Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx Nginx: [emerg] duplicate location "/"

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by skringjer, Jul 31, 2019.

  1. skringjer

    skringjer Member

    99
    12
    8
    Apr 21, 2019
    Ratings:
    +22
    Local Time:
    8:53 AM
    Greetings everyone and @eva2000 , today i recompiled nginx to enable brotli, in my presistant config i set these parameters
    Code:
    LETSENCRYPT_DETECT='y'
    STATICIP='y'
    PHP_PGO='y'
    NGXDYNAMIC_BROTLI='y'
    NGINX_LIBBROTLI='y'
    And after putting the last 2 parameters in the config file i recompiled by nginx via option 4 and since then, Nginx isn't restarting and giving me this error

    Code:
    nginx: [emerg] duplicate location "/" in /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf:66
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
    Here is my domains nginx conf
    Code:
    #x# HTTPS-DEFAULT
     server {
      
       server_name mydomain.co www.mydomain.co;
       return 302 https://mydomain.co$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name mydomain.co www.mydomain.co;
    
      include /usr/local/nginx/conf/ssl/mydomain.co/mydomain.co.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/mydomain.co/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.co/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.co/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.co/autoprotect-mydomain.co.conf;
      root /home/nginx/domains/mydomain.co/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/mydomain.co/wpcacheenabler_mydomain.co.conf;
      include /usr/local/nginx/conf/wpincludes/mydomain.co/wpsupercache_mydomain.co.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/mydomain.co/rediscache_mydomain.co.conf; 
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
     
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/mydomain.co/htpasswd_wplogin;   
        include /usr/local/nginx/conf/php-wpsc.conf;
        
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/mydomain.co/wpsecure_mydomain.co.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
     
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.co.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    And here is my nginx.conf
    Code:
    user              nginx nginx;
    worker_processes 4;
    worker_priority -10;
    
    worker_rlimit_nofile 520000;
    timer_resolution 100ms;
    
    pcre_jit on;
    include /usr/local/nginx/conf/dynamic-modules.conf;
    
    
    pid         logs/nginx.pid;
    
    events {
        worker_connections  80000;
        accept_mutex off;
        accept_mutex_delay 200ms;
        use epoll;
        #multi_accept on;
    }
    
    http {
    include /usr/local/nginx/conf/brotli_inc.conf;
    limit_req_zone $binary_remote_addr zone=xwprpc:10m rate=30r/s;
    
     map_hash_bucket_size 128;
     map_hash_max_size 4096;
     server_names_hash_bucket_size 128;
     server_names_hash_max_size 2048;
     variables_hash_max_size 2048;
    
     resolver 127.0.0.1 valid=10m;
     resolver_timeout 10s;
    
    limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
    #limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;
    
    # sets Centmin Mod headers via headers more nginx module
    # https://github.com/openresty/headers-more-nginx-module
    # don't remove the first 2 lines as centmin mod checks to see if they're
    # missing and re-adds them anyway. Just uncomment the 3rd & 4th lines
    # which is used to override the Server header to what you want = nginx
    # and remove the X-Powered-By header + restart nginx service
    # do not disable headers more nginx module itself as it's required for
    # other centmin mod features like redis nginx level caching & letsencrypt
    # integration in vhosts created by addons/acmetool.sh
    more_set_headers "Server: nginx centminmod";
    more_set_headers "X-Powered-By: centminmod";
    #more_set_headers "Server: nginx";
    #more_clear_headers "X-Powered-By";
    
    # uncomment cloudflare.conf include if using cloudflare for
    # server and/or vhost site + setup cron job for command
    # /usr/local/src/centminmod/tools/csfcf.sh auto
    # run the auto command once to populate cloudflare ips
    #include /usr/local/nginx/conf/cloudflare.conf;
    # uncomment incapsula.conf include if using incapsula for
    # server and/or vhost site + setup cron job for command
    # /usr/local/src/centminmod/tools/csfincapsula.sh auto
    # run the auto command once to popular incapsula ips
    #include /usr/local/nginx/conf/incapsula.conf;
    include /usr/local/nginx/conf/maintenance.conf;
    #include /usr/local/nginx/conf/vts_http.conf;
    include /usr/local/nginx/conf/geoip.conf;
    include /usr/local/nginx/conf/webp.conf;
    include /usr/local/nginx/conf/ssl_include.conf;
    #include /usr/local/nginx/conf/pagespeedadmin.conf;
    include /usr/local/nginx/conf/fastcgi_param_https_map.conf;
    include /usr/local/nginx/conf/redisupstream.conf;
    include /usr/local/nginx/conf/wpcacheenabler_map.conf;
    include /usr/local/nginx/conf/default_phpupstream.conf;
    
    log_format  main  '$remote_addr - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                    ' "$connection" "$connection_requests" "$request_time"';
    
    log_format  ddos-proxy '$remote_addr for $http_x_real_ip - $remote_user [$time_local] $request '
                    '"$status" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                    ' "$connection" "$connection_requests" "$request_time"';
    
    log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" '
                          '"$host" sn="$server_name" '
                          'rt=$request_time '
                          'ua="$upstream_addr" us="$upstream_status" '
                          'ut="$upstream_response_time" ul="$upstream_response_length" '
                          'cs=$upstream_cache_status' ;
    
