Nginx: increase the number of allowed connections from the same browser - ajax

I need your help on tuning a bit Nginx and my server.
I've got a website which is hosted on my server, and an API, also hosted on this server.
The website sends Ajax requests to the API. The problem is, once I've opened a page, which sends Ajax requests to the API, I cannot browse the website anymore using this browser because, I've reached the number of allowed connection for this browser on the website's server.
How can I change Nginx or the server configuration in order to increase the number of connections allowed per browser?
Thanks for your help.
EDIT
Server conf
worker_processes 4;
worker_connections 1024;
multi_accept on;
keepalive_timeout 65;
Server block
server {
listen 80;
server_name mywebsite.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /path/to/pem;
ssl_certificate_key /path/to/key;
# Set the server name
server_name mywebsite.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
root /path/to/root/folder;
index index.php;
# Logs
error_log /path/to/error.log;
access_log /path/to/access.log;
# strip app_test.php/ prefix if it is present
rewrite ^/index\.php/?(.*)$ /$1 permanent;
location / {
index index.php;
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /index.php/$1 last;
}
# pass the PHP scripts to FastCGI server from upstream phpfcgi
location ~ ^/(index)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_read_timeout 43200;
internal;
}
# Define error pages
# Error pages are located in the app folder
error_page 403 403.html;
location = 403.html {
root /path/to/error-pages;
internal;
}
error_page 404 404.html;
location = 404.html {
root /path/to/error-pages;
internal;
}
error_page 500 502 503 504 50x.html;
location = 50x.html {
root /path/to/error-pages;
internal;
}
}

Related

Redirect to subdomain on http request or request without protocol on https website

I have a subdomain at
https://numan-rest.allrestaurants.us/
however if I try to open it with http like
http://numan-rest.allrestaurants.us/
or with www www.numan-rest.allrestaurants.us
I am getting redirected to the main domain at allrestaurants.us/
I want to stay in subdomain even if I request with HTTP, without any protocol and with WWW
this is how my nginx conf looks like in /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/allrest/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
index index.html index.htm index.php;
# Enable nginx status page for Zabbix
location = /basic_status {
stub_status;
allow 127.0.0.1;
allow ::1;
deny all;
}
# Enable php-fpm status page for Zabbix
location ~ ^/(status|ping)$ {
## disable access logging for request if you prefer
access_log off;
## Only allow trusted IPs for security, deny everyone else
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
## Now the port or socket of the php-fpm pool we want the status of
# fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_connect_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_read_timeout 3600;
fastcgi_buffering off;
}
location ~ /\.(?!well-known).* {
deny all;
}
location ~* \.(png|jpg|jpeg|gif|svg|ico)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
error_log /var/log/nginx/allrest_error.log;
access_log /var/log/nginx/allrest_access.log;
}
and this is laravel routes
Route::group(['domain' => '{subdomain}.' . config('allrest.app_domain')], function () {
Route::get('/', 'SubdomainController#show');
});
Route::group(['domain' => 'www.{subdomain}.' . config('allrest.app_domain')], function () {
Route::get('/', 'SubdomainController#show');
});
I tried with adding
return 301 https://$host$request_uri;
at the end of nginx conf but that prevent accessing the website completetly
and chrome give error To many redirects
and this is how my digital ocean DNS rules are
digitalocean Dns Records
No load balancer at digital ocean
Load Balancer Digital ocean
However I found some rules in firewall setting I don't know if it has something to do with these rules
Here is the picture Firewall rules Digital ocean

Laravel Project on Ubuntu: Issue redirecting www url to non www url

I have a Laravel 9 project that is hosted on AWS EC2 Ubuntu (ngnix). The domain is registered with GoDaddy and I changed the A record to point it to the IP at AWS EC2. My website runs fine when I used url like example.ca, however, it does not work when I use url www.example.ca ( I get the default Welcome to nginx! page)
As per Google Search I added the following rewrite rule in public/.htaccess
RewriteCond %{HTTP_HOST} ^www.example.ca [NC]
RewriteRule ^(.*)$ http://example.ca/$1 [L,R=301]
However, it did not help. I still continue to get the default Nginx page.
Is there anything else I need to do? For instance, in sites-enabled. I want to add that when I did setup my project, I created a new file in the /etc/nginx/sites-available folder with the following contents
server {
listen 80;
listen [::]:80;
server_name example.ca;
root /var/www/vhosts/example.ca/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
Any help is highly appreciated.
Changing server_name example.ca; to server_name example.ca www.example.ca; fixed the issue. (Thanks to Andrew St-Denis.)
server {
listen 80;
listen [::]:80;
server_name example.ca www.example.ca;

