) && $urlParts[($pos+1)] != '') {
$_GET[$oneBlock] = urldecode($urlParts[($pos+1)]);
}
}
}
chdir('include/php/render/framed');
header('Status: 200 OK', false, 200);
require ('include/php/render/framed/render_img.php');
}
By this way, I can have image src URL in the HTML like this :
https://mywebsite.com/include/php/render/framed/file/VR/1/size/300/image/U3dpwK/the-cat.jpg
which jpg file does not exist but is generated by PHP.
But I didn't find any way with Nginx to cache theses php generated images.
I tried this:
set $no_cache 0;
location ~ /render/ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_buffers 8 16k; # increase the buffer size for PHP-FTP
fastcgi_buffer_size 32k; # increase the buffer size for PHP-FTP
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache PROD;
fastcgi_cache_valid any 20d;
fastcgi_cache_valid 404 20d;
fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_hide_header "Set-Cookie";
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
expires 10M;
access_log off;
add_header Cache-Control "public";
add_header X-Cache-Status $upstream_cache_status;
}
It's working for image URL
https://mywebsite.com/include/php/render/framed/img.php?VR=1&size=300&image=U3pmwKi
but not for image URL
https://mywebsite.com/include/php/render/framed/file/VR/1/size/300/image/U3dpwK/the-cat.jpg
Yet I have put fastcgi_cache_valid 404 20d;
So, how to cache scripts going on error_page 404 = /url_rewriting.php;?
EDIT
Here are 2 curl -I output:
Non working URL (For cache)
curl -I "https://mywebsite.com/include/php/render/framed/file/VR/1/sizePixels/300/image/SzDuehqyda%3D/ver//frame/black-e91-2/borderSize/1.70/mat/zkadhtcoz/matSize/10/maxSize/800/minSize/600/freedom.jpg"
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 04 May 2018 14:59:24 GMT
Content-Type: image/jpeg
Connection: keep-alive
Set-Cookie: Mywebsite=vmegg0qk7udtmkmcathd329kkp; expires=Sun, 03-Jun-2018 14:59:24 GMT; Max-Age=2592000; path=/
Cache-Control: private, max-age=31536000, pre-check=31536000
Pragma: private
Last-Modified: Sat, 01 Apr 2000 13:13:45 GMT
Content-transfer-encoding: binary
Expires: Sat, 08 Jun 19 15:59:24 +0100
Strict-Transport-Security: max-age=31536000
Working URL (For cache)
curl -I "https://mywebsite.com/include/php/render/framed/render_img.php?VR=1&sizePixels=360&image=SzDuehqyda%3D&ver=&frame=black-e91-2&borderSize=1.70&mat=zkadhtcoz&matSize=10&maxSize=800&minSize=600"
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 04 May 2018 14:59:59 GMT
Content-Type: image/jpeg
Connection: keep-alive
Cache-Control: max-age=25920000
Pragma: private
Last-Modified: Sat, 01 Apr 2000 13:13:45 GMT
Content-transfer-encoding: binary
Expires: Thu, 28 Feb 2019 14:59:59 GMT
Cache-Control: public
X-Cache-Status: HIT
EDIT2
Output of nginx -t
root#mywebsite-london-01:/var/www/mywebsite.com/prod# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Adding GeoIP for Matomo
##
geoip_country /var/www/geoip/GeoIP.dat;
geoip_city /var/www/geoip/GeoLiteCity.dat;
# Max File upload
client_max_body_size 100m;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
# gzip on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# CACHE (Images rendering)
fastcgi_cache_path /var/www/cache/l7 levels=1:2 keys_zone=L7:1m max_size=100m inactive=20d;
fastcgi_cache_path /var/www/cache/prod levels=1:2 keys_zone=PROD:100m max_size=10000m inactive=30d; # For PROD
add_header X-Cache $upstream_cache_status; #To check what is that for
# SSL
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
ssl_dhparam /etc/nginx/cert/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name mywebsite.com www.mywebsite.com l7.mywebsite.com cdn.mywebsite.com dev.mywebsite.com;
set $rootfolder "prod";
set $ask_auth "Restricted Area";
if ($host ~ "l7.mywebsite.com") {
set $rootfolder "l7";
set $ask_auth off;
}
root /var/www/mywebsite.com/$rootfolder;
access_log /var/log/nginx/mywebsite.com-access.log compression buffer=32k;
error_log /var/log/nginx/mywebsite.com-error.log;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
error_page 404 = /url_rewriting.php;
set $no_cache 1;
if ($request_uri ~* "render_img.php") {
set $no_cache 0;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
#auth_basic $ask_auth;
#auth_basic_user_file .htpasswd;
}
set $no_cache 0;
#location ~ render_img.php {
location ~ /render\/framed/ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_buffers 8 16k; # increase the buffer size for PHP-FTP
fastcgi_buffer_size 32k; # increase the buffer size for PHP-FTP
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache PROD;
fastcgi_cache_valid any 20d;
fastcgi_cache_valid 404 1d;
#fastcgi_cache_valid any 20d;
#fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503 http_404;
fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_hide_header "Set-Cookie";
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
expires 10M;
access_log off;
add_header Cache-Control "public";
