Welcome to Centmin Mod Community
Become a Member

Beta Branch add HTTP/2 push optional patch support via NGINX_HTTPPUSH variable

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jun 7, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    4:55 AM
    Nginx 1.13.x
    MariaDB 5.5
    add HTTP/2 push optional patch support via NGINX_HTTPPUSH variable

    In Centmin Mod 123.09beta01+ and higher add Nginx HTTP/2 push support via Cloudflare patch https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/. Disabled by default with NGINX_HTTPPUSH='n' variable. Can enable prior to nginx recompile by setting NGINX_HTTPPUSH='y' variable in persistent config file /etc/centminmod/custom_config.inc and then running centmin.sh menu option 4 to recompile Nginx 1.11.12+ i.e. 1.13.1. Configuring HTTP/2 push after recompile is left to end user as instructions https://github.com/ghedo/http2-push-nginx-module

    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    4:55 AM
    Nginx 1.13.x
    MariaDB 5.5
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    4:55 AM
    Nginx 1.13.x
    MariaDB 5.5
  4. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    8:55 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Any help with this?
    I need to add NGINX_HTTPPUSH='y' variable in persistent config file and recompile nginx and after that add to mydomain.ssl.conf exatly what and where?
    This is my domain.conf
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name pijanitvor.com www.pijanitvor.com;
        return 301 https://www.$server_name$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name pijanitvor.com www.pijanitvor.com;
    
      ##  redirect https non-www to https www
          if ($host = 'pijanitvor.com' ) {
             return 301 https://www.pijanitvor.com$request_uri;
          }
     
      ssl_dhparam /usr/local/nginx/conf/ssl/pijanitvor.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/pijanitvor.com/pijanitvor.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20-draft:EECDH+CHACHA20:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
      ssl_prefer_server_ciphers   on;
      #######################add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      #######################spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
     
      #enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-trusted.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/pijanitvor.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/pijanitvor.com/log/error.log;
    
      root /home/nginx/domains/pijanitvor.com/public;
    
      location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$uri&$args;
           include /usr/local/nginx/conf/blockbots.conf;
        }
    
    ### ORIGINAL ###
    #location /internal_data/ {
    #        internal;
    #        allow 127.0.0.1;
    #        allow 94.237.29.18;
    #        deny all;
    #    }
    ### START Xon addon za attachment ###
        location ^~ /internal_data/ {
            add_header Etag $upstream_http_etag;
            add_header X-Frame-Options SAMEORIGIN;
            add_header X-Content-Type-Options nosniff;
            internal;
            allow 127.0.0.1;
            allow 94.237.29.18;
        }
    ### END Xon addon za attachment ###
        
        location /library/ {
            internal;
            allow 127.0.0.1;
            allow 94.237.29.18;
            deny all;
        }
     
      # prevent access to ./directories and files
            location ~ (?:^|/)\. {
       deny all;
            } 
    
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  5. knguyen2015

    knguyen2015 New Member

    5
    1
    3
    Aug 27, 2017
    Ratings:
    +1
    Local Time:
    2:55 PM
    1.12.1
    15.1
    Does anyone have sample configuration for WordPress? I'm trying to figure it out with this module but no luck.
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,152
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    4:55 AM
    Nginx 1.13.x
    MariaDB 5.5