log
August 27, 2015 07:56PM
Reinis,

Great thanks for the your tips. Here is the update.

This is for a wordpress blog, with http and https access. We dont need to redirect http traffic to https. In addition, I want to access it either by http: //example.com, http: //www.example.com, https: //example.com, or https: //www.example.com

There are several problems caused by the following configuration.

1. http:// www.example.com/fold1/readme.php will be redirected to https:// fold1/readme.php

2. https: //example.com/fold1/readme.php will be redirected to https: //fold1/readme.php

3. https: //www.example.com/fold1/readme.php was loaded over HTTPS, but requested an insecure script 'http: //www.example.com/fold1/js/user-profile.min.js?ver=4.3'. This request has been blocked; the content must be served over HTTPS.
readme.php:1 Mixed Content: The page at 'https: //www.example.com/fold1/readme.php' was loaded over HTTPS, but requested an insecure script 'http: //www.example.com/fold1/js/language-chooser.min.js?ver=4.3'. This request has been blocked; the content must be served over HTTPS.


.

server {
listen 80 default_server; ## listen for ipv4; this line is default and implied
listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name example.com www.example.com *.example.com;
# return 301 https://$server_name$request_uri;
#}
#
#server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
keepalive_timeout 70;

#ssl on;
ssl_certificate /etc/nginx/cert/example.com-unified.crt;
ssl_certificate_key /etc/nginx/cert/example.com.key;

server_name example.com www.example.com *.example.com;
server_name_in_redirect off;

charset utf-8;
root /usr/share/nginx/html/example.com;

access_log /home/wwwlogs/example.com.access.log;
error_log /home/wwwlogs/example.com.error.log;

#if ($http_host != "www.example.com") {
# rewrite ^ https://www.example.com$request_uri permanent;
#}

index index.php index.html index.htm;

#fastcgi_cache start
set $skip_cache 0;

# POST requests and urls with a query string should always go to PHP
# fastcgi_cache_methods default value allready is only GET and HEAD
#if ($request_method = POST) {
# set $skip_cache 1;
#}
if ($query_string != "") {
set $skip_cache 1;
}

# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $skip_cache 1;
}

# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}

location / {
# try files in the specified order
try_files $uri $uri/ /index.php?$args /index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.(php|php5)?$ {
# include snippets/fastcgi-php.conf;
#
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;

try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$; #DEBUG
include /etc/nginx/fastcgi_params;
# use upstream hhvm/php
fastcgi_pass php;
# fastcgi_cache_methods GET HEAD; # Only GET and HEAD methods apply
fastcgi_cache_bypass $skip_cache; #apply the "$skip_cache" variable
fastcgi_no_cache $skip_cache;

fastcgi_cache WORDPRESS;
fastcgi_cache_valid 200 301 302 60m;

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# send bad requests to 404
fastcgi_intercept_errors on;

}


location ~ /purge(/.*) {
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}

location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|flv|ico)$ {
access_log off; log_not_found off; expires max;
}

location ~ .*\.(js|css)?$ {
expires 7d;
}

location = /robots.txt {
access_log off; log_not_found off;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
#
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}

location ~ /\. { deny all; access_log off; log_not_found off; }


error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

sysguard on;
sysguard_load load=1.8 action=/loadlimit;
sysguard_mem swapratio=90% action=/swaplimit;

location /loadlimit {
return 503;
}

location /swaplimit {
return 503;
}

if ( $query_string ~* ".*[\;'\<\>].*" ){
return 404;
}

}


####### Following are the logs ########
example.com server access log:
101.102.224.162 - - [27/Aug/2015:22:30:20 +0000] "GET //cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20allcfgconv%20-C%20voip%20-c%20-o%20-%20../../../../../var/tmp/voip.cfg%20%2 HTTP/1.1" 500 796 "-" "curl/7.29.0"
101.102.210.246 - - [27/Aug/2015:23:27:27 +0000] "GET /fold1/readme.php HTTP/1.1" 200 3065 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2403.107 Safari/537.36"
101.102.210.246 - - [27/Aug/2015:23:27:28 +0000] "GET /fold1/readme.php HTTP/1.1" 200 3065 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2403.107 Safari/537.36"


nginx main error log:
#lots of "ignore long locked inactive cache entry" errors like follows:
2015/08/27 22:01:04 [alert] 22603#0: ignore long locked inactive cache entry 1054513b79bde8beb8798358f09d0:


There is no example.com server error log generated
Subject Author Posted

What cause the error for this http/https wordpress configuration file?

log August 27, 2015 12:19PM

Re: What cause the error for this http/https wordpress configuration file?

Reinis Rozitis August 27, 2015 02:56PM

Re: What cause the error for this http/https wordpress configuration file?

log August 27, 2015 07:56PM

Re: What cause the error for this http/https wordpress configuration file?

Reinis Rozitis August 27, 2015 08:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 87
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready