Learn about Centmin Mod LEMP Stack today
Register Now

PHP-FPM 502 Bad Gateway Timeout HELP

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by skringjer, Apr 21, 2019.

Tags:
  1. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed:123.09beta01
    • Nginx Version Installed: 1.15.12
    • PHP Version Installed: 7.3.4
    • MariaDB MySQL Version Installed: 10.3.14
    • When was last time updated Centmin Mod code base ? : Completely fresh install used Option 2 to add nginx vhost files
    • Persistent Config:
      Code (Text):
      LETSENCRYPT_DETECT='y'
      LETSENCRYPT_DETECT='y'
      
    Hey everyone, i am facing 502 Bad gateway timeout on my site, actually this is a test setup once i understand everything i will move over my live site. I read other 502 threads before posting here, none helped

    Code (Text):
    ls -l /home/nginx/domains/mydomain/log
    
    drwxr-sr-x  6 nginx nginx      4096 Dec 10 05:11 admin
    drwxr-sr-x  3 nginx nginx      4096 Jul 22  2018 api
    -rwxrwxrwx  1 nginx nginx      1911 Apr 20 15:39 _config.inc.php
    drwxr-sr-x  6 nginx nginx      4096 Apr 18  2018 core
    drwxrwsrwx 60 nginx nginx      4096 Mar  3  2018 files
    -rw-r--r--  1 nginx nginx      2379 Dec 29  2017 index.php
    -rw-r--r--  1 nginx nginx       561 Dec 29  2017 ___INSTALLATION.txt
    -rw-r--r--  1 nginx nginx       670 Dec 29  2017 ___LICENCE.txt
    -rw-r--r--  1 nginx nginx      2768 Dec 29  2017 ___NGINX_RULES.txt
    drwxrwsrwx 35 nginx nginx      4096 Apr  4 17:46 plugins
    -rw-r--r--  1 nginx nginx 399427943 Apr 20 13:03 public.zip
    -rw-r--r--  1 nginx nginx     55480 Jul 12  2018 ___RELEASE_HISTORY.txt
    drwxr-sr-x  6 nginx nginx      4096 Dec 12 16:14 themes
    
    


    Code (Text):
    ls -l /home/nginx/domains/domain/log
    
    drwxr-s--- 2 nginx nginx 4096 Apr 20 13:00 backup
    drwxr-s--- 2 nginx nginx 4096 Apr 20 13:00 log
    drwxr-s--- 2 nginx nginx 4096 Apr 20 13:00 private
    drwxr-s--x 8 nginx nginx 4096 Apr 20 15:53 public
    
    


    Here is my /usr/local/nginx/conf/conf.d/mysubdomain.com.ssl.conf

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name mydomain.com www.mydomain.com;
        return 301 https://mydomain.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.com www.mydomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      root /home/nginx/domains/mydomain.com/public;
    
       # allow for paths ending with forward slashes
        rewrite ^/app/(.*)/ /plugins/webdav/site/control/$1 last;
        rewrite ^/app/(.*) /plugins/webdav/site/control/$1 last;
    
        # all webdav requests
        location /plugins/webdav/site/control/ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            gzip off;
            fastcgi_pass 127.0.0.1:9001;
            fastcgi_index index.php;
            fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            include fastcgi_params;
        }
    
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
            if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
            fastcgi_pass 127.0.0.1:9001;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            include fastcgi_params;
        }
    
         #location / {
            if (!-e $request_filename) {
                rewrite ^/(.*) /index.php?_page_url=$1 last;
            }
         #}
    
        location /files/ {
            internal;
        }
    
        # these locations would be hidden by .htaccess normally
        location /core/logs/ {
            deny all;
        }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    


    Can someone please help out?
     
    Last edited: Apr 21, 2019
  2. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    And here is how i installed the script,

    Code:
    yum -y update; curl -O https://centminmod.com/betainstaller73.sh && chmod 0700 betainstaller73.sh && bash betainstaller73.sh
    
    Then went over to Getting Started guide and changed the hostname,

    Added Vhost using Option 2, enabled SSL and Forced www to non-ww

    Add my own nginx rules as you can see above

    Do i need to enable Php-fpm or something?
     
