hide/strip set cookies on static files and howto use alias

JoakimR nginx-forum at forum.nginx.org
Mon Apr 4 16:29:32 UTC 2016


Hi
I have a few questions about how do I configure it.

First question:

How do I strip the "Set-Cookie" header from all static files like css and
jpg? I know i can setup a reverse proxy and use "proxy_hide_header
Set-Cookie", but seems like foolish to make yet another host, just to
reverse to your self and add a few hundred msec to the request.

Second question:

I'm trying to make an alias to hide a folder in the lookup to the subfolder,
the structure is:
/var/www/domain.tld/media/ads
/var/www/domain.tld/media/galleries
/var/www/domain.tld/media/misc
/var/www/domain.tld/media/thumbs

making the url like this /media/thumbs/5 subfolders/image-file

how do i change that into /thumbs/5 subfolders/image-file

I have tried with both alias and root but both returns a 404


Third question: 
[error] 9178#9178: *13452 upstream timed out (110: Connection timed out)
while reading response header from upstream, client: upstream:
"fastcgi://unix:/var/run/php-fpm.sock", host:

have a lot of those, any suggestions?

nginx.conf

#user  nginx;
user	apache;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request"
'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    aio threads;
    sendfile        on;
    sendfile_max_chunk	1m;
    tcp_nopush     on;
    tcp_nodelay on;
    server_tokens off;
    keepalive_timeout 15;
    
    client_max_body_size 4G;
    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    large_client_header_buffers 2 1k;
    index              index.php index.html index.htm;
    
    ## Nginx’s Open file cache
https://easyengine.io/tutorials/nginx/open-file-cache/
    open_file_cache          max=5000 inactive=5m;	##If you have way too
many files, change max from 5000 to more appropriate value.
    open_file_cache_valid    20m;	## Tell nginx to check if information it
is holding is valid every n minutes.
    open_file_cache_min_uses 1;		## If files don’t change much often, or
accesses less frequently, you can change inactive duration from 20m to
something else.
    															## Inactive andopen_file_cache_min_uses works together.
    															## This sample tells nginx to cache a file information as
long as minimum 2 requests are made during 5m window.
    open_file_cache_errors   on;	## Tell nginx to cache errors like 404
(file not found). If you are using nginx as load-balancer, leave this off.
    
    gzip on;
    gzip_disable "msie6";
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
    	text/css
    	text/javascript
    	text/xml
    	text/plain
    	text/x-component
    	application/javascript
    	application/x-javascript
    	application/json
    	application/xml
    	application/rss+xml
    	application/atom+xml
    	application/rdf+xml
    	application/vnd.ms-fontobject
    	font/truetype
    	font/opentype
    	image/svg+xml;

    add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
    add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
    add_header X-Content-Type-Options nosniff; #MIME-type sniffing
    
    include /etc/nginx/conf.d/*.conf;
}



domain.tld.conf

server {
    listen       ip:80;
    listen			[ipv6]:80;
    server_name  domain.tld www.domain.tld;
    	index  index.php =404;
    	try_files $uri $uri/ /index.php?q=$uri&$args;
    	root   /var/www/domain.tld;
    	expires								max;
    	add_header Pragma "public";

#include /etc/nginx/conf.d/mechbunny.inc;


    set $site_root $document_root;
    
    
    charset utf-8;
    access_log  /var/log/nginx/access.log  main;
    error_log  /var/log/nginx/error.log error;

