Want more timely Centmin Mod News Updates?
Become a Member

CDN CDN Not Working

Discussion in 'Domains, DNS, Email & SSL Certificates' started by UsmanGTA, Nov 22, 2018.

Tags:
  1. UsmanGTA

    UsmanGTA New Member

    17
    2
    3
    Sep 14, 2017
    Ratings:
    +2
    Local Time:
    1:35 AM
    • CentOS Version: i.e. CentOS 7 64bit
    • Centmin Mod Version Installed:123.09beta01
    Hi,

    I am experiencing issues with enabling CDN on my website. I've tried a number of plugins but never got CDN to work. Basically, the issue is that images and other static files are being served via my own VPS rather than my CDN (BunnyCDN).

    I've tried several other CDNs but it doesn't seem to help...

    My site and address URL are both, Website Domains Names & Hosting | Domain.com so yeah, I'm not getting that wrong.

    What could be the issue?

    THANKS
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,433
    10,310
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,990
    Local Time:
    3:35 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you mention plugins you using wordpress or some script ? what specific plugins you using ?
     
  3. UsmanGTA

    UsmanGTA New Member

    17
    2
    3
    Sep 14, 2017
    Ratings:
    +2
    Local Time:
    1:35 AM
    I've tried CDN enabler, W3TC and am now using WP Fastest Cache....

    BTW... Created another server for another website... But Acmetools.sh isn't in the addons folder...

    /usr/local/src/centminmod/addons
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,433
    10,310
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,990
    Local Time:
    3:35 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    addons/acmetools.sh is 123.09beta01 only so not available in 123.08stable
     
  5. UsmanGTA

    UsmanGTA New Member

    17
    2
    3
    Sep 14, 2017
    Ratings:
    +2
    Local Time:
    1:35 AM
    CDN won't work... Just got a new server... Installed Centmin mod via menu 22 with Redis cache... It won't rewrite anything... I've purged the caches and everything it still won't work
     
  6. eva2000

    eva2000 Administrator Staff Member

    45,433
    10,310
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,990
    Local Time:
    3:35 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    check if wpsecure and/or autoprotect is blocking cdn plugins

    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  7. UsmanGTA

    UsmanGTA New Member

    17
    2
    3
    Sep 14, 2017
    Ratings:
    +2
    Local Time:
    1:35 AM
    Hi,

    I'm lost with all the codes.. I'm pretty familar with the other commands though. What if I just want to completely disable it? ;-; Really sorry for the hassle...
     
  8. UsmanGTA

    UsmanGTA New Member

    17
    2
    3
    Sep 14, 2017
    Ratings:
    +2
    Local Time:
    1:35 AM
    Added the # to the autoprotect line at the beginning and removed the autoprotect line from crontab -e followed by pasting this code at the end
    #0 */4 * * * /usr/local/src/centminmod/tools/autoprotect.sh

    Doesn't seem to be working
     
  9. eva2000

    eva2000 Administrator Staff Member

    45,433
    10,310
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,990
    Local Time:
    3:35 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what is CDN hostname used ? for CDN providers it would need to be separate from your main domain so if domain.com is main domain, CDN hostname would need to be something like cdn.domain.com

    make sure you have configured CDN hostname and DNS correctly

    probably need your real domain and CDN domain names to troubleshoot eventually for forum help

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    and for your CDN hostname replace cdn with subdomain you setup for your CDN
    Code (Text):
    curl -I http://cdn.domain.com
    

    wrap output in CODE tags
     
  10. UsmanGTA

    UsmanGTA New Member

    17
    2
    3
    Sep 14, 2017
    Ratings:
    +2
    Local Time:
    1:35 AM
    Hi,

    the cdn is geeksultd.b-cdn.net from BunnyCDN.... Now I am completely lost...