I'm desperately trying to figure out a way to set an expiry date on fonts in nginx to optimize on mobile.
I'm interested for ttf fonts.
I have mime.types as fallows:
application/font-woff woff;
application/vnd.ms-fontobject eot;
application/x-font-ttf ttc ttf;
font/opentype otf;
image/svg+xml svg svgz;
And on Nginx I have tried every solution I found on the web to no avail:
Try #1:
location ~* \.(?:eot|woff|woff2|ttf|svg|otf) {
access_log off;
log_not_found off;
expires 365d;
add_header Cache-Control "public";
add_header Access-Control-Allow-Origin *;
types {font/truetype ttf;}
}
Fail NO Expiry:
Request URL: http://localhost:3001/static/media/Poppins-Regular.8081832f.ttf
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:3001
Referrer Policy: strict-origin-when-cross-origin
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/x-font-ttf
Date: Thu, 01 Apr 2021 18:33:55 GMT
ETag: W/"60660e52-269f0"
Last-Modified: Thu, 01 Apr 2021 18:17:54 GMT
Server: nginx/1.15.2
Transfer-Encoding: chunked
Vary: Accept-Encoding
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Host: localhost:3001
Origin: http://localhost:3001
Referer: http://localhost:3001/static/css/main.06159cd9.chunk.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-GPC: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36
Try #2:
location ~* \.(woff|ttf|otf|woff2|eot)$ {
expires 365d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public, max-age=86400";
add_header X-Asset "yes";
}
Failed: Same result
Try: 3
https://io.24hoursmedia.com/tech-notes/nginx-send-browser-cache-headers-for-static-files
Failed: Same result
Try: 4
location ~* \.(?:jpg|jpeg|gif|png|ico|woff2)$ {
expires 1M;
add_header Cache-Control "public";
}
Failed: Same result
What I am missing? Please help.
Keep it simple. My NGINX looks like:
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
....
expires max;
add_header Cache-Control "public, no-transform";
}
And the response:
cache-control: max-age=315360000
cache-control: public, no-transform
content-length: 84508
content-type: font/woff2
date: Mon, 05 Apr 2021 19:08:55 GMT
etag: "603562a6-14a1c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 23 Feb 2021 20:16:38 GMT
server: nginx
I have two different configurations for my fonts ...
types { application/x-font-ttf ttf}
AND
types {font/ttf ttf}
The second one is based on the new font standard released back in 2017.
https://www.iana.org/assignments/media-types/media-types.xhtml#font
... but I haven't seen font/truetype.
More Information: http://nginx.org/en/docs/http/ngx_http_core_module.html#types
If you want to fine-tune your expires value take a look here:
https://nginx.org/en/docs/http/ngx_http_headers_module.html#expires
{
map $sent_http_content_type $expires {
default off;
application/pdf 42d;
~image/ max;
}
server {
...
location ~*\.(woff|woff2...)$ {
...
expires $expires;
}
}
}
Related
I want to use nginx as internet out proxy.
So, I try to connect to http://mirror01.org/google.com, but cache files were not created.
If I delete rewrite rule and replace proxy_pass to http://google.come cache files will be created.
Where did I go wrong?
