Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx Need help with a Dynamic Image script

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by GamerJota, Nov 11, 2016.

  1. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    Hello guys,

    I was trying to do something simple, show a random image for an specific URL.

    The URL https://rayduxz.cl/avatar/dynamic.jpg should display a random image (2 at the moment).

    What it does its the following:

    Code:
      if ($request_uri ~* "^/avatar/dynamic.php") {
       set $skip_cache 1;
      }
    
      location ~* ^/avatar/dynamic.jpg {
            set $skip_cache 1;
            try_files $uri /avatar/dynamic.php;
      }
    
    I'm running Redis cache so I skip the cache for those.

    The PHP is the following one:

    Code:
    <?php
    
        $sigImage = array("avatar1.jpg", "avatar2.jpg");
    
        $sigIndex = rand(0, count($sigImage)-1);
        $sigImage = $sigImage[$sigIndex];
        $imageExt = explode(".", $sigImage);
        if(strtolower($imageExt[1]) == "jpg"){
           $image   = imagecreatefromjpeg($sigImage);
        }elseif(strtolower($imageExt[1]) == "png"){
           $image   = imagecreatefrompng($sigImage);
        }else{
           die("Unsupported filetype!");
        }
    
        header('Content-type: image/jpeg');
        imagejpeg($image, NULL, 100);
        imagedestroy($image);
    
    ?>
    

    The problem is that "dynamic.jpg" is apparently getting cached and it doesn't changes, but if you go directly to the PHP at https://rayduxz.cl/avatar/dynamic.php its working fine.

    Any ideas of what it could be? I tried adding "expires off;" at "location ~* ^/avatar/dynamic.jpg" but its still the same.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,155
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    7:12 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod default static files include file at /usr/local/nginx/conf/staticfiles.conf handles image extension files via Nginx.

    You may need to comment out or adjust that

    You can also use SSH command shortcut below to launch nano linux text editor and edit file /usr/local/nginx/conf/staticfiles.conf
    Code:
    statfilesinc
    or maybe break it out of static location match
    Code (Text):
    location ~* ^/avatar {
      location ~* ^/(avatar/dynamic.jpg) {
            set $skip_cache 1;
            expires off;
            try_files $uri /avatar/dynamic.php;
      }
    }
    
     
  3. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    Mmh...

    Your code makes the "dynamic.php" and "dynamic.jpg" to show the source code instead (both gets "dynamic.php" downloaded).

    I tried with:
    Code:
      if ($request_uri ~* "^/avatar/dynamic.php") {
            set $skip_cache 1;
      }
    
      location ~* ^/avatar/dynamic.jpg {
            set $skip_cache 1;
            expires off;
            try_files $uri /avatar/dynamic.php;
      }
    
    And commented out "include /usr/local/nginx/conf/staticfiles-hsts.conf".

    Still the same, "dynamic.jpg" shows always the same image but "dynamic.php" changes.
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,155
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    7:12 PM
    Nginx 1.13.x
    MariaDB 5.5
    Oh add the php.conf include file too
    Code (Text):
    location ~* ^/avatar {
      location ~* ^/(avatar/dynamic.jpg) {
            include /usr/local/nginx/conf/php.conf;
            set $skip_cache 1;
            expires off;
            try_files $uri /avatar/dynamic.php;
      }
    }
     
  5. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    Weird, I actually tried that but with "php-rediscache.conf" and it didn't work, now the "dynamic.jpg" shows the image but it still always the same for me.

    Could you please try and tell me if it changes for you?

    https://rayduxz.cl/avatar/dynamic.jpg
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,155
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    7:12 PM
    Nginx 1.13.x
    MariaDB 5.5
    You behind cloudflare ? could be cloudflare cache ?
     
