nginx - enabling cache for .css file with gzip compression - nginx

I have following nginx config. if I remove the cache config for css everything works and all css files load perfectly via reverse proxy. but when I put in cache config for .css that results in 404 for all my css resources:
location ~* \.css {
add_header Cache-Control public;
add_header Pragma public;
add_header Vary Accept-Encoding;
expires 1M;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}

Nginx chooses a single location to process a request. That location needs to be complete. See how Nginx processes a request.
Your location ~* \.css block is missing the proxy_pass statement.
The proxy_set_header statements can be moved to the outer block and inherited by both location blocks.
For example:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
location / {
proxy_pass http://localhost:8080;
}
location ~* \.css {
add_header Cache-Control public;
add_header Pragma public;
add_header Vary Accept-Encoding;
expires 1M;
proxy_pass http://localhost:8080;
}

Related

nginx reverse proxy disable cache

i use nginx as a reverse proxy to connect a api. The problem is when i send a query after add or remove something. Nginx send me the old json value. I tried to disabled cache but it's not working.
my nginx config:
location / {
sendfile off;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS $https;
}
i tried query without nginx and all work well in console
thank you!
According to the documentation proxy_cache you have to replace
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_no_cache and proxy_cache_bypass defines conditions under which the response will not be saved to a cache.
Then to disable the cache, you can replace these two condition with
proxy_cache off;
Here a full exemple that you can use to configure a proxy for a stateless api server
location /myapi {
# Proxy
proxy_set_header X-Localhost true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/myapi;
proxy_redirect off;
proxy_buffers 32 16k;
proxy_busy_buffers_size 64k;
proxy_cache off;
# Headers for client browser NOCACHE + CORS origin filter
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always;
allow all;
}

Setting expire headers for static content with nginx

I'm using Nginx in front of Glassfish (java application server) to serve my static content. I'm using following setting to set the expire headers
location /javax.faces.resource/images/ {
proxy_pass http://xx.xxx.xx:8080/javax.faces.resource/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
}
I have also CSS and JS files inside /javax.faces.resource/ and want to set another expire header. How can I achieve this without breaking the setting for images?
Another question: I noticed that sometimes there is many Cache-Control entries in Response header. Is there a possibility to reset the properties instead of using add_header? Thanks
EDITED
server {
listen xx.x.yy.xxx:80;
server_name mydomain.com www.mydomain.com ;
rewrite ^/(.*) https://www.$server_name/$1 permanent;
}
server {
listen xx.x.yy.xxx:443; ## listen for ipv4
server_name www.mydomain.com;
ssl on;
ssl_certificate /etc/ssl/www.mydomain.com.2018.pem;
# Path to an SSL certificate;
ssl_certificate_key /etc/ssl/www.mydomain.com.2018.key;
# Path to the key for the SSL certificate;
client_max_body_size 20M;
access_log /var/log/nginx/mydomain.com.access.log upstreamlog;
error_log /var/log/nginx/mydomain.com.error.log;
rewrite_log on;
location / {
proxy_pass http://xx.x.yy.xxx:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS "on";
}
location /nginx_status {
stub_status on;
access_log off;
# allow 1.1.1.1;
# deny all;
}
location /images/ {
proxy_pass http://xx.x.yy.xxx:8080/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
#add_header X-Cache-Status $upstream_cache_status;
#add_header Strict-Transport-Security max-age=15768000;
}
location /resources/desktop/images/ {
proxy_pass http://xx.x.yy.xxx:8080/resources/desktop/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
#add_header X-Cache-Status $upstream_cache_status;
#add_header Strict-Transport-Security max-age=15768000;
}
location /javax.faces.resource/images/ {
proxy_pass http://xx.x.yy.xxx:8080/javax.faces.resource/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
}
}

how to config nignx proxy root path to tomcat server but service static content directly at same time

i want nginx to service http://myhost.com/v2 staic content directly ,
but proxy http://myhost.com/ to http://mytomcat:8080/
my config of /etc/nginx/sites-enabled/default
location /v2/static {
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
now , got HTTP ERROR 404 when accessing http://myhost.com/ ,but http://mytomcat:8080/ is working,
any one can tell me how to config nginx ?
Set port_in_redirect off; Set your config exactly as below:
location / {
proxy_pass http://127.0.0.1:8080/;
port_in_redirect off;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Hope that helps

How do I fix this nginx configuration with almost-duplicate proxied locations?

