I'm trying to forward all jpeg and png images to webp. It's a Laravel project. Most of images in /storage folder as a symlink in public folder. I followed guides and I know a bit regex but I couldn't find any clue what's wrong.
I have webp images in every folder.
path/to/image.jpg
path/to/image.jpg.webp
ngnix.conf file:
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}
Server config:
server{
root /var/www/site/public;
server_name example.com www.example.org;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~* \.(jpg|jpeg|png|webp|gif|ico|css|js)$ {
expires 365d;
}
location ~* ^.+\.(png|jpe?g)$ {
add_header Vary Accept;
try_files $uri$webp_suffix $uri =404;
}
error_page 404 /index.php;
if ($host = example.org) {
return 301 https://www.example.org$request_uri;
} # managed by Certbot
location ~ \.php$ {
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = www.example.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.org www.example.org;
return 404; # managed by Certbot
}
I don't know what I am doing wrong. Any help will be appreciated thanks.
Regular expression location blocks are evaluated in order until a match is found. See this document for details.
You have two location expressions which match .png, .jpg and .jpeg. You need to remove these from the first expression for the second expression to succeed.
For example:
location ~* \.(gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(png|jpe?g)$ {
expires 365d;
add_header Vary Accept;
try_files $uri$webp_suffix $uri =404;
}
Related
I have a unique setup with a WordPress install in the main root and a second WordPress install (multisite) in a sub folder.
/sites/example.com/files/[WP Site example.com]
/sites/example.com/files/demo [WP Multisite example.com/demo]
The main site is working well but the multisite isn't.
When I request a multisite (example.com/demo/site1) it I get 404's in the console (example.com/demo/site1/style.css = 404)
Here is my conf.
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /sites/example.com/files/;
index index.html index.php;
access_log /sites/example.com/logs/access.log;
error_log /sites/example.com/logs/error.log;
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# WP Multisite start
location ~ ^(/[^/]+)?/files/(.+) {
try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off; log_not_found off; expires max;
}
#avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /sites/example.com/files/demo/wp-content/blogs.dir ;
access_log off; log_not_found off; expires max;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location /demo {
#alias /sites/example.com/files/demo/;
try_files $uri $uri/ /demo/index.php?$args;
}
# WP Multisite end
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf|blade.php)$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.0-example.sock;
}
}
Any advice would be greatly appreciated. I've been trying to solve this for about a week.
I've been using this as a guide:
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/#rewrite-rules-for-multisite
Thank you!
I commented above and left the link that was helpful in answering my question.
Here is my final nginx config that is working.
map $uri $blogname{
~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ;
}
map $blogname $blogid{
default -999;
#Ref: http://wordpress.org/extend/plugins/nginx-helper/
#include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /sites/example.com/files/;
index index.html index.php;
access_log /sites/example.com/logs/access.log;
error_log /sites/example.com/logs/error.log;
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# WP Multisite start
location ~ ^(/[^/]+)?/files/(.+) {
try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
access_log off; log_not_found off; expires max;
}
#avoid php readfile()
location ^~ /blogs.dir {
internal;
alias /sites/example.com/files/demo/wp-content/blogs.dir ;
access_log off; log_not_found off; expires max;
}
# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/demo(/[^/]+)?(/wp-.*) /demo$2 last;
rewrite ^/demo(/[^/]+)?(/.*\.php)$ /demo$2 last;
}
location /demo {
#alias /sites/example.com/files/demo/;
try_files $uri $uri/ /demo/index.php?$args;
}
# WP Multisite end
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf|blade.php)$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi.conf;
fastcgi_pass unix:/run/php/php8.0-example.sock;
}
}
I think I'm probably having a brainfart but the solution is evading me for now.
On startup, Nginx is returning the following error in journalctl.
"A duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default"
I can't see the duplicate for default.
This is my sites-enabled default file can anyone else point me to the cause of the error?
