I am trying to setup nginx as a caching reverse proxy, however it would appear that every request is been sent to the backend server, and nothing is been cached. i.e. the server logs on the backend show all the same file accesses.
Most of the files are either php with arguments passed on the url or images, all of which are been fetched all the time from the backend and never cached. Everything on this site can be cached.
My conf.d/default.conf
upstream xxxx {
server xxxx.com;
}
#
# The default server
#
server {
listen 80 default_server;
server_name _;
access_log /var/log/nginx/log/access.log main;
error_log /var/log/nginx/log/error.log;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
## send request back to xxxx ##
proxy_pass http://xxxx;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# expires 24h;
# add_header Cache-Control public;
proxy_ignore_headers Cache-Control Expires;
proxy_redirect off;
proxy_buffering off;
proxy_cache one;
proxy_cache_key backend$request_uri;
proxy_cache_valid 200 301 302 1440m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1440m;
proxy_cache_use_stale error timeout invalid_header updating;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and my nginx.conf file
user nginx;
worker_processes 8;
worker_rlimit_nofile 8192;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 64;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_comp_level 9;
gzip_proxied any;
proxy_buffering on;
proxy_cache_path /usr/local/nginx/proxy levels=1:2 keys_zone=one:1024m inactive=7d max_size=700g;
proxy_temp_path /tmp/nginx/proxy;
proxy_buffer_size 4k;
proxy_buffers 100 8k;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
include /etc/nginx/conf.d/*.conf;
}
Can anybody tell me what I've got wrong??
I ran into this problem as well, and I found
proxy_buffering off;
Will cause nginx to bypass cache and not save the file to disk.
Remove that line and then it works.
Your upstream server responses must be settings Cookies, please see
https://stackoverflow.com/a/10995522/482926
Related
Not sure where to start. I'm moving my wordpress/nginx from server 1 to server 2. Config was almost identical except the server 2 which is the new server using the latest PHP(8.2), php-fpm 8.2 and Nginx 1.14.1, Rocky 8. Server 1 was PHP7.4 PHP-fpm 7.4 Nginx and Centos 7. Nginx starts with no issue but then I'm getting hit with this error.
2022/10/01 22:11:04 [error] 154299#0: *6 connect() to
unix:/run/php-fpm/phpfm.sock failed (111: Connection refused) while
connecting to upstream, client: Ip Address, server:
subdomain.myserver.net, request: "GET /myinfo.php HTTP/1.1", upstream:
"fastcgi://unix:/run/php-fpm/phpfm.sock:", host:
"subdomain.myserver.net"
My Config file.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
#subdomain
server {
server_name subdomain.myserver.net;
root /var/www/wp;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass_header Set-Cookie;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/phpfm.sock;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
try_files $uri $uri/ /index.php?$query_string;
}
index index.php;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/subdomain.myserver.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.myserver.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
upstream php-fpm {
server unix:/run/php-fpm/phpfm.sock;
}
server {
if ($host = subdomain.myserver.net) {
return 301 https://$host$request_uri;
}
listen 80;
server_name subdomain.myserver.net;
return 404;
}
}
I changed the domain and IP address for privacy reasons. TBH, I'm not quite sure where to go from there. I think I've tried all the possible solutions I can search on the net and none of them is giving me any hope. Please help?
I want to setup WordPress PHP-fpm in Kubernetes, so I already setup that but there is some problem that currently I am facing with Nginx proxy, so when I am trying to install the woo-commerce plugin then it gives the error of
Installation failed: 504 Gateway Time-out 504 Gateway Time-out nginx padding to disable MSIE and Chrome friendly error page -> < ! - padding to disable MSIE and Chrome friendly error page ->
I don't know what's going wrong on proxy I already set the max value for proxy_read_timeout 100. but then also it will not work. I tried so many proxy time-out values but it didn't work, so here is my Nginx proxy config
wordpress.conf
server {
listen 80;
server_name localhost;
root /var/www/html;
index index.php;
#access_log /var/log/nginx/hakase-access.log;
#error_log /var/log/nginx/hakase-error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache phpcache;
fastcgi_cache_valid 200 301 302 60m;
fastcgi_cache_min_uses 1;
fastcgi_cache_lock on;
add_header X-FastCGI-Cache $upstream_cache_status;
fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=phpcache:100m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
The one working for me
location ~ \.php$ {
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300s;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
}
You must be running the two containers inside the single pod you can debug the logs of ingress and nginx of WordPress to check more details.
you can use this github as reference : https://github.com/harsh4870/Kubernetes-wordpress-php-fpm-nginx
Also, check the blog to understand more : https://medium.com/#harsh.manvar111/kubernetes-wordpress-php-fpm-nginx-73cb4f9aef02
I have a development server that is running Nginx and serving a PHP website.
