HTTPS is downloading file, HTTP aint

November 21, 2018, 5:47 am

≫ Next: Re: Weird redirect question

≪ Previous: Re: Weird redirect question

$

0

0

Hi all,

I'm pretty new with NGINX but i would like to learn a lot about it. Currently I've installed NGINX on CentOS7 with PHP-FPM. I've installed Let's Encrypt and would like to use HTTPS. The only problem I have is that when you go to the HTTPS site the page will be downloaded, but it works fine at http.

Is there someone that can help me with this?

Thanks in advance!

Koen

---

Re: Weird redirect question

November 21, 2018, 8:52 am

≫ Next: Re: Weird redirect question

≪ Previous: HTTPS is downloading file, HTTP aint

$

0

0

I see now, the problem is the certificate which chrome complains about.
Look for chrome details in a tab/button you could press to get more details.
Or use debug mode in firefox.

Re: Weird redirect question

November 22, 2018, 5:56 am

≫ Next: Content-Length header missing

≪ Previous: Re: Weird redirect question

$

0

0

itpp2012 Wrote:
-------------------------------------------------------
> I see now, the problem is the certificate which chrome complains
> about.
> Look for chrome details in a tab/button you could press to get more
> details.
> Or use debug mode in firefox.


Thank you for suggestion! I navigated to https://bbb.fi (which should've redirect to https://aaa.fi) and got an error: NET::ERR_CERT_COMMON_NAME_INVALID

I clicked more details and from here: https://support.google.com/chrome/answer/6098869#-200 I can see the error message which I got (ERR_CERT_COMMON_NAME_INVALID)

Here's browsers suggestions to resolve problem:

If the error mentions HSTS, privacy certificates, or invalid names, try the steps below:

Step 1: Sign in to the portal
Wi-Fi networks at places like cafes or airports need you to sign in. To see the sign-in page, visit a page that uses http://.

Go to any website starting with http://, like http://example.com.
On the sign-in page that opens, sign in to use the internet.
Step 2: Open the page in Incognito mode (computer only)
Open the page you were visiting in an Incognito window.

If the page opens, a Chrome extension isn't working right. To fix the error, turn off the extension. Learn how to turn off Chrome extensions.

Step 3: Update your operating system
Make sure your device is up-to-date on Windows, Mac, or another operating system.

Step 4: Temporarily turn off your antivirus
You'll see this error if you have antivirus software that provides "HTTPS protection" or "HTTPS scanning." The antivirus is preventing Chrome from providing security.

To fix the problem, turn off your antivirus software. If the page works after turning off the software, turn off this software when you use secure sites.

Remember to turn your antivirus program back on when you're done.

Step 5: Get extra help
If you still see the error, contact the website owner. You can also get more help on the Chrome Help Forum.


Option 1 is not solution.
Option 2 gave same error than browser in normal mode.
Option 3 didn't resolve problem.
Option 4 didn't change anything and I wouldn't ever suggest this.
Option 5 I am website owner and I don't know what to do *lol*

So unfortunately this didn't help.

Content-Length header missing

November 22, 2018, 6:42 am

≫ Next: How to transparently proxy to upstream?

≪ Previous: Re: Weird redirect question

$

0

0

Running Drupal 8 on php 7.2 and nginx 1.14.0.

We are using cloudfront and to utilise the built in compression in CF it requires that we send a Content-Length header.

If I turn gzip off; on nginx we don't get a Transfer-Encoding: chunked header which I understand you can't have both Transfer-Encoding & Content-Length but we now get neither.

Is there a way to get nginx to add the header?

Thanks

Jon

How to transparently proxy to upstream?

November 22, 2018, 6:57 am

≫ Next: Re: How to transparently proxy to upstream?

≪ Previous: Content-Length header missing

$

0

0

Hi there,

I created a similat question once, but was not clear!

