Welcome to Centmin Mod Community
Become a Member

Wordpress ERR_Connection_Refused 10 out of 100 times.

Discussion in 'Blogs & CMS usage' started by coldice, Dec 7, 2017.

  1. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
    Things I have done:
    Install Wordpress by 22 with no self-signed SSL Wordpress + Redis
    Installed self-signed SSL from vhost guide
    Added Positive SSL

    But most of the time I get the ERR_Connection_Refused error and when I refresh 5-8 times then page loads. I don't know whether my users are also getting the same error or not.
    I have 100k visitors per month. Earlier I hosted my website on Google Cloud now shifted to Contabo.

    Can someone tell me what's the problem with my WP installation?
    Should I reinstall centos 6 and centmin + WP + self-signed SSL then positive SSL?

    I need to do it immediately because I also purchase much traffic and I can't waste much time.

    Please, someone, help me out.

    Here
     
  2. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
  3. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  4. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
    Problem was with my VPS provider.
    At first I bought 6 GB RAM server to test which panel to use and how to use it because it was 1st time I bought a VPS. Then I upgraded it to 12 GB RAM server.
    But thier system did not deleted my 6GB RAM server and both 12GB & 6GB RAM servers were running on same IP.

    After every 2,5,10,15 minutes both the servers were switched automatically which was provider's fault. I figured it out by running free command and after 3-5 minutes it showed 6GB RAM and sometimes 12GB RAM.

    Now they removed old 6GB RAM server and only 12GB RAM server is running & I am not getting any kind of error.

    As you stated above commands I have quoted the results. Please check it let me know if everything is fine or not.

    Code (Text):
    [17:40][root@vmi1server ~]# curl -I https://domain.com
    HTTP/1.1 200 OK
    Date: Fri, 08 Dec 2017 17:40:26 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Vary: Accept-Encoding, Cookie
    Cache-Control: max-age=3, must-revalidate
    Server: nginx centminmod
    X-Powered-By: centminmod
    Strict-Transport-Security: max-age=31536000; includeSubdomains;
    
    [17:40][root@vmi1server ~]# curl -I https://www.domain.com
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 08 Dec 2017 17:40:36 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://domain.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    Strict-Transport-Security: max-age=31536000; includeSubdomains;
    
    [17:40][root@vmi1server ~]# curl -I http://www.domain.com
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 08 Dec 2017 17:40:47 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://domain.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    [17:40][root@vmi1server ~]# curl -I http://domain.com                                                                                      
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 08 Dec 2017 17:40:53 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://domain.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    [17:40][root@vmi1server ~]#
    


    I have some questions now because I am facing some minor problems.
    In google webmaster I am getting sitemap error. It says links are blocked by robots.txt
    But everything is allowed in robots.txt except /wp-admin/

    I installed wordpress with option 22 - Wordpress + Redis + self-singed SSL which I replaced it with positiveSSL.

    I have my regional language website(Hindi). So, if I use post name as permalinks it will be like this %20%E0%A4%9C%E0%A5%81%E0%A5%9C%20%E0%A4%9C%E0%A4%BE%E0%A4%8F%E0%A4%82%20%E0%A4%A4%E0%A5%8B%20%E0%A4%A6%E0%A5%87%E0%A4%B6%20%E0%A4%95%E0%A5%80%20%E0%A4%9C%E0%A5%

    So, to overcome this I am using /%post_id% in permalinks.
    Please let me know what should I do to keep %post_id% as permalinks.
    Currently, I have 6k pages indexed in google and don't want my website to get downgraded.

    Since I have configured the SSL with self-signed the domain.ssl.conf does not contains any line which contains redis. Do I need to configure something in .conf for this?

    I have used domain.conf-disable from one of the article to redirect http to https.

    I have attached domain.ssl.conf

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name mydomain.com www.mydomain.com;
        return 302 https://mydomain.com$request_uri;
    # define error page
    error_page 404 = @notfound;
    
    # error page location redirect 301
    location @notfound {
        return 301 /;
    }
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.com www.mydomain.com;
     ##  redirect https www to https non-www
          if ($host = 'www.mydomain.com' ) {
             return 302 https://mydomain.com$request_uri;
          }
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
     #  enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
     resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
     ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      root /home/nginx/domains/mydomain.com/public;
    
      location / {
        # Wordpress Permalinks
        try_files $uri $uri/ /index.php?q=$request_uri;
    
        include /usr/local/nginx/conf/wpsecure.conf;
        include /usr/local/nginx/conf/wpnocache.conf;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    include /usr/local/nginx/conf/sitemap-config.conf;
    }
    
     
    Last edited: Dec 9, 2017
  5. bassie

    bassie Active Member

    574
    125
    43
    Apr 29, 2016
    Ratings:
    +379
    Local Time:
    2:22 AM
    Google to Contabo? Why? Price?
    The node where your vps server is located seems oversold like ....
    I have had several experiences with Contabo.
    Advice: Migrate to a decent provider.

