PHP-FPM 502 Bad Gateway Timeout HELP

skringjer · Apr 21, 2019

Please fill in any relevant information that applies to you:

CentOS Version: CentOS 7 64bit
Centmin Mod Version Installed:123.09beta01
Nginx Version Installed: 1.15.12
PHP Version Installed: 7.3.4
MariaDB MySQL Version Installed: 10.3.14
When was last time updated Centmin Mod code base ? : Completely fresh install used Option 2 to add nginx vhost files

Persistent Config:

Code (Text):

LETSENCRYPT_DETECT='y'
LETSENCRYPT_DETECT='y'

Hey everyone, i am facing 502 Bad gateway timeout on my site, actually this is a test setup once i understand everything i will move over my live site. I read other 502 threads before posting here, none helped

Code (Text):

ls -l /home/nginx/domains/mydomain/log

drwxr-sr-x  6 nginx nginx      4096 Dec 10 05:11 admin
drwxr-sr-x  3 nginx nginx      4096 Jul 22  2018 api
-rwxrwxrwx  1 nginx nginx      1911 Apr 20 15:39 _config.inc.php
drwxr-sr-x  6 nginx nginx      4096 Apr 18  2018 core
drwxrwsrwx 60 nginx nginx      4096 Mar  3  2018 files
-rw-r--r--  1 nginx nginx      2379 Dec 29  2017 index.php
-rw-r--r--  1 nginx nginx       561 Dec 29  2017 ___INSTALLATION.txt
-rw-r--r--  1 nginx nginx       670 Dec 29  2017 ___LICENCE.txt
-rw-r--r--  1 nginx nginx      2768 Dec 29  2017 ___NGINX_RULES.txt
drwxrwsrwx 35 nginx nginx      4096 Apr  4 17:46 plugins
-rw-r--r--  1 nginx nginx 399427943 Apr 20 13:03 public.zip
-rw-r--r--  1 nginx nginx     55480 Jul 12  2018 ___RELEASE_HISTORY.txt
drwxr-sr-x  6 nginx nginx      4096 Dec 12 16:14 themes

Code (Text):

ls -l /home/nginx/domains/domain/log

drwxr-s--- 2 nginx nginx 4096 Apr 20 13:00 backup
drwxr-s--- 2 nginx nginx 4096 Apr 20 13:00 log
drwxr-s--- 2 nginx nginx 4096 Apr 20 13:00 private
drwxr-s--x 8 nginx nginx 4096 Apr 20 15:53 public

Here is my /usr/local/nginx/conf/conf.d/mysubdomain.com.ssl.conf

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name mydomain.com www.mydomain.com;
    return 301 https://mydomain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name mydomain.com www.mydomain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/mydomain.com/log/error.log;

  root /home/nginx/domains/mydomain.com/public;

   # allow for paths ending with forward slashes
    rewrite ^/app/(.*)/ /plugins/webdav/site/control/$1 last;
    rewrite ^/app/(.*) /plugins/webdav/site/control/$1 last;

    # all webdav requests
    location /plugins/webdav/site/control/ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        gzip off;
        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        include fastcgi_params;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    location ~ \.php$ {
        if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        include fastcgi_params;
    }

     #location / {
        if (!-e $request_filename) {
            rewrite ^/(.*) /index.php?_page_url=$1 last;
        }
     #}

    location /files/ {
        internal;
    }

    # these locations would be hidden by .htaccess normally
    location /core/logs/ {
        deny all;
    }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  #include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Can someone please help out?

skringjer · Apr 21, 2019

And here is how i installed the script,
Code:
yum -y update; curl -O https://centminmod.com/betainstaller73.sh && chmod 0700 betainstaller73.sh && bash betainstaller73.sh
Then went over to Getting Started guide and changed the hostname,

Added Vhost using Option 2, enabled SSL and Forced www to non-ww

Add my own nginx rules as you can see above

Do i need to enable Php-fpm or something?

skringjer · Apr 21, 2019

And 1 thing more i want to highlight is that i have setup the site on a subdomain

skringjer · Apr 21, 2019

And i am getting this in the domain error log

Code:

2019/04/20 18:49:21 [error] 12716#12716: *10 connect() failed (111: Connection refused) while connecting to upstream, client: 182.183.140.87, server: mysubdomain.com, request: "GET /index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:9001", host: "mysubdomain.com"

eva2000 · Apr 21, 2019

the include file at /usr/local/nginx/conf/php.conf already has a location *.php context for serving php files with more optimal buffer/timeout settings
Code (Text):
include /usr/local/nginx/conf/php.conf;
but you chose to bypass that with
Code (Text):
   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   location ~ \.php$ {
       if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
       fastcgi_pass 127.0.0.1:9001;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
       include fastcgi_params;
   }
you can create a custom /usr/local/nginx/conf/php.conf include file i.e. /usr/local/nginx/conf/php-mycustom.conf making copy of php.conf and then modifying it to your needs but keep the extra settings for timeout/buffers etc

make a copy as /usr/local/nginx/conf/php-mycustom.conf using command
Code (Text):
cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php-mycustom.conf
then edit /usr/local/nginx/conf/php-mycustom.conf and replace your nginx vhost's

replace
Code (Text):
include /usr/local/nginx/conf/php.conf;
with
Code (Text):
include /usr/local/nginx/conf/php-mycustom.conf;
restart nginx and php-fpm
Code (Text):
nprestart
then for general php-fpm tuning read below as your php issues most likely are due to PHP-FPM needing tuning. Read PHP-FPM - How to troubleshoot & optimize PHP-FPM server?

Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

Nginx 502 or 504 Bad Gateway Errors

Bad gateway 502 /504 timeouts are usually related to Nginx timing out waiting on PHP-FPM to respond as PHP-FPM is overloaded or overwhelmed with requests, so may need to tune PHP-FPM values. It also maybe due to PHP-FPM in turn being queued and backed up waiting on MariaDB MySQL server to respond - so also need to look at MySQL.

You'll need to tune your PHP-FPM settings with php-fpm main pool config file at /usr/local/etc/php-fpm.conf (overview of config files) and this is left up to end user to do but here's a thread for starters to enable PHP-FPM status page output outlined at

http://centminmod.com/phpfpm.html#browserstatus and

https://community.centminmod.com/threads/pm-max_children.479/ and

https://community.centminmod.com/threads/warning-pool-www-server-reached-max_children-setting-50-consider-raising-it.791/ which outlines the official PHP-FPM config documentation as well.

PHP: Configuration - Manual

Enabling PHP-FPM status also allows setting up 3rd party PHP-FPM status metric monitoring from services like:

Nixststats PHP-FPM monitoring Monitor PHP-FPM with Nixstats

Nginx Amplify PHP-FPM monitoring Monitoring PHP Applications with NGINX Amplify

Checking PHP-FPM etc logs

You'll also need to check into your PHP-FPM, Nginx and MariaDB logs which you can find as outlined at How to troubleshoot Centmin Mod initial install issues

Server logs include Nginx, PHP-FPM, MariaDB MySQL error logs as well as others. You can find your Centmin Mod install/menu logs at FAQ 7 and server logs at FAQ 19 at Centmin Mod FAQ (most up to date info in FAQ so always read that first). Spoiler tag below has info too but may not be up to date.

Some of Centmin Mod's installed software will have their own access and error logs which maybe useful for diagnosing errors or give info, notes, or warning notices.

Note: There's no support provided by me for diagnosing such errors which may occur for various reasons including misconfiguration of installed php/mysql scripts or applications.

In SSH2 telnet you can use tail command to view the last X number of lines in the file.

For example for viewing last 10 lines in the file for:

For Nginx access and error logs:
Code:
  tail -10 /usr/local/nginx/logs/access.log
  tail -10 /usr/local/nginx/logs/error.log
For specific domainname.com access and error log:
Code:
  tail -10 /home/nginx/domains/domainname.com/log/access.log
  tail -10 /home/nginx/domains/domainname.com/log/error.log
For other system error logs located at /var/log:

list /var/log files in ascending time order so the most recently modified files are at the bottom
Code:
  ls -lhrt /var/log
Code:
total 2.7M
-rw------- 1 root  root    0 Aug 29 15:33 tallylog
-rw------- 1 root  root    0 Aug 29 15:33 spooler
drwx------ 3 root  root 4.0K Aug 29 15:35 samba
drwxr-xr-x 2 root  root 4.0K Aug 29 15:35 mail
-rw-r--r-- 1 root  500     0 Oct  8 18:13 dmesg.old
-rw------- 1 root  500     0 Oct  8 18:13 boot.log
-rw-r--r-- 1 root  500     0 Oct  8 18:14 dmesg
drwx------ 2 root  root 4.0K Oct  8 18:14 httpd
drwxr-xr-x 2 root  root 4.0K Oct  8 19:08 php-fpm
-rw-rw---- 1 mysql root 2.3K Oct  9 12:38 mysqld.log
-rw------- 1 root  root 9.2K Oct 26 10:48 yum.log
-rw------- 1 root  utmp  94K Nov  7 22:59 btmp
drwxr-xr-x 2 root  root 4.0K Nov  8 00:00 sa
-rw------- 1 root  root 269K Nov  8 21:39 messages
-rw------- 1 root  root 110K Nov  8 23:08 secure
-rw-rw-r-- 1 root  utmp  43K Nov  8 23:08 wtmp
-rw-r--r-- 1 root  root 144K Nov  8 23:08 lastlog
-rw------- 1 root  root  69K Nov  8 23:08 lfd.log
-rw------- 1 root  root 332K Nov  8 23:08 maillog
-rw------- 1 root  500  1.6M Nov  8 23:10 cron
For PHP-FPM error log:
Code:
  tail -10 /var/log/php-fpm/www-error.log
and/or
Code:
  /var/log/php-fpm/www-php.error.log
For MySQL / MariaDB error log:
Code:
  tail -10 /var/log/mysqld.log
For CSF firewall LFD log:
Code:
  tail -10 /var/log/lfd.log
For Mail log:
Code:
  tail -10 /var/log/maillog
For Cron job logs:
Code:
  tail -10 /var/log/cron
How to edit php.ini and php-fpm configuration files ?

Centmin Mod install created command short cuts outlined here to allow you to quickly edit your /usr/local/lib/php.ini file and your /usr/local/etc/php-fpm.conf file. Full list of command shortcuts below:

Edit php.ini = phpedit ( /usr/local/lib/php.ini )

Edit my.cnf = mycnf ( /etc/my.cnf )

Edit php-fpm.conf = fpmconf ( /usr/local/etc/php-fpm.conf )

Edit nginx.conf = nginxconf ( /usr/local/nginx/conf/nginx.conf )

Edit (nginx) virtual.conf = vhostconf - only edits /usr/local/nginx/conf/conf.d/virtual.conf not the additional vhost domain.com.conf files added later

Edit (nginx) php.conf = phpinc ( /usr/local/nginx/conf/php.conf )

Edit (nginx) drop.conf = dropinc ( /usr/local/nginx/conf/drop.conf )

Edit (nginx) staticfiles.conf = statfilesinc ( /usr/local/nginx/conf/staticfiles.conf )

nginx stop/start/restart = ngxstop/ngxstart/ngxrestart

php-fpm stop/start/restart = fpmstop/fpmstart/fpmrestart

mysql stop/start/restart = mysqlstop/mysqlstart/mysqlrestart

nginx + php-fpm stop/start/restart = npstop/npstart/nprestart

memcached stop/start/restart =memcachedstop/memcachedstart/memcachedrestart

csf stop/start/restart = csfstop/csfstart/csfrestart

Troubleshooting Tools

However, there's many linux tools and scripts that can help you figure out what was causing the load issues and when.

Tools and commands you will want to read up on and learn for basic system admin tasks and troubleshooting.

20 Command Line Tools to Monitor Linux Performance

13 Linux Performance Monitoring Tools - Part 2

80 Linux Monitoring Tools for SysAdmins - Server Density Blog

Amazing ! 25 Linux Performance Monitoring Tools

20 Linux System Monitoring Tools Every SysAdmin Should Know

How to monitor disk I/O in Linux from command line - Xmodulo

10 Useful Sar (Sysstat) Examples for UNIX / Linux Performance Monitoring

Generate CPU, Memory & I/O report using SAR command

My mysqlmymonlite.sh script can help with that mysqlmymonlite.sh README text file has instructions for setting up a cronjob to email you reports i.e. every 10/15min or every hour.

Notes:

Centmin Mod already installed Glances tool. It can be invoked from SSH command glances or top2. Official Glances site at nicolargo.github.io/glances/ and documentation here.