Therefore my setup:
nginx 1.10.3-0ubuntu0.16.04.3

Backend server (any web server running SSL)

I am trying to get this URI: https://mynginx.domain.net/upstream
to reach the upstream on https://upstream.domain.net/

location /upstream/ {
proxy_pass https://upstream.domain.net:443/;
proxy_set_header Host $host;
}

This then makes a 302 and I see the direct upstream server.
Now imagine I want to expose just the proxy, how can I get all requests to the context forwarded to the upstream (and get handled properly)?

Thanks
David

Re: How to transparently proxy to upstream?

November 23, 2018, 5:41 am

≫ Next: Cache Proxy - "cacheable asset" clarification / sanity check

≪ Previous: How to transparently proxy to upstream?

$

0

0

Nobody with an idea here? Am I the only one?

Cache Proxy - "cacheable asset" clarification / sanity check

November 24, 2018, 1:12 pm

≫ Next: Wrong redirecting to 404 on several subfolders

≪ Previous: Re: How to transparently proxy to upstream?

$

0

0

Hi,

I am working on a small project and I am a bit baffled. Hoping someone can give me a bit of insight.

I've setup an nginx cache proxy upstream of an IIS ASP WinServer 2012 web server. For the most part things are working nicely. But I have a few weird issues.

- Intermittently (ie, maybe 3-5x per day) there is an outright fail to load some CSS asset content. This results in the page load looking gross because - the CSS is missing so the layout is broken. But - this is what I would call "intermittent" - it works for many ~thousands of loads per day without issue.

- I did a bit of debug noodling around yesterday, and - I am pretty sure that Nginx is *never* getting a cache hit for the CSS content in question. ie, if I visit the URL 3x in a row for the 'thing that fails intermittently" - I can see in my nginx logs, my visits are shown clearly, and it confirms that they are cache - misses.

- in contrast if I drop a small text file into the same directory where the CSS asset is being pulled - and hit that 3 times in a row. Then the first load of this test file is a "Miss" as expected; but then the next 2 are both 'hits' for cache.

- Possibly a related factor (this is my suspicion anyhow?) - the Windows web server is using a minification feature to automagically return minified CSS files as a batch / single minified content lump. So the way it is working presently,

http://web.server.name/path/to/css

(note there is no suffix .. such as .css)
on the IIS web server we are in iiswebroot/path/to/css
and inside the directory css are 6 .css files
and these are the things which are minified and returned as a single asset when you hit the URL,
http://web.server.name/path/to/css

I must admit, I had never seen this IIS feature in use before so it is new to me. I'm also slightly baffled/puzzled that it is returning the asset against the URL,

http://web.server.name/path/to/css

and not something like

http://web.server.name/path/to/css/minified-css-file-name.css

but anyhow, that is how the WebAdmin for this windows webserver set it up so I'm trying not to rock the boat on how it is setup and working.

Anyhow. Some relevant config stanzas for my nginx setup,
(not! my whole config - for brevity - just key bits to illustrate what is happening)

---paste---
# setup cache
proxy_cache_path /var/nginx-cache levels=1:2 keys_zone=STATIC:10m
inactive=24h max_size=1g;


# cache everything (it is all static) from this particular path
# (NOTE THIS IS WHERE THE CSS ASSET LIVES DESCRIBED ABOVE)
# ie /path/to/Content/
location ~* /Content/ {
proxy_pass https://www.servername.com;
proxy_set_header Host $host;
proxy_buffering on;
proxy_cache STATIC;
proxy_cache_valid any 24h;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
}

# Various static content types from all locations will be cached

location ~* \.(asa|asax|ascx|bin|bmp|browser|config|cs|cshtml|csproj|css|csv|dll|doc|docb|docm|docx|dot|dotm|dotx|drc|eot|exe|gif|htm|html|ico|jpeg|jpg|js|json|log|mdf|mng|ogg|otf|pdb|pdf|php|png|pot|potm|potx|ppam|pps|ppsm|ppsx|ppt|pptm|pptx|qt|resources|resx|rm|rmvb|roq|rsp|shtml|sld|sldm|sldx|svg|svi|swf|targets|ttf|txt|vob|webm|webp|well|woff|woff2|xla|xlam|xll|xlm|xls|xlsb|xlsm|xlsx|xlt|xltm|xltx|xlw|xml|yuv)$ {
proxy_pass https://www.servername.com;
proxy_set_header Host $host;
proxy_buffering on;
proxy_cache STATIC;
proxy_cache_valid 200 10m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
}

