We Keep Coding

nginx strip "Set-Cookie" in frontend config on static files like jpg - php

I have a few questions about how do I configure it.
First question:
How do I strip the "Set-Cookie" header from all static files like css and jpg? I know i can setup a reverse proxy and use "proxy_hide_header Set-Cookie", but seems like foolish to make yet another host, just to reverse to your self and add a few hundred msec to the request.
Second question:
I'm trying to make an alias to hide a folder in the lookup to the subfolder, the structure is:
/var/www/domain.tld/media/ads
/var/www/domain.tld/media/galleries
/var/www/domain.tld/media/misc
/var/www/domain.tld/media/thumbs
making the url like this /media/thumbs/5 subfolders/image-file
how do i change that into /thumbs/5 subfolders/image-file
I have tried with both alias and root but both returns a 404
Third question:
[error] 9178#9178: *13452 upstream timed out (110: Connection timed out) while reading response header from upstream, client: upstream: "fastcgi://unix:/var/run/php-fpm.sock", host:
have a lot of those, any suggestions?
nginx.conf
#user nginx;
user apache;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
aio threads;
sendfile on;
sendfile_max_chunk 1m;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 15;
client_max_body_size 4G;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;
index index.php index.html index.htm;
## Nginx’s Open file cache https://easyengine.io/tutorials/nginx/open-file-cache/
open_file_cache max=5000 inactive=5m; ##If you have way too many files, change max from 5000 to more appropriate value.
open_file_cache_valid 20m; ## Tell nginx to check if information it is holding is valid every n minutes.
open_file_cache_min_uses 1; ## If files don’t change much often, or accesses less frequently, you can change inactive duration from 20m to something else.
## Inactive andopen_file_cache_min_uses works together.
## This sample tells nginx to cache a file information as long as minimum 2 requests are made during 5m window.
open_file_cache_errors on; ## Tell nginx to cache errors like 404 (file not found). If you are using nginx as load-balancer, leave this off.
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/atom+xml
application/rdf+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options nosniff; #MIME-type sniffing
include /etc/nginx/conf.d/*.conf;
}
domain.tld.conf
server {
listen ip:80;
listen [ipv6]:80;
server_name domain.tld www.domain.tld;
index index.php =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
root /var/www/domain.tld;
expires max;
add_header Pragma "public";
#include /etc/nginx/conf.d/mechbunny.inc;
set $site_root $document_root;
charset utf-8;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log error;
location / {
if ($arg_max) { expires max; }
rewrite ^/page([0-9]+).html$ /index.php?controller=index&page=$1;
rewrite ^/galleries/(.*)-([0-9]+).html$ /index.php?controller=gallery&id=$2;
rewrite ^/video/(.*)-([0-9]+).html$ /index.php?controller=video&id=$2;
rewrite ^/signup$ /index.php?controller=signup;
rewrite ^/upload$ /index.php?controller=upload;
rewrite ^/upload_photo$ /index.php?controller=upload&option=photo;
rewrite ^/login$ /index.php?controller=login;
rewrite ^/logout$ /index.php?controller=logout;
rewrite ^/contact$ /index.php?controller=contact;
rewrite ^/forgot-pass$ /index.php?controller=forgot_pass;
rewrite ^/my-profile$ /index.php?controller=my_profile;
rewrite ^/my-friends$ /index.php?controller=my_friends;
rewrite ^/my-friends/$ /index.php?controller=friends;
rewrite ^/my-friends/page([0-9]+).html$ /index.php?controller=friends&page=$1;