    location / {
        if ($arg_max) { expires max; }
        rewrite ^/page([0-9]+).html$ /index.php?controller=index&page=$1;
        rewrite ^/galleries/(.*)-([0-9]+).html$
/index.php?controller=gallery&id=$2;
        rewrite ^/video/(.*)-([0-9]+).html$
/index.php?controller=video&id=$2;
        rewrite ^/signup$ /index.php?controller=signup;
        rewrite ^/upload$ /index.php?controller=upload;
        rewrite ^/upload_photo$ /index.php?controller=upload&option=photo;
        rewrite ^/login$ /index.php?controller=login;
        rewrite ^/logout$ /index.php?controller=logout;
        rewrite ^/contact$ /index.php?controller=contact;
        rewrite ^/forgot-pass$ /index.php?controller=forgot_pass;
        rewrite ^/my-profile$ /index.php?controller=my_profile;
        rewrite ^/my-friends$ /index.php?controller=my_friends;
        rewrite ^/my-friends/$ /index.php?controller=friends;
        rewrite ^/my-friends/page([0-9]+).html$
/index.php?controller=friends&page=$1;
        rewrite ^/edit-profile$ /index.php?controller=edit_profile;
        rewrite ^/edit-content/(.*)$
/index.php?controller=editContent&id=$1;
        rewrite ^/static/(.*)$ /index.php?controller=displayStatic&id=$1;
        rewrite ^/load/(.*)$ /index.php?controller=loadLayout&id=$1;
        rewrite ^/filter/(.*)$ /index.php?controller=setFilter&id=$1;
        rewrite ^/embed/([0-9]+)$ /index.php?controller=embed&id=$1;
        rewrite ^/dmca$ /index.php?controller=dmca;
        rewrite ^/tos$ /index.php?controller=tos;
        rewrite ^/crss/([0-9]+)$ /index.php?controller=crss&id=$1;
        rewrite ^/rss$ /index.php?controller=rss;
        rewrite ^/a/(.*)$ /index.php?controller=link&slug=$1;
        rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/$
/index.php?controller=index&mode=$1;
        rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/page([0-9]+).html$
/index.php?controller=index&mode=$1&page=$2;
        rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/(day|week|month)/$
/index.php?controller=index&mode=$1&dateRange=$2;
        rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/(day|week|month)/page([0-9]+).html$
/index.php?controller=index&mode=$1&dateRange=$2&page=3;
        rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/page([0-9]+).html$
/index.php?controller=index&mode=$1&page=$2;
        rewrite ^/uploads-by-user/([0-9]+)/$
/index.php?controller=index&mode=uploads-by-user&user=$1;
        rewrite ^/uploads-by-user/([0-9]+)/page([0-9]+).html$
/index.php?controller=index&mode=uploads-by-user&user=$1&page=$2;
        rewrite ^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/$
/index.php?controller=index&mode=search&type=$1&q=$2&page=1;
        rewrite
^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=index&mode=search&type=$1&q=$2&page=$3;
        rewrite
^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$
/index.php?controller=index&mode=search&type=$1&q=$2&page=1&sortby=$3;
        rewrite
^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page([0-9]+).html$
/index.php?controller=index&mode=search&type=$1&q=$2&page=$4&sortby=$3;
        rewrite ^/search/([A-Za-z0-9-\s]+)/$
/index.php?controller=index&mode=search&q=$1&page=1;
        rewrite ^/search/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=index&mode=search&q=$1&page=$2;
        rewrite ^/search/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$
/index.php?controller=index&mode=search&q=$1&page=1&sortby=$2;
        rewrite
^/search/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page([0-9]+).html$
/index.php?controller=index&mode=search&q=$1&page=$3&sortby=$2;
        rewrite ^/channels/$ /index.php?controller=channels;
        rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/$
/index.php?controller=index&mode=channel&channel=$1;
        rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/page(.*).html$
/index.php?mode=channel&channel=$1&page=$3;
        rewrite
^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$
/index.php?controller=index&mode=channel&channel=$1&sortby=$3;
        rewrite
^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page(.*).html$
/index.php?mode=channel&channel=$1&sortby=$2&page=$4;
        rewrite ^/models/$ /index.php?controller=pornstars;
        rewrite ^/models/page([0-9]+).html$
