Want more timely Centmin Mod News Updates?
Become a Member

Nginx PageSpeed PageSpeed isn't compressing images even with tweaked conf.

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by cr0, Sep 10, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    turn of pagespeed globally first
    Code (Text):
    pscontrol off
    

    then see if commented out pagespeed 3 include lines work.. remember to do this in both https and non-https vhosts as cloudflare talks to non-https if you use flexible ssl
     
  2. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    It's set to Full (strict) mode and "Always use HTTPS".

    Just did it and can't see any pagespeed headers when performing

    Code:
    curl -I http://domain.com
     
  3. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    k then just concentrate on nginx https vhost then as cloudflare talking to https backend origin.
     
  4. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    Ah, alright. Here's the ssl.conf (I tried pscontrol off + uncommenting those 3 lines + /etc/init.d/nginx restart but no pagespeed in headers)

    PHP:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html

    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #   server_name MYDOMAIN.com www.MYDOMAIN.com;
    #    return 302 https://$server_name$request_uri;
    # }

    server {
      
    listen 443 ssl http2;
      
    server_name MYDOMAIN.com www.MYDOMAIN.com;

      
    ssl_dhparam /usr/local/nginx/conf/ssl/MYDOMAIN.com/dhparam.pem;
      
    ssl_certificate      /usr/local/nginx/conf/ssl/MYDOMAIN.com/public.pem;
      
    ssl_certificate_key  /usr/local/nginx/conf/ssl/MYDOMAIN.com/private.key;
      include /
    usr/local/nginx/conf/ssl_include.conf;
      
    http2_max_field_size 16k;
      
    http2_max_header_size 32k;
      
    # mozilla recommended
      
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      
    ssl_prefer_server_ciphers   on;
      
    #add_header Alternate-Protocol  443:npn-spdy/3;

      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      
    ssl_buffer_size 1369;
      
    ssl_session_tickets on;
     
      
    # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/MYDOMAIN.com/MYDOMAIN.com-trusted.crt; 

    # ngx_pagespeed & ngx_pagespeed handler
    include /usr/local/nginx/conf/pagespeed.conf;
    include /
    usr/local/nginx/conf/pagespeedhandler.conf;
    include /
    usr/local/nginx/conf/pagespeedstatslog.conf;

      
    #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;

      # limit_conn limit_per_ip 16;
      # ssi  on;

      
    access_log /home/nginx/domains/MYDOMAIN.com/log/access.log combined buffer=256k flush=5m;
      
    error_log /home/nginx/domains/MYDOMAIN.com/log/error.log;

      include /
    usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf;
      
    root /home/nginx/domains/MYDOMAIN.com/public;
      
    # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      
    include /usr/local/nginx/conf/503include-main.conf;

      include /
    usr/local/nginx/conf/wpincludes/MYDOMAIN.com/wpcacheenabler_MYDOMAIN.com.conf;
      
    #include /usr/local/nginx/conf/wpincludes/MYDOMAIN.com/wpsupercache_MYDOMAIN.com.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/MYDOMAIN.com/rediscache_MYDOMAIN.com.conf; 

      
    location / {
      include /
    usr/local/nginx/conf/503include-only.conf;
     

      
    # Enables directory listings when index file not found
      #autoindex  on;

      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

      # for wp cache enabler plugin
      
    try_files $cache_enabler_uri $uri $uri$custom_subdir/index.php?$args

      
    # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;

      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;

      
    }

    location ~* /(wp-login\.php) {
        
    limit_req zone=xwplogin burst=1 nodelay;
        
    #limit_conn xwpconlimit 30;
        
    auth_basic "Private";
        
    auth_basic_user_file /home/nginx/domains/MYDOMAIN.com/htpasswd_wplogin;   
        include /
    usr/local/nginx/conf/php-wpsc.conf;
        