  7. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    I'm behind CloudFlare but I got a rule to bypass cache, perfomance and apps for anything under /avatar/*
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,155
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    7:12 PM
    Nginx 1.13.x
    MariaDB 5.5
    still getting cached HTTP Header Check with an online CURL tool
    Code (Text):
    HTTP/1.1 200 OK
    Date: Fri, 11 Nov 2016 16:06:32 GMT
    Content-Type: application/octet-stream
    Content-Length: 569
    Connection: keep-alive
    Set-Cookie: __cfduid=d893683a0550774332227bcda547b47781478880392; expires=Sat, 11-Nov-17 16:06:32 GMT; path=/; domain=.rayduxz.cl; HttpOnly
    Last-Modified: Thu, 10 Nov 2016 23:39:57 GMT
    ETag: "5825054d-239"
    X-Powered-By: centminmod
    Strict-Transport-Security: max-age=31536000;
    CF-Cache-Status: HIT
    Expires: Fri, 11 Nov 2016 20:06:32 GMT
    Cache-Control: public, max-age=14400
    Accept-Ranges: bytes
    Server: cloudflare-nginx
    CF-RAY: 3002fdf3e88f2180-EWR
     
  9. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    Okay, cache and CloudFlare is starting to get me upset haha.

    CloudFlare rule:
    [​IMG]

    Code:
    HTTP/1.1 200 OK
    Date: Fri, 11 Nov 2016 16:48:47 GMT
    Content-Type: application/octet-stream
    Content-Length: 569
    Connection: keep-alive
    Set-Cookie: __cfduid=dd716a572ff696baedd15c65af65a342e1478882926; expires=Sat, 11-Nov-17 16:48:46 GMT; path=/; domain=.rayduxz.cl; HttpOnly
    Last-Modified: Thu, 10 Nov 2016 23:39:57 GMT
    ETag: "5825054d-239"
    X-Powered-By: centminmod
    Strict-Transport-Security: max-age=31536000;
    Accept-Ranges: bytes
    Server: cloudflare-nginx
    CF-RAY: 30033bd4bd7f21ce-EWR

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    map $http_host $blogid {
        default               0;
    
        include /home/nginx/domains/rayduxz.cl/public/wp-content/uploads/nginx-helper/map.conf;
    }
    server {
      listen 10.0.0.77:443 ssl http2;
      server_name rayduxz.cl www.rayduxz.cl rayduxz.com www.rayduxz.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/rayduxz.cl/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/rayduxz.cl/rayduxz.cl.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/rayduxz.cl/rayduxz.cl.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
      ssl_prefer_server_ciphers   on;
      #####add_header Alternate-Protocol  443:npn-spdy/3;
      # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
      # You'd want to include subdomains if you're using SSL wildcard certificates
      # include subdomain
      #add_header Public-Key-Pins 'pin-sha256="rekgpRzoLu70AcpIym0CNxxnlacJA6/59iJ+MiSAnGU="; pin-sha256="HDZ1iBAAlXg1TvjW3Ciw0hBXXy47n9x2h+LbOm4riRc="; max-age=86400; includeSubDomains';
      # exclude subdomains
      #add_header Public-Key-Pins 'pin-sha256="rekgpRzoLu70AcpIym0CNxxnlacJA6/59iJ+MiSAnGU="; pin-sha256="HDZ1iBAAlXg1TvjW3Ciw0hBXXy47n9x2h+LbOm4riRc="; max-age=86400';
      add_header Strict-Transport-Security "max-age=31536000;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #####spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/rayduxz.cl/rayduxz.cl-trusted.crt; 
    
      # ngx_pagespeed & ngx_pagespeed handler
      #include /usr/local/nginx/conf/pagespeed.conf;
      #include /usr/local/nginx/conf/pagespeedhandler.conf;
      #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/rayduxz.cl/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/rayduxz.cl/log/error.log;
     
      root /home/nginx/domains/rayduxz.cl/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      #include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }
    
      #include /usr/local/nginx/conf/wpincludes/rayduxz.cl/wpcacheenabler_rayduxz.cl.conf;
      #include /usr/local/nginx/conf/wpincludes/rayduxz.cl/wpsupercache_rayduxz.cl.conf;
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/wpincludes/rayduxz.cl/rediscache_rayduxz.cl.conf; 
    
      if ($request_uri ~* "^/ts3/banner.php") {
       set $skip_cache 1;
      }
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      try_files $uri $uri/ /index.php$is_args$args;
    
      }
    
    ### MULTISITE
    location ~ ^/[_0-9a-zA-Z-]+/files/(.*)$ {
            try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
            access_log off; log_not_found off; expires max;
    }
    