  3. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    And 1 thing more i want to highlight is that i have setup the site on a subdomain
     
  4. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    And i am getting this in the domain error log

    Code:
    2019/04/20 18:49:21 [error] 12716#12716: *10 connect() failed (111: Connection refused) while connecting to upstream, client: 182.183.140.87, server: mysubdomain.com, request: "GET /index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:9001", host: "mysubdomain.com"
     
  5. eva2000

    eva2000 Administrator Staff Member

    41,350
    9,279
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,236
    Local Time:
    8:52 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    the include file at /usr/local/nginx/conf/php.conf already has a location *.php context for serving php files with more optimal buffer/timeout settings
    Code (Text):
    include /usr/local/nginx/conf/php.conf;
    

    but you chose to bypass that with
    Code (Text):
       # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
       location ~ \.php$ {
           if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
           fastcgi_pass 127.0.0.1:9001;
           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
           include fastcgi_params;
       }
    

    you can create a custom /usr/local/nginx/conf/php.conf include file i.e. /usr/local/nginx/conf/php-mycustom.conf making copy of php.conf and then modifying it to your needs but keep the extra settings for timeout/buffers etc

    make a copy as /usr/local/nginx/conf/php-mycustom.conf using command
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php-mycustom.conf

    then edit /usr/local/nginx/conf/php-mycustom.conf and replace your nginx vhost's

    replace
    Code (Text):
    include /usr/local/nginx/conf/php.conf;
    

    with
    Code (Text):
    include /usr/local/nginx/conf/php-mycustom.conf;
    

    restart nginx and php-fpm
    Code (Text):
    nprestart


    then for general php-fpm tuning read below as your php issues most likely are due to PHP-FPM needing tuning. Read PHP-FPM - How to troubleshoot & optimize PHP-FPM server?


    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    Nginx 502 or 504 Bad Gateway Errors



    Bad gateway 502 /504 timeouts are usually related to Nginx timing out waiting on PHP-FPM to respond as PHP-FPM is overloaded or overwhelmed with requests, so may need to tune PHP-FPM values. It also maybe due to PHP-FPM in turn being queued and backed up waiting on MariaDB MySQL server to respond - so also need to look at MySQL.

    You'll need to tune your PHP-FPM settings with php-fpm main pool config file at /usr/local/etc/php-fpm.conf (overview of config files) and this is left up to end user to do but here's a thread for starters to enable PHP-FPM status page output outlined at
    Enabling PHP-FPM status also allows setting up 3rd party PHP-FPM status metric monitoring from services like:

    Checking PHP-FPM etc logs



    You'll also need to check into your PHP-FPM, Nginx and MariaDB logs which you can find as outlined at How to troubleshoot Centmin Mod initial install issues

    Server logs include Nginx, PHP-FPM, MariaDB MySQL error logs as well as others. You can find your Centmin Mod install/menu logs at FAQ 7 and server logs at FAQ 19 at Centmin Mod FAQ (most up to date info in FAQ so always read that first). Spoiler tag below has info too but may not be up to date.

    Some of Centmin Mod's installed software will have their own access and error logs which maybe useful for diagnosing errors or give info, notes, or warning notices.

    Note: There's no support provided by me for diagnosing such errors which may occur for various reasons including misconfiguration of installed php/mysql scripts or applications.

    In SSH2 telnet you can use tail command to view the last X number of lines in the file.

    For example for viewing last 10 lines in the file for:

    For Nginx access and error logs:
    Code:
      tail -10 /usr/local/nginx/logs/access.log
      tail -10 /usr/local/nginx/logs/error.log
    
    For specific domainname.com access and error log:
    Code:
      tail -10 /home/nginx/domains/domainname.com/log/access.log
      tail -10 /home/nginx/domains/domainname.com/log/error.log
    
    For other system error logs located at /var/log:

    list /var/log files in ascending time order so the most recently modified files are at the bottom
    Code:
      ls -lhrt /var/log
    