        
    # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }

        
    # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        
    location ~ /.well-known location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }

    location ~* /(xmlrpc\.php) {
        
    limit_req zone=xwprpc burst=45 nodelay;
        
    #limit_conn xwpconlimit 30;
        
    include /usr/local/nginx/conf/php-wpsc.conf;
        
        
    # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }

      include /
    usr/local/nginx/conf/wpincludes/MYDOMAIN.com/wpsecure_MYDOMAIN.com.conf;
      include /
    usr/local/nginx/conf/php-wpsc.conf;
     
      
    # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      
    include /usr/local/nginx/conf/pre-staticfiles-local-MYDOMAIN.com.conf;
      include /
    usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /
    usr/local/nginx/conf/staticfiles.conf;
      include /
    usr/local/nginx/conf/drop.conf;
      
    #include /usr/local/nginx/conf/errorpage.conf;
      
    include /usr/local/nginx/conf/vts_server.conf;
    }
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you're editing /usr/local/nginx/conf/conf.d/MYDOMAIN.com.ssl.conf right ?

    vhost looks good..
     
  6. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    also try testing via browser's private incognito session to makes sure browser hasn't cached anything
     
  7. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    I think the issue that it's not working is because I used the command pscontrol off.. So it won't matter if those 3 lines were uncommented. Reenabling it after editing pagespeed.conf (pagespeed set to on) does the same result, no way to access to global admin with a working console, only if I uncomment the 3rd line.

    Nope, not working either.

    Yes.

    EDIT:

    Can it be due to bad installation? I mean, because of the initial host setup for vhost's.
     
    Last edited: Sep 12, 2017
  8. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    try adding allow serverip to handler whitelisting too as well as accessing it from yourdomain.com/pagespeed_global_admin
     
  9. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    for example in /usr/local/nginx/conf/pagespeedhandler.conf

    if my ISP IP address is 192.168.0.99 and server IP address is xxx.xxx.xxx.xxx, then I will add allow 192.168.0.99 and xxx.xxx.xxx.xxx to existing config to end up as follows:

    Code (Text):
    location /ngx_pagespeed_statistics { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
    location /ngx_pagespeed_global_statistics { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
    location /ngx_pagespeed_message { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
    location /pagespeed_console { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
    location ~ ^/pagespeed_admin { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
    location ~ ^/pagespeed_global_admin { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; all
    
     
  10. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    Nope, still the same, with uncommented lines I got 403 forbidden error, with 3 of them commented I got

    Code:
    Failed to load PageSpeed Console because:
    StatisticsLogging is not enabled.
    LogDir is not set.
    pagespeedhandler.conf:
    PHP:
    #  Ensure requests for pagespeed optimized resources go to the pagespeed
    #  handler and no extraneous headers get set.
    location "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" add_header "" ""; }
    location "^/pagespeed_static/" { }
    location "^/ngx_pagespeed_beacon$" { }
    location /ngx_pagespeed_statistics allow 127.0.0.1allow mypublicipallow serverspublicipdeny all; }
    location /ngx_pagespeed_global_statistics allow 127.0.0.1allow mypublicipallow serverspublicipdeny all; }
    location /ngx_pagespeed_message allow 127.0.0.1allow mypublicipallow serverspublicipdeny all; }
    location /pagespeed_console allow 127.0.0.1allow mypublicipallow serverspublicipdeny all; }
    location ~ ^/pagespeed_admin allow 127.0.0.1allow mypublicipallow serverspublicipdeny all; }
    location ~ ^/pagespeed_global_admin allow 127.0.0.1allow mypublicipallow serverspublicipdeny all; }
     
  11. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you ran
    Code (Text):
    pscontrol on
    

    that means ip is incorrect, double check your ISP ip at https://tools.keycdn.com/geo to make sure it makes the allow ip
     
  12. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  13. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    for cloudflare realip, can also setup Beta Branch - csfcf.sh - automate Cloudflare Nginx & CSF Firewall setups

    it's already in vhost
    Code (Text):
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
    

    uncomment last line include file
    Code (Text):
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
    
     
  14. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    THAT'S IT! All that hassle for uncommenting a single line. THANK YOU.