#anything else goes to back end - ie - non static / things we don't wish to cache on the proxy
location / {
proxy_pass https://www.servername.com;
proxy_pass_header X-ThingeyBob-Real-IP;
proxy_set_header Host $host;
proxy_set_header X-ThingeyBob-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}




---end of config stanza---

so .. if anyone can comment,

- does nginx inherently just 'not cache a thing that looks like a directory path' - and I can't force it to do so - ? or is there some configuration tweak which might allow that to work ?

- will I need to have windows admin adjust the IIS Back-end host / so that the minified stuff will be returned with a format I might call 'more normal' - ie - minified-css-filename.css - for example ? (or do I just lack sufficient experience with IIS servers to understand what is 'normal' here :-) ?

Based on the fact we get intermittent fails right now, for this particular 'asset' - and zero cache hit behaviour, my working theory is that we have infrequent / intermittent issue with the back-end server failing to deliver the minified CSS file. For some 'unknown reason'. And so nginx has nothing to return to the external client human browser, and - the problem arises. But the windows admin seems to think this cannot be the case, it must be my config of nginx that is the problem. (sigh).

Any other comments suggestions are greatly welcome.

many thanks!

Tim

Wrong redirecting to 404 on several subfolders

November 26, 2018, 12:10 am

≫ Next: Re: Weird redirect question

≪ Previous: Cache Proxy - "cacheable asset" clarification / sanity check

$

0

0

Hello everybody,
I am nearly new to nginx and since three months I run my own server with Ubuntu 18.04. It's the first time I use Linux.

I did not find anything to my problem.

I use nginx and MariaDB. Currently I run some applications via nignx. I have a gateway host for this and a virtual host for each application.

Recently, I came across BookStack to be able to document well.

I currently have the problem that obviously some redirects are not forwarded correctly and I'm redirected in some subfolders on the error page 404 / not found.

I have found that in the application is always redirected to the page domain.com/translations. Since this page does not exist, 404 Not Found appears.

I have adapted the APP_URL accordingly. I would like to be reachable at https://domain.com/bookstack. I have included the URL in the .env including trailing slash.

Below are my current host configurations.

Gateway-Host

upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}

server {
listen 80 default_server;
server_name domain.name.ltd server_ip;

root /var/www;

location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:port;
proxy_redirect off;
}

location / {
# Enforce HTTPS
# Use this if you always want to redirect to the DynDNS address (no local access).
return 301 https://$server_name$request_uri;

# Use this if you also want to access the server by local IP:
#return 301 https://$server_addr$request_uri;
}
}

server {
listen 443 ssl http2;
server_name noopiescloud.spdns.de 192.168.178.52;

# Certificates used
ssl_certificate ***;
ssl_certificate_key ***;

# Not using TLSv1 will break:
# Android <= 4.4.40
# IE <= 10
# IE mobile <=10
# Removing TLSv1.1 breaks nothing else!
# TLSv1.3 is not supported by most clients, but it should be enabled.
ssl_protocols TLSv1.2 TLSv1.3;

# Cipher suite from https://cipherli.st/
# Max. security, but lower compatibility
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';

# Cipher suite from https://wiki.mozilla.org/Security/Server_Side_TLS
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

# (Modern) cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;

# Use multiple curves.
# secp521r1: Not supported by Chrome
# secp384r1: Not supported by Android (DAVdroid)
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;

# Server should determine the ciphers, not the client
ssl_prefer_server_ciphers on;

# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

# This should be chain.pem
# See here: https://certbot.eff.org/docs/using.html
ssl_trusted_certificate ***;

resolver 192.168.178.1;

