What cause the error for this http/https wordpress configuration file?
log
nginx-forum at nginx.us
Thu Aug 27 23:56:03 UTC 2015
Reinis,
Great thanks for the your tips. Here is the update.
This is for a wordpress blog, with http and https access. We dont need to
redirect http traffic to https. In addition, I want to access it either by
http: //example.com, http: //www.example.com, https: //example.com, or
https: //www.example.com
There are several problems caused by the following configuration.
1. http:// www.example.com/fold1/readme.php will be redirected to https://
fold1/readme.php
2. https: //example.com/fold1/readme.php will be redirected to https:
//fold1/readme.php
3. https: //www.example.com/fold1/readme.php was loaded over HTTPS, but
requested an insecure script 'http:
//www.example.com/fold1/js/user-profile.min.js?ver=4.3'. This request has
been blocked; the content must be served over HTTPS.
readme.php:1 Mixed Content: The page at 'https:
//www.example.com/fold1/readme.php' was loaded over HTTPS, but requested an
insecure script 'http:
//www.example.com/fold1/js/language-chooser.min.js?ver=4.3'. This request
has been blocked; the content must be served over HTTPS.
.
server {
listen 80 default_server; ## listen for ipv4; this line is
default and implied
listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name example.com www.example.com *.example.com;
# return 301 https://$server_name$request_uri;
#}
#
#server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
keepalive_timeout 70;
#ssl on;
ssl_certificate /etc/nginx/cert/example.com-unified.crt;
ssl_certificate_key /etc/nginx/cert/example.com.key;
server_name example.com www.example.com *.example.com;
server_name_in_redirect off;
charset utf-8;
root /usr/share/nginx/html/example.com;
access_log /home/wwwlogs/example.com.access.log;
error_log /home/wwwlogs/example.com.error.log;
#if ($http_host != "www.example.com") {
# rewrite ^ https://www.example.com$request_uri
permanent;
#}
index index.php index.html index.htm;
#fastcgi_cache start
set $skip_cache 0;
# POST requests and urls with a query string should always go to
PHP
# fastcgi_cache_methods default value allready is only GET and
HEAD
#if ($request_method = POST) {
# set $skip_cache 1;
#}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~*
"(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)")
{
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~*
"comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in")
{
set $skip_cache 1;
}
location / {
# try files in the specified order
try_files $uri $uri/ /index.php?$args /index.html;
}
# pass the PHP scripts to FastCGI server listening on
127.0.0.1:9000
#
location ~ \.(php|php5)?$ {
# include snippets/fastcgi-php.conf;
#
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$; #DEBUG
include /etc/nginx/fastcgi_params;
# use upstream hhvm/php
fastcgi_pass php;
# fastcgi_cache_methods GET HEAD; # Only GET and HEAD
methods apply
fastcgi_cache_bypass $skip_cache; #apply the "$skip_cache"
variable
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 200 301 302 60m;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
# send bad requests to 404
fastcgi_intercept_errors on;
}
location ~ /purge(/.*) {
fastcgi_cache_purge WORDPRESS
"$scheme$request_method$host$1";
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location ~*
^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|flv|ico)$
{
access_log off; log_not_found off; expires max;
}
location ~ .*\.(js|css)?$ {
expires 7d;
}
location = /robots.txt {
access_log off; log_not_found off;
}
# Make sure files with the following extensions do not get
loaded by nginx because nginx would display the source code, and these files
can contain PASSWORDS!
#
location ~*
\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
deny all;
}
location ~ /\. { deny all; access_log off; log_not_found off;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
sysguard on;
sysguard_load load=1.8 action=/loadlimit;
sysguard_mem swapratio=90% action=/swaplimit;
location /loadlimit {
return 503;
}
location /swaplimit {
return 503;
}
if ( $query_string ~* ".*[\;'\<\>].*" ){
return 404;
}
}
####### Following are the logs ########
example.com server access log:
101.102.224.162 - - [27/Aug/2015:22:30:20 +0000] "GET
//cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20allcfgconv%20-C%20voip%20-c%20-o%20-%20../../../../../var/tmp/voip.cfg%20%2
HTTP/1.1" 500 796 "-" "curl/7.29.0"
101.102.210.246 - - [27/Aug/2015:23:27:27 +0000] "GET /fold1/readme.php
HTTP/1.1" 200 3065 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2403.107 Safari/537.36"
101.102.210.246 - - [27/Aug/2015:23:27:28 +0000] "GET /fold1/readme.php
HTTP/1.1" 200 3065 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2403.107 Safari/537.36"
nginx main error log:
#lots of "ignore long locked inactive cache entry" errors like follows:
2015/08/27 22:01:04 [alert] 22603#0: ignore long locked inactive cache entry
1054513b79bde8beb8798358f09d0:
There is no example.com server error log generated
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,261301,261308#msg-261308
More information about the nginx
mailing list