Here's my nginx config (using nginx 1.16.1):
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 100000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format upstream_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'
'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
##
# Logging Settings
##
error_log /var/log/nginx/error.log warn;
access_log /var/log/nginx/access.log upstream_time;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
#Nginx cache
proxy_cache_path /nginx_cache/product levels=1:2 keys_zone=product_cache:100m max_size=20g inactive=2d use_temp_path=off;
#Serve HTML, JS, CSS & Go requests
server {
client_max_body_size 102M;
listen 443 ssl http2;
server_name example.com;
root /html;
index /;
error_page 404 /404.html;
error_page 500 /500.html;
error_page 502 =503 /maintenance.html;
location = /404.html {
add_header x-nginx-cache-status $upstream_cache_status always;
}
location ~^/([a-zA-Z0-9/]+)$ {
set $product_id $1;
rewrite ^ /product?id=$product_id break;
proxy_cache product_cache;
proxy_http_version 1.1;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_key product-$product_id;
add_header x-nginx-cache-key product-$product_id always;
add_header x-nginx-cache-status $upstream_cache_status always;
proxy_cache_valid 200 404 1d;
proxy_cache_bypass $nocache;
proxy_ignore_headers Cache-Control; #force cache
proxy_ignore_headers Set-Cookie;
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header REQUEST_URI $request_uri;
proxy_pass http://go:2053;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
}
}
}
With this configuration, I can see that 404s are actually a cache HIT after the first request, however it's not saved in the nginx_cache folder as set.
Other requests which are 200 responses are cached appropriately and saved to disk as expected.
I've tried also adding the same caching config to the location = /404.html block, but that did not have any effect on whether the file was saved to disk.
I am guessing this has to do with overriding the error page by using proxy_intercept_errors and error_page, so nginx is no longer caching it using the parameters I set.
Is there a way to achieve this?
Related
I'm trying to use proxy_set_header directive in my nginx config to add a request header. However my nginx container can't be started due to this error.
So I check the nginx config in my container and it looks like the variable is empty and Nginx treat it as if there's a missing argument.
Here is my nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 256;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [cache:$upstream_cache_status] [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/rss+xml text/javascript font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name ${DOMAIN_NAME_CLIENT};
large_client_header_buffers 4 16k;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
location /graphql {
auth_basic off;
proxy_pass http://${PRIVATE_IP_CLIENT}:3000;
proxy_set_header HOST nginx;
proxy_pass_request_headers on;
limit_except GET POST OPTIONS { deny all; }
}
location / {
auth_basic off;
limit_except GET POST { deny all; }
proxy_pass http://${PRIVATE_IP_CLIENT}:3000;
proxy_pass_request_headers on;
proxy_set_header proxied nginx;
}
}
}
Please, can anyone help me? I'm having to do a load balance on a reverse proxy server, which was not configured by me.
And when I configure the upstream directive it is giving an error. I have already tried to set it within http {} and within the settings of the site included.
My nginx.conf
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
user nginx;
worker_processes 16;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
client_max_body_size 20m;
proxy_read_timeout 3600;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Security #
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
keepalive_timeout 750;
server_tokens off;
#more_clear_headers 'Server' 'X-Powered-By' 'X-Content-Powered-By';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors digital.fortaleza.ce.gov.br epgm.pgm.fortaleza.ce.gov.br revista.pgm.fortaleza.ce.gov.br";
add_header X-Frame-Options "ALLOW-FROM digital.fortaleza.ce.gov.br epgm.pgm.fortaleza.ce.gov.br";
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
#Compression
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_disable “MSIE [1-6]\.(?!.*SV1)”;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
#SSl Certificate Security
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#Proxy
proxy_hide_header on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
server {
listen 80;
error_page 404 /404.html;
location = /basic_status {
stub_status;
allow 172.30.50.100;
allow 10.0.10.100;
deny all;
}
location / {
return 301 https://www.example.com.br;
}
}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}
My www.example.com.br config file inside sites-enable
upstream example {
server 192.168.0.1;
server 192.168.0.2;
}
server {
listen 443 ssl;
server_name www.example.com.br;
ssl_certificate /etc/nginx/certificates/bundle-pgm.crt;
ssl_certificate_key /etc/nginx/certificates/privatekey.key;
access_log /var/log/nginx/www.example.com.br/www.example.com.br_access.log;
error_log /var/log/nginx/www.example.com.br/www.example.com.br error;
location / {
proxy_pass http://example;
}
}
server {
if ($host = www.example.com.br) {
return 301 https://$host$request_uri;
}
listen 80;
server_name www.example.com.br;
return 404;
}
Now my nginx logs save on the file. But it's possible send logs to custom url (http://myapi.com/save-logs) ? I need save all my nginx logs on my database.
Currently my config file looks like this:
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
worker_rlimit_nofile 4096;
events {
multi_accept on;
use epoll;
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /var/log/nginx/error.log warn;
access_log /var/log/nginx/access.log;
open_file_cache max=5000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
types_hash_max_size 2048;
keepalive_requests 1000;
keepalive_timeout 5;
server_names_hash_max_size 512;
server_names_hash_bucket_size 64;
client_max_body_size 100m;
client_body_buffer_size 256k;
reset_timedout_connection on;
client_body_timeout 10;
send_timeout 2;
gzip on;
gzip_static on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_http_version 1.1;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
gzip_disable "msie6";
proxy_max_temp_file_size 0;
upstream proj {
server clickhouse:8123;
}
upstream grafana {
server grafana:3000;
}
server {
listen 8888;
server_name 127.0.0.1;
root /var/www;
proxy_set_header Host $host;
location / {
proxy_pass http://proj;
proxy_set_header Host $host;
add_header Cache-Control "no-cache" always;
}
}
server {
listen 9999;
server_name 127.0.0.1;
root /var/www;
proxy_set_header Host $host;
location / {
proxy_pass http://grafana;
proxy_set_header Host $host;
add_header Cache-Control "no-cache" always;
}
}
}
I think this is possible. According to http://nginx.org/en/docs/syslog.html, the server directive could let you specify where you want to log your info to.