    Code:
    total 2.7M
    -rw------- 1 root  root    0 Aug 29 15:33 tallylog
    -rw------- 1 root  root    0 Aug 29 15:33 spooler
    drwx------ 3 root  root 4.0K Aug 29 15:35 samba
    drwxr-xr-x 2 root  root 4.0K Aug 29 15:35 mail
    -rw-r--r-- 1 root  500     0 Oct  8 18:13 dmesg.old
    -rw------- 1 root  500     0 Oct  8 18:13 boot.log
    -rw-r--r-- 1 root  500     0 Oct  8 18:14 dmesg
    drwx------ 2 root  root 4.0K Oct  8 18:14 httpd
    drwxr-xr-x 2 root  root 4.0K Oct  8 19:08 php-fpm
    -rw-rw---- 1 mysql root 2.3K Oct  9 12:38 mysqld.log
    -rw------- 1 root  root 9.2K Oct 26 10:48 yum.log
    -rw------- 1 root  utmp  94K Nov  7 22:59 btmp
    drwxr-xr-x 2 root  root 4.0K Nov  8 00:00 sa
    -rw------- 1 root  root 269K Nov  8 21:39 messages
    -rw------- 1 root  root 110K Nov  8 23:08 secure
    -rw-rw-r-- 1 root  utmp  43K Nov  8 23:08 wtmp
    -rw-r--r-- 1 root  root 144K Nov  8 23:08 lastlog
    -rw------- 1 root  root  69K Nov  8 23:08 lfd.log
    -rw------- 1 root  root 332K Nov  8 23:08 maillog
    -rw------- 1 root  500  1.6M Nov  8 23:10 cron
    
    For PHP-FPM error log:
    Code:
      tail -10 /var/log/php-fpm/www-error.log
    
    and/or
    Code:
      /var/log/php-fpm/www-php.error.log
    
    For MySQL / MariaDB error log:
    Code:
      tail -10 /var/log/mysqld.log
    
    For CSF firewall LFD log:
    Code:
      tail -10 /var/log/lfd.log
    
    For Mail log:
    Code:
      tail -10 /var/log/maillog
    
    For Cron job logs:
    Code:
      tail -10 /var/log/cron
    

    How to edit php.ini and php-fpm configuration files ?



    Centmin Mod install created command short cuts outlined here to allow you to quickly edit your /usr/local/lib/php.ini file and your /usr/local/etc/php-fpm.conf file. Full list of command shortcuts below:
    • Edit php.ini = phpedit ( /usr/local/lib/php.ini )
    • Edit my.cnf = mycnf ( /etc/my.cnf )
    • Edit php-fpm.conf = fpmconf ( /usr/local/etc/php-fpm.conf )
    • Edit nginx.conf = nginxconf ( /usr/local/nginx/conf/nginx.conf )
    • Edit (nginx) virtual.conf = vhostconf - only edits /usr/local/nginx/conf/conf.d/virtual.conf not the additional vhost domain.com.conf files added later
    • Edit (nginx) php.conf = phpinc ( /usr/local/nginx/conf/php.conf )
    • Edit (nginx) drop.conf = dropinc ( /usr/local/nginx/conf/drop.conf )
    • Edit (nginx) staticfiles.conf = statfilesinc ( /usr/local/nginx/conf/staticfiles.conf )
    • nginx stop/start/restart = ngxstop/ngxstart/ngxrestart
    • php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart
    • mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart
    • nginx + php-fpm stop/start/restart = npstop/npstart/nprestart
    • memcached stop/start/restart =memcachedstop/memcachedstart/memcachedrestart
    • csf stop/start/restart = csfstop/csfstart/csfrestart

    Troubleshooting Tools



    However, there's many linux tools and scripts that can help you figure out what was causing the load issues and when.

    Tools and commands you will want to read up on and learn for basic system admin tasks and troubleshooting.
    Notes:
    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)
     
  6. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    Thank you for replying, did what you said and after adding
    /usr/local/nginx/conf/php-mycustom.conf; the nginx didnt restart due to these errors

    Code:
    nginx: [emerg] "fastcgi_connect_timeout" directive is duplicate in /usr/local/nginx/conf/php-mycustom.conf:19
    
    nginx: [emerg] "fastcgi_send_timeout" directive is duplicate in /usr/local/nginx/conf/php-mycustom.conf:19
    
    And some more
    So i removed these directives and nginx restarted but now i am getting ERR_TOO_MANY_REDIRECTS

    Where can i diagnose this? there is nothing related to this in the error logs.
     