rewrite ^/edit-profile$ /index.php?controller=edit_profile;
rewrite ^/edit-content/(.*)$ /index.php?controller=editContent&id=$1;
rewrite ^/static/(.*)$ /index.php?controller=displayStatic&id=$1;
rewrite ^/load/(.*)$ /index.php?controller=loadLayout&id=$1;
rewrite ^/filter/(.*)$ /index.php?controller=setFilter&id=$1;
rewrite ^/embed/([0-9]+)$ /index.php?controller=embed&id=$1;
rewrite ^/dmca$ /index.php?controller=dmca;
rewrite ^/tos$ /index.php?controller=tos;
rewrite ^/crss/([0-9]+)$ /index.php?controller=crss&id=$1;
rewrite ^/rss$ /index.php?controller=rss;
rewrite ^/a/(.*)$ /index.php?controller=link&slug=$1;
rewrite ^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/$ /index.php?controller=index&mode=$1;
rewrite ^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/page([0-9]+).html$ /index.php?controller=index&mode=$1&page=$2;
rewrite ^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/(day|week|month)/$ /index.php?controller=index&mode=$1&dateRange=$2;
rewrite ^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/(day|week|month)/page([0-9]+).html$ /index.php?controller=index&mode=$1&dateRange=$2&page=3;
rewrite ^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/page([0-9]+).html$ /index.php?controller=index&mode=$1&page=$2;
rewrite ^/uploads-by-user/([0-9]+)/$ /index.php?controller=index&mode=uploads-by-user&user=$1;
rewrite ^/uploads-by-user/([0-9]+)/page([0-9]+).html$ /index.php?controller=index&mode=uploads-by-user&user=$1&page=$2;
rewrite ^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/$ /index.php?controller=index&mode=search&type=$1&q=$2&page=1;
rewrite ^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/page([0-9]+).html$ /index.php?controller=index&mode=search&type=$1&q=$2&page=$3;
rewrite ^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$ /index.php?controller=index&mode=search&type=$1&q=$2&page=1&sortby=$3;
rewrite ^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page([0-9]+).html$ /index.php?controller=index&mode=search&type=$1&q=$2&page=$4&sortby=$3;
rewrite ^/search/([A-Za-z0-9-\s]+)/$ /index.php?controller=index&mode=search&q=$1&page=1;
rewrite ^/search/([A-Za-z0-9-\s]+)/page([0-9]+).html$ /index.php?controller=index&mode=search&q=$1&page=$2;
rewrite ^/search/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$ /index.php?controller=index&mode=search&q=$1&page=1&sortby=$2;
rewrite ^/search/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page([0-9]+).html$ /index.php?controller=index&mode=search&q=$1&page=$3&sortby=$2;
rewrite ^/channels/$ /index.php?controller=channels;
rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/$ /index.php?controller=index&mode=channel&channel=$1;
rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/page(.*).html$ /index.php?mode=channel&channel=$1&page=$3;
rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$ /index.php?controller=index&mode=channel&channel=$1&sortby=$3;
rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page(.*).html$ /index.php?mode=channel&channel=$1&sortby=$2&page=$4;
rewrite ^/models/$ /index.php?controller=pornstars;
rewrite ^/models/page([0-9]+).html$ /index.php?controller=pornstars&page=$1;
rewrite ^/models/([A-Za-z0-9-\s]+)/$ /index.php?controller=pornstars&letter=$1&page=1;
rewrite ^/models/([A-Za-z0-9-\s]+)/page([0-9]+).html$ /index.php?controller=pornstars&letter=$1&page=$2;
rewrite ^/models/(.*)-(.*).html$ /index.php?controller=pornstar_bio&id=$2;
rewrite ^/stars/$ /index.php?controller=pornstars;
rewrite ^/stars/page([0-9]+).html$ /index.php?controller=pornstars&page=$1;
rewrite ^/stars/([A-Za-z0-9-\s]+)/$ /index.php?controller=pornstars&letter=$1&page=1;
