For context: Laravel 7 site hosted on Digital Ocean with Forge.
I ran into some 502 errors on my site the last two days. Reviewing the nginx Logs it looks like one of the issues is:
2022/06/06 22:39:04 [error] 9077#9077: *1790120 upstream sent too big header while reading response header from upstream, client: 74.71.32.109, server: [URL], request: "POST /login HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host: "[URL]", referrer: "[URL]"
The my current nginx config:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/before/*;
server {
listen {{ PORT }};
listen {{ PORT_V6 }};
server_name {{ DOMAINS }};
server_tokens off;
root {{ PATH }};
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/{{ SITE }}-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass {{ PROXY_PASS }};
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/after/*;
Digital ocean receommends I add:
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
As noted here: https://www.digitalocean.com/community/questions/nginx-returns-upstream-sent-too-big-header-while-reading-response-header-from-upstream
Just not sure where or how to add it, what the upstream portion means.
TIA
Related
I have a lot of error messages like:
2022/11/21 11:05:36 [alert] 729126#729126: *467625 768 worker_connections are not enough while connecting to upstream, upstream: "fastcgi://unix:/var/run/php/php8.1-fpm.sock:"
I'm trying to increase the number of worker_connections. On Laravel Forge, i can edit the nginx configuration file, but nothing I add is working.
My file:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/ [...] /before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name [...] ;
server_tokens off;
root /home/forge/ [...] /public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/ [...] /1550866/server.crt;
ssl_certificate_key /etc/nginx/ssl/ [...] /1550866/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/ [...] /server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/ [...] -error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/ [...] /after/*;
I saw this on Github:
events {
# When you need > 8000 * cpu_cores connections, you start optimizing your OS,
# and this is probably the point at which you hire people who are smarter than
# you, as this is *a lot* of requests. default is 768.
worker_connections 768;
multi_accept on;
}
But the "events" entry is not allowed, so I don't know how to specify the number of worker_connections.
Any ideas?
There is an API deployed on the server. I have a public IP to which I want to connect the domain. Normally it works this way: 127.0.0.1/api/v1/register, but the domain looks like api.mydomain.com, so I don't really need the part "api/v1". How can I redirect all users' requests like "127.0.0.1/register" into "127.0.0.1/api/v1/register"?
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/before/*;
server {
listen {{ PORT }};
listen {{ PORT_V6 }};
server_name {{ DOMAINS }};
server_tokens off;
root {{ PATH }};
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/{{ SITE }}-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass {{ PROXY_PASS }};
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/after/*;
My Nginx config file:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
root /home/forge/www.example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/616559/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/616559/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/after/*;
Site domain is www.example.com
Aliases: example.com
Any idea?
Just posting the solution to anyone in the same situation:
The problem was not with posted Nginx configuration at all, which is correct.
After a while searching for a solution, I realised that I had two DNS records (in DNS table of my web and domain hosting) pointing to www.example.com in DNS table, resulting in that behaviour when accessing the web.
Thanks.
So I have set up two domains with each of there repositories on one server with forge. It looks like this:
DomainA.com (179.x.x.x)
DomainB.com (179.x.x.x)
In my DNS I have pointed them both to the same ip, and forge has handled everything else and it works great.
On the server there's two folders.
DomainA.com
DomainB.com
So now I want to create a subdomain on DomainB which "loads" the code of DomainA, example: code.domainb.com will load show the contents which in on domaina.com.
I'm not sure how I can do that? So far I understand that I need to change something in the nginx config, hopefully someone can give me some pointers :)
Nginx config for domainb:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domainb.com;
root /home/forge/domainb.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domainb.com/471043/server.crt;
ssl_certificate_key /etc/nginx/ssl/domainb.com/471043/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domainb.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/after/*;
Nginx conf for domain A:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domaina.com;
root /home/forge/domaina.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domaina.com/470443/server.crt;
ssl_certificate_key /etc/nginx/ssl/domaina.com/470443/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domaina.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/after/*;
The server_name directive can have more than one value. The exact match HOST name takes precedence. See this document for details.
If code.domainb.com uses the same document root as the server block for .domaina.com, simply add its name to the server_name directive.
For example:
server {
...
server_name .domainb.com;
root /home/forge/domainb.com/public;
...
}
server {
...
server_name .domaina.com code.domainb.com;
root /home/forge/domaina.com/public;
...
}
See this document for more.
I have a nginx server with a single web site, managed by Laravel Forge. At the moment it responds to requests for a single subdomain: subdomain_a.mydomain.com.au. I need it to respond to requests for subdomain_b.mydomain.com.au, and also the raw IP address. How do I do that?
Here's the nginx config:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/subdomain_a.mydomain.com.au/before/*;
server {
listen 80;
listen [::]:80;
server_name subdomain_a.mydomain.com.au;
root /home/forge/subdomain_a.mydomain.com.au/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-(truncated by me!!!);
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/subdomain_a.mydomain.com.au/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/subdomain_a.mydomain.com.au-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/subdomain_a.mydomain.com.au/after/*;
I am new to both nginx and Forge, and this is due to be in production within a few days.
In forge open your website page, at the right bottom there is a dropup menu called "Files", click on "Edit Nginx configuration".
Now you have to change this directive (as described here) from:
add_header X-Frame-Options "SAMEORIGIN";
to
add_header X-Frame-Options "allow from https://your-ip-or-domain.tld"