/index.php?controller=pornstars&page=$1;
        rewrite ^/models/([A-Za-z0-9-\s]+)/$
/index.php?controller=pornstars&letter=$1&page=1;
        rewrite ^/models/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=pornstars&letter=$1&page=$2;
        rewrite ^/models/(.*)-(.*).html$
/index.php?controller=pornstar_bio&id=$2;
        rewrite ^/stars/$ /index.php?controller=pornstars;
        rewrite ^/stars/page([0-9]+).html$
/index.php?controller=pornstars&page=$1;
        rewrite ^/stars/([A-Za-z0-9-\s]+)/$
/index.php?controller=pornstars&letter=$1&page=1;
        rewrite ^/stars/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=pornstars&letter=$1&page=$2;
        rewrite ^/stars/(.*)-(.*).html$
/index.php?controller=pornstar_bio&id=$2;
        rewrite ^/mailbox/$ /mailbox.php;
        rewrite ^/mailbox/([0-9]+)$ /mailbox.php?mode=inbox&page=$1;
        rewrite ^/mailbox/inbox/(.*)$ /mailbox.php?mode=inbox&page=$1;
        rewrite ^/mailbox/outbox/(.*)$ /mailbox.php?mode=outbox&page=$1;
        rewrite ^/mailbox/read/([0-9]+)$ /mailbox.php?mode=read&mid=$1;
        rewrite ^/mailbox/read/([0-9]+)/delete/$
/mailbox.php?mode=read&mid=$1&delete=true;
        rewrite ^/mailbox/read/([0-9]+)/spam/$
/mailbox.php?mode=read&mid=$1&spam=true;
        rewrite ^/mailbox/compose/(.*)/reply/$
/mailbox.php?mode=compose&mid=$1&reply=true;
        rewrite ^/mailbox/inbox/$ /mailbox.php?mode=inbox;
        rewrite ^/mailbox/outbox/$ /mailbox.php?mode=outbox;
        rewrite ^/mailbox/compose/$ /mailbox.php?mode=compose;
        rewrite ^/user/(.*)-(.*)/$
/index.php?controller=user_profile&id=$2;
        rewrite ^/members/$ /index.php?controller=members;
        rewrite ^/members/page([0-9]+).html$
/index.php?controller=members&page=$1;
		     if ($request_method = 'OPTIONS') {
		        add_header 'Access-Control-Allow-Origin' '*';
		        #
		        # Om nom nom cookies
		        #
		        add_header 'Access-Control-Allow-Credentials' 'true';
		        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
		        #
		        # Custom headers and headers various browsers *should* be OK with
but aren't
		        #
		        add_header 'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
		        #
		        # Tell client that this pre-flight info is valid for 20 days
		        #
		        add_header 'Access-Control-Max-Age' 1728000;
		        add_header 'Content-Type' 'text/plain charset=UTF-8';
		        add_header 'Content-Length' 0;
		        return 204;
		     }
		     if ($request_method = 'POST') {
		        add_header 'Access-Control-Allow-Origin' '*';
		        add_header 'Access-Control-Allow-Credentials' 'true';
		        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
		        add_header 'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
		     }
		     if ($request_method = 'GET') {
		        add_header 'Access-Control-Allow-Origin' '*';
		        add_header 'Access-Control-Allow-Credentials' 'true';
		        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
		        add_header 'Access-Control-Allow-Headers'
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
		     }
    }
    
		location /thumbs/ {
				alias /var/www/domain.tld/media/thumbs/;
		}
		
		location /admin/ {
				#index index.php;
				try_files $uri $uri/ /index.php?q=$uri&$args;
				access_log off;
				log_not_found					off;

		}
		
		location ~ \.mp4$ {
			  limit_rate_after 			5m;
			  limit_rate       			832k;
			  mp4;
			  mp4_buffer_size       1m;
			  mp4_max_buffer_size   5m;
			  gzip off;
			  sendfile							on;
			  aio										on;
    	}

		location ~ \.flv$ {
				flv;
				aio										on;
				limit_rate_after 			10m;
			  limit_rate       			812k;
				sendfile							on;
				}

    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
    		access_log off;
    		log_not_found					off;
    		aio										on;
    		sendfile							on;
    		
    		expires max;
    		add_header						Pragma 'public';
    		add_header            X-Frame-Options SAMEORIGIN;
    }

    #error_page  404              /404.html;
    
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        try_files $uri $uri/ index.php;
        fastcgi_pass   unix:/var/run/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,265879,265879#msg-265879



More information about the nginx mailing list