    # only uncomment include line to enable it you have enabled ngx_brotli module
    # which is disabled by default https://community.centminmod.com/threads/10688/
    #include /usr/local/nginx/conf/log_format_brotli.conf;
    
    access_log  off;
    error_log   logs/error.log warn;
    
        index  index.php index.html index.htm;
        include       mime.types;
        default_type  application/octet-stream;
        charset utf-8;
    
    sendfile on;
    sendfile_max_chunk 512k;
    tcp_nopush  on;
    tcp_nodelay on;
    server_tokens off;
    server_name_in_redirect off;
    
    keepalive_timeout  5s;
    keepalive_requests 1000;
    lingering_time 20s;
    lingering_timeout 5s;
    keepalive_disable msie6;
    
    gzip on;
    gzip_vary   on;
    gzip_disable msie6;
    gzip_static on;
    gzip_min_length   1400;
    gzip_buffers      1024 8k;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_proxied    any;
    gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml;
    
    client_body_buffer_size 256k;
    client_body_in_file_only off;
    client_body_timeout 10s;
    client_header_buffer_size 64k;
    ## how long a connection has to complete sending
    ## it's headers for request to be processed
    client_header_timeout  10s;
    client_max_body_size 1024m;
    connection_pool_size  512;
    directio  4m;
    directio_alignment 512;
    ignore_invalid_headers on;       
    large_client_header_buffers 8 64k;
    output_buffers   1 512k;
    postpone_output  1460;
    proxy_temp_path  /tmp/nginx_proxy/;
    request_pool_size  32k;
    reset_timedout_connection on;
    send_timeout     60s;
    types_hash_max_size 2048;
    
    # for nginx proxy backends to prevent redirects to backend port
    # port_in_redirect off;
    
    open_file_cache max=50000 inactive=60s;
    open_file_cache_valid 120s;
    open_file_cache_min_uses 2;
    open_file_cache_errors off;
    open_log_file_cache max=10000 inactive=30s min_uses=2;
    
    ## limit number of concurrency connections per ip to 16
    ## add to your server {} section the next line
    ## limit_conn limit_per_ip 16;
    ## uncomment below line allows 500K sessions
    # limit_conn_log_level error;
    #######################################
    # use limit_zone for Nginx <v1.1.7 and lower
    # limit_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    # use limit_conn_zone for Nginx >v1.1.8 and higher
    # limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    
     include /usr/local/nginx/conf/conf.d/*.conf;
    }
    
    In both these files, there is only one location / block, but why am i getting that error?
     
  2. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    1:53 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    contents of autoprotect include file /usr/local/nginx/conf/autoprotect/mydomain.co/autoprotect-mydomain.co.conf ? if you have .htaccess in web root /, autoprotect may have added a location / match rule

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
    • Like Like x 1
  3. skringjer

    skringjer Member

    99
    12
    8
    Apr 21, 2019
    Ratings:
    +22
    Local Time:
    8:53 AM
    Contents of /usr/local/nginx/conf/autoprotect/mydomain.co/autoprotect-mydomain.co.conf and yes i have .htaccess i didnt know it would create the rules, because i thought it would just not work and left it there

    Code:
    # https://community.centminmod.com/posts/35394/
    # /home/nginx/domains/mydomain.co/public
    
    location / {
      location ~ ^/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
      location ~ ^/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
      location ~ ^/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
      location ~ ^/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
    }
    
    # https://community.centminmod.com/posts/35394/
    # /home/nginx/domains/mydomain.co/public/wp-content/cache/autoptimize
    
    location /wp-content/cache/autoptimize/ {
      location ~ ^/wp-content/cache/autoptimize/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
      location ~ ^/wp-content/cache/autoptimize/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
      location ~ ^/wp-content/cache/autoptimize/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
      location ~ ^/wp-content/cache/autoptimize/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
    }
    