  7. eva2000

    eva2000 Administrator Staff Member

    41,350
    9,279
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,236
    Local Time:
    8:52 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    


    for your vhost above incorrect as 2nd server{} context's server_name should only list non-www domain if you are doing a redirect to non-www https version of your domain
    Code (Text):
    # if unsure use return 302 before using return 301
     server {
       server_name mydomain.com www.mydomain.com;
       return 301 https://mydomain.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.com www.mydomain.com;
    
     
  8. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    Sorry eva, i am not experienced and hence making a mess here, i read your above guide about forcing http to https i think i have done the changes right this time as per my understanding,

    What am i trying to achieve? http -> https / www -> non-www ----> https://mydomain.com

    Here is my vhost file and it still dosent work, sorry for waiting your time on this
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name mydomain.com www.mydomain.com;
        return 302 https://mydomain.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.key;
      include /usr/local/nginx/conf/ssl_include.conf;
     
      return 302 https://mydomain.com$request_uri;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      root /home/nginx/domains/mydomain.com/public;
    
       # allow for paths ending with forward slashes
        rewrite ^/app/(.*)/ /plugins/webdav/site/control/$1 last;
        rewrite ^/app/(.*) /plugins/webdav/site/control/$1 last;
    
        # all webdav requests
        location /plugins/webdav/site/control/ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            gzip off;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            include fastcgi_params;
        }
    
    
         #location / {
            if (!-e $request_filename) {
                rewrite ^/(.*) /index.php?_page_url=$1 last;
            }
         #}
    
        location /files/ {
            internal;
        }
    
        # these locations would be hidden by .htaccess normally
        location /core/logs/ {
            deny all;
        }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php-mycustom.conf;
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
     
  9. eva2000

    eva2000 Administrator Staff Member

    41,350
    9,279
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,236
    Local Time:
    8:52 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    as you previously used 301 permanent browser redirect it will still be cached in your browser until your clear your browser cache, restart browser and/or even reboot pc - hence why test with 302 temp redirect first ;)

    You can test in SSH to bypass 301 permanent browser cache via curl to check headers for location field (where the redirect goes) using the following commands:

    Code (Text):
    curl -I http://domain.com

    Code (Text):
    curl -I http://www.domain.com
     
  10. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    Here is the result of

    curl -I Website Domains Names & Hosting | Domain.com

    Code:
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 21 Apr 2019 11:15:08 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://mydomain.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    curl -I Website Domains Names & Hosting | Domain.com

    Code:
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 21 Apr 2019 11:16:20 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://mydomain.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    tested the site in 2 different RPDs, completely clearing browser cache and trying new browsers still the error.
     
  11. eva2000

    eva2000 Administrator Staff Member

    41,350
    9,279
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,236
    Local Time:
    8:52 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    curl reports correct 302 redirect to location = non-www https so it's working just your browser cache is still in affect. You can use browser incognito/private mode to test and verify as that doesn't use browser cache
     
  12. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    Tested the site both in Incognito and Private mode, test it on another PC, Tested it in Tor Browser that i just downloaded right now

    http://prntscr.com/neuk12

    http://prntscr.com/neuka5



    And 1 thing more this is my sites config.php file, will this interfere with the setup? i am running my site on VestsCP right now and intend to move if i can setup the test environment here,

    Code:
    <?php
    
    /* main configuration file for script */
    define("_CONFIG_SITE_HOST_URL", "mydomain.com");  /* site url host without the http:// and no trailing forward slash - i.e. www.mydomain.com or links.mydomain.com */
    define("_CONFIG_SITE_FULL_URL", "mydomain.com");  /* full site url without the http:// and no trailing forward slash - i.e. www.mydomain.com/links or the same as the _CONFIG_SITE_HOST_URL */
    
    /* database connection details */
    define("_CONFIG_DB_HOST", "localhost");  /* database host name */
    define("_CONFIG_DB_NAME", "heregoes my db name");    /* database name */
    define("_CONFIG_DB_USER", "my db user name");    /* database username */
    define("_CONFIG_DB_PASS", "my db pass");    /* database password */
    
