I am trying to create a nginx conf file that has little repetition in it. I am using nginx to serve static files, and it proxies 404s or php content to the named location #varnish:
location #varnish {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_pass http://localhost:6081;
proxy_set_header Request-URI $request_uri;
}
For the "standard" situation whereby nginx should check to see if it has a file and then pass through to the backend, the following works fine:
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
access_log off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
expires max;
open_file_cache_valid 120m;
try_files $uri #varnish;
}
However, for PHP, I don't even want it to try the file, it should just immediately redirect the request to #varnish:
location ~ \.php$ {
rewrite . #varnish last;
}
However, this does not appear to work. It seems a pain to have two separate near identical blocks (one for #backend and one for php) both referencing the same proxy, and is the sort of issue where humans can forget to put something in one and not the other.
If you put the proxy settings into the server context and let the locations inherit them, then it's not much to duplicate. You can also set up an upstream block to make it easier to change the proxy target should you need to:
upstream _varnish {
server localhost:6081;
}
server {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Request-URI $request_uri;
proxy_pass_header Set-Cookie;
location #varnish {
proxy_pass http://_varnish;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
access_log off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
expires max;
open_file_cache_valid 120m;
try_files $uri #varnish;
}
location ~ \.php$ {
proxy_pass http://_varnish;
}
}
Related
When we setup laravel-websockets locally in docker, everything worked wonderfully; however, when it all got pushed to prod, problems arose. Consequently, we have to split up our main site into one server and the websocket server into a different server. All of these sites are on a corporate internal network and do not use SSL.
So, the main application is Laravel 6 running on Centos, Apache 2.4, and PHP 7.3. It can connect to the websocket server but anytime laravel broadcasts an event we get a 404 error for this endpoint:
apps/XXXXXX/events?auth_key=XXXXXXX&auth_signature=XXXXXXX&auth_timestamp=XXXX&auth_version=1.0&body_md5=XXXXX
The websocket server is Centos, PHP 7.3, Nginx 1.8 setup as a reverse proxy using spaties / beyondcodes example conf file.
map $http_upgrade $type {
default "web";
websocket "ws";
}
server {
listen 80;
server_name XXXXXXXXX;
root /opt/rh/rh-nginx18/root/usr/share/nginx/www/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files /nonexistent #$type;
}
location #web {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 500 502 503 504 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location #ws {
proxy_pass http://127.0.0.1:6001;
proxy_set_header Host $host;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
My whole team is new to nginx so we figure there is probably an issue there or something else that we have setup incorrectly. We know our events and broadcasting within the main laravel app is correct, because it worked when it was all running on a single Apache cluster. Our issue was, that corporate would not open a port in the firewall other than 80 and 443. We are opting to split traffic across 80 with nginx as per beyondcode's documentation.
Any thoughts on this? We are at a loss. Thank you all!
Edit:
I should add we are using Laravel Echo with Pusher.JS for the front end:
import Echo from 'laravel-echo';
window.Pusher = require('pusher-js');
window.Echo = new Echo({
broadcaster: 'pusher',
key: process.env.MIX_PUSHER_APP_KEY,
wsHost: 'XXXXXXXXXX',
wsPort: 80,
disableStats: true
});
We receive error about "redirected you too many times." after changing the Wordpress from HTTP to HTTPS.
The WP is on AWS with Nginx and we have tried changing both define(home) and define(siteurl) in both database and wp-config file but no help.
Below is the current nginx config file, we also tried following some posts on Google to change HTTP to HTTPS, listening port to 443 but still no luck.
Thanks in advance.
server {
listen 443;
server_name wp.mywebsite.com;
server_name www.mywp.mywebsite.com;
include /etc/nginx/common_server_settings;
location /wp-content/ { root /var/www/mywp.mywebsite.com; }
location /wp-includes/ { root /var/www/mywp.mywebsite.com; }
set $no_cache 0;
# POST requests should always go to PHP
if ($request_method = POST) { set $no_cache 1; }
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") { set $no_cache 1; }
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
#proxy_set_header Host "mywp.mywebsite.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
proxy_pass http://127.0.0.1:1080;
proxy_cache_bypass $no_cache;
proxy_no_cache $no_cache;
proxy_cache_lock on;
proxy_cache BLOG;
proxy_cache_valid 5m;
add_header X-Raw $no_cache;
}
}
proxy_set_header X-Forwarded-Proto http;
The headers are causing this redirect loop since the wordpress still thinks that it is being accessed using "http" scheme (because your reverse proxy server is not sending the correct scheme in the header.
