I had to re-setup some projects on my local using Centos 7 on a vagrant box. After the setup I am getting a CORS error and I am not able to figure out why.
This is nginx.conf file:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
And this is my project conf file. I don't think the name of the .conf file matters, right?
server {
listen 80;
server_name authentication.service.local ;
root /var/www/authentication-api/public;
index index.php;
gzip on;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
add_header X-Frame-Options "SAMEORIGIN";
location /proxy.html {
root /var/www/authentication-api/public;
}
location /xdomain.min.js {
root /var/www/authentication-api/public;
}
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH';
add_header 'Access-Control-Allow-Headers' 'DNT,Authorization,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
try_files $uri $uri/ /index.php?$query_string;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I am able to ping the project correctly using ping authentication.service.local
But when I try to hit an endpoint using a browser (eg: login, which was working before), I get an error Failed to load resource: Origin http://localhost:7000 is not allowed by Access-Control-Allow-Origin
I thought adding add_header 'Access-Control-Allow-Origin' '*'; should resolve this issue, but I'm trying to understand why it doesn't?
Also the nginx error.log shows
2021/09/15 17:50:17 [error] 3290#3290: *8 open() "/usr/share/nginx/html/token/user" failed (2: No such file or directory), client: 10.0.5.1, server: _, request: "POST /token/user HTTP/1.1", host: "authentication.service.local", referrer: "http://localhost:7000/"
Since my /var/www folder points to my projects folder, is "/usr/share/nginx/html/token/user" incorrect?
Thanks for your help.
You're sending a POST request, but only set the Access-Control-Allow-Origin header for the OPTIONS method.
Related
i have a server which hosts several websites. Some normal HTML, some wordpress and some reverse proxy.
Everything is managed by nginx with conf files for each site. All is managed by Ansible which means all config files are build from the same template.
I have a nginx conf like this:
# Ansible managed
user www-data;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
# Load modules
include /etc/nginx/modules-enabled/*.conf;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 16M;
server_names_hash_max_size 512;
server_names_hash_bucket_size 128;
# MIME
include mime.types;
default_type application/octet-stream;
# Log Format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# include TLS hardening
include /etc/nginx/snippets/tls-hardening.conf;
# Load configs
include /etc/nginx/conf.d/*.conf;
server {
# catch-all server for both http and https
listen *:80 default_server;
listen *:443 default_server;
server_name _;
# SSL
ssl_certificate /etc/ssl/FQDN.bundle.crt;
ssl_certificate_key /etc/ssl/FQDN.key;
# Redirect to canonical site
#rewrite ^/(.*)$ http://example.com/$1 permanent;
# return 404
return 404;
}
}
The default part shall catch all unconfigured requests.
the configs for normal websites are looking like this:
# Ansible managed
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name FQDN www.FQDN;
root /var/www/FQDN;
index index.html index.htm;
# SSL
ssl_certificate /etc/letsencrypt/live/FQDN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/FQDN/chain.pem;
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# . files
location ~ /\.(?!well-known) {
deny all;
}
# logging
access_log /var/log/nginx/FQDN.access.log;
error_log /var/log/nginx/FQDN.error.log warn;
# index.html fallback
location / {
#try_files $uri /index.html index.htm index.php;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
access_log off;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name FQDN www.FQDN;
# ACME-challenge
location ^~ /.well-known/acme-challenge/ {
root /var/www/_letsencrypt;
}
location / {
return 301 https://FQDN$request_uri;
}
}
So the SSL request shall be matched for FQDN and www.FQDN while http requests fro FQDN and www.FQDN shall be redirected to the SSL website.
This works fine for my wordpress websites but not for the HTML sites.
Even if I have a default server config nginx redirects the https://www.FQDN to the first config in the config folder.
Does anyone has a hint what's going on here?
I also See different behavior between Chrome and Firefox on one site and Safari on the other side.
Chrome and Firefox will be redirected to the first config in config folder while Safari shoes error that the requested https.www.FQDN website is not secure and readable.
Lets encrypt certificate is created for both domains FQDN and www.FQDN.
I'm following the instructions to install Nextcloud on an nginx server.
I copy the configuration from the offical documentation, i set my server name and my ssl certificate path, and when i try to reach nextcloud from my browser i get
"500 Internal server error".