    [​IMG]

    Now the last thing that's missing is this:

    [​IMG]

    staticfile is included and everything is right, cloudflare is off, I'm not sure what's the problem here.

    Also, is it normal to have some CSS's unminified?
     
    Last edited: Sep 12, 2017
  15. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    check pagespeed admin console message log page if you enabled it via
    pagespeed MessageBufferSize Nginx PageSpeed - CentminMod.com LEMP Nginx web stack for CentOS and debug filter Nginx PageSpeed - PageSpeed isn't compressing images even with tweaked conf.

    ngx_pagespeed needs a number of page reloads until it fully optimises assets where it can - it won't be instant

    rest of ngx_pagespeed usage will be left to you so good to read

    test with gtmetrix.com and webpagetest.org to double check
     
  16. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    one possibility is the autoprotect include file /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf in vhost as outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf;
    

    what is in it's contents via cat command
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf
    

    could be auto generated location contexts took priority over expires set in staticfiles.conf include and missing some expires entries though unlikely
     
  17. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    i think i know what the expires issue is it's related to centmin.sh menu option 22's generated /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf include file where ${vhostname} = your domain name

    if you edit your /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf

    find your woocommerce location context and add staticfiles.conf include just below existing php.conf include file to it so it looks like
    Code (Text):
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/staticfiles.conf;

    so end result is
    Code (Text):
    # Whitelist Exception for https://wordpress.org/plugins/woocommerce/
    location ~ ^/wp-content/plugins/woocommerce/ {
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      # below include file needs to be manually created at that path and to be uncommented
      # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
      # allows you to add commonly shared settings to all wp plugin location matches which
      # whitelist php processing access at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf
      #include /usr/local/nginx/conf/wpincludes/${vhostname}/wpwhitelist_common.conf;
    }
    

    restart nginx

    does woocommerce directories static files get an expiry header ?
     
  18. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    After checking on Caching Checker - Test your website's browser caching settings, yes they do.
    Code:
    https://MYDOMAIN.com/wp-content/plugins/woocommerce/assets/fonts/star.woff 30 days
    Yeah! I will be checking out the logs, now that they're working :):):):)
     
  19. cr0

    cr0 Member

    38
    4
    8
    Aug 21, 2017
    Ratings:
    +4
    Local Time:
    5:35 AM
    PHP:
    # /home/nginx/domains/MYDOMAIN.com/public/wp-content/plugins/akismet

    location /wp-content/plugins/akismet/ {
      
    location ~ ^/wp-content/plugins/akismet/(.+/)?(form|akismet)\.(css|js)$ { allow allexpires 30d;}
      
    location ~ ^/wp-content/plugins/akismet/(.+/)?(.+)\.(png|gif)$ { allow allexpires 30d;}
      
    location ~* /wp-content/plugins/akismet/.*\.php$ {
        include /
    usr/local/nginx/conf/php.conf;
        
    allow 127.0.0.1;
        
    deny all;
      }
    }

    # /home/nginx/domains/MYDOMAIN.com/public/wp-content/uploads/wc-logs
    location ~* ^/wp-content/uploads/wc-logs/ { allow 127.0.0.1deny all; }
    # /home/nginx/domains/MYDOMAIN.com/public/wp-content/uploads/sucuri
    location ~* ^/wp-content/uploads/sucuri/ { allow 127.0.0.1deny all; }
    # /home/nginx/domains/MYDOMAIN.com/public/wp-content/uploads/woocommerce_uploads
    location ~* ^/wp-content/uploads/woocommerce_uploads/ { allow 127.0.0.1deny all; }

     
  20. eva2000

    eva2000 Administrator Staff Member

    45,432
    10,308
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,987
    Local Time:
    1:35 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x