    /* set these to the main site host if you're using direct web server uploads/downloads to remote servers */
    define("_CONFIG_CORE_SITE_HOST_URL", "mydomain.com");  /* site url host without the http:// and no trailing forward slash - i.e. www.mydomain.com or links.mydomain.com */
    define("_CONFIG_CORE_SITE_FULL_URL", "mydomain.com");  /* full site url without the http:// and no trailing forward slash - i.e. www.mydomain.com/links or the same as the _CONFIG_SITE_HOST_URL */
    
    define("_CONFIG_SCRIPT_VERSION", "4.5.2");    /* script version */
    
    /* show database degug information on fail */
    define("_CONFIG_DB_DEBUG", true);    /* this will display debug information when something fails in the DB - leave this as true if you're not sure */
    
    /* which protcol to use, default is http */
    define("_CONFIG_SITE_PROTOCOL", "https");
    
    /* key used for encoding data within the site */
    define("_CONFIG_UNIQUE_ENCRYPTION_KEY", "blablabla");
    
    /* toggle demo mode */
    define("_CONFIG_DEMO_MODE", false);    /* always leave this as false */
    
    ini_set('memory_limit', '4096M');
     
  13. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    And i am using Letsencrypt from your guide.
     
  14. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    You can test my domain here it is, test.wopg.vip :)
     
  15. eva2000

    eva2000 Administrator Staff Member

    41,350
    9,279
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,236
    Local Time:
    8:52 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    did you import wordpress database from an existing install which had a different protocol used i.e. non-https default ?

    if wordpress installed via centmin.sh menu option 22, what's output for these commands changing /home/nginx/domains/domain.com/public/ to the path to where you installed wordpress i.e. if domain.com/blog then it would be /home/nginx/domains/domain.com/public/blog
    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp option get siteurl --allow-root
    wp option get home --allow-root
    
     
  16. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    I am not using wordpress, its a custom script

    The site was previously hosted on https, i used centmin.sh option 2 to create the nginx vhost
     
  17. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    Here is my test.wopg.vip.ssl.conf

    and 1 thing i disabled this test.wopg.vip.conf-disabled as highlighted in the guide, is this correct?

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name test.wopg.vip www.test.wopg.vip;
        return 302 https://test.wopg.vip$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name test.wopg.vip;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/test.wopg.vip/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/test.wopg.vip/test.wopg.vip-acme.cer;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/test.wopg.vip/test.wopg.vip-acme.key;
      include /usr/local/nginx/conf/ssl_include.conf;
     
      return 302 https://test.wopg.vip$request_uri;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/test.wopg.vip/test.wopg.vip-acme.cer; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/test.wopg.vip/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/test.wopg.vip/log/error.log;
    
      root /home/nginx/domains/test.wopg.vip/public;
    
       # allow for paths ending with forward slashes
        rewrite ^/app/(.*)/ /plugins/webdav/site/control/$1 last;
        rewrite ^/app/(.*) /plugins/webdav/site/control/$1 last;
    
        # all webdav requests
        location /plugins/webdav/site/control/ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            gzip off;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            include fastcgi_params;
        }
    
    
         #location / {
            if (!-e $request_filename) {
                rewrite ^/(.*) /index.php?_page_url=$1 last;
            }
         #}
    
        location /files/ {
            internal;
        }
    
        # these locations would be hidden by .htaccess normally
        location /core/logs/ {
            deny all;
        }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php-mycustom.conf;
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
     
  18. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
  19. eva2000

    eva2000 Administrator Staff Member

    41,350
    9,279
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,236
    Local Time:
    8:52 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    you repeated in 2nd server{} context a 302 redirect in https vhost that's why
    Code (Text):
    return 302 https://test.wopg.vip$request_uri;
    
     
  20. skringjer

    skringjer Member

    78
    11
    8
    Apr 21, 2019
    Ratings:
    +14
    Local Time:
    3:52 PM
    ISSUES FIXED, thank you very much Eva000, finally will be a part of this great platform.
     
    • Like Like x 1