rewrite ^/stars/([A-Za-z0-9-\s]+)/page([0-9]+).html$ /index.php?controller=pornstars&letter=$1&page=$2;
rewrite ^/stars/(.*)-(.*).html$ /index.php?controller=pornstar_bio&id=$2;
rewrite ^/mailbox/$ /mailbox.php;
rewrite ^/mailbox/([0-9]+)$ /mailbox.php?mode=inbox&page=$1;
rewrite ^/mailbox/inbox/(.*)$ /mailbox.php?mode=inbox&page=$1;
rewrite ^/mailbox/outbox/(.*)$ /mailbox.php?mode=outbox&page=$1;
rewrite ^/mailbox/read/([0-9]+)$ /mailbox.php?mode=read&mid=$1;
rewrite ^/mailbox/read/([0-9]+)/delete/$ /mailbox.php?mode=read&mid=$1&delete=true;
rewrite ^/mailbox/read/([0-9]+)/spam/$ /mailbox.php?mode=read&mid=$1&spam=true;
rewrite ^/mailbox/compose/(.*)/reply/$ /mailbox.php?mode=compose&mid=$1&reply=true;
rewrite ^/mailbox/inbox/$ /mailbox.php?mode=inbox;
rewrite ^/mailbox/outbox/$ /mailbox.php?mode=outbox;
rewrite ^/mailbox/compose/$ /mailbox.php?mode=compose;
rewrite ^/user/(.*)-(.*)/$ /index.php?controller=user_profile&id=$2;
rewrite ^/members/$ /index.php?controller=members;
rewrite ^/members/page([0-9]+).html$ /index.php?controller=members&page=$1;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
}
location /thumbs/ {
alias /var/www/domain.tld/media/thumbs/;
}
location /admin/ {
#index index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
access_log off;
log_not_found off;
}
location ~ \.mp4$ {
limit_rate_after 5m;
limit_rate 832k;
mp4;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
gzip off;
sendfile on;
aio on;
}
location ~ \.flv$ {
flv;
aio on;
limit_rate_after 10m;
limit_rate 812k;
sendfile on;
}
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
log_not_found off;
aio on;
sendfile on;
expires max;
add_header Pragma 'public';
add_header X-Frame-Options SAMEORIGIN;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri $uri/ index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
UPDATE ****
Here is a head fron one image
http://myvid.top/media/thumbs/5/6/f/b/7/56fb7cba222923.18247994.webm/56fb7cba222923.18247994.webm-1.jpg
GET /media/thumbs/5/6/f/b/7/56fb7cba222923.18247994.webm/56fb7cba222923.18247994.webm-1.jpg HTTP/1.1
Host: myvid.top
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: da,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://myvid.top/
Cookie: _ga=GA1.2.1355160255.1459328438; __utma=119888788.1355160255.1459328438.1459770326.1459782541.4; __utmz=119888788.1459782541.4.2.utmcsr=reck.dk|utmccn=(referral)|utmcmd=referral|utmcct=/; __cfduid=daaae6531daf0d7dc53e01debcae7fcec1459759671; cookies_accepted=T; PHPSESSID=1jdr3p0r8e6i7kt5rmek0fru51; sidebar=open
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 06 Apr 2016 14:48:37 GMT
Content-Type: image/jpeg
Content-Length: 12416
Connection: keep-alive
Last-Modified: Fri, 01 Apr 2016 19:49:49 GMT
Etag: "56fed0dd-3080"
Expires: Sat, 04 Apr 2026 14:48:37 GMT
Cache-Control: public, max-age=315360000
Pragma: public, must-revalidate, proxy-revalidate
X-Frame-Options: SAMEORIGIN
cf-cache-status: EXPIRED
Vary: Accept-Encoding
Accept-Ranges: bytes
Server: cloudflare-nginx
cf-ray: 28f60ab170193cef-CPH
and with
curl -LI http://myvid.top/media/thumbs/5/6/f/b/7/56fb7cba222923.18247994.webm/56fb7cba222923.18247994.webm-1.jpg
HTTP/1.1 200 OK
Date: Wed, 06 Apr 2016 14:53:35 GMT
Content-Type: image/jpeg
Content-Length: 12416
Connection: keep-alive
Set-Cookie: __cfduid=df383ea768b557dd9c4ddc40033b6bbf71459954415; expires=Thu, 06-Apr-17 14:53:35 GMT; path=/; domain=.myvid.top; HttpOnly
Last-Modified: Fri, 01 Apr 2016 19:49:49 GMT
ETag: "56fed0dd-3080"
Expires: Sat, 04 Apr 2026 14:53:35 GMT
Cache-Control: public, max-age=315360000
Pragma: public, must-revalidate, proxy-revalidate
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 28f611f6fae5105b-CDG

