Http2 enable on all virtul host settings automatically
Junaid Malik
junaid.malik at confiz.com
Thu Sep 14 11:06:30 UTC 2017
Hello Guys,
We recently upgraded Nginx from nginx/1.9.12 - nginx/1.13.2, details of nginx/1.13.2 supported modules are given below. We are facing problem of automatic enabling of HTTP2 protocol on bsa1.example.com as we only enabled http2 on dsa1.example.com. Nginx configurations of both sites are given below.
Supported urls of different Nginx configurations are given below respectively
1 - https://dsa1.example.com/forums/user_avatar/www.example.com/cooltahir/25/1497380_1.png
2 - https://bsa1.example.com/blog/wp-content/plugins/ultimate-responsive-image-slider/css/slider-pro.css?ver=4.6.1
Site to verify Http2 protocol
https://tools.keycdn.com/http2-test
----------------------------------------------
nginx version
----------------------------------------------
nginx version: nginx/1.13.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.2k 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-openssl=openssl-1.0.2k --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-ld-opt=
-----------------------------------
dsa.conf
-----------------------------------
proxy_cache_path /var/www/example_dsa/ levels=2:2:2 keys_zone=pakwheels-dsa:50m max_size=300m inactive=525600m loader_files=400;
server {
listen 80;
listen 443 ssl http2;
# Enable SSL
#ssl_certificate /etc/nginx/certs/pakwheels_with_subdomains.pem;
#ssl_certificate_key /etc/nginx/certs/example_with_subdomains.key;
ssl_certificate /etc/nginx/certs/pakwheels_with_subdomains_renew_28_august.pem;
ssl_certificate_key /etc/nginx/certs/example_with_subdomains_renew_28_august.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES;
ssl_prefer_server_ciphers on;
server_name dsa1.example.com dsa2.example.com dsa3.example.com dsa4.example.com;
rewrite ^/forums/forums/(.*)$ /forums/$1 permanent;
location / {
gzip on;
gzip_min_length 100;
gzip_types text/plain text/xml application/xml text/css text/javascript application/javascript application/x-javascript text/x-component application/json application/xhtml+xml application/rss+xml application/atom+xml application/vnd.ms-fontobject image/svg+xml application/x-font-ttf font/opentype application/octet-stream;
gzip_comp_level 1;
gzip_disable "MSIE [1-6]\.";
expires 12M;
# ProxySettings
proxy_cache_lock off;
proxy_set_header Accept-Encoding "";
add_header X-Cache $upstream_cache_status;
add_header 'Access-Control-Allow-Origin' '*';
#proxy_ignore_headers Vary;
proxy_ignore_headers Set-Cookie;
resolver 213.133.100.100 213.133.99.99 213.133.98.98;
set $backend www.example.com;
proxy_pass https://$backend$request_uri;
#proxy_set_header Authorization "Basic cGFrYm9hcmQ6M3YzbnR1cjNzMDA3";
#proxy_pass_header Authorization;
proxy_pass_header P3P;
proxy_cache_min_uses 1;
proxy_cache pakwheels-dsa;
proxy_cache_valid 200 365d;
proxy_cache_valid any 2s;
proxy_cache_key pwstatic.pakwheels0""""$uri$is_args$args;
proxy_intercept_errors on;
error_page 403 = @no_image;
error_page 404 = @no_image;
error_page 400 = @no_image;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
# END ProxySettings
}
location @no_image {
return 404 '';
add_header Content-Type text/plain;
}
# Only for nginx-naxsi : process denied requests
#location /RequestDenied {
# For example, return an error code
#return 418;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/www;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location /status {
# Turn on nginx stats
stub_status on;
# I do not need logs for stats
access_log off;
# Security: Only allow access from 192.168.1.100 IP #
allow 127.0.0.1;
allow 148.251.76.7;
# Send rest of the world to /dev/null #
deny all;
}
}
bsa
--------------------------------------------------------------------
proxy_cache_path /var/www/example_bsa/ levels=2:2:2 keys_zone=pakwheels-bsa:50m max_size=1000m inactive=525600m loader_files=400;
server {
listen 80;
listen 443 ssl;
# Enable SSL
#ssl_certificate /etc/nginx/certs/pakwheels_with_subdomains.pem;
#ssl_certificate_key /etc/nginx/certs/example_with_subdomains.key;
ssl_certificate /etc/nginx/certs/pakwheels_with_subdomains_renew_28_august.pem;
ssl_certificate_key /etc/nginx/certs/example_with_subdomains_renew_28_august.key;
ssl_session_cache shared:SSL:200m;
ssl_buffer_size 8k;
ssl_session_timeout 1440m;
#ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES;
ssl_prefer_server_ciphers on;
server_name bsa1.example.com bsa2.example.com bsa3.example.com bsa4.example.com;
location / {
gzip on;
gzip_min_length 100;
gzip_types text/plain text/xml application/xml text/css text/javascript application/javascript application/x-javascript text/x-component application/json application/xhtml+xml application/rss+xml application/atom+xml application/vnd.ms-fontobject image/svg+xml application/x-font-ttf font/opentype application/octet-stream;
gzip_comp_level 1;
gzip_disable "MSIE [1-6]\.";
expires 12M;
# ProxySettings
proxy_cache_lock off;
proxy_set_header Accept-Encoding "";
add_header X-Cache $upstream_cache_status;
#proxy_ignore_headers Vary;
proxy_ignore_headers Set-Cookie;
resolver 213.133.100.100 213.133.99.99 213.133.98.98;
set $backend staticn.example.com;
proxy_pass https://$backend$request_uri;
#proxy_set_header Authorization "Basic cGFrYm9hcmQ6M3YzbnR1cjNzMDA3";
#proxy_pass_header Authorization;
proxy_pass_header P3P;
proxy_cache_min_uses 1;
proxy_cache pakwheels-bsa;
proxy_cache_valid 200 365d;
proxy_cache_valid any 2s;
proxy_cache_key pwstatic.pakwheels0""""$uri$is_args$args;
proxy_intercept_errors on;
error_page 403 = @no_image;
error_page 404 = @no_image;
error_page 400 = @no_image;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
# END ProxySettings
}
location @no_image {
return 404 '';
add_header Content-Type text/plain;
}
# Only for nginx-naxsi : process denied requests
#location /RequestDenied {
# For example, return an error code
#return 418;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/www;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
location /status {
# Turn on nginx stats
stub_status on;
# I do not need logs for stats
#access_log off;
# Security: Only allow access from 192.168.1.100 IP #
#allow 127.0.0.1;
# Send rest of the world to /dev/null #
allow 88.99.211.10;
deny all;
}
}
Regads,
Junaid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170914/10bbe95c/attachment-0001.html>
More information about the nginx
mailing list