I'm using Nginx as a web server for my site.
My goal is to enable caching on my site so my site can load faster.
I've tried added
proxy_cache one;
Nginx Config File
server {
listen 80 default_server;
server_name default;
root /home/forge/web-app/public;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location ~* \.html$ {
expires -1;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
#configure cache
proxy_cache one; <----------------------------- Added HERE
proxy_cache_valid any 1m;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
#configure cache
proxy_cache one;
proxy_cache_valid any 1m;
}
location ~ /\.ht {
deny all;
}
}
How do I properly enable HTTP cached in Nginx, and test my work ?
Any hints / suggestions will be much appreciated !
You need to define this cache zone first using proxy_cache_path. Here's the tutorial.
Related
I manage a wordpress site.
I have below code block in my nginx config file.
server {
listen 443 ssl;
server_name example.com;
client_max_body_size 1000M;
root /var/www/wordpress;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
expires 1s;
set $skip_cache 0;
# POST requests and URLs with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URIs containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged-in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location / {
autoindex on;
client_max_body_size 1000M;
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires 1s;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_cache_lock on;
expires 1s;
add_header X-FastCGI-Cache $upstream_cache_status;
}
location ~ /.well-known {
allow all;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
try_files $uri =404;
}
}
I created test file in /var/www/wordpress/.well-known/acme-challenge/ folder.
when I load https://example.com/.well-known/acme-challenge it gives me nice 404 from wordpress.
when I load https://example.com/.well-known/acme-challenge/ it gives me below error
404 Not Found
nginx/1.14.0 (Ubuntu)
when I try to load https://example.com/.well-known/acme-challenge/test also it gives me. below 404 error.
404 Not Found
nginx/1.14.0 (Ubuntu)
Because of this my ssl renew fails.
What am I missing here ?
Is there any way of changing the default of the Cache-Control header that is currently set to no-cache, private on all html type files?
I have tried changing this behavior via nginx.conf as well as via Forge panel, but nothing seems to work for me.
All other files are cached as they supposed to except the actual html
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
server_tokens off;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/824182/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/824182/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header Last-Modified $date_gmt;
if_modified_since off;
etag off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
try_files $query_string/index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# browser caching of static assets
location ~* \.(ico|css|js|json|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ {
expires 30d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public, max-age=2592000";
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/after/*;
Can you try the following configuration?
map $uri $cache_control {
~\.html$ "public, max-age=2592000";
}
server {
...
location / {
add_header Cache-Control $cache_control;
try_files $uri $uri/ /index.php?$query_string;
}
...
location ~ \.php$ {
try_files $query_string/index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_hide_header Cache-Control;
include fastcgi_params;
}
...
My permalinks are ~~/%category%~~/%postname%/~~.html~~.
I migrated from Apache to Nginx.
Then my config file I added in
server{
location /mydirectory/ {
try_files $uri $uri/ /mydirectory/$uri.html;
}
But my browser goes on going to the 404 page.
I tried many codes found after deleting cache but still no success.Any help will be much appreciated
Thank you
I desactivate all my plugins and was able to change my permalinks into
/%postname%/
Here is my my.site.com config (my site is in a sub directory Vie/) :
server {
listen 80;
server_name my.site.com;
location ~ /(vie|\|Vie|Vie)/(.*) {
return 301 https://my.site.com/Vie;
}
return 301 https://my.site.com/Vie$request_uri;
}
server {
listen 443 ssl;
server_name my.site.com;
root /var/www/my.site.com/html;
index index.php index.html;
ssl_certificate /etc/letsencrypt/live/krouus.company/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/krouus.company/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000;";
location /Vie/ {
index index.php;
try_files $uri $uri/ /Vie/index.php?$args;
}
location / {
try_files $uri $uri/ /Vie/index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
}
location ~* commun {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ (^|/)\. {
return 403;
}
location ~* \.(?:css|gif|htc|ico|js|jpe?g|png|swf)$ {
expires max;
log_not_found off;