Related

In /etc/php/7.1/fpm/pool.d/www.conf I have set pm.status_path = /status. And in Nginx I have the following site configuration /etc/nginx/sites-enabled/datadog
server {
listen 80;
server_name localhost;
location ~ ^/(status|ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
}
I have tested that the status page is correctly setup using
SCRIPT_NAME=/status \
SCRIPT_FILENAME=/status \
REQUEST_METHOD=GET \
cgi-fcgi -bind -connect /run/php/php7.1-fpm.sock
Which returns
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-type: text/plain;charset=UTF-8
pool: www
process manager: dynamic
start time: 13/Nov/2017:22:05:44 +0000
start since: 5030
accepted conn: 1789
listen queue: 0
max listen queue: 0
listen queue len: 0
idle processes: 2
active processes: 1
total processes: 3
max active processes: 4
max children reached: 0
slow requests: 0
However, if I try to access the Nginx site using curl http://localhost/status I get the following error.
2017/11/13 23:32:57 [error] 885#885: *35 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /status HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.1-fpm.sock:", host: "localhost"

You are referencing $document_root but there is no root directive in your server block

Basically im trying to set-up and alias for nginx.
Currently I have my localhost server set to: /usr/share/nginx/html and it works fine.
I try to add an internal domain translation: misemestrei.dom to /home/frhec/folder but I get Error 403.
I already tried to change the user ownership to 'http' and also set user permisions to 755 but I still get the same error.
Mi nginx.conf is:
user http;
worker_processes auto;
worker_cpu_affinity auto;
pcre_jit on;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
aio threads;
server_tokens off;
charset utf-8;
keepalive_timeout 65;
#Omited localhost server configuration, it's similar#
server {
listen 80;
server_name misemestrei.dom;
client_max_body_size 25M;
location / {
root /home/frhec/folder;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /home/frhec/folder;
}
location ~ \.(php|html|htm)$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
root /home/frhec/folder;
fastcgi_index index.php;
include fastcgi.conf;
}
include sites-enabled/*;
}
}
My /etc/hosts looks like:
#
# /etc/hosts: static lookup table for host names
#
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
127.0.0.1 misemestrei.dom misemestrei.dom
::1 localhost.localdomain localhost
# End of file
And the folder looks like:
drwxr-xr-x 4 http http 4096 Aug 12 21:02 .
drwxr-xr-x 4 http http 4096 Aug 11 15:56 ..
-rwxr-xr-x 1 frhec users 61 Aug 11 15:15 composer.json
-rwxr-xr-x 1 frhec users 2492 Aug 11 15:15 composer.lock
drwxr-xr-x 2 frhec users 4096 Aug 12 21:07 .idea
-rwxr-xr-x 1 http http 0 Aug 12 21:02 index.php
-rwxr-xr-x 1 http http 367 Aug 11 15:21 mongodb01.php
drwxr-xr-x 4 frhec users 4096 Aug 11 15:15 vendor
I'm using Antergos (Arch-Linux)
Thanks

I found a solution, all folder must have the executable attribute.
So I applied it to the entire route
sudo chmod +x /home
sudo chmod +x /home/frhec
sudo chmod +x /home/frhec/folder

Hi Guys I want my all NON-WWW url request to move permanently and also rewrite to WWW and I have tried to follow existing solutions at these as well
Nginx no-www to www and www to no-www
but still it did not work for me.
e.g. I want example.com or example.com/* to rewrite to www.example.com or www.example.com/*
I am running PHP-FPM with nginx and memcache
below is my config
server {
listen 80;
server_name abc.com;
return 301 http://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
root /srv/www/abc;
index index.php index.html index.htm;
.......
}
Below is my curl response
neel:~ nilesh$ curl -I http://example.com
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Fri, 21 Aug 2015 19:00:54 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.11
X-Drupal-Cache: HIT
Etag: "1440178291-0"
Content-Language: en
X-Generator: Drupal 7 (http://drupal.org)
Link: <http://example.com/>; rel="canonical",<http://example.com/>; rel="shortlink"
Cache-Control: public, max-age=1800
Last-Modified: Fri, 21 Aug 2015 17:31:31 +0000
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Vary: Cookie
Vary: Accept-Encoding