However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out

skringjer · Apr 21, 2019

Thank you for replying, did what you said and after adding
/usr/local/nginx/conf/php-mycustom.conf; the nginx didnt restart due to these errors
Code:
nginx: [emerg] "fastcgi_connect_timeout" directive is duplicate in /usr/local/nginx/conf/php-mycustom.conf:19

nginx: [emerg] "fastcgi_send_timeout" directive is duplicate in /usr/local/nginx/conf/php-mycustom.conf:19

And some more
So i removed these directives and nginx restarted but now i am getting ERR_TOO_MANY_REDIRECTS

Where can i diagnose this? there is nothing related to this in the error logs.

eva2000 · Apr 21, 2019

Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly

You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
Code (Text):
curl -I http://domain.com
Code (Text):
curl -I http://www.domain.com
for your vhost above incorrect as 2nd server{} context's server_name should only list non-www domain if you are doing a redirect to non-www https version of your domain
Code (Text):
# if unsure use return 302 before using return 301
 server {
   server_name mydomain.com www.mydomain.com;
   return 301 https://mydomain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name mydomain.com www.mydomain.com;

skringjer · Apr 21, 2019

Sorry eva, i am not experienced and hence making a mess here, i read your above guide about forcing http to https i think i have done the changes right this time as per my understanding,

What am i trying to achieve? http -> https / www -> non-www ----> https://mydomain.com

Here is my vhost file and it still dosent work, sorry for waiting your time on this

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name mydomain.com www.mydomain.com;
    return 302 https://mydomain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name mydomain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;
 
  return 302 https://mydomain.com$request_uri;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-acme.cer; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/mydomain.com/log/error.log;

  root /home/nginx/domains/mydomain.com/public;

   # allow for paths ending with forward slashes
    rewrite ^/app/(.*)/ /plugins/webdav/site/control/$1 last;
    rewrite ^/app/(.*) /plugins/webdav/site/control/$1 last;

    # all webdav requests
    location /plugins/webdav/site/control/ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        gzip off;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        include fastcgi_params;
    }


     #location / {
        if (!-e $request_filename) {
            rewrite ^/(.*) /index.php?_page_url=$1 last;
        }
     #}

    location /files/ {
        internal;
    }

    # these locations would be hidden by .htaccess normally
    location /core/logs/ {
        deny all;
    }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php-mycustom.conf;
  #include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Apr 21, 2019

as you previously used 301 permanent browser redirect it will still be cached in your browser until your clear your browser cache, restart browser and/or even reboot pc - hence why test with 302 temp redirect first

You can test in SSH to bypass 301 permanent browser cache via curl to check headers for location field (where the redirect goes) using the following commands:
Code (Text):
curl -I http://domain.com
Code (Text):
curl -I http://www.domain.com

skringjer · Apr 21, 2019

Here is the result of

curl -I Website Domains Names & Hosting | Domain.com
Code:
HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Apr 2019 11:15:08 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://mydomain.com/
Server: nginx centminmod
X-Powered-By: centminmod
curl -I Website Domains Names & Hosting | Domain.com
Code:
HTTP/1.1 302 Moved Temporarily
Date: Sun, 21 Apr 2019 11:16:20 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://mydomain.com/
Server: nginx centminmod
X-Powered-By: centminmod
tested the site in 2 different RPDs, completely clearing browser cache and trying new browsers still the error.

eva2000 · Apr 21, 2019

curl reports correct 302 redirect to location = non-www https so it's working just your browser cache is still in affect. You can use browser incognito/private mode to test and verify as that doesn't use browser cache

skringjer · Apr 21, 2019

Tested the site both in Incognito and Private mode, test it on another PC, Tested it in Tor Browser that i just downloaded right now

http://prntscr.com/neuk12

http://prntscr.com/neuka5

And 1 thing more this is my sites config.php file, will this interfere with the setup? i am running my site on VestsCP right now and intend to move if i can setup the test environment here,

Code:

<?php

/* main configuration file for script */
define("_CONFIG_SITE_HOST_URL", "mydomain.com");  /* site url host without the http:// and no trailing forward slash - i.e. www.mydomain.com or links.mydomain.com */
define("_CONFIG_SITE_FULL_URL", "mydomain.com");  /* full site url without the http:// and no trailing forward slash - i.e. www.mydomain.com/links or the same as the _CONFIG_SITE_HOST_URL */

/* database connection details */
define("_CONFIG_DB_HOST", "localhost");  /* database host name */
define("_CONFIG_DB_NAME", "heregoes my db name");    /* database name */
define("_CONFIG_DB_USER", "my db user name");    /* database username */
define("_CONFIG_DB_PASS", "my db pass");    /* database password */