## No need to bleed constant updates. Send the all shebang in one
## fell swoop.
tcp_nodelay off;
## Set the OS file cache.
open_file_cache max=1000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
location ~* \.ini$ {
deny all;
return 404;
}
error_page 404 /404.html;
location /404.html {
internal;
}
location ~* /(?:uploads|files)/.*\.(html|htm|shtml|php|js|swf|py|jsp|asp|sh|cgi)$ {
deny all;
}
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 444;
}
location ~* wp-includes/theme-compat/ {
deny all;
}
location ~* wp-includes/js/tinymce/langs/.*.php {
deny all;
}
location /wp-includes/ {
internal;
}
location ~* .(pl|cgi|py|sh|lua|asp)$ {
return 444;
}
location ~* /(wp-config.php|readme.html|license.txt|nginx.conf) {
deny all;
}
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location /xmlrpc.php {
deny all;
}
}
Try this instead. As i was also facing same problem,hope its work for you too.
location /mydirectory{
try_files $uri $uri/ /mydirectory/index.php;
}
Well in fact I solved my problem. I read attentively my ocnfiguration and removed
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
And now my Wordpress works.
Cheerio!
I am trying to host multiple unrelated sites on the same nginx server. How do I edit the http.conf and the https.conf file in order to make it work?
ORIGINAL HTTP.CONF
server {
listen 2333;
server_name port1.example.com;
rewrite ^/(.\*) http://port1.example.com/$1 permanent;
root /var/www/html;
index index.php index.html;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/http_access.log combined;
error_log /var/log/nginx/http_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$
{
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
ORIGINAL HTTPS.CONF
server {
listen 4433 ssl default_server;
server_name _;
ssl_certificate /etc/nginx/ssl/port2.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/port2.example.com.key;
root /usr/share/nginx/html;
index index.php index.html;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/https_access.log combined;
error_log /var/log/nginx/https_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$
{
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
My port 4433 is on SSL obviously. How can I get port 2333 to work only on port1.example.com and port 4433 to work only on port2.example.com It's better if 2333 can be served on SSL, too.
Thanks guys for viewing. I ended up using Nginx and it was way faster setting up using multiple .conf files in the /etc/nginx/conf folder.
So I'm setting up an nginx server and installed wordpress and SSL.
The site is working perfectly on both http and https but when I try to redirect http to https via nginx's server block, both http and https results in a endless redirect loop.
Here's my server block
server {
listen 80;
return 301 $server_name$request_uri;
listen 443 ssl spdy;
root /var/www/wordpress;
index index.php index.html index.htm;
server_name www.example.com;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
spdy_headers_comp 6;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/certs/www.example.com.certchain.crt;
ssl_certificate_key /etc/ssl/private/www.example.com.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Alternate-Protocol 443:npn-spdy/2;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_set_header X-Forwarded-Proto $scheme;
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
if ($http_referer ~* (buttons-for-website.com)) { return 444; }
if ($http_referer ~* (semalt.com)) { return 444; }
}
location ~ \.(hh|php)$ {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
location ~ \.php$ {
location #fallback {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
# Cache Static Files For As Long As Possible
location ~*
\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|$
{
access_log off;
log_not_found off;
expires max;
}
# Security Settings For Better Privacy Deny Hidden Files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Return 403 Forbidden For readme.(txt|html) or license.(txt|html)
if ($request_uri ~* "^.+(readme|license)\.(txt|html)$") {
return 403;
}
# Disallow PHP In Upload Folder
location /wp-content/uploads/ {
location ~ \.php$ {
deny all;
}
}
}
I'd really appreciate anyone's help. I commented out that "return 301" in 3rd line and google indexed both http and https version of the same page and deindexed most of my pages and dropped rankings for several keywords.
Thanks a bunch in advance!
Try separating the non ssl server block so you'd have this
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl spdy;
root /var/www/wordpress;
....