Magento Nginx sub-page rewrites

I am in the process of switching from Apache to Nginx for Magento but cannot seem to get it set up and working correctly. I have installed everything on a test server and the magento install went fine and I can access both the home page and the admin panel correctly but if I navigate to any sub-page from the frontend, the URL loses the "index.php" and gives me a 500 internal server error. For example if I try /magento/contacts/ I get a 500 error but if I add /magento/index.php/contacts/ it loads.
I have tried countless different nginx configurations but none have worked. I have trawled the posts on here relating to the same issue but no joy. My last hope is to post my config file on here and hope that someone can help!
I followed this: https://gist.github.com/tegansnyder/96d1be1dd65852d3e576 tutorial to the letter and everything works great except the problem above.
Any suggestions would be GREATLY appreciated! I'm tearing my hair out here! Thanks in advance!
I have two config files:
FIRST CONFIG FILE
server {
server_name 192.121.166.136;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log info;
# 504 is a PHP timeout and must be static
# 502 is momentary during a PHP restart and should be treated like maintenance
# other 50x errors are handled by Magento
error_page 502 504 /var/www/magento/504.html;
listen 80;
#listen 443 ssl;
# if you are using a load balancer uncomment these lines
# header from the hardware load balancers
#real_ip_header X-Forwarded-For;
# trust this header from anything inside the subnet
#set_real_ip_from X.X.X.1/24;
# the header is a comma-separated list; the left-most IP is the end user
#real_ip_recursive on;
# ensure zero calls are written to disk
client_max_body_size 16m;
client_body_buffer_size 2m;
client_header_buffer_size 16k;
large_client_header_buffers 8 8k;
root /var/www/;
index index.php;
fastcgi_read_timeout 90s;
fastcgi_send_timeout 60s;
# ensure zero calls are written to disk
fastcgi_buffers 512 16k;
fastcgi_buffer_size 512k;
fastcgi_busy_buffers_size 512k;
# remove the cache-busting timestamp
location ~* (.+)\.(\d+)\.(js|css|png|jpg|jpeg|gif)$ {
try_files $uri $1.$3;
access_log off;
log_not_found off;
expires 21d;
add_header Cache-Control "public";
}
# do not log static files; regexp should capture alternate cache-busting timestamps
location ~* \.(jpg|jpeg|gif|css|png|js|ico|txt|swf|xml|svg|svgz|mp4|ogg|ogv)(\?[0-9]+)?$ {
access_log off;
log_not_found off;
expires 21d;
add_header Cache-Control "public";
}
# Server
include main.conf;
include security.conf;
}
SECOND CONFIG FILE
rewrite_log on;
location / {
index index.php;
try_files $uri $uri/ #handler;
}
location #handler {
rewrite / /index.php;
}
## force www in the URL
if ($host !~* ^www\.) {
#rewrite / $scheme://www.$host$request_uri permanent;
}
## Forward paths like /js/index.php/x.js to relevant handler
location ~ \.php/ {
rewrite ^(.*\.php)/ $1 last;
}
location /media/catalog/ {
expires 1y;
log_not_found off;
access_log off;
}
location /skin/ {
expires 1y;
}
location /js/ {
access_log off;
}
location ~ \.php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
# for this tutorial we are going to use a unix socket
# but if HHVM was running on another host we could forego unix socket
# in favor of an IP address and port number as follows:
#fastcgi_pass 127.0.0.1:8080;
fastcgi_pass unix:/var/run/hhvm/sock;
fastcgi_index index.php;
#fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# if you need to explictly specify a store code for Magento do it here
# this is useful if you are running multiple stores with different hostnames
#fastcgi_param MAGE_RUN_CODE default;
#fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
fastcgi_keep_conn on; #hhvm param
}
The problem was that my store was in /var/www/magento. Moved the files to just /var/www and all is good :) Thank for the help guys.
Please have a complete reading of this document: http://info.magento.com/rs/magentocommerce/images/MagentoECG-PoweringMagentowithNgnixandPHP-FPM.pdf where you can find a basic NGINX configuration specifically for Magento:
server {
listen 80 default;
# like ServerName in Apache
server_name magento.lan www.magento.lan;
# document root, path to directory with files
root /var/www/magento;
index index.html index.php;
# we don’t want users to see files in directories
autoindex off;
location ~ (^/(app/\|includes/\|lib/\|/pkginfo/\|var/\|report/config.
xml)\|/\.svn/\|/\.git/\|/.hta.+) {
#ensure sensitive files are not accessible
deny all;
}
location / {
# make index.php handle requests for /
try_files $uri $uri/ /index.php?$args;
# do not log access to static files
access_log off;
# cache static files aggressively
expires max;
}
location \~\* \.(jpeg\|jpg\|gif\|png\|css\|js\|ico\|swf)$ {
# look for static files in root directory
# and ask backend if not successful
try_files $uri $uri/ #proxy;
expires max;
access_log off;
}
location #proxy {
# proxy everything from this location to backend
fastcgi_pass fpm_backend;
}
location \~\.php$ {
# if reference to php executable is invalid return 404
try_files $uri =404;
# no need to cache php executable files
expires off;
fastcgi_read_timeout 600;
# proxy all requests for dynamic content to
fastcgi_pass fpm_backend;
# backend configured in upstream.conf
fastcgi_keep_conn on; # use persistent connects to backend
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
# Store code is defined in
# administration > Configuration > Manage Stores
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
}
}

