I manage a wordpress site.
I have below code block in my nginx config file.
server {
listen 443 ssl;
server_name example.com;
client_max_body_size 1000M;
root /var/www/wordpress;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
expires 1s;
set $skip_cache 0;
# POST requests and URLs with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged-in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location / {
autoindex on;
client_max_body_size 1000M;
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires 1s;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_cache_lock on;
expires 1s;
add_header X-FastCGI-Cache $upstream_cache_status;
}
location ~ /.well-known {
allow all;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
try_files $uri =404;
}
}
I created test file in /var/www/wordpress/.well-known/acme-challenge/ folder.
when I load https://example.com/.well-known/acme-challenge it gives me nice 404 from wordpress.
when I load https://example.com/.well-known/acme-challenge/ it gives me below error
404 Not Found
nginx/1.14.0 (Ubuntu)
when I try to load https://example.com/.well-known/acme-challenge/test also it gives me. below 404 error.
404 Not Found
nginx/1.14.0 (Ubuntu)
Because of this my ssl renew fails.
What am I missing here ?
Related
I have a unique setup with a WordPress install in the main root and a second WordPress install (multisite) in a sub folder.
/sites/example.com/files/[WP Site example.com]
/sites/example.com/files/demo [WP Multisite example.com/demo]
The main site is working well but the multisite isn't.
When I request a multisite (example.com/demo/site1) it I get 404's in the console (example.com/demo/site1/style.css = 404)
Here is my conf.
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /sites/example.com/files/;
index index.html index.php;
access_log /sites/example.com/logs/access.log;
error_log /sites/example.com/logs/error.log;
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# WP Multisite start
location ~ ^(/[^/]+)?/files/(.+) {
try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off; log_not_found off; expires max;
}
#avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /sites/example.com/files/demo/wp-content/blogs.dir ;
access_log off; log_not_found off; expires max;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location /demo {
#alias /sites/example.com/files/demo/;
try_files $uri $uri/ /demo/index.php?$args;
}
# WP Multisite end
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf|blade.php)$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.0-example.sock;
}
}
Any advice would be greatly appreciated. I've been trying to solve this for about a week.
I've been using this as a guide:
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/#rewrite-rules-for-multisite
Thank you!
I commented above and left the link that was helpful in answering my question.
Here is my final nginx config that is working.
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
#Ref: http://wordpress.org/extend/plugins/nginx-helper/
#include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /sites/example.com/files/;
index index.html index.php;
access_log /sites/example.com/logs/access.log;
error_log /sites/example.com/logs/error.log;
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# WP Multisite start
location ~ ^(/[^/]+)?/files/(.+) {
try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off; log_not_found off; expires max;
}
#avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /sites/example.com/files/demo/wp-content/blogs.dir ;
access_log off; log_not_found off; expires max;
}
# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/demo(/[^/]+)?(/wp-.*) /demo$2 last;
rewrite ^/demo(/[^/]+)?(/.*\.php)$ /demo$2 last;
}
location /demo {
#alias /sites/example.com/files/demo/;
try_files $uri $uri/ /demo/index.php?$args;
}
# WP Multisite end
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf|blade.php)$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.0-example.sock;
}
}
I'm creating a virtual host for the OsTicket configuration.
In the file vim /etc/nginx/sites-available/osticket.conf I'm inserting these lines:
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/javascript;
gzip_min_length 1000;
index index.php index.html index.htm;
# Rewrite all requests from HTTP to HTTPS
server {
listen 80;
server_name 192.168.0.24;
rewrite ^ http://192.168.0.24 permanent;
}
server {
listen 443;
server_name 192.168.0.24;
ssl on;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/cert.key;
keepalive_timeout 70;
root /var/www/osticket;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
if ($request_uri ~ "^/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location ~ ^/ajax.php/.*$ {
try_files $uri $uri/ /ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $path_info;
fastcgi_pass 192.168.0.24:8888;
}
}
}
And when I do service nginx restart I get the following error:
enter image description here
If you use the command nginx -t I get the following error:
enter image description here
In the nginx server logs I get the following error:
"user" directive is not allowed here in
/etc/nginx/sites-enabled/osticket.conf:1
How can I solve the problem for the nginx service to work.
All configuration files inside the sites-enabled folder are by default included within the nginx.conf configuration, which already has the http block and most of the things you are setting.
You should have only your server blocks in the osticket.conf file. Remove everything else and you should end up with something like:
server {
listen 80;
server_name 192.168.0.24;
rewrite ^ http://192.168.0.24 permanent;
}
server {
listen 443;
server_name 192.168.0.24;
ssl on;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/cert.key;
keepalive_timeout 70;
root /var/www/osticket;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
if ($request_uri ~ "^/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location ~ ^/ajax.php/.*$ {
try_files $uri $uri/ /ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $path_info;
fastcgi_pass 192.168.0.24:8888;
}
}
My permalinks are ~~/%category%~~/%postname%/~~.html~~.
I migrated from Apache to Nginx.
Then my config file I added in
server{
location /mydirectory/ {
try_files $uri $uri/ /mydirectory/$uri.html;
}
But my browser goes on going to the 404 page.
I tried many codes found after deleting cache but still no success.Any help will be much appreciated
Thank you
I desactivate all my plugins and was able to change my permalinks into
/%postname%/
Here is my my.site.com config (my site is in a sub directory Vie/) :
server {
listen 80;
server_name my.site.com;
location ~ /(vie|\|Vie|Vie)/(.*) {
return 301 https://my.site.com/Vie;
}
return 301 https://my.site.com/Vie$request_uri;
}
server {
listen 443 ssl;
server_name my.site.com;
root /var/www/my.site.com/html;
index index.php index.html;
ssl_certificate /etc/letsencrypt/live/krouus.company/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/krouus.company/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000;";
location /Vie/ {
index index.php;
try_files $uri $uri/ /Vie/index.php?$args;
}
location / {
try_files $uri $uri/ /Vie/index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
location ~* commun {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ (^|/)\. {
return 403;
}
location ~* \.(?:css|gif|htc|ico|js|jpe?g|png|swf)$ {
expires max;
log_not_found off;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=1000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
location ~* \.ini$ {
deny all;
return 404;
}
error_page 404 /404.html;
location /404.html {
internal;
}
location ~* /(?:uploads|files)/.*\.(html|htm|shtml|php|js|swf|py|jsp|asp|sh|cgi)$ {
deny all;
}
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 444;
}
location ~* wp-includes/theme-compat/ {
deny all;
}
location ~* wp-includes/js/tinymce/langs/.*.php {
deny all;
}
location /wp-includes/ {
internal;
}
location ~* .(pl|cgi|py|sh|lua|asp)$ {
return 444;
}
location ~* /(wp-config.php|readme.html|license.txt|nginx.conf) {
deny all;
}
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location /xmlrpc.php {
deny all;
}
}
Try this instead. As i was also facing same problem,hope its work for you too.
location /mydirectory{
try_files $uri $uri/ /mydirectory/index.php;
}
Well in fact I solved my problem. I read attentively my ocnfiguration and removed
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
And now my Wordpress works.
Cheerio!
I'm using Nginx as a web server for my site.
My goal is to enable caching on my site so my site can load faster.
I've tried added
proxy_cache one;
Nginx Config File
server {
listen 80 default_server;
server_name default;
root /home/forge/web-app/public;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location ~* \.html$ {
expires -1;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
#configure cache
proxy_cache one; <----------------------------- Added HERE
proxy_cache_valid any 1m;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
#configure cache
proxy_cache one;
proxy_cache_valid any 1m;
}
location ~ /\.ht {
deny all;
}
}
How do I properly enable HTTP cached in Nginx, and test my work ?
Any hints / suggestions will be much appreciated !
You need to define this cache zone first using proxy_cache_path. Here's the tutorial.
So I'm setting up an nginx server and installed wordpress and SSL.
The site is working perfectly on both http and https but when I try to redirect http to https via nginx's server block, both http and https results in a endless redirect loop.
Here's my server block
server {
listen 80;
return 301 $server_name$request_uri;
listen 443 ssl spdy;
root /var/www/wordpress;
index index.php index.html index.htm;
server_name www.example.com;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
spdy_headers_comp 6;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/certs/www.example.com.certchain.crt;
ssl_certificate_key /etc/ssl/private/www.example.com.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Alternate-Protocol 443:npn-spdy/2;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_set_header X-Forwarded-Proto $scheme;
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
if ($http_referer ~* (buttons-for-website.com)) { return 444; }
if ($http_referer ~* (semalt.com)) { return 444; }
}
location ~ \.(hh|php)$ {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
location ~ \.php$ {
location #fallback {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
# Cache Static Files For As Long As Possible
location ~*
\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|$
{
access_log off;
log_not_found off;
expires max;
}
# Security Settings For Better Privacy Deny Hidden Files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Return 403 Forbidden For readme.(txt|html) or license.(txt|html)
if ($request_uri ~* "^.+(readme|license)\.(txt|html)$") {
return 403;
}
# Disallow PHP In Upload Folder
location /wp-content/uploads/ {
location ~ \.php$ {
deny all;
}
}
}
I'd really appreciate anyone's help. I commented out that "return 301" in 3rd line and google indexed both http and https version of the same page and deindexed most of my pages and dropped rankings for several keywords.
Thanks a bunch in advance!
Try separating the non ssl server block so you'd have this
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl spdy;
root /var/www/wordpress;
....