Trace using curl
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.20.2
Date: Tue, 08 Mar 2022 15:44:42 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 08 Mar 2022 15:44:42 GMT
Expires: Thu, 07 Apr 2022 15:44:42 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Tue, 08 Mar 2022 15:44:43 GMT
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Expires: Tue, 08 Mar 2022 15:44:43 GMT
Cache-Control: private
Set-Cookie: 1P_JAR=2022-03-08-15; expires=Thu, 07-Apr-2022 15:44:43 GMT; path=/; domain=.google.com; Secure
Set-Cookie: NID=511=21PQ3ziwDTFTppHDMUoAVReBsFB6oGkVHqT38eqJO25UQkP3SJSEleOsHhefVDR_TgKSK6DpcTmBewjKC-kazv8mWRrfW10NUJevh16H5MZtKrKCJxllfI4r; expires=Wed, 07-Sep-2022 15:44:43 GMT; path=/; domain=.google.com; HttpOnly
Nginx conf:
access_log /opt/nginx/log/access.log main;
error_log /opt/nginx/log/error.log crit;
proxy_cache_path /opt/nginx/cache levels=1:2 keys_zone=default_cache:10m max_size=2g
inactive=120m use_temp_path=off;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_cache_valid any 60m;
server {
listen 80;
server_name mirror01.org;
location / {
proxy_cache default_cache;
proxy_buffering on;
proxy_ignore_headers Expires;
proxy_ignore_headers X-Accel-Expires;
proxy_ignore_headers Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header X-Accel-Expires;
proxy_hide_header Expires;
proxy_hide_header Cache-Control;
proxy_hide_header Pragma;
add_header X-Proxy-Cache $upstream_cache_status;
rewrite ^/(.*)$ http://$request_uri? break;
proxy_pass $request_uri;
}
}
I have built a simple static site, that I am serving with nginx (from docker). Currently I am trying to implement some best-practices, including gzip.
I have used some example config I found online, to set up my own config. Gzip is working for most types, except for css...
I used curl for testing:
curl -H "Accept-Encoding: gzip" -I localhost:8400 produces:
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 05 Jan 2022 12:35:06 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Thu, 30 Dec 2021 13:24:15 GMT
Vary: Accept-Encoding
ETag: W/"61cdb2ff-ff5"
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.transistories.org; frame-src 'self'; object-src 'self'
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
while curl -H "Accept-Encoding: gzip" -I localhost:8400/css/main.css produces:
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 05 Jan 2022 12:35:02 GMT
Content-Type: text/css
Content-Length: 8279
Connection: keep-alive
Last-Modified: Wed, 05 Jan 2022 10:46:33 GMT
Vary: Accept-Encoding
ETag: "61d57709-2057"
Expires: Sat, 29 Jan 2022 13:38:58 GMT
Cache-Control: max-age=2073600
Pragma: public
Cache-Control: max-age=2073600, public
Accept-Ranges: bytes
The main config file:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/js
text/plain
text/xml;
gzip_disable "msie6";
server_tokens off;
include /etc/nginx/conf.d/transistories.conf;
}
The included config file:
server {
listen 80;
listen [::]:80;
server_name localhost;
#charset koi8-r;
access_log /var/log/nginx/host.access.log main;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.transistories.org; frame-src 'self'; object-src 'self'";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=31536000;" always;
add_header X-XSS-Protection "1; mode=block";
location ~* \.(?:ico|css|js|gif|jpe?g|png|eot|woff2?|ttf|svg)$ {
root /usr/share/nginx/html;
expires 24d;
add_header Pragma public;
add_header Cache-Control "max-age=2073600, public";
}
location / {
root /usr/share/nginx/html;
index index.html;
}
error_page 404 /404.html;
}
In case it is relevant; the Dockerfile that I am using:
The css files are generated from scss, using node-sass.
FROM node:current-alpine3.14 AS builder
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY assets ./assets
COPY gulpfile.js .
COPY src ./src
RUN npm run build:prod
RUN npm run sitemap
RUN npm run rss
FROM nginx:latest
COPY --from=builder /usr/src/app/build /usr/share/nginx/html
COPY nginx/nginx.conf /etc/nginx
COPY nginx/conf.d /etc/nginx/conf.d
Any ideas why this could be happening, and how I could solve this?
Thanks in advance!
