Nginx PageSpeed PageSpeed isn't compressing images even with tweaked conf.

eva2000 · Sep 12, 2017

cr0 said: ↑

What's strange is that if I uncomment pagespeed from vhost, it's working!
Click to expand...

turn of pagespeed globally first
Code (Text):
pscontrol off
then see if commented out pagespeed 3 include lines work.. remember to do this in both https and non-https vhosts as cloudflare talks to non-https if you use flexible ssl

cr0 · Sep 12, 2017

eva2000 said: ↑
turn of pagespeed globally first
Code (Text):
pscontrol off
then see if commented out pagespeed 3 include lines work.. remember to do this in both https and non-https vhosts as cloudflare talks to non-https if you use flexible ssl
Click to expand...
It's set to Full (strict) mode and "Always use HTTPS".

Just did it and can't see any pagespeed headers when performing
Code:
curl -I http://domain.com

eva2000 · Sep 12, 2017

cr0 said: ↑

It's set to Full (strict) mode and "Always use HTTPS".
Click to expand...

k then just concentrate on nginx https vhost then as cloudflare talking to https backend origin.

cr0 · Sep 12, 2017

eva2000 said: ↑

k then just concentrate on nginx https vhost then as cloudflare talking to https backend origin.
Click to expand...

Ah, alright. Here's the ssl.conf (I tried pscontrol off + uncommenting those 3 lines + /etc/init.d/nginx restart but no pagespeed in headers)

PHP:

# Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarted.html # For SPDY SSL Setup # read http://centminmod.com/nginx_configure_https_ssl_spdy.html # redirect from www to non-www forced SSL # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 # server { # server_name MYDOMAIN.com www.MYDOMAIN.com; # return 302 https://$server_name$request_uri; # } server { listen 443 ssl http2; server_name MYDOMAIN.com www.MYDOMAIN.com; ssl_dhparam /usr/local/nginx/conf/ssl/MYDOMAIN.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/MYDOMAIN.com/public.pem; ssl_certificate_key /usr/local/nginx/conf/ssl/MYDOMAIN.com/private.key; include /usr/local/nginx/conf/ssl_include.conf; http2_max_field_size 16k; http2_max_header_size 32k; # mozilla recommended ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; ssl_prefer_server_ciphers on; #add_header Alternate-Protocol 443:npn-spdy/3; # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; #spdy_headers_comp 5; ssl_buffer_size 1369; ssl_session_tickets on; # enable ocsp stapling #resolver 8.8.8.8 8.8.4.4 valid=10m; #resolver_timeout 10s; #ssl_stapling on; #ssl_stapling_verify on; #ssl_trusted_certificate /usr/local/nginx/conf/ssl/MYDOMAIN.com/MYDOMAIN.com-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler include /usr/local/nginx/conf/pagespeed.conf; include /usr/local/nginx/conf/pagespeedhandler.conf; include /usr/local/nginx/conf/pagespeedstatslog.conf; #add_header X-Frame-Options SAMEORIGIN; #add_header X-Xss-Protection "1; mode=block" always; #add_header X-Content-Type-Options "nosniff" always; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/MYDOMAIN.com/log/access.log combined buffer=256k flush=5m; error_log /home/nginx/domains/MYDOMAIN.com/log/error.log; include /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf; root /home/nginx/domains/MYDOMAIN.com/public; # uncomment cloudflare.conf include if using cloudflare for # server and/or vhost site #include /usr/local/nginx/conf/cloudflare.conf; include /usr/local/nginx/conf/503include-main.conf; include /usr/local/nginx/conf/wpincludes/MYDOMAIN.com/wpcacheenabler_MYDOMAIN.com.conf; #include /usr/local/nginx/conf/wpincludes/MYDOMAIN.com/wpsupercache_MYDOMAIN.com.conf; # https://community.centminmod.com/posts/18828/ #include /usr/local/nginx/conf/wpincludes/MYDOMAIN.com/rediscache_MYDOMAIN.com.conf; location / { include /usr/local/nginx/conf/503include-only.conf; # Enables directory listings when index file not found #autoindex on; # for wordpress super cache plugin #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args; # for wp cache enabler plugin try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; # Wordpress Permalinks #try_files $uri $uri/ /index.php?q=$uri&$args; # Nginx level redis Wordpress # https://community.centminmod.com/posts/18828/ #try_files $uri $uri/ /index.php?$args; } location ~* /(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; #limit_conn xwpconlimit 30; auth_basic "Private"; auth_basic_user_file /home/nginx/domains/MYDOMAIN.com/htpasswd_wplogin; include /usr/local/nginx/conf/php-wpsc.conf; # https://community.centminmod.com/posts/18828/ #include /usr/local/nginx/conf/php-rediscache.conf; } # prepare for letsencrypt # https://community.centminmod.com/posts/17774/ location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers "Content-Type: text/plain"; } } location ~* /(xmlrpc\.php) { limit_req zone=xwprpc burst=45 nodelay; #limit_conn xwpconlimit 30; include /usr/local/nginx/conf/php-wpsc.conf; # https://community.centminmod.com/posts/18828/ #include /usr/local/nginx/conf/php-rediscache.conf; } include /usr/local/nginx/conf/wpincludes/MYDOMAIN.com/wpsecure_MYDOMAIN.com.conf; include /usr/local/nginx/conf/php-wpsc.conf; # https://community.centminmod.com/posts/18828/ #include /usr/local/nginx/conf/php-rediscache.conf; include /usr/local/nginx/conf/pre-staticfiles-local-MYDOMAIN.com.conf; include /usr/local/nginx/conf/pre-staticfiles-global.conf; include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; }