    100k visitors should be easy on a system with these first specifications.
    100k visitors seems like a pretty important site. I would never put that on Contabo.

    Contabo is fun for test work or family photos but not for production.

    My two cents.
     
  6. pamamolf

    pamamolf Well-Known Member

    2,836
    253
    83
    May 31, 2014
    Ratings:
    +449
    Local Time:
    3:22 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Contabo offers outdated hardware and over sold for sure :(
     
  7. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
    Here's my specs:
    Code (Text):
    cat /proc/cpuinfo
    processor       : 0
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 63
    model name      : Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
    stepping        : 2
    microcode       : 1
    cpu MHz         : 2399.994
    cache size      : 4096 KB
    physical id     : 0
    siblings        : 4
    core id         : 0
    cpu cores       : 4
    apicid          : 0
    initial apicid  : 0
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good unfair_spinlock pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat xsaveopt fsgsbase bmi1 avx2 smep bmi2 erms invpcid
    bogomips        : 4799.98
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 40 bits physical, 48 bits virtual
    power management:
    
    processor       : 1
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 63
    model name      : Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
    stepping        : 2
    microcode       : 1
    cpu MHz         : 2399.994
    cache size      : 4096 KB
    physical id     : 0
    siblings        : 4
    core id         : 1
    cpu cores       : 4
    apicid          : 1
    initial apicid  : 1
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good unfair_spinlock pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat xsaveopt fsgsbase bmi1 avx2 smep bmi2 erms invpcid
    bogomips        : 4799.98
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 40 bits physical, 48 bits virtual
    power management:
    
    processor       : 2
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 63
    model name      : Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
    stepping        : 2
    microcode       : 1
    cpu MHz         : 2399.994
    cache size      : 4096 KB
    physical id     : 0
    siblings        : 4
    core id         : 2
    cpu cores       : 4
    apicid          : 2
    initial apicid  : 2
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good unfair_spinlock pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat xsaveopt fsgsbase bmi1 avx2 smep bmi2 erms invpcid
    bogomips        : 4799.98
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 40 bits physical, 48 bits virtual
    power management:
    
    processor       : 3
    vendor_id       : GenuineIntel
    cpu family      : 6
    model           : 63
    model name      : Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
    stepping        : 2
    microcode       : 1
    cpu MHz         : 2399.994
    cache size      : 4096 KB
    physical id     : 0
    siblings        : 4
    core id         : 3
    cpu cores       : 4
    apicid          : 3
    initial apicid  : 3
    fpu             : yes
    fpu_exception   : yes
    cpuid level     : 13
    wp              : yes
    flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good unfair_spinlock pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat xsaveopt fsgsbase bmi1 avx2 smep bmi2 erms invpcid
    bogomips        : 4799.98
    clflush size    : 64
    cache_alignment : 64
    address sizes   : 40 bits physical, 48 bits virtual
    power management:
    
    cat /proc/meminfo
    MemTotal:       12198064 kB
    MemFree:         9937120 kB
    Buffers:           27848 kB
    Cached:           152436 kB
    SwapCached:            0 kB
    Active:          1856244 kB
    Inactive:         119500 kB
    Active(anon):    1795476 kB
    Inactive(anon):     1312 kB
    Active(file):      60768 kB
    Inactive(file):   118188 kB
    Unevictable:           0 kB
    Mlocked:               0 kB
    SwapTotal:       1048572 kB
    SwapFree:        1048572 kB
    Dirty:                16 kB
    Writeback:             0 kB
    AnonPages:       1752344 kB
    Mapped:            32684 kB
    Shmem:              1332 kB
    Slab:             174244 kB
    SReclaimable:     146992 kB
    SUnreclaim:        27252 kB
    KernelStack:        3360 kB
    PageTables:         9376 kB
    NFS_Unstable:          0 kB
    Bounce:                0 kB
    WritebackTmp:          0 kB
    CommitLimit:     7147604 kB
    Committed_AS:    3880104 kB
    VmallocTotal:   34359738367 kB
    VmallocUsed:       41040 kB
    VmallocChunk:   34359611712 kB
    HardwareCorrupted:     0 kB
    AnonHugePages:   1562624 kB
    HugePages_Total:       0
    HugePages_Free:        0
    HugePages_Rsvd:        0
    HugePages_Surp:        0
    Hugepagesize:       2048 kB
    DirectMap4k:        6016 kB
    DirectMap2M:     2091008 kB
    DirectMap1G:    10485760 kB
    


    Should move to ssdnodes? Their price is same as contabo and RAM,CPU is also same. Only difference is ssdnodes have 80GB non scaleable drive. While contabo gave me 300GB SSD.

    Kindly suggest me if I should move to ssdnodes or not because at Contabo I am paying on monthly basis and currently I have paid for 1 month only.

    *ssdnodes also provides the same CPU.
     