It may be also possible that you need to make a change in wordpress config file so that it correctly detects the HTTPS. As described here:
Websites behind load balancers or reverse proxies that support HTTP_X_FORWARDED_PROTO can be fixed by adding the following code to the wp-config.php file, above the require_once call:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS'] = 'on';
I use this type of config for proxying to https:
server {
listen 443 ssl;
server_name wp.mywebsite.com;
server_tokens off;
ssl on;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_protocols SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
set $ssl off;
etag on;
if ($scheme = https) {
set $ssl on;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_pass http://127.0.0.1:1080;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:1080 wp.mywebsite.com;
}
}
Also don't forget to force https:
server {
server_tokens off;
listen 80;
server_name wp.mywebsite.com;
return 301 https://wp.mywebsite.com$request_uri;
}
I try connected nginx and symfony 2. But my configure file not work for this framework.
server {
listen 80;
server_name test.com www.test.com;
access_log /var/log/nginx/test.access.log;
error_log /var/log/nginx/test.error.log;
location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|docx|xlsx)$ {
root /home/test/var/www/test.com/public_html/web;
index index.html index.php;
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}
For any static file which contain in directory
/home/test/var/www/test.com/public_html/web/css or
/home/test/var/www/test.com/public_html/web/js
return error 403
I try get static file use the url like this test.com/css/style.css
I resolve this problem. I forgot add user www-data ( the nginx process ) to group test ( the test is owner all files in your home dir ).
I just switched my PHP to run from Apache to FastCGI (via Plesk). Now every file I try to access on my domain that's not a php file (like css, images, html ...) gives a 404.
Any idea of what it could be?
vhost specific config file (/etc/nginx/plesk.conf.d/vhosts/mysite.com.conf):
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen 99.99.99.99:443 ssl;
server_name mysite.com;
server_name www.mysite.com;
server_name ipv4.mysite.com;
ssl_certificate /usr/local/psa/var/certificates/certEbk3rnT;
ssl_certificate_key /usr/local/psa/var/certificates/certEbk3rnT;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
root "/var/www/vhosts/mysite.com/httpdocs";
access_log "/var/www/vhosts/system/mysite.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/mysite.com/logs/proxy_error_log";
location / {
proxy_pass https://99.99.99.99:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/mysite.com/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen 50.23.99.2:80;
server_name mysite.com;
server_name www.mysite.com;
server_name ipv4.mysite.com;
client_max_body_size 128m;
root "/var/www/vhosts/mysite.com/httpdocs";
access_log "/var/www/vhosts/system/mysite.com/logs/proxy_access_log";
error_log "/var/www/vhosts/system/mysite.com/logs/proxy_error_log";
location / {
proxy_pass http://99.99.99.99:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/mysite.com/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}
}
Requests of *.php files working because nginx transparent proxing it to apache, which catched by proper apache's vhost.
Statics files get 404 because:
proper nginx's vhost can't be found by nginx and request cathced by default vhost
or
there some another nginx vhost which catch all requests(wildcard subdomain *.mysite.com for example).
No any useful advices here, just revise all your nginx configs.
I have vps using nginx on that web server I got 2 conf (host1.com,host2.com) files on /etc/nginx/conf.d but 2 domain access to the same site. those site are on different technologies 1 PHP (Apache running on 88 ) and 1 python (gunicorn running on 5000) both site can be access from outside correctly using those ports.
site 1 conf
server{
listen 80;
root /var/www/host1.com/public;
index index.php index.html index.htm;
server_name host1.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:88;
}
location ~ /\.ht {
deny all;
}
}
host2 conf
server {
listen 80;
server_name host2.com;
access_log /var/log/nginx/fundacion.log;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Thanks in advance.
Restart nginx.
Clear your browser cache.