Below is the working nginx config.
cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
client_max_body_size 100M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
This works perfectly to serve the PHP site; however, I would also like Nginx to run a Node based websockets server.
What changes do I need to make to this Nginx config to receive websockets traffic as well?
I created a new file at:
vi /etc/nginx/sites-enabled/somesite.com
and put this in it:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server localhost:3000;
}
server {
listen 8080;
server_name somesite.com;
access_log /var/log/nginx/websocket.access.log;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
This seems to work.
Picking up and rejuvenating an old dormant project and seeing a persistent Nginx 502 bad gateway on my Apache/Nginx development and as this was originally developed by someone else I'm struggling to find the answer.
Trying to view example.com/test gives the error. Any ideas for what I can check please?
Nginx error.log:
2017/09/07 18:20:31 [error] 11911#0: *311 connect() failed (111: Connection refused) while connecting to upstream, client: xx.my.ip.xx, server: www.example.com, request: "GET /test HTTP/1.1", upstream: "http://127.0.0.1:8000/test", host: "www.example.com"
2017/09/07 18:20:42 [info] 11911#0: *312 client closed connection while SSL handshaking, client: xx.my.ip.xx, server: 0.0.0.0:443
Nginx config:
user nobody;
# no need for more workers in the proxy mode
worker_processes 4;
error_log /var/log/nginx/error.log info;
worker_rlimit_nofile 20480;
events {
worker_connections 5120; # increase for busier servers
use epoll; # you should use epoll here for Linux kernels 2.6.x
}
http {
# custom start
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# proxy_http_version appeared in nginx 1.1.4
proxy_http_version 1.1;
upstream thedevelopment {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name www.example.com domain.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/domain_com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.key;
keepalive_timeout 70;
server_name www.example.com;
location / {
proxy_pass http://xx.xx.xx.130:8080;
}
location /test {
proxy_pass http://thedevelopment;
}
}
# custom end
server_name_in_redirect off;
server_names_hash_max_size 10240;
server_names_hash_bucket_size 1024;
include mime.types;
default_type application/octet-stream;
server_tokens off;
# remove/commentout disable_symlinks if_not_owner;if you get Permission denied error
# disable_symlinks if_not_owner;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_http_version 1.1;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_buffers 16 8k;
# You can remove image/png image/x-icon image/gif image/jpeg if you have slow CPU
gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/javascript application/xml+rss text/javascript application/atom+xml;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
reset_timedout_connection on;
connection_pool_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
client_max_body_size 200M;
client_body_buffer_size 128k;
request_pool_size 32k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /tmp/nginx_proxy/;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:5m max_size=1000m;
client_body_in_file_only on;
log_format bytes_log "$msec $bytes_sent .";
log_format custom_microcache '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" nocache:$no_cache';
include "/etc/nginx/vhosts/*";
}
I'm new to all of this, but can't keep my newly spun micro ec2 server up and running (running wordpress). The PHP-FPM log only has this with logging set to debug.
[17-Oct-2016 15:46:38] NOTICE: configuration file /etc/php5/fpm/php-fpm.conf test is successful
My nginx log is continuously filling with errors trying to connect to php5-fpm.sock (hundreds of entries per minute even though there is no one else accessing the site).
2016/10/17 16:32:16 [error] 26389#0: *7298 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 191.96.249.80, server: mysiteredacted.com, request: "POST /xmlrpc.php HTTP/1.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "removed"
After restarting nginx and PHP-FPM the site works for a few minutes before throwing 502 Bad Gateway errors until I restart them both again.
I don't know where to begin with this. Here is my nginx config file:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
port_in_redirect off;
gzip on;
gzip_types text/css text/xml text/javascript application/x-javascript;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
}
Which also include this file in the /conf.d folder:
server {
## Your website name goes here.
server_name mysiteredacted.com www.mysiteredacted.com;
## Your only path reference.
root /var/www/;
listen 80;
## This should be in your http block and if it is, it's not needed here.
index index.html index.htm index.php;
include conf.d/drop;
location / {
# This is cool because no php is touched for static content
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_pass unix:/dev/shm/php-fpm-www.sock;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~* \.(css|js|png|jpg|jpeg|gif|ico)$ {
expires 1d;
}
}
The second file has this line:
fastcgi_pass unix:/var/run/php5-fpm.sock;
If that file does not exist it will throw this error.
Check this previous question: How to find my php-fpm.sock?
After hours of searching I finally figured it out.. Turns out it's some sort of brute force attack on /xmlrpc.php as indicated by the thousands of requests of "POST /xmlrpc.php HTTP/1.0".
It's a common WordPress attack. Thanks all.