# SSL session handling
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

#
# Add headers to serve security related headers
#
# HSTS (ngx_http_headers_module is required)
# In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Content-Type-Options "nosniff" always;
# Usually this should be "DENY", but when hosting sites using frames, it has to be "SAMEORIGIN"
add_header Referrer-Policy "no-referrer" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

location = / {
# Disable access to the web root, otherwise nginx will show the default site here.
deny all;
}

#
#app1
#
location ^~ /app1 {
proxy_pass http://127.0.0.1:port;
proxy_read_timeout 90;
}

#
#app2
#
location ^~ /app2 {
proxy_pass http://127.0.0.1:port;
}

#
# app3
#
location ^~ /app3 {
proxy_pass http://127.0.0.1:port;
}

#
# BookStack
#
location ^~ /bookstack/ {
rewrite ^/bookstack/(.*) /$1 break;
proxy_pass http://127.0.0.1:port/;
return 301 https://$server_name$request_uri;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

BookStack Virtual Host

server {
listen port;
root /var/www/bookstack/public;
index index.php index.html index.htm;
server_name 127.0.0.1;

access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;

client_max_body_size 100M;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
Also an excerpt from the last logs.

2018/11/22 13:27:27 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:27:34 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:24 [error] 3067#3067: *603 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:29 [error] 3066#3066: *677 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:41 [error] 3066#3066: *817 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:59 [error] 3066#3066: *677 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"

Hope, u guys can help me out with this.

---

Re: Weird redirect question

November 26, 2018, 1:48 am

≫ Next: Re: Cache Proxy - "cacheable asset" clarification / sanity check

≪ Previous: Wrong redirecting to 404 on several subfolders

$

0

0

Any other ideas, anyone? Still trying to figure this one out.

Re: Cache Proxy - "cacheable asset" clarification / sanity check

November 27, 2018, 3:37 am

≫ Next: MAKE NGINX NOT TO WAIT FOR MIRROR RESPONSE

≪ Previous: Re: Weird redirect question

$

0

0

So, a little followup on this. In case anyone else finds themselves in the same situation. I dug into docs a bit more and reading, I realized I needed to look at the (!precise!) config for proxy_cache_key. A bit more reading of online docs / and some various online discussions.. I adjusted my config

# new setting that worked
proxy_cache_key "$host$uri$is_args$args";

# old setting that did not work
# proxy_cache_key "$scheme$host$request_uri";

then test/restart nginx; delete manually the content of the /path/to/cache/on/disk
... and happy days, I am now getting cache hits for the URL, http://web.server.name/path/to/css - whereas in the past I was getting MISS on the cache 100% of the time for this URL.

After making the adjustment, there was a plainly visible change to page load performance for the website. Everything moved from being "Meh-ok-good" performance to being "Wow-fast-visibly-snappy-quick". So this is nice.

After ~overnight things appear to be in a good place. So I think the issue is resolved.

So. I guess the answer to my post question, "what defines a cachable asset?" - the answer, is, whatever you configured your proxy_cache_key settings to be in your nginx setup. Woot.

Hope this info is of slight use-help-interest to someone else, sometime. Maybe.


Tim Chipman

MAKE NGINX NOT TO WAIT FOR MIRROR RESPONSE

November 28, 2018, 7:23 am

≫ Next: Newb question: How do i edit the config?

≪ Previous: Re: Cache Proxy - "cacheable asset" clarification / sanity check

$

0

0

I am mirroring all the requests to another server. But, nginx waits for the response from my mirroring server also. Is it possible to make to not wait for the mirror response

Newb question: How do i edit the config?

November 28, 2018, 8:36 am

≫ Next: How do I handle wildcard subdomains intelligently?