I have the following nginx configuration for one of my virtual servers:
upstream app_example_https {
server 127.0.0.1:1340;
}
proxy_cache_path /Users/jaanus/dev/nginxcache levels=1:2 keys_zone=S3CACHE:10m;
proxy_cache_key "$scheme$request_method$host$request_uri";
server {
listen 0.0.0.0:1338;
server_name localhost;
ssl on;
ssl_certificate /Users/jaanus/dev/devHttpsCert.pem;
ssl_certificate_key /Users/jaanus/dev/devHttpsKey.pem;
location = / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host 'something.s3-website-us-east-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_cache S3CACHE;
proxy_cache_valid any 60m;
add_header X-Cached $upstream_cache_status;
proxy_pass http://something.s3-website-us-east-1.amazonaws.com/;
}
location /static/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host 'something.s3-website-us-east-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_cache S3CACHE;
proxy_cache_valid any 60m;
add_header X-Cached $upstream_cache_status;
proxy_pass http://something.s3-website-us-east-1.amazonaws.com/static/;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://app_example_https/;
proxy_redirect off;
}
}
What this does in English:
There’s an nginx frontend which serves requests either from a static Amazon S3 site, or an application server.
All requests to / (site root) and /static are reverse-proxied from Amazon S3. All other requests are reverse-proxied from the application server.
Now, the problem: there are two almost identical Location blocks for the S3. This was the only way how I could make this configuration work, where two specific folders (root and /static) are served from S3, and everything else goes to the application server.
Two almost-identical blocks look dumb and are not scalable. When I add such folders, I don’t want to keep duplicating the blocks.
How do I merge the two locations into one Location block, while keeping everything working the same way?
You could put repeating part into external file and include it.
amazon.inc
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host 'something.s3-website-us-east-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_cache S3CACHE;
proxy_cache_valid any 60m;
add_header X-Cached $upstream_cache_status;
proxy_pass http://something.s3-website-us-east-1.amazonaws.com;
your config
location = / {
include amazon.inc;
}
location /static/ {
include amazon.inc;
}
location / {
# proxy to you app
}
If you prefer to keep all in one file, you could use this trick:
error_page 470 = #amazon;
location = / {
return 470;
}
location /static/ {
return 470;
}
location #amazon {
# proxy to amazon
}
You could use regexp to merge several locations together, but I would not recommend to do that because it's hard to read and understand and is less efficient than simple prefix locations. But, just as an example:
# NOT RECOMMENDED
location ~ ^/($|static/) {
# proxy to amazon
}

Limit HTTP verbs without redundant config

I've got an Elasticsearch cluster plus Logstash and Kibana, and I only want to expose a read-only window into the indexes, with the exception of the index kibana-int so that dashboards can be saved.
I've found a suitable ES proxy config, and I've modified it to use limit_except to disallow write/modify to other indexes, but much of the config is needlessly duplicated. Is there a cleaner way to define this?
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
location /kibana-int/ {
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
}
There are several ways:
Solution 1
You could put repeating config into file and include it.
Your config:
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
include proxy.inc;
}
location /kibana-int/ {
include proxy.inc;
}
}
proxy.inc:
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
Solution 2
Other way is use nginx's directive inheritance.
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://elasticsearch;
}
location /kibana-int/ {
proxy_pass http://elasticsearch;
}
}
BTW, your proxy_pass_header directives are needless. Nginx proxies almost all headers by default.

Resources