    #avoid php readfile()
    location ^~ /blogs.dir {
            internal;
            alias /var/www/example.com/htdocs/wp-content/blogs.dir ;
            access_log off; log_not_found off;      expires max;
    }
    
    # Rewrite multisite '.../wp-.*' and '.../*.php'.
    if (!-e $request_filename) {
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
        rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
        rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
    }
    
    ### MULTISITE END
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/rayduxz.cl/htpasswd_wplogin;   
        #include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* ^/avatar {
      location ~* ^/(avatar/dynamic.jpg) {
            include /usr/local/nginx/conf/php.conf;
            set $skip_cache 1;
            expires off;
            try_files $uri /avatar/dynamic.php;
      }
    }
    
      include /usr/local/nginx/conf/wpincludes/rayduxz.cl/wpsecure_rayduxz.cl.conf;
      #include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/php-rediscache.conf;
      #include /usr/local/nginx/conf/staticfiles.conf;
      #include /usr/local/nginx/conf/staticfiles-hsts.conf; 
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    
    }

    And now "dynamic.jpg" shows the source of "dynamic.php".
    I don't even know anymore o_O
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,155
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    7:12 PM
    Nginx 1.13.x
    MariaDB 5.5
    Never used multi-site wp before myself but for rest of troubleshooting you'd be on your own
     
  11. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    Alright, fair enough.

    What about a fresh generated vhost? "avatar.rayduxz.cl"

    CloudFlare rule:
    [​IMG]
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    server {
      listen 10.0.0.77:443 ssl http2;
      server_name avatar.rayduxz.cl;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/avatar.rayduxz.cl.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/avatar.rayduxz.cl.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
      # You'd want to include subdomains if you're using SSL wildcard certificates
      # include subdomain
      #add_header Public-Key-Pins 'pin-sha256="9lctBJeXkOc53B98vfLoPkOzxXDzwaFrJVDIy0YUZKQ="; pin-sha256="chLE/72yrgm5CtgpJhbufkrBOR6qW2mZoc2Fp7Peio8="; max-age=86400; includeSubDomains';
      # exclude subdomains
      #add_header Public-Key-Pins 'pin-sha256="9lctBJeXkOc53B98vfLoPkOzxXDzwaFrJVDIy0YUZKQ="; pin-sha256="chLE/72yrgm5CtgpJhbufkrBOR6qW2mZoc2Fp7Peio8="; max-age=86400';
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/avatar.rayduxz.cl-trusted.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/avatar.rayduxz.cl/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/avatar.rayduxz.cl/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/avatar.rayduxz.cl/autoprotect-avatar.rayduxz.cl.conf;
      root /home/nginx/domains/avatar.rayduxz.cl/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      } 
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      location ~* ^/rayduxz {
        location ~* ^/(rayduxz/dynamic.jpg) {
              include /usr/local/nginx/conf/php.conf;
              set $skip_cache 1;
              expires off;
              try_files $uri /rayduxz/dynamic.php;
        }
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    "https://avatar.rayduxz.cl/rayduxz/dynamic.jpg" downloads the "dynamic.php".
    So yeah, hehe. Not related to multisite.
    But I want to understand why this is happening, I can't seem to get it.
     
  12. GamerJota

    GamerJota New Member

    27
    4
    3
    Mar 1, 2016
    Chile
    Ratings:
    +12
    Local Time:
    6:12 AM
    1.11.2
    10.1.16-1
    Alright, now it's working.

    I'm using:
    Code:
      location ~* ^/rayduxz/dynamic.jpg {
            expires off;
            try_files $uri /rayduxz/dynamic.php;
      }
    
    Also commented out "include /usr/local/nginx/conf/staticfiles.conf;", if you don't sometimes it shows blank.

    Leaving this for reference if anyone finds it useful, so the key was "expires off;".

    Thank you @eva2000!
     
    • Informative Informative x 3
  13. eva2000

    eva2000 Administrator Staff Member

    30,155
    6,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,133
    Local Time:
    7:12 PM
    Nginx 1.13.x
    MariaDB 5.5
    sounds like that fixed it :)