    Last edited: Dec 9, 2017
  8. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    you already set the post_id as permalink in wordpress admin ?? if so you don't have to do anything else. If you haven't set it yet, then just set it
    wow never heard of something like that happening before ! glad that's sorted
    centmin mod doesn't setup any robots.txt so unless you uploaded one yourself ? Are you using some wp plugin for sitemaps ? if so, maybe need a nginx rewrite rule ? double check with wp sitemap developer/plugin author for nginx rewrite rules
    look in your disabled domain.com.conf non-https vhost generated via centmin.sh menu 22, you should have redis related include files which you need to replicate settings across to your https domain.com.ssl.conf vhost. If unsure, you can setup a test vps or local virtualbox centminmod instance and do a default https based centmin.sh menu option 22 wp install on test vps and inspect that domain.com.ssl.conf vhost to copy over to live server copy the syntax.
     
  9. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
    Yes, I already did that right after installing via 22 because my old posts were on same settings and I needed to import them.

    I did used my old robots.txt because google webmaster was not able to index the sitemap. My current sitemap is:
    User-agent: *
    Disallow: /wp-admin/
    Allow: /wp-admin/admin-ajax.php
    Allow: /sitemap-index-1.xml
    Allow: /sitemap-1.xml
    Allow: /sitemap-2.xml
    Allow: /sitemap-3.xml
    Allow: /

    Sitemap: https://domain.com/sitemap-1.xml
    Sitemap: https://domain.com/sitemap-2.xml
    Sitemap: https://domain.com/sitemap-3.xml
    Sitemap: https://domain.com/sitemap-index-1.xml
    I think after using my own robots.txt + yoast sitemap, problem is solved in webmaster. I have to wait to 1-2 days to check if links are indexed or not.

    I did disable domain.com.conf via domain.com.conf-disable
    I will try to get redis config on ssl.conf
    But, I installed redis object cache plugin and it gets connected to my local redis server. Is it working or I need to add the redis configuration in ssl.conf because currently there's no word with redis in it.
     
  10. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes that works out of box once you setup ip and port in redis object cache plugin settings
     
  11. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
    Here's my current ssl.conf:
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name mydomain.com www.mydomain.com;
        return 302 https://mydomain.com$request_uri;
    # define error page
    error_page 404 = @notfound;
    
    # error page location redirect 301
    location @notfound {
        return 301 /;
    }
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.com www.mydomain.com;
     ##  redirect https www to https non-www
          if ($host = 'www.mydomain.com' ) {
             return 302 https://mydomain.com$request_uri;
          }
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
     #  enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
     resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
     ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      root /home/nginx/domains/mydomain.com/public;
    
      location / {
        # Wordpress Permalinks
        try_files $uri $uri/ /index.php?q=$request_uri;
    
        include /usr/local/nginx/conf/wpsecure.conf;
        include /usr/local/nginx/conf/wpnocache.conf;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    include /usr/local/nginx/conf/sitemap-config.conf;
    }
    


    Should I make changes in it or not because redis plugin is connected to local redis server.
     
  12. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    and your disabled non-https vhost contents ?
     
  13. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
    Yes, only ssl.conf is used
     
  14. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    but can you share the contents of the disabled non-https vhost
     
  15. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29
  16. eva2000

    eva2000 Administrator Staff Member

    31,021
    6,924
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,430
    Local Time:
    11:22 AM
    Nginx 1.13.x
    MariaDB 5.5
    yup if you're using redis cache on https vhost, you need to migrate from non-https disabled vhost most of the settings to replace existing https vhost ones i..e


    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name mydomain.com www.mydomain.com;
        return 302 https://mydomain.com$request_uri;
    # define error page
    error_page 404 = @notfound;
    
    # error page location redirect 301
    location @notfound {
        return 301 /;
    }
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.com www.mydomain.com;
     ##  redirect https www to https non-www
          if ($host = 'www.mydomain.com' ) {
             return 302 https://mydomain.com$request_uri;
          }
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
     #  enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
     resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
     ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/ssl-trusted.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.com/autoprotect-mydomain.com.conf;
      root /home/nginx/domains/mydomain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      #include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/wpcacheenabler_mydomain.com.conf;
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/wpsupercache_mydomain.com.conf;
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/wpincludes/mydomain.com/rediscache_mydomain.com.conf; 
    
      location / {
      #include /usr/local/nginx/conf/503include-only.conf;
     
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;   
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args; 
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/mydomain.com/htpasswd_wplogin; 
        #include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/mydomain.com/wpsecure_mydomain.com.conf;
      #include /usr/local/nginx/conf/php-wpsc.conf;
     
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/php-rediscache.conf;
     
      include /usr/local/nginx/conf/staticfiles.conf;
      #include /usr/local/nginx/conf/php.conf;
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
      include /usr/local/nginx/conf/sitemap-config.conf;
    }
    
     
    • Like Like x 1
  17. coldice

    coldice Member

    35
    1
    8
    Nov 27, 2017
    India
    Ratings:
    +2
    Local Time:
    6:52 AM
    1.13.7
    10.1.29

    Thanks, I have replace my ssl.conf with the this code.