/* set these to the main site host if you're using direct web server uploads/downloads to remote servers */
define("_CONFIG_CORE_SITE_HOST_URL", "mydomain.com");  /* site url host without the http:// and no trailing forward slash - i.e. www.mydomain.com or links.mydomain.com */
define("_CONFIG_CORE_SITE_FULL_URL", "mydomain.com");  /* full site url without the http:// and no trailing forward slash - i.e. www.mydomain.com/links or the same as the _CONFIG_SITE_HOST_URL */

define("_CONFIG_SCRIPT_VERSION", "4.5.2");    /* script version */

/* show database degug information on fail */
define("_CONFIG_DB_DEBUG", true);    /* this will display debug information when something fails in the DB - leave this as true if you're not sure */

/* which protcol to use, default is http */
define("_CONFIG_SITE_PROTOCOL", "https");

/* key used for encoding data within the site */
define("_CONFIG_UNIQUE_ENCRYPTION_KEY", "blablabla");

/* toggle demo mode */
define("_CONFIG_DEMO_MODE", false);    /* always leave this as false */

ini_set('memory_limit', '4096M');

skringjer · Apr 21, 2019

And i am using Letsencrypt from your guide.

skringjer · Apr 21, 2019

You can test my domain here it is, test.wopg.vip

eva2000 · Apr 21, 2019

skringjer said: ↑

You can test my domain here it is, test.wopg.vip
Click to expand...

did you import wordpress database from an existing install which had a different protocol used i.e. non-https default ?

if wordpress installed via centmin.sh menu option 22, what's output for these commands changing /home/nginx/domains/domain.com/public/ to the path to where you installed wordpress i.e. if domain.com/blog then it would be /home/nginx/domains/domain.com/public/blog
Code (Text):
cd /home/nginx/domains/domain.com/public/
wp option get siteurl --allow-root
wp option get home --allow-root

skringjer · Apr 21, 2019

I am not using wordpress, its a custom script

The site was previously hosted on https, i used centmin.sh option 2 to create the nginx vhost

skringjer · Apr 21, 2019

Here is my test.wopg.vip.ssl.conf

and 1 thing i disabled this test.wopg.vip.conf-disabled as highlighted in the guide, is this correct?

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name test.wopg.vip www.test.wopg.vip;
    return 302 https://test.wopg.vip$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name test.wopg.vip;

  ssl_dhparam /usr/local/nginx/conf/ssl/test.wopg.vip/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/test.wopg.vip/test.wopg.vip-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/test.wopg.vip/test.wopg.vip-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;
 
  return 302 https://test.wopg.vip$request_uri;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/test.wopg.vip/test.wopg.vip-acme.cer; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/test.wopg.vip/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/test.wopg.vip/log/error.log;

  root /home/nginx/domains/test.wopg.vip/public;

   # allow for paths ending with forward slashes
    rewrite ^/app/(.*)/ /plugins/webdav/site/control/$1 last;
    rewrite ^/app/(.*) /plugins/webdav/site/control/$1 last;

    # all webdav requests
    location /plugins/webdav/site/control/ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        gzip off;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        include fastcgi_params;
    }


     #location / {
        if (!-e $request_filename) {
            rewrite ^/(.*) /index.php?_page_url=$1 last;
        }
     #}

    location /files/ {
        internal;
    }

    # these locations would be hidden by .htaccess normally
    location /core/logs/ {
        deny all;
    }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php-mycustom.conf;
  #include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

skringjer · Apr 21, 2019

any help @eva2000 ?

eva2000 · Apr 22, 2019

you repeated in 2nd server{} context a 302 redirect in https vhost that's why
Code (Text):
return 302 https://test.wopg.vip$request_uri;

skringjer · Apr 22, 2019

ISSUES FIXED, thank you very much Eva000, finally will be a part of this great platform.

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

PHP-FPM 502 Bad Gateway Timeout HELP

skringjer Member

skringjer Member

skringjer Member

skringjer Member

eva2000 Administrator Staff Member

Nginx 502 or 504 Bad Gateway Errors

Checking PHP-FPM etc logs

How to edit php.ini and php-fpm configuration files ?

Troubleshooting Tools

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

skringjer Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

skringjer Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

PHP-FPM 502 Bad Gateway Timeout HELP

skringjer Member

skringjer Member

skringjer Member

skringjer Member

eva2000 Administrator Staff Member

Nginx 502 or 504 Bad Gateway Errors

Checking PHP-FPM etc logs

How to edit php.ini and php-fpm configuration files ?

Troubleshooting Tools

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

skringjer Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

skringjer Member

skringjer Member

eva2000 Administrator Staff Member

skringjer Member

.