≪ Previous: MAKE NGINX NOT TO WAIT FOR MIRROR RESPONSE

$

0

0

I'm trying to install phpBB and getting a "404 not found" install error. According to a thread on the subject, I have to edit my nginx config file by adding a couple of lines. It's at the bottom of the 1st post here:

https://area51.phpbb.com/phpBB/viewtopic.php?t=49426

However, when I add those lines to the bottom of my nginx.conf file, I get an error on reload saying:

"2018/11/28 16:20:42 [emerg] 36155#36155: "location" directive is not allowed here in /media/sdn1/MySiteName/.nginx/nginx.conf:28"

I'm sure I'm doing something wrong. Could anyone give any advice? I just plugged the code at the end of the file. Thank you.

How do I handle wildcard subdomains intelligently?

November 28, 2018, 11:33 am

≫ Next: Launch subrequest before filter gets called

≪ Previous: Newb question: How do i edit the config?

$

0

0

Obviously there are certain important exceptions that I wish to be able to specify, but for regular users on the system, I want to serve files, and perhaps enable php-fpm or the like, at the domain

* https://[username].colmena.biz/

from the user's web directory

* /home/[username]/public_html/

I am not quite sure how to do this. At some time and place there was an "suphp" module that restricted php users to running processes under their own username, but I do not know if anything similar is available with php-fpm, not that I'm stuck on PHP. I am mainly looking for ideas. Perl or other languages might be fine, too.

Launch subrequest before filter gets called

November 29, 2018, 2:29 am

≫ Next: Re: Launch subrequest before filter gets called

≪ Previous: How do I handle wildcard subdomains intelligently?

$

0

0

Dear Nginxers,

I previously wrote a post which got no response, after rereading it, it was in fact not clear at all... Mainly due to a misunderstanding on my side! This is the reason why i prefer starting a new thread to avoid confusions.

I came up with a solution where I have a filter which makes subrequests to various upstreams. It afterwards aggregates the responses along with the main request, manipulates the response and then calls the next filter with this. This is working nicely, all subrequests are sent in parrallel, so far so good...

However, this filter gets called only when we start receiving some data for the main request (which is also an upstream). This is not very efficient because if this upstream is slow, then the whole process is delayed!

In order to avoid this, how should i proceed ?
* Do i have to move my filter to a module hooked on CONTENT phase ? In that case, how to retrieve the subrequest responses, would it delay the filtering ?
* Trick the Content phase, so that filter is called immediately and the main request upstream is called by a subrequest ? (Yeah that's ugly !)

Thanks for your help,

kR

Re: Launch subrequest before filter gets called

December 3, 2018, 7:08 am

≫ Next: [newb]Anyone else setup nginx in weblogic?

≪ Previous: Launch subrequest before filter gets called

$

0

0

Dear members,

To achieve my usecase, i have created a module that launches two subrequests to different upstreams. I then retrieve the body of those subrequests' responses and put them into a single output chain. Which i forward to a dedicated filter.

This works sometimes, and sometimes not ... Indeed, NGINX worker regularly crashes during request finalization, the reason for this is that the request pool is NULL (as many of the ngx_http_request_t attributes). I suspect it has been freed by some way but i don't get why it doesn't happen everytime

If you have any ideas ?

Thanks,

kR

---

[newb]Anyone else setup nginx in weblogic?

December 6, 2018, 1:51 pm

≫ Next: Joomla custom app, matching and using alias/try_files

≪ Previous: Re: Launch subrequest before filter gets called

$

0

0

Hello folks,

This is my first time configuring nginx as a transparent proxy for web applications deployed in weblogic.
Our setup is we have rules configured in iptables, any inbound traffic to the weblogic port is redirected to port 80 (where nginx is running).We have setup basic auth basically for everything and turn off for some exception URIs. We have successfully achieved our goals in terms of providing transparent proxy that applies basic auth to protect the service. However, i have started to notice two issues so far on Weblogic runtime operation specifically activating a change through the console, 401 unauthorized and Admin lifecycle

1. [Deployer:149150]An IOException occurred while reading input. : with response code '401' : with response message 'Unauthorized'. this is because the admin sends http request to /bea_wls_deployment_internal/DeploymentService uri and intercepted by nginx

I have tried turning basic auth off but does not help.