eva2000 · Sep 12, 2017

cr0 said: ↑

Here's the ssl.conf
Click to expand...

you're editing /usr/local/nginx/conf/conf.d/MYDOMAIN.com.ssl.conf right ?

vhost looks good..

eva2000 · Sep 12, 2017

also try testing via browser's private incognito session to makes sure browser hasn't cached anything

cr0 · Sep 12, 2017

I think the issue that it's not working is because I used the command pscontrol off.. So it won't matter if those 3 lines were uncommented. Reenabling it after editing pagespeed.conf (pagespeed set to on) does the same result, no way to access to global admin with a working console, only if I uncomment the 3rd line.

eva2000 said: ↑

also try testing via browser's private incognito session to makes sure browser hasn't cached anything
Click to expand...

Nope, not working either.

eva2000 said: ↑

you're editing /usr/local/nginx/conf/conf.d/MYDOMAIN.com.ssl.conf right ?

vhost looks good..
Click to expand...

Yes.

EDIT:

Can it be due to bad installation? I mean, because of the initial host setup for vhost's.

eva2000 · Sep 12, 2017

try adding allow serverip to handler whitelisting too as well as accessing it from yourdomain.com/pagespeed_global_admin

eva2000 · Sep 12, 2017

for example in /usr/local/nginx/conf/pagespeedhandler.conf

if my ISP IP address is 192.168.0.99 and server IP address is xxx.xxx.xxx.xxx, then I will add allow 192.168.0.99 and xxx.xxx.xxx.xxx to existing config to end up as follows:

Code (Text):

location /ngx_pagespeed_statistics { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
location /ngx_pagespeed_global_statistics { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
location /ngx_pagespeed_message { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
location /pagespeed_console { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
location ~ ^/pagespeed_admin { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; deny all; }
location ~ ^/pagespeed_global_admin { allow 127.0.0.1; allow 192.168.0.99; allow xxx.xxx.xxx.xxx; all

cr0 · Sep 12, 2017

eva2000 said: ↑

try adding allow serverip to handler whitelisting too as well as accessing it from yourdomain.com/pagespeed_global_admin
Click to expand...

