I'm using Symfony2 with nginx as http server (I don't know much about reverse proxies, I just installed it and didn't touch anything), without Apache nor Varnish.
I need to know whether nginx is caching the responses I send with the correct headers, like public, max-age, and s-max-age, or I have to add something else to the stack, like Varnish.
I have read somewhere that if you add Varnish, you will have to add yet something else, for gzip compression. So it would be nginx -> Varnish -> ???
So is nginx caching? How can I check that? I did grep cache on the nginx logs and found nothing.
To use nginx caching you should configure it.
http://nginx.org/r/fastcgi_cache_path
http://nginx.org/r/proxy_cache_path
You do not need Varnish unless ESI is required.
Related
I try to configure my Nginx load balancer. My configuration works but there is a behavior i can't understand.
As we can read i Nginx doc's:
"By default, NGINX redefines two header fields in proxied requests, “Host” and “Connection”..."
So, why Ngnix redefines this two headers and don't pass them by default?
I feel that it can be important behavior to understand but i don't know where to find an answer :)
To understand why Nginx redefines "host" and "connection" headers and don't pass them by default.
NGINX Reverse Proxy is working well. Using the cache it's possible to store static content on every Reverse Proxy to reduce traffic on the main server. I can set a time after the last access it will be removed - so far I know.
Having more Reverse Proxies - is it possible to sync the cache between the Reverse Proxys or preload a special file to all of them? And if yes, how I can do it?
This would be a good speed up for new bigger files.
You could locate the cache files and synch them across your servers with something like rsync.
To pre-load a cache you‘d have to curl each possible URL.
i have installed wordpress and i've set SSL (LetsEncrypt).
It works fine since few months.
Now i want to add Varnish to speed up site and i have one issue.
My config is:
MyPage.com (443) -> Varnish (80) -> MyPage (8080) no https.
When i open page, everything is OK
besides address to static files.
All URL's to CSS, JS, Images are served as HTTP, NOT HTTPS.
That is because in the end page is served by Apache without SSL.
Do you know how to change address to static files, that they will be served as HTTPS (https://MyPage.com/my.js instead of http://MyPage.com/my.js)?
Wordpress save the links absolutly in the database.
Soloution 1:
You edit all entries in the Database
Soloution 2:
Simple use this Plugin to write all url´s in the database from http to https:
https://de.wordpress.org/plugins/really-simple-ssl/
You might need to make sure the X-Forwarded-Proto header is set and passed all the way back through Varnish to the backend.
Assuming you have Apache:443 -> Varnish:80 -> Backend:8080
Then in the Apache config that is handling the https add the following to the VirtualHost
RequestHeader set X-Forwarded-Proto "https"
Varnish should forward this by default, unless you have done anything custom to the config that might prevent it.
This header should then be respected and used to set the protocol on the urls for assets.
I've recently setup a Crucible instances in AWS connected via a HTTPS ELB. I have a nginx reverse proxy setup on the instance as well to redirect HTTP requests to HTTPS.
This partially works. However Crucible itself doesn't know it's running over HTTPS so serves up mixed content, and ajax queries often break due to HTTP -> HTTPS conflicts.
I've found documentation for installing a certificate in Crucible directly...
https://confluence.atlassian.com/fisheye/fisheye-ssl-configuration-298976938.html
However I'd really rather not have to do it this way. I want to have the HTTPS terminated at the ELB, to make it easier to manage centrally through AWS.
I've also found documentation for using Crucible through a reverse proxy...
https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
However this doesn't specifically deal with HTTPS.
All I really need is a way to ensure that Crucible doesn't serve up content with hard coded internal HTTP references. It needs to either leave off the protocol, or set HTTPS for the links.
Setting up the reverse proxy configuration should help accomplish this. Under Administration >> Global Settings >> Server >> Web Server set the following:
Proxy scheme: https
Proxy host: elb.hostname.com
Proxy port: 443
And restart Crucible.
Making configuration on UI is one way. You can also change config.xml in $FISHEYE_HOME:
<web-server site-url="https://your-public-crucible-url">
<http bind=":8060" proxy-host=“your-public-crucible-url" proxy-port="443" proxy-scheme="https"/>
</web-server>
Make sure to shutdown FishEye/Crucible before making this change.
AFAIK, this configuration is the only way to tell internal Jetty of FishEye/Crucible to be aware of the reversed proxy in front of them.
Hello I know Gzip over https/SSL is unsecured but my server runs just one blog that is a static file website with so there is no security risk.
So what I would like to do is use both https fro http_v2 and Gzip in my Nginx server configuration.
Does anyone know how to enable them both as it seems that Gzip by default only runs with http?
Thanks
The attacks allow attacker to guess the content (like cookies). If you don't store anything confidential in them, you can safely activate Gzip.