2. Admin server restart.
<BEA-149504> <The adminstration server was unable to establish JMX Connectivity with the CustomerContactManagementSrv1 at the JMX Service URL of service:jmx:t3://blah:12041/jndi/weblogic.management.mbeanservers.runtime.>

I've attached my conf file. Any pointers will help and appreciated

Joomla custom app, matching and using alias/try_files

December 6, 2018, 4:16 pm

≫ Next: Re: Joomla custom app, matching and using alias/try_files

≪ Previous: [newb]Anyone else setup nginx in weblogic?

$

0

0

G'day,

Unfortunately I've only got a limited knowledge of what I'm asking, please forgive me if I use the wrong terminology (this might be why I failed to find the answer on Google).

Currently I have a Joomla site working with Search Engine Friendly URLs, using the following Joomla works great:
try_files $uri $uri/ /index.php?$args;

I'm writing a PHP script that is included inside a Joomla article that will reference the URI to generate its queries to the database, for this to work properly I will need to match all child URI's and display the parent URI (not a redirect).

As an example:
Joomla article (Parent): http://mysite.com/catalogue
Child: http://mysite.com/catalogue/shirt/short-sleeve/page1

In the above example, I would like to still see the "Catalogue" in Joomla but maintain the entire child URI... at the moment if I browse to the child url I get a 404 error.

Thanks in advance,

Brad

Re: Joomla custom app, matching and using alias/try_files

December 6, 2018, 8:33 pm

≫ Next: getting 304 status instead of needed 200

≪ Previous: Joomla custom app, matching and using alias/try_files

$

0

0

This has been my attempt at it after working for several hours... I keep getting 404 errors when trying to match /catalogue/??????, in this case I'd like it to try root /index.php?args.
I've aliased the root and nested PHP fastcgi_param SCRIPT_FILENAME $request_filename thinking that would be it but I'm afraid there's no change.



server {
listen *:80;
server_name mysite.com ;

root /var/www/mysite.com/web/;

if ($http_host != "mysite.com") {
rewrite ^ $scheme://mysite.com$request_uri? permanent;
}

index index.html index.htm index.php index.cgi index.pl index.xhtml;

location ~ /\. {
deny all;
}

location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ \.php$ {
try_files /fb25ca5e73fd29cfa241f5e05cce00f2.htm @php;
}

location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web5.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}




location ^/catalogue/(.*)$ {
alias /var/www/mysite.com/web/;
try_files $uri $uri/ /index.php?$args;

location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web5.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
}

}

client_max_body_size 200M;
try_files $uri $uri/ /index.php?$args;
}

getting 304 status instead of needed 200

December 8, 2018, 7:27 am

≫ Next: Canary Deployment on per-location context

≪ Previous: Re: Joomla custom app, matching and using alias/try_files

$

0

0

Hi,

Please help to set 200 (no cache needed) for some URLs instead of 304

response
[08/Dec/2018:14:58:44 +0000] "GET /api/board HTTP/2.0" time_local="08/Dec/2018:14:58:44 +0000" protocol="HTTP/2.0" status="304" 304 0 "https://xxx" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"



server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_session_timeout 1d;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
client_max_body_size 8M;

location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass "http://192.168.0.1:8080";
}

location /location/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass "http://192.168.0.4:8888";
proxy_connect_timeout 36000s;
proxy_send_timeout 36000s;
proxy_read_timeout 36000s;
send_timeout 36000s;
}

location / {
proxy_pass "http://192.168.0.4:8888";
}

}

Canary Deployment on per-location context

December 10, 2018, 1:44 pm

≫ Next: How to define nginx code for per Domain?

≪ Previous: getting 304 status instead of needed 200

$

0

0

I'm using Nginx as a reverse proxy for multiple backend services. These services are isolated and run on different release cycles. Depending on what's in the process of being updated, some services may require a canary deployment while other services have a single endpoint.

I've been looking at the ngx_http_split_clients_module which looks like exactly what I need, but it can only be placed in the http context. I effectively need the same functionality, but would have to run it in the location contexts of my different services. Is there any way to achieve this?