When i check in the error.log i get
rewrite or internal redirection cycle while processing "/index.php"
This is my configuration file:
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php/php7.3-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name mrbackslash.tk;
# enforce https
return 301 https://$server_name:443$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mrbackslash.tk;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/ssl/mrbackslash_tk_cert.crt;
ssl_certificate_key /etc/ssl/mrbackslash_tk_key.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/mrbackslash.tk/public-html/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
Help!
I solved the issue by re-uploading the configuration file via ftp, pasting it in nano on the ssh shell was a bad idea!
According to GTMetrix:
There are 6 static components without a far-future expiration date.
http://linuxedgr.disqus.com/recent_comments_widget.js?num_items=5&hide_mods=0&hide_avatars=0&avatar_size=32&excerpt_length=100
http://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-548e3c553a19ddf3
http://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700
http://www.google-analytics.com/ga.js
http://a.disquscdn.com/count.js
http://linuxedgr.disqus.com/count-data.js?1=egkatastasi-tou-nginx&1=eisagogi-ston-nginx&1=new-dedicated-server-in-da-house-me-5-euro&1=o-epimenon-nika&1=pos-mporo-na-kano-encrypt-kai-decrypt-arxeia-xrismopoiontas-to-openssl-toolkit&1=pos-sindeo-ena-domain-apo-tin-IPHost-me-tin-ip-tou-server-mou
At my /etc/nginx/vhosts.d/www.linuxed.gr.conf
server {
listen 80;
# Δώσε το absolute path που εχεις τα αρχεία του website
root /var/www/html/linuxed;
# Όριστε το index file
index index.html index.html index.php;
# Δώσε το όνομα του domain και το alias
# τα οποια πρεπει να τα εχει δηλώσει και στο /etc/hosts
server_name www.linuxed.gr linuxed.gr;
# Συμπίεση
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# specify a vary: accept-encoding header
gzip_vary on;
# Όριστε μία 404 page
error_page 404 /error-404.html;
location = /error-404.html {
root /var/www/html/linuxed/;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/;
}
# Disable favicon.ico logging
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Allow robots and disable logging
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
############################
# Leverage browser caching #
############################
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires max;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public";
}
# Deny access to htaccess and htpasswd files
location ~ /\.ht {
deny all;
}
}
Also here's my /etc/nginx/nginx.conf
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
types_hash_max_size 2048;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
# Tcp_nopush causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames. This is useful for prepending headers before
# calling sendfile or for throughput optimization.
tcp_nopush on;
# don't buffer data-sends (disable Nagle algorithm). Good for sending frequent
# small bursts of data in real time.
tcp_nodelay on;
sendfile on;
# allow the server to close the connection after a client stops responding.
#Frees up socket-associated memory.
reset_timedout_connection on;
gzip on;
gzip_disable "msie6";
client_body_buffer_size 10k;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
include conf.d/*.conf;
include vhosts.d/*.conf;
}
I think my configuration is quite right. How ever I am getting this message at GTMetrix website. How can I fix that?
All 6 resources which GTMetrix pointed out are from external domains and the expiration headers were not set with far-future expiration date because they might get changed very frequently and thus caching them may not give desired results.
You cannot do any thing from your server side about the expiration header warnings for those external resource. What GTMetrix displays is just a warning which can be ignored.
The module ngx_pagespeed(Nginx) works very well for HTTP. However, I cannot get it working with HTTPS. My whole website is using HTTPS and ngx_pagespeed seems to have none of their filters working. The module itself is loaded, but do nothing. I'm using WordPress for the website with the latest ngx_pagespeed module on CentOS 7.
Here my nginx.conf
user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
##
# MIME types
##
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Update charset_types due to updated mime.types
charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;
##
# Misc
##
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
client_max_body_size 20m;
client_body_buffer_size 128k;
client_body_timeout 15;
client_header_timeout 15;
keepalive_timeout 65;
reset_timedout_connection on;
send_timeout 15;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
server_tokens off;
##
# Logging Settings
##
access_log /var/log/nginx/access.log main;
