I want to fetch a file from the cache conditionally, based on a custom header in the request.
If the X-Proxy header is present in the request, return the file only if it's present in the cache. Otherwise fetch it from the internet if necessary.
Here's my .conf file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
proxy_cache_path /home/nginx/proxy levels=1:2 keys_zone=one:15m inactive=7d max_size=1000m;
proxy_temp_path /home/nginx/temp;
proxy_buffering on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
server {
listen 8000;
location / {
root /home/nginx/preload;
try_files /$uri #local #remote;
}
location #local {
internal;
add_header X-Local true;
add_header X-Cache $upstream_cache_status;
proxy_pass http://$http_host$uri$is_args$args;
proxy_cache one;
proxy_cache_key backend$request_uri;
proxy_cache_valid 200 1h;
proxy_cache_use_stale error timeout invalid_header;
}
location #remote {
resolver 8.8.8.8;
add_header X-Remote true;
add_header X-Cache $upstream_cache_status;
if ($http_x_proxy) {
return 404;
}
proxy_pass http://$http_host$uri$is_args$args;
proxy_cache one;
proxy_cache_key backend$request_uri;
proxy_cache_valid 200 1h;
proxy_cache_use_stale error timeout invalid_header;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
The problem is that the try_files directive always passes into my #remote location, even if the fetched file is cached. How do I tell it that the file was found when it returns from #local?
try_files directive only accepts one named location, so apparently it goes for the last one. This blog post proposes a workaround that works in your case. In case you don't won't read the whole post, you can add the following lines at the end of #local block:
proxy_intercept_errors on;
recursive_error_pages on;
error_page 404 = #remote;
and change your try_files to this:
try_files /$uri #local;
Related
We would like to launch a NextJS 10 app using NGINX so we use a configuration similar to:
location /_next/static/ {
alias /home/ec2-user/my-app/.next/static/;
expires 1y;
access_log on;
}
It works great, it caches for a year our statics but as we use NextJS images I'm failing to add an expires tag on on-the-fly resized images.
If I do:
location /_next/image/ {
alias /home/ec2-user/my-app/.next/image;
expires 1y;
access_log on;
}
It just returns a 404 on images.
Here is my server part NGINX config :
server {
listen 80;
server_name *.my-website.com;
# root /usr/share/nginx/html;
# root /home/ec2-user/my-app;
charset utf-8;
client_max_body_size 20M;
client_body_buffer_size 20M;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
underscores_in_headers on;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin" always;
location = /robots.txt {
proxy_pass https://api.my-website.com/robots.txt;
}
location /_next/static/ {
alias /home/ec2-user/my-app/.next/static/;
expires 1y;
access_log on;
}
location / {
# reverse proxy for merchant next server
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
}
}
Here is an example how you can rely of upstream Content-Type header to set up the Expires and Cache-Control headers:
map $upstream_http_content_type $expire {
~^image/ 1y; # 'image/*' content type
default off;
}
server {
...
location / {
# reverse proxy for merchant next server
proxy_pass http://localhost:3000;
...
expires $expire;
}
}
The same way you can tune cache control headers for any other content type of proxied response. The $upstream_http_<name> nginx variable is described here.
Update
To add cache control headers only by specific URIs you can use two chained map blocks:
map $uri $expire_by_uri {
~^/_next/image/ 1y;
default off;
}
map $upstream_http_content_type $expire {
~^image/ $expire_by_uri;
default off;
}
And if you don't expect anything but the images from /_next/image/... URIs, you can just use the
map $uri $expire {
~^/_next/image/ 1y;
default off;
}
I want to redirect the paths from http to https like the following:
http://localhost:80/ to same Http url
http://localhost:80/api/ to https://localhost:80/api/ which in turn redirects to https://localhost:55555/api/
I have a configuration file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name localhost;
return 301 https://$host$request_uri;
}
# HTTPS server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate certs/myservice.crt;
ssl_certificate_key certs/myservice.key;
server_name myservice.com localhost;
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://localhost:55555/api/;
client_max_body_size 500G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 3600;
send_timeout 300;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:80/;
client_max_body_size 500G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 3600;
send_timeout 300;
}
location ~ /\.ht {
deny all;
}
}
}
When i tried with this, the second requirement was fulfilled. But the first one of keeping http://localhost:80/ the same fails. It is unnecessarily redirected as https://localhost .
In short, nginx redirects all the HTTP requests coming to port 80 on the localhost server to HTTPS.
I also tried removing the location / { } section from second server block.
Then tried specifying in fist server block as:
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
proxy_pass http://localhost:80/
}
location /api/ {
return 301 https://$host$request_uri;
}
}
Both of them didn't worked.