add_header X-Cache-Status $upstream_cache_status;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_buffers 8 16k; # increase the buffer size for PHP-FTP
fastcgi_buffer_size 32k; # increase the buffer size for PHP-FTP
fastcgi_param GEOIP_ADDR $remote_addr;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_REGION_NAME $geoip_region_name;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_AREA_CODE $geoip_area_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
if ($rootfolder = "l7") {
access_log /var/log/nginx/mywebsite_l7.com-access.log;
}
}
location ~ /\.ht {
deny all;
}
}
server {
if ($host = dev.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cdn.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = l7.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name mywebsite.com www.mywebsite.com l7.mywebsite.com cdn.mywebsite.com dev.mywebsite.com;
return 404; # managed by Certbot
}
# configuration file /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
# configuration file /etc/nginx/fastcgi.conf:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
SOLUTION
As said by Tarun Lalwani, the block priority and order matters. But also, when you want to cache 404 response, you have to check it on the filename of error_page:
location ~ (render_img.php|^/url_rewriting.php$) {
fastcgi_cache...stuffs to cache...
}
We cannot check location ^~ /render/framed/ { as it's a 404 response which corresponds to /url_rewriting.php.
Your issue is that you need to give priority to your block of .php and not /render/framed/ when a .php is called in that location. It is still caught by the .php block
So you need to use below for your location block. You need to use
location ^~ /render/framed/ {
...
}
For understanding the same in details refer to
Nginx location priority
Related
In my new Amazon linix machine after configured ,I can't get Nginx working with the API as it is supposed to. The current error is that 'curl localhost/api' returns a 502.
[root#ip-ec2-user]# curl localhost:8872/api
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.20.0</center>
</body>
</html>
Nginx Logs
sudo tail -f /var/log/nginx/access.log /var/log/nginx/error.log
==> /var/log/nginx/access.log <==
==> /var/log/nginx/error.log <==
2022/05/24 08:14:50 [emerg] 10638#10638: bind() to 0.0.0.0:8872 failed (98: Address already in use)
2022/05/24 08:14:50 [emerg] 10638#10638: bind() to 0.0.0.0:80 failed (98: Address already in use)
2022/05/24 08:14:50 [emerg] 10638#10638: bind() to 0.0.0.0:81 failed (98: Address already in use)
2022/05/24 08:14:50 [emerg] 10638#10638: bind() to [::]:80 failed (98: Address already in use)
Nginx .conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/global.conf:
server {
listen 8872;
root /var/www/mysite.com-api/public;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/(index|captcha)\.php(/|$) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 512k;
fastcgi_read_timeout 240;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $document_root;
}
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/mysite.com-error.log;
access_log /var/log/nginx/mysite.com-access.log;
}
server {
listen 80;
root /var/www/mysite.com-ui;
location /api {
proxy_pass http://localhost:8872;
}
location /admin {
rewrite ^/admin/(.+)$ /$1 break;
proxy_pass http://localhost:81;
proxy_redirect off;
}
location / {
try_files $uri /index.html;
}
error_log /var/log/nginx/mysite.com-ui-error.log;
access_log /var/log/nginx/mysite.com-ui-access.log;
}
server {
listen 81;
root /var/www/mysite.com-admin-ui;
location / {
try_files $uri $uri/ /index.html;
}
error_log /var/log/nginx/mysite.com-admin-ui-error.log;
access_log /var/log/nginx/mysite.com-admin-ui-access.log;
}
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# configuration file /etc/nginx/conf.d/php-fpm.conf:
# PHP-FPM FastCGI server
# network or unix domain socket configuration
upstream php-fpm {
server unix:/run/php-fpm/www.sock;
}
sudo netstat -plant | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7450/nginx: master
tcp6 0 0 :::80 :::* LISTEN 7450/nginx: master
sudo ps aux | grep 'php'
root 2854 0.0 0.2 252816 5428 ? Ss May24 0:02 php-fpm: master process (/etc/php-fpm.conf)
apache 2855 0.0 0.2 252816 5132 ? S May24 0:00 php-fpm: pool www
apache 2856 0.0 0.2 252816 5132 ? S May24 0:00 php-fpm: pool www
apache 2857 0.0 0.2 252816 5132 ? S May24 0:00 php-fpm: pool www
apache 2858 0.0 0.2 252816 5132 ? S May24 0:00 php-fpm: pool www
apache 2859 0.0 0.2 252816 5132 ? S May24 0:00 php-fpm: pool www
root 7500 0.0 0.0 119420 956 pts/0 S+ 07:26 0:00 grep --color=auto php
sudo systemctl status systemd-journald
● systemd-journald.service - Journal Service
Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static; vendor preset: disabled)
Active: active (running) since Tue 2022-05-24 16:26:16 UTC; 21h ago
Docs: man:systemd-journald.service(8)
man:journald.conf(5)
Main PID: 1148 (systemd-journal)
Status: "Processing requests..."
