/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress Certain static files: "expiration not specified"

Discussion in 'Blogs & CMS usage' started by jcat, Sep 22, 2016.

Previous Thread Next Thread
Loading...
  1. Sep 22, 2016 #1
    jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:03 AM
    Having trouble understanding why some static files are not setting their Cache-Control and Expires headers.

    Working:

    upload_2016-9-22_8-56-8.png

    Not working:
    upload_2016-9-22_8-57-5.png

    I noticed that all of the files that are having this issue are within the themes directory.

    Any ideas?
     
  2. Sep 22, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    4:03 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    Also for Wordpress post the wpsecure_domain.com.conf include file contents too. You may also have a /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf autoprotect include file
     
  3. Sep 22, 2016 #3
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    4:03 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    315306000 seconds is very long and not Centmin Mod default expire time of 30 days, did you edit it in staticfiles.conf include file ?
     
  4. Sep 22, 2016 #4
    jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:03 AM
    I did modify it, only the expire time as a test just to see if it would make any difference. Ill paste the configs shortly.
     
  5. Sep 22, 2016 #5
    jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:03 AM
    Code:
    # Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name domain.com;
#            return 301 $scheme://www.domain.com$request_uri;
#       }

server {

  server_name domain.com www.domain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  #include /usr/local/nginx/conf/wpincludes/domain.com/wpcacheenabler_domain.com.conf;
  #include /usr/local/nginx/conf/wpincludes/domain.com/wpsupercache_domain.com.conf;
  # https://community.centminmod.com/posts/18828/
  include /usr/local/nginx/conf/wpincludes/domain.com/rediscache_domain.com.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;


  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # for wp cache enabler plugin
  #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  # Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  try_files $uri $uri/ /index.php?$args;

  #W3TC
  #try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args ;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    #auth_basic "Private";
    #auth_basic_user_file /home/nginx/domains/domain.com/htpasswd_wplogin;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

  include /usr/local/nginx/conf/wpincludes/domain.com/wpsecure_domain.com.conf;
  #include /usr/local/nginx/conf/php-wpsc.conf;
  # https://community.centminmod.com/posts/18828/
  include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;

}

    Code:
    # prevent .zip, .gz, .tar, .bzip2 files from being accessed by default
# impossible for centmin mod to know which wp backup plugins they installed
# which may save backups to directories in wp-content/
# such plugins may deploy .htaccess protection but that isn't supported in
# nginx, so blocking access to these extensions is a workaround to cover all bases
location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }

location ~ ^/wp-content/updraft { deny all; }

location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
  include /usr/local/nginx/conf/php.conf;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}

