Nginx Need help with a Dynamic Image script

Hello guys,

I was trying to do something simple, show a random image for an specific URL.

The URL https://rayduxz.cl/avatar/dynamic.jpg should display a random image (2 at the moment).

What it does its the following:

Code:

  if ($request_uri ~* "^/avatar/dynamic.php") {
   set $skip_cache 1;
  }

  location ~* ^/avatar/dynamic.jpg {
        set $skip_cache 1;
        try_files $uri /avatar/dynamic.php;
  }

I'm running Redis cache so I skip the cache for those.

The PHP is the following one:

Spoiler: PHP code

Code:

<?php

    $sigImage = array("avatar1.jpg", "avatar2.jpg");

    $sigIndex = rand(0, count($sigImage)-1);
    $sigImage = $sigImage[$sigIndex];
    $imageExt = explode(".", $sigImage);
    if(strtolower($imageExt[1]) == "jpg"){
       $image   = imagecreatefromjpeg($sigImage);
    }elseif(strtolower($imageExt[1]) == "png"){
       $image   = imagecreatefrompng($sigImage);
    }else{
       die("Unsupported filetype!");
    }

    header('Content-type: image/jpeg');
    imagejpeg($image, NULL, 100);
    imagedestroy($image);

?>

The problem is that "dynamic.jpg" is apparently getting cached and it doesn't changes, but if you go directly to the PHP at https://rayduxz.cl/avatar/dynamic.php its working fine.

Any ideas of what it could be? I tried adding "expires off;" at "location ~* ^/avatar/dynamic.jpg" but its still the same.

 

Mmh...

Your code makes the "dynamic.php" and "dynamic.jpg" to show the source code instead (both gets "dynamic.php" downloaded).

I tried with:

Code:

  if ($request_uri ~* "^/avatar/dynamic.php") {
        set $skip_cache 1;
  }

  location ~* ^/avatar/dynamic.jpg {
        set $skip_cache 1;
        expires off;
        try_files $uri /avatar/dynamic.php;
  }

And commented out "include /usr/local/nginx/conf/staticfiles-hsts.conf".

Still the same, "dynamic.jpg" shows always the same image but "dynamic.php" changes.

 

Weird, I actually tried that but with "php-rediscache.conf" and it didn't work, now the "dynamic.jpg" shows the image but it still always the same for me.

Could you please try and tell me if it changes for you?

https://rayduxz.cl/avatar/dynamic.jpg

 

I'm behind CloudFlare but I got a rule to bypass cache, perfomance and apps for anything under /avatar/*

 

Okay, cache and CloudFlare is starting to get me upset haha.

CloudFlare rule:

Spoiler: HTTP Response Header

Code:

HTTP/1.1 200 OK
Date: Fri, 11 Nov 2016 16:48:47 GMT
Content-Type: application/octet-stream
Content-Length: 569
Connection: keep-alive
Set-Cookie: __cfduid=dd716a572ff696baedd15c65af65a342e1478882926; expires=Sat, 11-Nov-17 16:48:46 GMT; path=/; domain=.rayduxz.cl; HttpOnly
Last-Modified: Thu, 10 Nov 2016 23:39:57 GMT
ETag: "5825054d-239"
X-Powered-By: centminmod
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 30033bd4bd7f21ce-EWR

Spoiler: Complete .conf file

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

map $http_host $blogid {
    default               0;

    include /home/nginx/domains/rayduxz.cl/public/wp-content/uploads/nginx-helper/map.conf;
}
server {
  listen 10.0.0.77:443 ssl http2;
  server_name rayduxz.cl www.rayduxz.cl rayduxz.com www.rayduxz.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/rayduxz.cl/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/rayduxz.cl/rayduxz.cl.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/rayduxz.cl/rayduxz.cl.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
  ssl_prefer_server_ciphers   on;
  #####add_header Alternate-Protocol  443:npn-spdy/3;
  # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
  # You'd want to include subdomains if you're using SSL wildcard certificates
  # include subdomain
  #add_header Public-Key-Pins 'pin-sha256="rekgpRzoLu70AcpIym0CNxxnlacJA6/59iJ+MiSAnGU="; pin-sha256="HDZ1iBAAlXg1TvjW3Ciw0hBXXy47n9x2h+LbOm4riRc="; max-age=86400; includeSubDomains';
  # exclude subdomains
  #add_header Public-Key-Pins 'pin-sha256="rekgpRzoLu70AcpIym0CNxxnlacJA6/59iJ+MiSAnGU="; pin-sha256="HDZ1iBAAlXg1TvjW3Ciw0hBXXy47n9x2h+LbOm4riRc="; max-age=86400';
  add_header Strict-Transport-Security "max-age=31536000;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #####spdy_headers_comp 5;
  ssl_buffer_size 1400;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/rayduxz.cl/rayduxz.cl-trusted.crt; 