CGroup: /system.slice/systemd-journald.service
└─1148 /usr/lib/systemd/systemd-journald
May 24 16:26:16 ip-.ec2.internal systemd-journal[1148]: Runtime journal is using 8.0M (max allowed 97.7M, trying to leave 146.5M free of 961.0M availabl…it 97.7M).
May 24 16:26:16 ip-.ec2.internal systemd-journal[1148]: Journal started
May 24 16:26:16 ip-.ec2.internal systemd-journal[1148]: Permanent journal is using 32.0M (max allowed 3.9G, trying to leave 4.0G free of 37.6G available…mit 3.9G).
May 24 16:26:16 ip-.ec2.internal systemd-journal[1148]: Time spent on flushing to /var is 120.088ms for 549 entries.
Hint: Some lines were ellipsized, use -l to show in full.
I had change nginx ipv6 lister port and apache state to disable. But nothing works.
Looks like both Nginx and Php-fpm working fine , but I'm not able to figure it out what's wrongs here?
Is there a possibility that there is some problem with the conf.d/global.conf file, its throw 502?
can anyone suggest how to troubleshoot or fix it?
I have two lxc containers. One is the proxy with nginx and this config:
server {
server_name cloud.malte-kiefer.de;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://cloud.lxd;
}
real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;
listen [::]:443 ssl http2 proxy_protocol;
listen 443 ssl http2 proxy_protocol;
ssl_certificate /etc/nginx/ssl/cloud.malte-kiefer.de/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/cloud.malte-kiefer.de/privkey.key;
}
server {
listen 80 proxy_protocol;
listen [::]:80 proxy_protocol;
server_name cloud.malte-kiefer.de;
location / {
return 301 https://cloud.malte-kiefer.de$request_uri;
}
return 404;
}
Then I have the cloud container with nextcloud with this config:
upstream php-handler {
server unix:/var/run/php/php7.3-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
set $base /var/www/html;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name cloud.malte-kiefer.de;
fastcgi_hide_header X-Powered-By;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location = /.well-known/carddav {
return 301 https://cloud.malte-kiefer.de/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://cloud.malte-kiefer.de/remote.php/dav;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
When I try to open the URL I see the installation page from nextcloud. When I enter information and send it reload from page and this in the nextcloud log:
Unknown: POST Content-Length of 213 bytes exceeds the limit of 16
bytes at Unknown#0
This is the nginx log from the nextcloud container
2020/01/13 17:32:20 [error] 416#416: *8 FastCGI sent in stderr: "PHP
message: PHP Warning: Unknown: POST Content-Length of 213 bytes
exceeds the limit of 16 bytes in Unknown on line 0" while reading
response header from upstream, client: 89.204.135.199, server:
cloud.malte-kiefer.de, request: "POST /index.php HTTP/1.0", upstream:
"fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host:
"cloud.malte-kiefer.de"
I check my PHP ini file:
root#cloud:~# grep -R "post_max_size" /etc/php/
/etc/php/7.3/fpm/php.ini:post_max_size = 16GB
/etc/php/7.3/cli/php.ini:post_max_size = 16GB
/etc/php/7.3/phpdbg/php.ini:post_max_size = 8M
root#cloud:~# grep -R "memory_limit" /etc/php/
/etc/php/7.3/fpm/pool.d/www.conf:;php_admin_value[memory_limit] = 32M
/etc/php/7.3/fpm/php.ini:memory_limit = 512M
/etc/php/7.3/cli/php.ini:memory_limit = 512M
/etc/php/7.3/phpdbg/php.ini:memory_limit = 128M
I can't find the issue. Maybe you guys can help me.
Ok, it was a missconfig in the php.ini file.
I totally removed PHP vom the nextcloud container, reinstalled and it works now.
Setting up a site on AWS Lightsail using the Linux/NGINX install from Bitnami.
The root folder (/opt/bitnami/nginx/html) contains index.html as default, everything runs just fine. However, swapping that index file out for index.php returns 403 in chrome and logs the following error...