What is the correct way of redirecting only specific paths of a server from http to https in Nginx?
This section in the second server block won't work. Because it again redirects to https.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:80/;
client_max_body_size 500G;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 3600;
send_timeout 300;
}
So exposed that application to a different host port other than 80, say 88. Then changed this proxypass URL to:
proxy_pass http://localhost:88/;
Now it works fine.
I have PLESK installed in my host and I create a subdomain "app.mysite.com". In this subdomain, I upload my codeigniter proyect with this structure:
When I try to access "css" folder to get boostrap.min.css file (app.mysite.com/css/bootstrap/css/bootstrap.min.css), I get this forbidden error:
This is the additional directives for HTTP of this site:
And this other one is for HTTPS:
This website, redirect automatically from HTTP to HTTPS.
To finish, I add this code to additional nginx directives:
Other test
I try changing "additional nginx directive", to remove index.php from the URL:
But no style files are loaded and codeigniter read the url as controller call returning "404 page not found":
Please, I need help with this issue and how to configure correctly nginx to access css/, js/ and img/ folders files.
Thank you
/EDIT
I find the nginx.conf file of app.mysite.com subdomain:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen 206.189.5.184:443 ssl http2;
server_name app.mysite.com;
server_name www.app.mysite.com;
server_name ipv4.app.mysite.com;
ssl_certificate /opt/psa/var/certificates/scfMQnEev;
ssl_certificate_key /opt/psa/var/certificates/scfMQnEev;
ssl_client_certificate /opt/psa/var/certificates/scfcJsJQ3;
client_max_body_size 128m;
root "/var/www/vhosts/mysite.com/app.mysite.com";
access_log "/var/www/vhosts/system/app.mysite.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/app.mysite.com/logs/proxy_error_log";
location / {
proxy_pass https://206.189.5.184:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://206.189.5.184:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location #fallback {
proxy_pass https://206.189.5.184:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|ra$
try_files $uri #fallback;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/mysite.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/app.mysite.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://206.189.5.184:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/app.mysite.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/app.mysite.com/conf/vhost_nginx.conf";
}
server {
listen 206.189.5.184:80;
server_name app.mysite.com;
server_name www.app.mysite.com;
server_name ipv4.app.mysite.com;
client_max_body_size 128m;
return 301 https://$host$request_uri;
}
How to make a preemptive cache with nginx?
Currently, the cache becomes stale and unloads lots of images at once.
In my http section I have
proxy_cache_path /var/cache/nginx levels=1:1 keys_zone=zone:10m;
In my server configuration I have something like
server {
listen 80 default deferred;
server_name myservername
root /myapp/public;
client_max_body_size 2G;
proxy_cache_bypass $http_pragma;
proxy_cache_valid 200 301 302 304 1M;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache zone;
gzip_static on;
try_files $uri #app;
location #app {
if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)\?[0-9]+$") {
expires max;
break;
}
client_body_buffer_size 32k;
proxy_buffers 8 64k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://myupstream;
}
}
I'd like to use nginx cache for a specific url only
The url is /ajax/airport and must contain the parameter ?geoloc=1.
Cache is working fine, the only issue I'm facing is to get it working for an url containing the given parameters.
Here is my nginx site.conf file:
server {
listen 80;
server_name _;
server_tokens off;
location /ajax/airport.php {
if ($args_geoloc = 1) {
proxy_pass http://127.0.0.1:8080/ajax/airport.php;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache my-cache;
proxy_cache_valid 300s;
#proxy_no_cache $cookie_PHPSESSID;
#proxy_cache_bypass $cookie_PHPSESSID;
proxy_cache_key "$scheme$host$request_uri";
add_header X-Cache $upstream_cache_status;
add_header LEM airport;
}
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header LEM all;
}
}
server {
listen 8080;
.. usual location handeling ...
And the error I get:
nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/sites-enabled/site.com.conf:8
Thank you for your help!
Simply use proxy_no_cache and proxy_cache_bypass instead of if, testing the value of $arg_geoloc (not $args_geoloc) with map directive.
map $arg_geoloc $bypass {
default 1;
1 0;
}
server {
...
location /ajax/airport.php {
...
proxy_no_cache $bypass;
proxy_cache_bypass $bypass;
...
# No need to add /ajax/airport.php in proxy_pass
proxy_pass http://127.0.0.1:8080;
}
...
}
Nginx also allows to test several parameters with proxy_no_cache and proxy_cache_bypass. If you need something like that just put the parameters one after another:
proxy_no_cache $cookie_PHPSESSID $bypass_cache;
proxy_cache_bypass $cookie_PHPSESSID $bypass_cache;