##
# Gzip Settings - Ngx_pagespeed to by default.
##
# gzip on;
# gzip_min_length 256;
# gzip_comp_level 4;
# gzip_proxied any;
# gzip_vary on;
# gzip_types
# application/atom+xml
# application/javascript
# application/json
# application/rss+xml
# application/vnd.ms-fontobject
# application/x-font-ttf
# application/x-web-app-manifest+json
# application/xhtml+xml
# application/xml
# font/opentype
# image/svg+xml
# image/x-icon
# text/css
# text/plain
# text/x-component;
## Enable clickjacking protection in modern browsers.
## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
add_header X-Frame-Options sameorigin;
##
# Host Configs
##
include /etc/nginx/conf.d/*.conf;
}
And here is my example.conf
##
# WWW to NON-WWW
##
server {
listen 80;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
##
# Force HTTPS
##
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
##
# The right way to add support for HSTS.
# http://trac.nginx.org/nginx/ticket/289
##
map $scheme $hsts_header {
https max-age=31536000;
}
##
# Phuchan site
##
server {
listen 443 ssl spdy;
# Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate.
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/myserver.key;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits.
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Intermediate configuration.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/trustchain.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
# PageSpeed
pagespeed on;
pagespeed FetchHttps enable;
#pagespeed MapOriginDomain "http://localhost" "https://example.com";
# Needs to exist and be writable by nginx. Use tmpfs for best performance.
pagespeed FileCachePath /var/ngx_pagespeed_cache;
# Ensure requests for pagespeed optimized resources go to the pagespeed handler
# and no extraneous headers get set.
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
# Honoring no-transform Cache-Control Headers
pagespeed DisableRewriteOnNoTransform off;
# Lower-casing HTML element and attribute names
pagespeed LowercaseHtmlNames on;
pagespeed RewriteLevel OptimizeForBandwidth;
# Preserve URL Relativity
pagespeed PreserveUrlRelativity on;
# Misc
add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options nosniff;
server_name example.com;
root /srv/www/example.com;
index index.php index.htm index.html;
error_log /var/log/nginx/error-example.log error;
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
##
# PHP-FPM
##
location ~ \.php$ {
try_files $uri = 404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
##
# Server the assets folder
##
location ^~ /assets {
alias /srv/assets;
}
##
# Simple cache for static files. Tweaked for SSL use.
##
location ~ \.(js|css|png|jpeg|jpg|gif|ico|swf|flv|pdf|zip)$ {
expires 24h;
add_header Cache-Control public;
}
##
# WordPress stuff
##
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
try_files $uri $uri/ /index.php?$args;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Set variable $skip_cache to 0
set $skip_cache 0;
# Do not cache POST/HEAD requests
if ($request_method ~ ^(HEAD|POST)$) {
set $skip_cache 1;
}
# Do not cache URLs with a query string
if ($query_string != "") {
set $skip_cache 1;
}
# Do not cache URLs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Do not cache logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
##
# Rewrite for XML Sitemap Generator
##
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;
}
You must provide https-specific configuration to enable rewriting of https resources.
From https://developers.google.com/speed/pagespeed/module/https_support :
PageSpeed rewrites HTML documents requested via https. PageSpeed is able to serve these documents because the server passes the HTML document through all its output filters, including *_pagespeed. But by default, PageSpeed will only rewrite non-HTML resources which are served via http. Due to the complexity and security required to manage client SSL certificates, PageSpeed requires the server administrator to explicitly enable https fetching.
https://developers.google.com/speed/pagespeed/module/https_support provides more details on what configuration is needed in different situations.
I fixed that with https://developers.google.com/speed/pagespeed/module/https_support#load_from_file. The second argument should point to the root of your website.
when I open 127.0.0.1, the url would jump to 127.0.0.1/k.com/k.com/k/.com/......
my hosts
127.0.0.1 localhost
127.0.0.1 k.com
my nginx config
#user _www;
worker_processes 1;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
access_log off;
gzip off;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/json application/x-javascript text/css application/xml text/javascript;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name k.com;
client_max_body_size 20M;
root F:/xxxx/www;
underscores_in_headers on;
index index.html;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,username,password,remember,token';
location / {
try_files $uri $uri/ /index.html;
}
location = /index.html {
add_header Cache-Control no-cache;
add_header Cache-Control private;
}
}
server {
listen 80;
server_name localhost;
root F:/xxxx/www/htdocs; #
index index.html index.php;
autoindex on;
location / {
try_files $uri $uri/ /index.html;
}
}
}
how to configure 127.0.0.1 , direct to another directory or empty page, either or direct to localhost.