*42 directory index of "/opt/bitnami/nginx/html/" is forbidden
Index.php is executing just <?php phpinfo(); ?>.
Index.php is accessible in the browser by pointing to its path directly (site.com/index.php)
The contents of my config file nginx.conf are unmodified and as follow...
user daemon daemon;
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
access_log "/opt/bitnami/nginx/logs/access.log";
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
text/xml
text/css
text/javascript
application/json
application/javascript
application/x-javascript
application/ecmascript
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
application/vnd.ms-fontobject
image/svg+xml
image/x-icon
application/atom_xml;
gzip_buffers 16 8k;
add_header X-Frame-Options SAMEORIGIN;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
include "/opt/bitnami/nginx/conf/bitnami/bitnami.conf";
}
the contents of the include "/opt/bitnami/nginx/conf/bitnami/bitnami.conf" are as follows...
# HTTP server
server {
listen 80;
server_name localhost;
include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";
}
the contents of the include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf" are as follows...
location ~ \.php$ {
root html;
fastcgi_read_timeout 300;
fastcgi_pass unix:/opt/bitnami/php/var/run/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
Note: I also tried adding index index.php to the above.
Any ideas as to what might be going on here?
NOTE: Troubleshooting, i tried a stripped alternative to the nginx.config file referenced above, which resolved the 403 error but wouldn't do anything other than download the index.php file when visiting the root...
user daemon daemon;
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
access_log "/opt/bitnami/nginx/logs/access.log";
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.php;
}
}
}
Resolved by updating "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf" as follows...
location / {
root html;
index index.php;
}
location ~ \.php$ {
root html;
fastcgi_read_timeout 300;
fastcgi_pass unix:/opt/bitnami/php/var/run/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
Not my proudest moment, i'll admit.
I'm using Laravel 5.4 and Vue.js on a LEMP Stack 16.04. My site is using a Let's encrypt certificate.
My assets are compiled with Laravel Mix and inserted in my application
<script src="{{mix("/js/manifest.js")}}"></script>
<script src={{mix("/js/vendor.js")}}></script>
<script src="{{ mix('/js/app.js') }}"></script>
Situation
When I go to https://example.com
Refused to execute script from 'https://example.com/js/app.6fb8b055657fe5daae8f.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
The file app.6fb8b055657fe5daae8f.js type is text/html but there is another call whose initiator is app.6fb8b055657fe5daae8f.js and whose type is script. Don't know if this is normal
Questions
Is that normal MIME Type is recognized as text/html whereas it is my app.js file ?
What can I do to make it work ? Is it a issue with nginxor laravel or `SSL Certificate ?
nGinx used (custom compile)
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --add-module=/home/leo/ngx_brotli --sbin-path=/usr/sbin/nginx --add-module=/home/leo/ngx_pagespeed-1.12.34.2-beta --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
example.com.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
#server {
# server_name ~^(.*)\.example\.com$ ;
#root www/laravel/public ;
#}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /var/www/laravel/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name example.com *.example.com www.example.com ;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known {
allow all;
}
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/ja$
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/mime.types
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
............
............
}
Check your code first.
<script src="{{mix("/js/manifest.js")}}"></script>
<script src={{mix("/js/vendor.js")}}></script>
<script src="{{ mix('/js/app.js') }}"></script>
It's even highlighted in your question, now check this one:
<script src="{{ mix('/js/manifest.js') }}"></script>
<script src="{{ mix('/js/vendor.js') }}"></script>
<script src="{{ mix('/js/app.js') }}"></script>
and see if this helps.
I recently rent a vServer and now I am playing around with nginx, fastcgi cache and my wordpress setup. It's running pretty fast right now but in all speed test I came across my js and css files. Is there some kind of minifying implemented in nginx I could use? Also my pictures galleries do have a lot of pictures, is there something else I could use to increase the performance? (all pictures are stripped down to a minimum file size already)
This is my nginx.config:
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
and my host file:
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
server {
listen 80;
root /var/www/blog;
index index.php;
server_name IPADRESS;
location / {
try_files $uri $uri/ /index.php?$args;
#Cache everything by default
set $no_cache 0;
#Don't cache POST requests
if ($request_method = POST)
{
set $no_cache 1;
}
#Don't cache if the URL contains a query string
if ($query_string != "")
{
set $no_cache 1;
}
#Don't cache the following URLs
if ($request_uri ~* "/(administrator/|login.php)")
{
set $no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if ($http_cookie = "PHPSESSID")
{
set $no_cache 1;
}
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)(\?ver=[0-9.]+)?$ {
expires 365d;
}
}
I don't want to install a plugin just for this stuff (keep Wordpress as simple as possible) so I am looking for the best basic setup for wordpress.