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name demo4.review;
root /var/www/static;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
server_name wp.demo4.review;
root /var/www/wp_demo;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wp.demo4.review/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wp.demo4.review/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = wp.demo4.review) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name wp.demo4.review;
return 404; # managed by Certbot
}
server {
listen 80;
server_name api.demo4.review;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
if ($host = wp.demo4.review) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name wp.demo4.review;
listen 80;
return 404; # managed by Certbot
}
server {
server_name ukl.demo4.review;
root /var/www/ukl;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ukl.demo4.review/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ukl.demo4.review/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ukl.demo4.review) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ukl.demo4.review;
listen 80;
return 404; # managed by Certbot
}
I was having the same error and when I look into the /etc/nginx/sites-enabled folder there is a duplicated file that was created by default removing that file solves the problem:
ubuntu#2172-web-01:~$ sudo nginx -t
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default-:22
nginx: configuration file /etc/nginx/nginx.conf test failed
ubuntu#2172-web-01:~$ cd /etc/nginx/sites-enabled/
ubuntu#2172-web-01:/etc/nginx/sites-enableds ls
default default~
ubuntu#2172-web-01:/etc/nginx/sites-enabled$ sudo rm default
ubuntu#2172-web-01:/etc/nginx/sites-enabled$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
There was a default.save file in the same directory that Nginx was also reading.
Problem: a subdomain keeps redirected to another
I'm trying to install a new subdomain sports.example.com for my server, and I have another subdomain which is currently working fine at news.example.com. Problem is, every time I visit sports.example.com, it redirects to news.example.com.
Background
Both domains are wordpress sites, and I can confirm that the new one is indeed "resolved" correctly when I visit sports.example.com/info.php if I manually touch and edit a info.php file.
Here is the sports config file /etc/nginx/sites-enabled/sports.example.com:
server {
listen 80;
root /home/sd/sites/sports.example.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name sports.example.com;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sports.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sports.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sports.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name sports.example.com;
listen 80;
return 404; # managed by Certbot
}
And here goes the config file for news subdomain (/etc/nginx/sites-enabled/news.example.com:
server {
root /home/sd/sites/news.example.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name news.example.com;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/news.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/news.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = news.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name news.example.com;
return 404; # managed by Certbot
}
I've found this question closest to may case, but I don't have any proxies whatsoever installed on my system, which bears 2 more subdomains served from the very same VPS with the same IP address. They are some django sites, though, if that matters.
I am trying to get Nginx, WordPress, and Cloudflare all working together. All pages outside of the home page (which isn't loading CSS of JS it seems) redirect to the IP of the droplet it's on, and throwing an error since its not secure. Any help would be most appreciated, I've now exhausted all the fixes found here and still have made no progress.
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
server_name example.com www.example.com;
root /var/www/core;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
}
Looking to get Wordpress properly loading the https through Cloudflare.
I am getting a weird problem with my NGINX server. The website opens up and is functional while browsing off Incognito, but for any new browser/session, I am getting the NGINX 502 Bad Gateway error. I only have the following in the error log.
[error] 2121#2121: *34 upstream sent too big header while reading response header from upstream, client: xx.xx.xx.xx, server:domain.tld, request: "GET / HTTP/2.0", upstream:"fastcgi://unix:/run/php/php7.2-fpm.sock:", host: "domain.tld"
The config file is attached
server {
server_name domain.tld www.domain.tld;
root /var/www/html/domain.tld/public_html;
index index.html index.php;
http2_push_preload on;
location / {
try_files $uri $uri/ /index.php?$args;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/html/domain.tld/public_html$fastcgi_script_name;
}
location = /xmlrpc.php {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
# managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name domain.tld www.domain.tld;
listen 80;
return 404; # managed by Certbot
}
Fixed it by adding the following directives to my nginx configuration file
fastcgi_max_temp_file_size 0;
fastcgi_buffers 128 2048k;
fastcgi_buffer_size 2048k;
Hope it helps someone not able to fix this error :)