  # ngx_pagespeed & ngx_pagespeed handler
  #include /usr/local/nginx/conf/pagespeed.conf;
  #include /usr/local/nginx/conf/pagespeedhandler.conf;
  #include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/rayduxz.cl/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/rayduxz.cl/log/error.log;
 
  root /home/nginx/domains/rayduxz.cl/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
  #include /usr/local/nginx/conf/503include-main.conf;

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
   deny all;
  }

  #include /usr/local/nginx/conf/wpincludes/rayduxz.cl/wpcacheenabler_rayduxz.cl.conf;
  #include /usr/local/nginx/conf/wpincludes/rayduxz.cl/wpsupercache_rayduxz.cl.conf;
  # https://community.centminmod.com/posts/18828/
  include /usr/local/nginx/conf/wpincludes/rayduxz.cl/rediscache_rayduxz.cl.conf; 

  if ($request_uri ~* "^/ts3/banner.php") {
   set $skip_cache 1;
  }

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # for wp cache enabler plugin
  #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  # Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  try_files $uri $uri/ /index.php$is_args$args;

  }

### MULTISITE
location ~ ^/[_0-9a-zA-Z-]+/files/(.*)$ {
        try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
        access_log off; log_not_found off; expires max;
}

#avoid php readfile()
location ^~ /blogs.dir {
        internal;
        alias /var/www/example.com/htdocs/wp-content/blogs.dir ;
        access_log off; log_not_found off;      expires max;
}

# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;
    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
    rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}

### MULTISITE END

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    #auth_basic_user_file /home/nginx/domains/rayduxz.cl/htpasswd_wplogin;   
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* ^/avatar {
  location ~* ^/(avatar/dynamic.jpg) {
        include /usr/local/nginx/conf/php.conf;
        set $skip_cache 1;
        expires off;
        try_files $uri /avatar/dynamic.php;
  }
}

  include /usr/local/nginx/conf/wpincludes/rayduxz.cl/wpsecure_rayduxz.cl.conf;
  #include /usr/local/nginx/conf/php-wpsc.conf;
  # https://community.centminmod.com/posts/18828/
  include /usr/local/nginx/conf/php-rediscache.conf;
  #include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/staticfiles-hsts.conf; 
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;

}

And now "dynamic.jpg" shows the source of "dynamic.php".
I don't even know anymore

 

Alright, fair enough.

What about a fresh generated vhost? "avatar.rayduxz.cl"

CloudFlare rule:

Spoiler: Fresh virtual host .conf with your nginx script

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

server {
  listen 10.0.0.77:443 ssl http2;
  server_name avatar.rayduxz.cl;

  ssl_dhparam /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/avatar.rayduxz.cl.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/avatar.rayduxz.cl.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
  # You'd want to include subdomains if you're using SSL wildcard certificates
  # include subdomain
  #add_header Public-Key-Pins 'pin-sha256="9lctBJeXkOc53B98vfLoPkOzxXDzwaFrJVDIy0YUZKQ="; pin-sha256="chLE/72yrgm5CtgpJhbufkrBOR6qW2mZoc2Fp7Peio8="; max-age=86400; includeSubDomains';
  # exclude subdomains
  #add_header Public-Key-Pins 'pin-sha256="9lctBJeXkOc53B98vfLoPkOzxXDzwaFrJVDIy0YUZKQ="; pin-sha256="chLE/72yrgm5CtgpJhbufkrBOR6qW2mZoc2Fp7Peio8="; max-age=86400';
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/avatar.rayduxz.cl/avatar.rayduxz.cl-trusted.crt; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/avatar.rayduxz.cl/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/avatar.rayduxz.cl/log/error.log;

  include /usr/local/nginx/conf/autoprotect/avatar.rayduxz.cl/autoprotect-avatar.rayduxz.cl.conf;
  root /home/nginx/domains/avatar.rayduxz.cl/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
   deny all;
  } 

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }

  location ~* ^/rayduxz {
    location ~* ^/(rayduxz/dynamic.jpg) {
          include /usr/local/nginx/conf/php.conf;
          set $skip_cache 1;
          expires off;
          try_files $uri /rayduxz/dynamic.php;
    }
  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

"https://avatar.rayduxz.cl/rayduxz/dynamic.jpg" downloads the "dynamic.php".
So yeah, hehe. Not related to multisite.
But I want to understand why this is happening, I can't seem to get it.

 

Alright, now it's working.

I'm using:

Code:

  location ~* ^/rayduxz/dynamic.jpg {
        expires off;
        try_files $uri /rayduxz/dynamic.php;
  }

Also commented out "include /usr/local/nginx/conf/staticfiles.conf;", if you don't sometimes it shows blank.

Leaving this for reference if anyone finds it useful, so the key was "expires off;".

Thank you @eva2000!