# Whitelist Exception for https://wordpress.org/plugins/sparkpost/
location ~ ^/wp-content/plugins/sparkpost/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sendgrid-email-delivery-simplified/
location ~ ^/wp-content/plugins/sendgrid-email-delivery-simplified/ {
  include /usr/local/nginx/conf/php.conf;
}
# Whitelist Exception for https://wordpress.org/plugins/sendgrid-email-delivery-simplified/
location ~ ^/wp-content/themes/soledad/soundoff-data.php {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailgun/
location ~ ^/wp-content/plugins/mailgun/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailjet-for-wordpress/
location ~ ^/wp-content/plugins/mailjet-for-wordpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/easy-wp-smtp/
location ~ ^/wp-content/plugins/easy-wp-smtp/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/postman-smtp/
location ~ ^/wp-content/plugins/postman-smtp/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sendpress/
location ~ ^/wp-content/plugins/sendpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-mail-bank/
location ~ ^/wp-content/plugins/wp-mail-bank/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/theme-check/
location ~ ^/wp-content/plugins/theme-check/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/woocommerce/
location ~ ^/wp-content/plugins/woocommerce/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/woocommerce-csvimport/
location ~ ^/wp-content/plugins/woocommerce-csvimport/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/advanced-custom-fields/
location ~ ^/wp-content/plugins/advanced-custom-fields/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/contact-form-7/
location ~ ^/wp-content/plugins/contact-form-7/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/duplicator/
location ~ ^/wp-content/plugins/duplicator/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/jetpack/
location ~ ^/wp-content/plugins/jetpack/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/nextgen-gallery/
location ~ ^/wp-content/plugins/nextgen-gallery/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/tinymce-advanced/
location ~ ^/wp-content/plugins/tinymce-advanced/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/updraftplus/
location ~ ^/wp-content/plugins/updraftplus/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordpress-importer/
location ~ ^/wp-content/plugins/wordpress-importer/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordpress-seo/
location ~ ^/wp-content/plugins/wordpress-seo/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wpclef/
location ~ ^/wp-content/plugins/wpclef/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailchimp-for-wp/
location ~ ^/wp-content/plugins/mailchimp-for-wp/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-optimize/
location ~ ^/wp-content/plugins/wp-optimize/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/si-contact-form/
location ~ ^/wp-content/plugins/si-contact-form/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/akismet/
location ~ ^/wp-content/plugins/akismet/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/bbpress/
location ~ ^/wp-content/plugins/bbpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/buddypress/
location ~ ^/wp-content/plugins/buddypress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/all-in-one-seo-pack/
location ~ ^/wp-content/plugins/all-in-one-seo-pack/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/google-analytics-for-wordpress/
location ~ ^/wp-content/plugins/google-analytics-for-wordpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/regenerate-thumbnails/
location ~ ^/wp-content/plugins/regenerate-thumbnails/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
location ~ ^/wp-content/plugins/wp-pagenavi/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordfence/
location ~ ^/wp-content/plugins/wordfence/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/really-simple-captcha/
location ~ ^/wp-content/plugins/really-simple-captcha/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
location ~ ^/wp-content/plugins/wp-pagenavi/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/ml-slider/
location ~ ^/wp-content/plugins/ml-slider/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/black-studio-tinymce-widget/
location ~ ^/wp-content/plugins/black-studio-tinymce-widget/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/disable-comments/
location ~ ^/wp-content/plugins/disable-comments/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/plugins/better-wp-security/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/themes/soledad/ {
  include /usr/local/nginx/conf/php.conf;
}
# Whitelist Exception for http://wlmsocial.com/
location ~ ^/wp-content/plugins/wlm-social/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for mediagrid timthumb
location ~ ^/wp-content/plugins/media-grid/classes/ {
  include /usr/local/nginx/conf/php.conf;
}

# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}

# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
  deny all;
}

# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
return 444;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)$ {
return 444;
}

#disallow
location ~* (w00tw00t) {
return 444;
}

location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }
location ~* /(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z|txt)$ { deny all; }

    I removed the /usr/local/nginx/conf/autoprotect/ include to rule it out.
     
  6. Sep 22, 2016 #6
    jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:03 AM
    Oh wow, I just figured it out, its because of the added location in wpsecure_domain.com.conf

    Code:
    # Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/themes/soledad/ {
  include /usr/local/nginx/conf/php.conf;
}
    Just changed it to

    Code:
    # Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/themes/soledad/ {
  include /usr/local/nginx/conf/php.conf;
    add_header Access-Control-Allow-Origin *;
  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;

}

    Thanks for opening my eyes :)
     
  7. Sep 22, 2016 #7
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    4:03 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haha you beat me to it, was reading the previous post of yours and was about to write up :)

    Did you add that line yourself ? i don't recall whitelisting themes in wpsecure_domain.com.conf ?
     
  8. Sep 22, 2016 #8
    jcat

    jcat Member

    153
    22
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +64
    Local Time:
    2:03 AM
    I did yeah a while back yeah, we were getting forbidden errors coming from the themes directory. Thanks for your help as usual
     
  9. Sep 22, 2016 #9
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    4:03 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    makes sense then :)
     
Previous Thread Next Thread
Loading...

.