I am using nginx with Heroku and I wanna enable http_gzip_static_module
to serve compressed files. I compress my files manually so I have for example
bundle.js
bunsle.js.gz
I can not make this work. If I enable gzip on dynamic compression works. I am not really familiar with ngnix and I am using configs that i found on internet for use with Heroku or should I say I am using this Heroku buildpack that says it is supported.
For now only compression is important to me. I would remove extra noise if I knew what is not important. Is there something I should change? This is my config file.
daemon off;
#Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
events {
use epoll;
accept_mutex on;
multi_accept on;
worker_connections 1024;
}
error_log logs/nginx/error.log;
error_log logs/nginx/error_extreme.log emerg;
error_log logs/nginx/error_debug.log debug;
error_log logs/nginx/error_critical.log crit;
http {
charset utf-8;
include mime.types;
# # - Add extra mime types
types{
application/x-httpd-php .html;
}
default_type application/octet-stream;
log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log logs/nginx/access.log l2met;
# # - Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# # - Enable open file cache
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# # - Configure buffer sizes
client_body_buffer_size 16k;
client_header_buffer_size 1k;
# # - Responds with 413 http status ie. request entity too large error if this value exceeds
client_max_body_size 8m;
large_client_header_buffers 2 1k;
# # - Configure Timeouts
client_body_timeout 12;
client_header_timeout 12;
# # - Use a higher keepalive timeout to reduce the need for repeated handshake
keepalive_timeout 300;
# # - if the request is not completed within 10 seconds, then abort the connection and send the timeout errror
send_timeout 10;
# # - Hide nginx version information
server_tokens off;
# # - Dynamic gzip compression
gzip_static on;
#gzip off;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_vary on;
#gzip_min_length 20;
#gzip_buffers 4 16k;
#gzip_comp_level 9;
gzip_proxied any;
#Turn on gzip for all content types that should benefit from it.
gzip_types application/ecmascript;
gzip_types application/javascript;
gzip_types application/json;
gzip_types application/pdf;
gzip_types application/postscript ;
gzip_types application/x-javascript;
gzip_types image/svg+xml;
gzip_types text/css;
gzip_types text/csv;
gzip_types text/javascript ;
gzip_types text/plain;
gzip_types text/xml;
gzip_types text/html;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream nodebeats {
server unix:/tmp/nginx.socket fail_timeout=0;
keepalive 32;
}
server {
listen <%= ENV['PORT'] %>;
server_name _;
root "/app/";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://nodebeats;
}
location /api {
proxy_pass http://nodebeats;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /dist {
alias "/app/app-dist";
# # - 1 month expiration time
expires 1M;
access_log off;
add_header Pragma public;
add_header Cache-Control public;
add_header Vary Accept-Encoding;
}
location /offline {
alias "/app/public/offline";
# # - 1 month expiration time
expires 1M;
access_log off;
add_header Pragma public;
add_header Cache-Control public;
add_header Vary Accept-Encoding;
}
location /scripts {
alias "/app/node_modules";
# # - 1 month expiration time
expires 1M;
access_log off;
add_header Pragma public;
add_header Cache-Control public;
add_header Vary Accept-Encoding;
}
}
}
I'm trying to add the expires headers for images and css/js to my Nginx configuration. But Once I add it, it brakes eveything and I cannot get the website correctly.
This is my nginx.con
worker_processes auto;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100000;
types_hash_max_size 2048;
#BUFFER SIZE
client_body_buffer_size 128k;
client_max_body_size 10m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
output_buffers 1 32k;
postpone_output 1460;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /usr/local/nginx/logs/access.log;
error_log /usr/local/nginx/logs/error.log;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
# Enable Gzip
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_types
# text/html is always compressed by HttpGzipModule
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/json
application/xml
application/rss+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
### Proxy Settings
# proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=one:8m max_size=1000m inactive=600m;
# proxy_temp_path /usr/local/nginx/cache/tmp;
# proxy_cache_valid 404 1m;
# proxy_cache_valid 500 502 504 5m;
# proxy_cache_valid 200 302 1w;
# expires 1w;
# add_header Cache-Control "public";
# charset utf-8;
include /usr/local/nginx/conf/sites-enabled/*;
}
Here the server configuration :
map $scheme $hsts_header {
http max-age=31536000;
}
server {
listen 80;
client_max_body_size 20M;
#root /usr/share/nginx/html;
#index index.html index.htm;
include includes/pageSpeedConfig;
include includes/redirects;
include includes/static-cache;
add_header Strict-Transport-Security $hsts_header;
add_header Strict-Transport-Security max-age=31536000 always;
location /probepage {
proxy_pass http://127.0.0.1:8080;
}
error_page 500 502 503 504 /502.html;
location = /502.html {
root /usr/local/nginx;
}
location /api {
proxy_pass http://127.0.0.1:8080;
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /usr/local/nginx/proxy;
}
}
and here the configuration for adding the expires static-cache file include :
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 365d;
}
I'm not including the https server, as this is the test server.
Can you please help?
Thanks a lot