What cause the error for this http/https wordpress configuration file?

log nginx-forum at nginx.us
Thu Aug 27 16:19:23 UTC 2015


I can not open any link except http://example.com/readme.txt with following
server block.

Any tips?


server {
        listen 80 default_server; ## listen for ipv4; this line is default
and implied
        listen [::]:80 default_server ipv6only=on; ## listen for ipv6
        server_name example.com www.example.com *.example.com; 
#        return  301 https://$server_name$request_uri;
#}
#
#server {
        listen   443 ssl;
        listen [::]:443 ssl ipv6only=on;
        keepalive_timeout   70;

        #ssl on; 
        ssl_certificate /etc/nginx/cert/example.com-unified.crt;
        ssl_certificate_key /etc/nginx/cert/example.com.key;

        server_name  example.com www.example.com *.example.com;
        server_name_in_redirect off;
 
        charset utf-8;
        root  /usr/share/nginx/html/example.com;

        access_log /home/wwwlogs/example.com.access.log;
        error_log /home/wwwlogs/example.com.error.log;

       if ($http_host != "www.example.com") {
                 rewrite ^ https://www.example.com$request_uri permanent;
       }

        index index.php index.html index.htm;

        #fastcgi_cache start
        set $skip_cache 0;

        # POST requests and urls with a query string should always go to
PHP
        if ($request_method = POST) {
            set $skip_cache 1;
        }   
        if ($query_string != "") {
            set $skip_cache 1;
        }   

        # Don't cache uris containing the following segments
        if ($request_uri ~*
"(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")
{
            set $skip_cache 1;
        }   

        # Don't use the cache for logged in users or recent commenters
        if ($http_cookie ~*
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in")
{
            set $skip_cache 1;
        }

        location / {
            # try files in the specified order
                try_files $uri $uri/ /index.php?$args /index.html;
        }

        # pass the PHP scripts to FastCGI server listening on
127.0.0.1:9000
        #
        location ~ \.(php|php5)?$ {
        #   include snippets/fastcgi-php.conf;
        #
            ModSecurityEnabled on;  
            ModSecurityConfig modsecurity.conf;

            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;  #DEBUG
            include /etc/nginx/fastcgi_params;
            # use upstream hhvm/php
            fastcgi_pass php;
            fastcgi_cache_methods GET HEAD; # Only GET and HEAD methods
apply
            fastcgi_cache_bypass $skip_cache; #apply the "$skip_cache"
variable
            fastcgi_no_cache $skip_cache;

            fastcgi_cache WORDPRESS;
            fastcgi_cache_valid 200 301 302 60m;

            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
            # send bad requests to 404
            fastcgi_intercept_errors on;

        }


        location ~ /purge(/.*) {
            fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
        }   

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
               deny all;
        }

        location ~*
^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|flv|ico)$
{
            access_log off; log_not_found off; expires max;
        }

        location ~ .*\.(js|css)?$ {
                expires 7d;
                }

        location = /robots.txt {
            access_log off; log_not_found off; 
            }
        
        # Make sure files with the following extensions do not get loaded by
nginx because nginx would display the source code, and these files can
contain PASSWORDS!
        #
        location ~*
\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
                deny all;
        }

        location ~ /\. { deny  all; access_log off; log_not_found off; }


        error_page 404 /404.html;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
              root /usr/share/nginx/html;
        }

        sysguard on;
        sysguard_load load=1.8 action=/loadlimit;
        sysguard_mem swapratio=90% action=/swaplimit;

        location /loadlimit {
            return 503;
            }

        location /swaplimit {
            return 503;
            }

        if ( $query_string ~* ".*[\;'\<\>].*" ){
                return 404;
        }

}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,261301,261301#msg-261301



More information about the nginx mailing list