nginx / varnish / magento - 500 Error when changing port

I have installed varnish on nginx. I have some really big problems.
my default.vcl is:
backend default {
.host = "127.0.0.1";
.port = "81";
}
my website virtual server is:
server {
listen 80;
root /var/www/site.com.ro/public_html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name www.site.com.ro;
access_log /var/www/site.com.ro/logs/log.access;
error_log /var/www/site.com.ro/logs/log.error error;
location / {
index index.php;
try_files $uri $uri/ #handler;
}
location #handler {
rewrite / /index.php;
}
location /blog {
alias /var/www/site.com.ro/public_html_blog/;
index index.php index.html index.htm;
try_files $uri $uri/ /blog/index.php;
}
location ~ ^/blog(.+\.php)$ { ### This location block was the solution
alias /var/www/site.com.ro/public_html_blog/$1;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
if (!-e $request_filename) {
rewrite / /index.php last;
}
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
# Make site accessible from http://localhost/
server_name site.com.ro;
rewrite ^(.*) http://www.site.com.ro$1 permanent;
}
and the varnish file is:
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
when I try to change the listen port for the website to 81 I get a 500 error...
can anyone help me? I don't know what I did wrong.
Varnish is configured to listen to port 80, and connect to localhost:81. nginx is configured to listen to port 80. You didn't mention the intended flow, but I'm taking a wild shot and guessing:
client -> varnish:80 -> nginx:81.
Do you spot the problem now?
Hint:
server {
listen 80;
Oh, and make sure you have a real similar setup in a test machine (virtualbox - or something) that you use when you dabble with settings you're not familiar with. That will give you time to understand why something is not working, and will gain you invaluable experience so you don't have to mess up the production site(s).

Firefox redirecting Nginx rewrite

Firefox is the only browser I am having issues with. I have found similar issues, but no solutions seem to work.
When I visit http://example.com nginx rewrites it as http://www.example.com.
I did this because the site used ssl sitewide, where now that has remains on the initial server using a subdomain, so is https://subdomain.example.com. Search engines, old bookmarks, and other old links attempted to take the user to https://example.com.
In all Browsers this works like a charm, except in firefox.
The Problem: Firefox takes the users request of http://example.com and forwards them to https://subdomain.example.com.
And then from the search engine link that reads https://example.com, an SSL error is raised because it's trying to read subomain.example's.
I'm getting confused and now it's 430 in the morning. Does someone have any clues here?
Here's my nginx conf:
upstream thin_server {
server 0.0.0.0:8080 fail_timeout=0;
}
server {
listen 80 default;
listen 443 ssl;
ssl off;
root /home/example/public;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
index index.htm index.html;
if ($host = 'example.com') {
rewrite ^/(.*)$ http://www.example.com/$1;
}
location / {
try_files $uri/index.html $uri.html $uri #app;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
try_files $uri #app;
}
location #app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://thin_server;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
UPDATE Just started working randomly a couple of days later
I had the a similar issue, Chrome was working fine, IE and firefox did not working with the http to https redirect.
I was searching for a day, build various configurations but nothing helped.
By accident I checked my firewall (ufw status) and realized that port 80 was not open, only 443.
After allowing port 80 it worked.
Here is my nginx config which is working ( I know it is not optimized )
# Redirect http to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.tl www.domain.tl *.domain.tl;
return 301 https://www.domain.tl$request_uri;
}
#HTTPS config for SSL with certificate
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.domain.tl www.domain.tl;
#Limited Cipers to avoid MD5 etc attacks
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#Limit to TLSv1.2 for security
ssl_protocols TLSv1.2;
#Chained certificate to make sure the intermediate is in
ssl_certificate /etc/nginx/ssl/certificate.chain.crt;
ssl_certificate_key /etc/nginx/ssl/certificat_key.key;
#PHP, Wordpress etc config
root /var/www/html;
index index.php index.html index.htm;
# unless the request is for a valid file, send to bootstrap
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
#Rewrite rule fuer Wordpress
try_files $uri $uri/ /index.php?$args;
}
# PHP7 specific
location ~ \.php$ {
try_files $uri =404;
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# OLD CONFIG for php5
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}
}

Resources