Join the community today
Register Now

Nginx Nginx http to https can’t be reached

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by YuchiRO, May 5, 2017.

  1. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 7 64bit ?
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.13.0
    • PHP Version Installed: 7.0.15
    • MariaDB MySQL Version Installed: 10.1.21
    • When was last time updated Centmin Mod code base ? : i.e. run centmin.sh menu option 23 submenu option 2
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command:

      cat /etc/centminmod/custom_config.inc


      Post output in CODE tags.
    Code:
    cat /etc/centminmod/custom_config.inc
    NGINX_PAGESPEED=y
    ORESTY_LUANGINX=y
    NGINX_XSLT='n'
    NGINX_LIBBROTLI='y'
    NGXDYNAMIC_XSLT='n'
    NGXDYNAMIC_IMAGEFILTER='y'
    NGXDYNAMIC_GEOIP='y'
    NGXDYNAMIC_STREAM='y'
    NGXDYNAMIC_HEADERSMORE='y'
    NGXDYNAMIC_SETMISC='y'
    NGXDYNAMIC_ECHO='y'
    NGXDYNAMIC_SRCCACHE='y'
    NGXDYNAMIC_MEMC='y'
    NGXDYNAMIC_REDISTWO='y'
    NGXDYNAMIC_NGXPAGESPEED='y'
    NGXDYNAMIC_BROTLI='y'
    PHPMSSQL='y'
    PHP_PGO='y'
    PHP_PGO_CENTOSSIX='y'
    NGINX_DEVTOOLSETGCC='y'
    GENERAL_DEVTOOLSETGCC='y'
    CLANG='n'
    LIBRESSL_SWITCH='n'
    

    Hi

    My site is wordpress, i using cloudflare too. I try to use Really Simple SSL plugin to force http to https but .. when test https i got issue "This site can’t be reached".

    It's free ssl from Cloudflare dont need add Certificates. I used Flexible mode on Cloudflare.

    I have others site with similar config working well with Really Simple SSL .

    I dont know where to found this problem ...:(

    Thanks.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
  3. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    My issue is not Redirect loop.

    Code:
    This site can’t be reached
    
    abc.com refused to connect.
    Try:
    Checking the connection
    Checking the proxy and the firewall
    ERR_CONNECTION_REFUSED
    Btw, i try with your suggestion but same problem. I have Really Simple SSL on others and working fine. Dont know what's wrong with this server :(
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    If you use a reverse proxy in front of Centmin Mod Nginx, you need to setup nginx realip to be passed onto Nginx.

    See Getting Started Guide step 4 and setting correct real ip via nginx module config at http://centminmod.com/nginx_configure_cloudflare.html.

    If using Centmin Mod 123.09beta01 and newer, there's an added tools/csfcf.sh script to aid in this. Details at:
    You just need to setup a cronjob to run
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh auto

    and ensure your nginx.conf http{} context has the include file /usr/local/nginx/conf/cloudflare.conf and/or your individual nginx vhost's server contexts has the same include file
    Code (Text):
    http {
    map_hash_bucket_size 128;
    map_hash_max_size 2048;
    server_names_hash_bucket_size 128;
    server_names_hash_max_size 2048;
    
    limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
    #limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;
    
    more_set_headers "Server: nginx centminmod";
    more_set_headers "X-Powered-By: centminmod";
    
    include /usr/local/nginx/conf/cloudflare.conf;
    include /usr/local/nginx/conf/maintenance.conf;
    include /usr/local/nginx/conf/vts_http.conf;
    include /usr/local/nginx/conf/geoip.conf;
    #include /usr/local/nginx/conf/pagespeedadmin.conf;
    include /usr/local/nginx/conf/fastcgi_param_https_map.conf;

    Then restart nginx server via command shortcut
    Code (Text):
    ngxrestart

    or
    Code (Text):
    service nginx restart
     
  5. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Added cloudflare and updated ip but same problem, i check csf open port 443 too.
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    how are you testing connection ?
     
  7. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Really Simple SSL plugin allow test by change http to https

    Code:
    "No SSL was detected. If you do have an ssl certificate, try to reload this page over https by clicking this link: reload over https. You can check your certificate on Qualys SSL Labs"
    May i need add listen 443 on my domain config file ?
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    Cloudflare flexible SSL can take up to 24hrs to issue SSL certificate before it's available for use. When did you add domain/enable flexible SSL ?

    Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    output from
    Code (Text):
    curl -Iv https://domain.com
    

    Code (Text):
    curl -Iv http://domain.com
    
     
  9. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    When did you add domain/enable flexible SSL ?

    My domain added to CloudFlare few months ago with Flexible enable by default.

    Code:
     curl -Iv https://abc.com
    * About to connect() to abc.com port 443 (#0)
    *   Trying 104.18.55.5...
    * Connected to abc.com (104.18.55.5) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=sni161733.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
    *       start date: Apr 28 00:00:00 2017 GMT
    *       expire date: Nov 04 23:59:59 2017 GMT
    *       common name: sni161733.cloudflaressl.com
    *       issuer: CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: abc.com
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Thu, 04 May 2017 18:00:15 GMT
    Date: Thu, 04 May 2017 18:00:15 GMT
    < Content-Type: text/html; charset=UTF-8
    Content-Type: text/html; charset=UTF-8
    < Connection: keep-alive
    Connection: keep-alive
    < Set-Cookie: __cfduid=d6ee017bc2e17a9a7eebe4c1e2f27e0b21493920815; expires=Fri, 04-May-18 18:00:15 GMT; path=/; domain=.abc.com; HttpOnly
    Set-Cookie: __cfduid=d6ee017bc2e17a9a7eebe4c1e2f27e0b21493920815; expires=Fri, 04-May-18 18:00:15 GMT; path=/; domain=.abc.com; HttpOnly
    < Vary: Accept-Encoding
    Vary: Accept-Encoding
    < Set-Cookie: PHPSESSID=8j4e1dq6o3kihntj4kbbe4ts33; path=/
    Set-Cookie: PHPSESSID=8j4e1dq6o3kihntj4kbbe4ts33; path=/
    < Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    < Cache-Control: no-store, no-cache, must-revalidate
    Cache-Control: no-store, no-cache, must-revalidate
    < Pragma: no-cache
    Pragma: no-cache
    < Link: <https://abc.com/wp-json/>; rel="https://api.w.org/"
    Link: <https://abc.com/wp-json/>; rel="https://api.w.org/"
    < Link: <https://abc.com/>; rel=shortlink
    Link: <https://abc.com/>; rel=shortlink
    < X-Powered-By: centminmod
    X-Powered-By: centminmod
    < X-Cache: BYPASS
    X-Cache: BYPASS
    < X-Cache-2: BYPASS
    X-Cache-2: BYPASS
    < Server: cloudflare-nginx
    Server: cloudflare-nginx
    < CF-RAY: 359d5bc69a8a2635-DFW
    CF-RAY: 359d5bc69a8a2635-DFW
    
    <
    * Connection #0 to host abc.com left intact
    
    Code:
    curl -Iv http://abc.com
    * About to connect() to abc.com port 80 (#0)
    *   Trying 104.18.54.5...
    * Connected to abc.com (104.18.54.5) port 80 (#0)
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: abc.com
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Thu, 04 May 2017 18:02:44 GMT
    Date: Thu, 04 May 2017 18:02:44 GMT
    < Content-Type: text/html; charset=UTF-8
    Content-Type: text/html; charset=UTF-8
    < Connection: keep-alive
    Connection: keep-alive
    < Set-Cookie: __cfduid=d2fb459b98434f176d607d5301ab9e4ec1493920963; expires=Fri, 04-May-18 18:02:43 GMT; path=/; domain=.abc.com; HttpOnly
    Set-Cookie: __cfduid=d2fb459b98434f176d607d5301ab9e4ec1493920963; expires=Fri, 04-May-18 18:02:43 GMT; path=/; domain=.abc.com; HttpOnly
    < Vary: Accept-Encoding
    Vary: Accept-Encoding
    < Set-Cookie: PHPSESSID=fne0pqqr74kq5bs6d6od9h6p64; path=/
    Set-Cookie: PHPSESSID=fne0pqqr74kq5bs6d6od9h6p64; path=/
    < Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    < Cache-Control: no-store, no-cache, must-revalidate
    Cache-Control: no-store, no-cache, must-revalidate
    < Pragma: no-cache
    Pragma: no-cache
    < Link: <http://abc.com/wp-json/>; rel="https://api.w.org/"
    Link: <http://abc.com/wp-json/>; rel="https://api.w.org/"
    < Link: <http://abc.com/>; rel=shortlink
    Link: <http://abc.com/>; rel=shortlink
    < X-Powered-By: centminmod
    X-Powered-By: centminmod
    < X-Cache: BYPASS
    X-Cache: BYPASS
    < X-Cache-2: BYPASS
    X-Cache-2: BYPASS
    < Server: cloudflare-nginx
    Server: cloudflare-nginx
    < CF-RAY: 359d5f6307010926-DFW
    CF-RAY: 359d5f6307010926-DFW
    