I have finally SOLVED my issue. I checked my nginx.conf and it was pointing to /etc/nginx/sites-enabled and /etc/nginx/conf.d
my nginx.conf->
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
I finally copied my file from sites-available to folder sites-enabled. infact I kept it synced.
below is the code i used under my server tag
server {
listen 80;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
#listen [::]:80 default_server ipv6only=on;
root /srv/www/example;
#rest config goes below
.......
Now all my non-www traffic is 301 permanently moved and rewrite to www with the above code.
I made a curl call to non-www and I got the following correct response.
neel:~ nilesh$ curl -I http://example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 27 Aug 2015 08:39:38 GMT
Content-Type: text/html
Content-Length: 193
Connection: keep-alive
Location: http://www.example.com/

I host some websites on my VPS, some "static" and some dynamic (WordPress). The static websites (static PHP pages) "respect" the headers I set in nginx conf, http section. Example:
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Cache $upstream_cache_status;
Header:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Sep 2014 17:09:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Cache: HIT
Strict-Transport-Security: max-age=31536000; includeSubdomains;
WordPress websites instead don't have these headers I set:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Sep 2014 17:08:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: http://website.com/xmlrpc.php
Link: <http://wp.me/P4zIfv-2>; rel=shortlink
X-UA-Compatible: IE=Edge,chrome=1
The two websites have the same vhost config! Of course liste, server_name, index ecc.. and then the locations:
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_cache website.com;
fastcgi_cache_valid 200 20m;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
Why does this happen with WP?

See: nginx add_header not working
"Second issue was that the location / {} block I had in place was actually sending nginx to the other location ~* (.php)$ block (because it would repath all requests through index.php, and that actually makes nginx process this php block). So, my add_header directives inside the first location directive were useless, and it started working after I put all the directives I needed inside the php location directive."
See also: https://gist.github.com/adityamenon/6753574
So put them INSIDE your location block

I have been searching around for CORS request conf in nginx and arrived at this configuration:
server {
listen 80;
server_name apibackend;
root /mnt/www/apibackend/public;
access_log /var/log/nginx/apibackend.access.log;
error_log /var/log/nginx/apibackend.error.log;
# serve static files directly
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
}
location /{
index index.html index.htm index.php; #try static .html file first
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# catch all
error_page 404 /index.php;
location ~ \.php$ {
add_header 'Access-Control-Allow-Origin' "*";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Access-Control-Allow-Methods' 'GET, POST, UPDATE, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain charset=UTF-8';
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
When I access it directly from my browser, everything is fine, the headers I added are here:
HTTP/1.1 200 OK
Server: nginx/1.4.0
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6
Set-Cookie: laravel_session=7o4v2fiu460q9p9h2hfo9lpnv6; expires=Mon, 27-May-2013 17:03:02 GMT; path=/
Cache-Control: no-cache
Date: Mon, 27 May 2013 15:03:02 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Access-Control-Allow-Methods: GET, POST, UPDATE, DELETE, OPTIONS
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
Content-Length: 0
Content-Type: text/plain charset=UTF-8
Access-Control-Allow-Headers: Authorization
Content-Encoding: gzip
But, when I access it from my app, which is on another domain (angularJS app), the headers don't appear!
Connection:keep-alive
Content-Type:text/html
Date:Mon, 27 May 2013 15:03:12 GMT
Server:nginx/1.4.0
Set-Cookie:laravel_session=k9bastale5kuo0afndbp261025; expires=Mon, 27-May-2013 17:03:12 GMT; path=/; HttpOnly
Transfer-Encoding:chunked
X-Powered-By:PHP/5.3.10-1ubuntu3.6
And then, I have an error :
OPTIONS apibackend 500 (Internal Server Error) angular.min.js:99
OPTIONS apibackend Origin angularapp is not allowed by Access-Control-Allow-Origin. angular.min.js:99
XMLHttpRequest cannot load apibackend. Origin angularapp is not allowed by Access-Control-Allow-Origin.
I have been trying all around, but no clue left.
Thanks for your help!

First of all, Nginx's traditional add_header directive doesn't work with 4xx responses. As we still want to add custom headers to them, we need to install the ngx_headers_more module to be able to use the more_set_headers directive, which also works with 4xx responses.
While the documentation suggests to build the Nginx source with the module, if you are on a Debian distro you can actually easily install it with the nginx-extras package:
sudo apt-get install nginx-extras
Example, with the CORS handling:
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';
location / {
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';
more_set_headers 'Content-Type: text/plain; charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
try_files $uri $uri/ /index.php?$query_string;
}