I've searched Google / this forum for this but can't find anything relevant so apologies in advance if this has been covered elsewhere.
I've enabled Opcache on my server and have GeoIP enabled.
The default fastcgi_cache_key directive is:
fastcgi_cache_key "$scheme$request_method$host$request_uri";
How can this be modified to include the user country (from GeoIP) so that each country has a separate cache entry for each page?
As far as I'm aware, the GeoIP headers are set in the server {} block which is loaded after /etc/nginx/nginx.conf (where the fastcgi_cache_key) is set.
Additionally, I've tried setting the fastcgi_cache_key in the individual site conf file but this only works when only 1 site is enabled.
Have I missed a really simple step here?
Many thanks,
James
Related
I have a wordpress site running on apache. I need to redirect domain.com/examplepage/* to domain.com/examplepage
so as an example
domain.com/examplepage/randomstring/randomstring
world go to
domain.com/examplepage
I've tried to google how to do this but cant find a way. I'm sure it's because I just don't know how to search for the correct thing. I'm willing to use wordpress plugin, .htaccess, or apache config. Whatever works.
Well, you can see many, many answers to this here on SO. Did you check the "Related" section on the right hand side here?
Anyway, here is what you are probably looking for:
RewriteEngine on
RewriteRule ^/?examplepage/.+ /examplepage [END]
The above implements an internal rewrite. In case you really want an external redirection instead this would be the variant:
RewriteEngine on
RewriteRule ^/?examplepage/.+ /examplepage [R=301]
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup, certainly you will need to add another rewriting condition to break an endless rewriting loop.
This implementation will work likewise in the http servers host configuration or inside a distributed configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a distributed configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using distributed configuration files (".htaccess"). Those distributed configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).
I'm using Nginx as a webserver and want to implement a browser caching method so that the users keep copies of static, unchanged files locally and download only changed files. One of the propositions was to use the file's timestamp to figure out the changed files and refresh them only, but this is not possible in my case since after every new deploy, a new version of the whole web application is created, and all the files' timestamps change.
I researched a little about the ETag header, which seemed like a pretty good solution, but I found out that Etags are not officially supported by Nginx yet.
Is there any way of implementing the Etags on Nginx or alternative solutions?
Upgrade your Nginx.
Syntax: etag on | off;
Default: etag on;
Context: http, server, location
This directive appeared in version 1.3.3.
Enables or disables automatic generation of the “ETag” response header field for static resources.
Source: http://nginx.org/en/docs/http/ngx_http_core_module.html#etag
All recent versions of Nginx (newer than 1.3.3) will automatically set these.
For example:
location /img {
root /path/to/public;
}
and the response headers Etag + Last-Modified headers will be returned.
I'm working with apache on my local instance and nginx on production.
I have a javascript application that is setting headers in API calls to authenticate the user. It's working fine on local with my apache server. However for some reason, my custom headers are ignored by Nginx.
I tried to add this line in my site configuration:
add_header 'Access-Control-Allow-Origin' '*';
But it still ignore the headers.
Does anyone know where I should look to bypass this ?
Cheers,
Maxime
I found what was the issue.
My custom headers were API_USER and API_TOKEN.
There is a directive in Nginx that says to ignore headers with a '_' in the name, more info here
So I've updated my custom headers to x-api-user and x-api-token and now it's working like a charm !
nginx.conf:
server_tokens off;
Why could this get ignored, the header is still sent:
Server: nginx
No, other included config files do not contain server_tokens configuration.
Yes, I did restart all services.
To cite the docs on the server_tokens directive:
Enables or disables emitting nginx version in error messages and in the “Server” response header field.
According to the docs, it thus doesn't prevent the generation of the Server header but only prevents the addition of the exact version. If you want to completely remove the servers header, you could use the ngx_headers_more module.
"The setting works as documented"
The above is kinda insane... (Sorry Hulgar Just, but if you don't understand the rant you should probably not answer.)
Nginx doesn't need to broadcast out its version and the server OS, basically ever, outside of debug situations, shouldn't actually be a question. nor should people wanting to stop that insane behavior be a problem to anyone who knows anything about infosec.
As it stands site failures even with the "feature' enabled, results in disclosure of information that is unnecessary for visitors. The absolute best you can do is disable it in all your site configs, but when they die you still have a problem. Patching is the only way at the moment sadly...
I am totally newbie on NGINX reverse proxy solution and its seems to getting hard to understand all the terminology. I am looking for a solution as follows. I would really appreciate anybody's help to configure the same.
We have an internal web server which we would like to publish at WWW site but don't want customer to see internal server URL. As example:
Customer access www.mycompany.com/track --> NGINX read the track and then redirect URL to internal server.com.au/tracker . We dont want customer to see this address.
Any suggestion?
Cheers,
Sandy
It is much better in this case to use the proxy. Rewrites are meant for URLs within the same domain or to redirect the client (which would show in the url).
Try this:
location / {
proxy_pass http://internal.example.com/;
proxy_set_header Host $host;
}
Rewriting on nginx is quite the same than on Apache :) The syntax varies.
When Apache uses RewriteRule, nginx uses rewrite. May I suggest you this reference http://wiki.nginx.org/HttpRewriteModule ? Check 2.4 and 2.5 for rewriting-specific documentation. You'll find information about the rewrite syntax, and rewriting options.
There is a quick example from above, if you just need the basic syntax :
rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 break;
By the way, if you want to work from examples, you can transform your Apache .htaccess file into a piece of nginx configuration, using this tool : http://winginx.com/htaccess