    <
    * Connection #0 to host abc.com left intact
    
    Cloudflare config force http to https by default too, so i dont need config on nginx.

    I have 2nd server with 123.09beta01. Dont need to change any config, just add and active plugin Really Simple SSL and https work like charm. (that's how noob did :))
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    looks good there from curl at least
     
  11. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Ya, all look good but cant change to https :(
     
  12. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
  13. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    what does the contents of your wpincludes look like now ? wrap in CODE tags. Also make sure to restart nginx and php-fpm after editing changes.
     
  14. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Yes, i use nprestart after change this config file.

    Code:
    # prevent .zip, .gz, .tar, .bzip2 files from being accessed by default
    # impossible for centmin mod to know which wp backup plugins they installed
    # which may save backups to directories in wp-content/
    # such plugins may deploy .htaccess protection but that isn't supported in
    # nginx, so blocking access to these extensions is a workaround to cover all bases
    
    # prepare for letsencrypt
    # https://community.centminmod.com/posts/17774/
    location ~ /.well-known {
      location ~ /.well-known/acme-challenge/(.*) {
        more_set_headers    "Content-Type: text/plain";
        }
    }
    
    # allow AJAX requests in themes and plugins
    location ~ ^/wp-admin/admin-ajax.php$ { allow all; include /usr/local/nginx/conf/php.conf; }
    
    location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }
    
    location ~ ^/wp-content/uploads/sucuri { deny all; }
    
    location ~ ^/wp-content/updraft { deny all; }
    
    # Block nginx-help log from public viewing
    location ~* /wp-content/uploads/nginx-helper/ { deny all; }
    
    location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    location ~* /(?:uploads|files)/.*\.php$ { deny all; }
    
