Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx PageSpeed SSL Added Cloudflare, now getting 403 on pagespeed admin

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by tonmo, May 16, 2020.

  1. tonmo

    tonmo Member

    50
    1
    8
    Jul 20, 2019
    Ratings:
    +5
    Local Time:
    12:27 PM
    1.17.1
    5.5.5 (10.3.16-MariaDB)
    What would best troubleshooting steps be after enabling cloudflare, and now cannot access pagespeed admin? I've confirmed pagespeed handler and custom config is properly set, as well as vhost. (no changes made to these settings after enabling cloudflare...) Is there a guide for enabling cloudflare with pagespeed already installed?

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    3:27 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Did you uncomment and enable cloudflare.conf include file in your vhost to properly detect visitor's real IP address ? If not that ps admin control's whitelisted IPs would see cloudflare edge server's IP address and not your whitelisted ISP IP address. This would be then use tools/csfcf.sh auto cronjob to always update cloudflare.conf with latest Cloudflare know trusted IPs.

    From Nginx PageSpeed - CentminMod.com LEMP Nginx web stack for CentOS the pscontrol handler command with old the pagespeedhandler.conf file and that is where you would of whitelisted your ISP IP address to be able to see nginx pagespeed admin console.

    If you use a reverse proxy like Cloudflare, Sucuri, or Incapsula in front of Centmin Mod Nginx, you need to setup nginx realip to be passed onto Nginx.

    See Getting Started Guide step 5 and setting correct real ip via nginx module config at http://centminmod.com/nginx_configure_cloudflare.html. The tools/csfcf.sh cronjob mentioned below helps maintain the whitelisted CSF Firewall IPs, but you still need to setup nginx realip in your nginx vhost.

    If using Centmin Mod 123.09beta01 and newer, there's an added tools/csfcf.sh script to aid in this. Details at:
     
  3. tonmo

    tonmo Member

    50
    1
    8
    Jul 20, 2019
    Ratings:
    +5
    Local Time:
    12:27 PM
    1.17.1
    5.5.5 (10.3.16-MariaDB)
    No, I did not.... and I did not see that in my vhost's conf file... but I added it, based on this post after searching this forum:
    Wordpress - Plugin not working all of the time - takes long time to load

    But when I subsequently run nginx -t, I get the following:
    Code:
    nginx: [emerg] SSL_CTX_load_verify_locations("/usr/local/nginx/conf/ssl/cloudflare/[mydomain].com/origin.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/nginx/conf/ssl/cloudflare/[mydomain].com/origin.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    yep, that is properly configured.
     
  4. tonmo

    tonmo Member

    50
    1
    8
    Jul 20, 2019
    Ratings:
    +5
    Local Time:
    12:27 PM
    1.17.1
    5.5.5 (10.3.16-MariaDB)
    update: I was updating the ssl conf; now that I'm using cloudflare I switched back to the non-ssl conf.
     
  5. tonmo

    tonmo Member

    50
    1
    8
    Jul 20, 2019
    Ratings:
    +5
    Local Time:
    12:27 PM
    1.17.1
    5.5.5 (10.3.16-MariaDB)
    Last edited: May 17, 2020
  6. tonmo

    tonmo Member

    50
    1
    8
    Jul 20, 2019
    Ratings:
    +5
    Local Time:
    12:27 PM
    1.17.1
    5.5.5 (10.3.16-MariaDB)
  7. eva2000

    eva2000 Administrator Staff Member

    54,363
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    3:27 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+