    # /home/nginx/domains/mydomain.co/public/wp-content/uploads/sucuri
    location ~* ^/wp-content/uploads/sucuri/ { allow 127.0.0.1; deny all; }
    # /home/nginx/domains/mydomain.co/public/wp-content/uploads/download-manager-files
    location ~* ^/wp-content/uploads/download-manager-files/ { allow 127.0.0.1; deny all; }
    # /home/nginx/domains/mydomain.co/public/wp-content/uploads/delightful-downloads
    location ~* ^/wp-content/uploads/delightful-downloads/ { allow 127.0.0.1; deny all; }
    # /home/nginx/domains/mydomain.co/public/wp-content/uploads/wpcf7_uploads
    location ~* ^/wp-content/uploads/wpcf7_uploads/ { allow 127.0.0.1; deny all; }
    # centmin.sh menu option 22 installed WP bypass /home/nginx/domains/mydomain.co/public/wp-content/uploads
    
    # /home/nginx/domains/mydomain.co/public/wp-content/uploads/dlm_uploads
    location ~* ^/wp-content/uploads/dlm_uploads/ { allow 127.0.0.1; deny all; }
    # /home/nginx/domains/mydomain.co/public/.sucuriquarantine
    location ~* ^/.sucuriquarantine/ { allow 127.0.0.1; deny all; }
    
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    1:53 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup autoprotect created
    Code (Text):
    location / {
      location ~ ^/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
      location ~ ^/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
      location ~ ^/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
      location ~ ^/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
    }
    
     
    • Like Like x 1
  5. skringjer

    skringjer Member

    99
    12
    8
    Apr 21, 2019
    Ratings:
    +22
    Local Time:
    8:53 AM
    I just commented out this location block and issue fixed, i guess these rewrite rules in the .htaccess were created by a caching plugin, and i dont need them i think.
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    1:53 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    autoprotect.sh runs on a cronjob and re-add it back into autoprotect include file if .htaccess is still in web root /. Permanent fix is to remove the /.htaccess or use bypass file outlined in autoprotect.sh thread to tell autoprotect cron to skip auto generation of rule for /.htaccess detected file
     
    • Like Like x 1
  7. skringjer

    skringjer Member

    99
    12
    8
    Apr 21, 2019
    Ratings:
    +22
    Local Time:
    8:53 AM
    Yes thank you very much eva, i did not know about the cronjob and my site was down for 5 hours while i did not knew, i removed the .htaccess file permanently.
     
    • Like Like x 1
  8. skringjer

    skringjer Member

    99
    12
    8
    Apr 21, 2019
    Ratings:
    +22
    Local Time:
    8:53 AM
    @eva2000 after removing the .htaccess file i started getting 404 not found on my posts, tags, categories but the homepage is fine and in the error logs

    [error] 9188#9188: *58 "/home/nginx/domains/mydomain.com/public/category/soccer-pc-games/page/2/index.php" is not found

    I put back the .htaccess but nothings working.
     
  9. skringjer

    skringjer Member

    99
    12
    8
    Apr 21, 2019
    Ratings:
    +22
    Local Time:
    8:53 AM
    ISSUE FIXED, i dont know how did the Location block commented out, i didnt touch anything.
    Code:
    #x# HTTPS-DEFAULT
     server {
     
       server_name domainname.co www.domainname.co;
       return 302 https://domainname.co$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name domainname.co www.domainname.co;
    
      include /usr/local/nginx/conf/ssl/domainname.co/domainname.co.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domainname.co/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domainname.co/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/domainname.co/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domainname.co/autoprotect-domainname.co.conf;
      root /home/nginx/domains/domainname.co/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/domainname.co/wpcacheenabler_domainname.co.conf;
      include /usr/local/nginx/conf/wpincludes/domainname.co/wpsupercache_domainname.co.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/domainname.co/rediscache_domainname.co.conf;
    
    # location / {
    # include /usr/local/nginx/conf/503include-only.conf;
    #
    #
    #  # Enables directory listings when index file not found
    #  #autoindex  on;
    #
    #  # for wordpress super cache plugin
    #  try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    #
    #  # for wp cache enabler plugin
    #  #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    #
    #  # Wordpress Permalinks
    #  #try_files $uri $uri/ /index.php?q=$uri&$args;
    #
    #  # Nginx level redis Wordpress
    #  # https://community.centminmod.com/posts/18828/
    #  #try_files $uri $uri/ /index.php?$args;
    #
    #  }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/domainname.co/htpasswd_wplogin;  
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/domainname.co/wpsecure_domainname.co.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
     
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-domainname.co.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  10. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    1:53 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    no no do not comment out nginx vhost location / block ! that will break wordpress permalinks and give 404 errors

    you're meant to just follow autoprotect.sh bypass instructions listed above
     
    • Like Like x 1