    
    # Whitelist Exception for https://wordpress.org/plugins/sparkpost/
    location ~ ^/wp-content/plugins/sparkpost/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/sendgrid-email-delivery-simplified/
    location ~ ^/wp-content/plugins/sendgrid-email-delivery-simplified/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/mailgun/
    location ~ ^/wp-content/plugins/mailgun/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/mailjet-for-wordpress/
    location ~ ^/wp-content/plugins/mailjet-for-wordpress/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/easy-wp-smtp/
    location ~ ^/wp-content/plugins/easy-wp-smtp/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/postman-smtp/
    location ~ ^/wp-content/plugins/postman-smtp/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/sendpress/
    location ~ ^/wp-content/plugins/sendpress/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-mail-bank/
    location ~ ^/wp-content/plugins/wp-mail-bank/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/theme-check/
    location ~ ^/wp-content/plugins/theme-check/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/woocommerce/
    location ~ ^/wp-content/plugins/woocommerce/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/woocommerce-csvimport/
    location ~ ^/wp-content/plugins/woocommerce-csvimport/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/advanced-custom-fields/
    location ~ ^/wp-content/plugins/advanced-custom-fields/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/contact-form-7/
    location ~ ^/wp-content/plugins/contact-form-7/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/duplicator/
    location ~ ^/wp-content/plugins/duplicator/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/jetpack/
    location ~ ^/wp-content/plugins/jetpack/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/nextgen-gallery/
    location ~ ^/wp-content/plugins/nextgen-gallery/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/tinymce-advanced/
    location ~ ^/wp-content/plugins/tinymce-advanced/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/updraftplus/
    location ~ ^/wp-content/plugins/updraftplus/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wordpress-importer/
    location ~ ^/wp-content/plugins/wordpress-importer/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wordpress-seo/
    location ~ ^/wp-content/plugins/wordpress-seo/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wpclef/
    location ~ ^/wp-content/plugins/wpclef/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/mailchimp-for-wp/
    location ~ ^/wp-content/plugins/mailchimp-for-wp/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-optimize/
    location ~ ^/wp-content/plugins/wp-optimize/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/si-contact-form/
    location ~ ^/wp-content/plugins/si-contact-form/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/akismet/
    location ~ ^/wp-content/plugins/akismet/ {
      location ~ ^/wp-content/plugins/akismet/(.+/)?(form|akismet)\.(css|js)$ { allow all; }
      location ~ ^/wp-content/plugins/akismet/(.+/)?(.+)\.(png|gif)$ { allow all; }
      location ~* /wp-content/plugins/akismet/akismet/.*\.php$ {
        include /usr/local/nginx/conf/php.conf;
        # below include file needs to be manually created at that path and to be uncommented
        # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
        # allows you to add commonly shared settings to all wp plugin location matches which
        # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
        #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
        allow 127.0.0.1;
        deny all;
      }
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/bbpress/
    location ~ ^/wp-content/plugins/bbpress/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/buddypress/
    location ~ ^/wp-content/plugins/buddypress/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/all-in-one-seo-pack/
    location ~ ^/wp-content/plugins/all-in-one-seo-pack/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/google-analytics-for-wordpress/
    location ~ ^/wp-content/plugins/google-analytics-for-wordpress/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/regenerate-thumbnails/
    location ~ ^/wp-content/plugins/regenerate-thumbnails/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
    location ~ ^/wp-content/plugins/wp-pagenavi/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wordfence/
    location ~ ^/wp-content/plugins/wordfence/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/really-simple-captcha/
    location ~ ^/wp-content/plugins/really-simple-captcha/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
    location ~ ^/wp-content/plugins/wp-pagenavi/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/ml-slider/
    location ~ ^/wp-content/plugins/ml-slider/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/black-studio-tinymce-widget/
    location ~ ^/wp-content/plugins/black-studio-tinymce-widget/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/disable-comments/
    location ~ ^/wp-content/plugins/disable-comments/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
    location ~ ^/wp-content/plugins/better-wp-security/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for http://wlmsocial.com/
    location ~ ^/wp-content/plugins/wlm-social/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for mediagrid timthumb
    location ~ ^/wp-content/plugins/media-grid/classes/ {
      include /usr/local/nginx/conf/php.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/abc.com/wpsecure_abc.com.conf
      #include /usr/local/nginx/conf/wpincludes/abc.com/wpwhitelist_common.conf;
    }
    
    # Whitelist Exception for really-simple-ssl
    location ~ ^/wp-content/plugins/really-simple-ssl/ {
      include /usr/local/nginx/conf/php.conf;
    }
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ {
      deny all;
    }
    
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ {
      deny all;
    }
    
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
      deny all;
    }
    
    # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
    location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
    {
    return 444;
    }
    
    #nocgi
    location ~* \.(pl|cgi|py|sh|lua)$ {
    return 444;
    }
    
    #disallow
    location ~* (w00tw00t) {
    return 444;
    }
    
    location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }
    location ~* /(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z|txt)$ { deny all; }
    
     
  15. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    Then it might be related to autoprotect.sh tool.
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
  16. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Thanks, i allow custom plugin on this config file and working fine, btw my server dont have any .htaccess files.

    We have 2 others server run 123.09beta01 but dont have problem when i change http to https. Only this server and i cant find where issues.

    Cloudflare already has option rewrite http to https, i just need install really-simple-ssl and active.
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    so that was the fix to get it to work ?
     
  18. YuchiRO

    YuchiRO Member

    93
    6
    8
    Jan 12, 2015
    Ratings:
    +8
    Local Time:
    9:27 PM
    5.5.4
    Fix plugin only for redirect loop .. while my site "This site can’t be reached"

    I checked csf allow port 443.
     
  19. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    double check using command
    Code (Text):
    find /home/nginx/domains/yourdomain.com/public -type f -name ".htaccess"
    
     
  20. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:27 AM
    Nginx 1.13.x
    MariaDB 5.5
    and contents of /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-yourdomain.com.conf