I'm trying to make a https proxy on nginx engine. And when I test it on different sites - I always get two HTTP codes - 302 - redirect to https scheme and 400 after connect
proxy config
server {
error_log /var/log/nginx/nginx.err;
access_log /var/log/nginx/nginx.acc;
resolver 127.0.0.53;
listen 80; #default_server;
listen 443 ssl default_server;
server_name proxy;
ssl_certificate /etc/letsencrypt/live/proxy/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proxy/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/proxy/chain.pem;
proxy_ssl_certificate /etc/letsencrypt/live/proxy/fullchain.pem;
proxy_ssl_certificate_key /etc/letsencrypt/live/proxy/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/proxy/chain.pem;
large_client_header_buffers 1 128k;
proxy_ssl_verify on;
proxy_ssl_session_reuse off;
ssl_verify_client off;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Access-Control-Allow-Origin *;
proxy_buffering on;
proxy_buffers 8 16k;
proxy_buffer_size 16k;
proxy_pass http://$host$request_uri;
proxy_read_timeout 1800;
}
}
curl -x localhost:80 goo.gl -I -L output (goo.gl - for example, but I have this issue for every site)
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 Sep 2021 12:32:42 GMT
Content-Type: application/binary
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Location: https://goo.gl/
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
HTTP/1.1 400 Bad Request
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 Sep 2021 12:32:42 GMT
Content-Type: text/html
Content-Length: 166
Connection: close
same curl output with -v
* Trying ::1:80...
* TCP_NODELAY set
* connect to ::1 port 80 failed: Connection refused
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> HEAD http://goo.gl/ HTTP/1.1
> Host: goo.gl
> User-Agent: curl/7.68.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 10 Sep 2021 12:34:02 GMT
Date: Fri, 10 Sep 2021 12:34:02 GMT
< Content-Type: application/binary
Content-Type: application/binary
< Content-Length: 0
Content-Length: 0
< Connection: keep-alive
Connection: keep-alive
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Location: https://goo.gl/
Location: https://goo.gl/
< X-XSS-Protection: 0
X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
<
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'https://goo.gl/'
* Hostname localhost was found in DNS cache
* Trying ::1:80...
* TCP_NODELAY set
* connect to ::1 port 80 failed: Connection refused
* Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#1)
* allocate connect buffer!
* Establish HTTP proxy tunnel to goo.gl:443
> CONNECT goo.gl:443 HTTP/1.1
> Host: goo.gl:443
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Server: nginx/1.18.0 (Ubuntu)
Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 10 Sep 2021 12:34:02 GMT
Date: Fri, 10 Sep 2021 12:34:02 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 166
Content-Length: 166
< Connection: close
Connection: close
<
* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 1
curl: (56) Received HTTP code 400 from proxy after CONNECT
If I do curl without a proxy, then it will contain messages with successful TLS handshakes
i have set up the following in my nginx site config:
server {
...
add_header Referrer-Policy "no-referrer" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Xss-Protection "1; mode=block" always;
...
}
but if i have a look at my side i only see two of five headders
HTTP/2 200
server: nginx
date: Fri, 06 Apr 2018 08:58:49 GMT
content-type: text/html; charset=utf-8
content-length: 114649
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Fri, 06 Apr 2018 08:58:49 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
set-cookie: __Secure-anzah_csrf=Fmv0S0-WCZwP5fy5; path=/; secure
set-cookie: __Secure-anzah_session=IxXVlychxqE2F4lXUwW79gKwrxiTlhuQ; path=/; secure; HttpOnly
cache-control: private, no-cache, max-age=0
does anyone know what could be the cause?
Here's the relevant nginx configuration fragment:
location ^~ /static/ {
expires max;
rewrite ^/static/[^/]+/(.*)$ /$1 last;
}
After reloading nginx there's no sign of the Expires header for some reason:
$ curl -i http://monda.hu/static/1/blog/wp-content/icomoon/style.css
HTTP/1.1 200 OK
Server: nginx/1.4.1 (Ubuntu)
Date: Sat, 21 Dec 2013 22:55:46 GMT
Content-Type: text/css
Content-Length: 1783
Last-Modified: Tue, 16 Jul 2013 21:03:00 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "51e5b504-6f7"
Accept-Ranges: bytes
(The idea here is to increment the numeric version value in the URL whenever the related resource changes. Please do not tell me that expires max is a bad practice. I think it's a matter of taste and priorities.)
Other than the above there are the following location blocks present in the relevant server section:
location ~ \.php$ { ... }
location / { ... }
location ~ /\. { ... }
location ^~ /mydbadmin/ { ... }
location #php { ... } # this one is not even referenced