Nope, still the same, with uncommented lines I got 403 forbidden error, with 3 of them commented I got
Code:
Failed to load PageSpeed Console because:
StatisticsLogging is not enabled.
LogDir is not set.
pagespeedhandler.conf:

PHP:

# Ensure requests for pagespeed optimized resources go to the pagespeed # handler and no extraneous headers get set. location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; } location ~ "^/pagespeed_static/" { } location ~ "^/ngx_pagespeed_beacon$" { } location /ngx_pagespeed_statistics { allow 127.0.0.1; allow mypublicip; allow serverspublicip; deny all; } location /ngx_pagespeed_global_statistics { allow 127.0.0.1; allow mypublicip; allow serverspublicip; deny all; } location /ngx_pagespeed_message { allow 127.0.0.1; allow mypublicip; allow serverspublicip; deny all; } location /pagespeed_console { allow 127.0.0.1; allow mypublicip; allow serverspublicip; deny all; } location ~ ^/pagespeed_admin { allow 127.0.0.1; allow mypublicip; allow serverspublicip; deny all; } location ~ ^/pagespeed_global_admin { allow 127.0.0.1; allow mypublicip; allow serverspublicip; deny all; }

eva2000 · Sep 12, 2017

you ran
Code (Text):
pscontrol on
cr0 said: ↑

with uncommented lines I got 403 forbidden error
Click to expand...

that means ip is incorrect, double check your ISP ip at https://tools.keycdn.com/geo to make sure it makes the allow ip

eva2000 · Sep 12, 2017

on if you're using cloudflare, have you setup real ip settings so nginx can see visitor real ip instead of cloudflare's as per getting started guide step 5 Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS

which leads to Nginx Cloudflare & Incapsula (reverse proxy HttpRealIpModule) - CentminMod.com LEMP Nginx web stack for CentOS

your vhost is missing real ip settings

eva2000 · Sep 12, 2017

for cloudflare realip, can also setup Beta Branch - csfcf.sh - automate Cloudflare Nginx & CSF Firewall setups

it's already in vhost
Code (Text):
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
uncomment last line include file
Code (Text):
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;

cr0 · Sep 12, 2017

eva2000 said: ↑
for cloudflare realip, can also setup Beta Branch - csfcf.sh - automate Cloudflare Nginx & CSF Firewall setups

it's already in vhost
Code (Text):
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
uncomment last line include file
Code (Text):
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
Click to expand...
THAT'S IT! All that hassle for uncommenting a single line. THANK YOU.

Now the last thing that's missing is this:

staticfile is included and everything is right, cloudflare is off, I'm not sure what's the problem here.

Also, is it normal to have some CSS's unminified?

eva2000 · Sep 12, 2017

cr0 said: ↑

Also, is it normal to have some CSS's unminified?
Click to expand...

check pagespeed admin console message log page if you enabled it via
pagespeed MessageBufferSize Nginx PageSpeed - CentminMod.com LEMP Nginx web stack for CentOS and debug filter Nginx PageSpeed - PageSpeed isn't compressing images even with tweaked conf.

ngx_pagespeed needs a number of page reloads until it fully optimises assets where it can - it won't be instant

rest of ngx_pagespeed usage will be left to you so good to read

Issues · pagespeed/ngx_pagespeed · GitHub

Google Groups

cr0 said: ↑

staticfile is included and everything is right, cloudflare is off, I'm not sure what's the problem here.
Click to expand...

test with gtmetrix.com and webpagetest.org to double check

eva2000 · Sep 12, 2017

cr0 said: ↑

staticfile is included and everything is right, cloudflare is off, I'm not sure what's the problem here.
Click to expand...

one possibility is the autoprotect include file /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf in vhost as outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all
Code (Text):
include /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf;
what is in it's contents via cat command
Code (Text):
cat /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf
could be auto generated location contexts took priority over expires set in staticfiles.conf include and missing some expires entries though unlikely

eva2000 · Sep 12, 2017

i think i know what the expires issue is it's related to centmin.sh menu option 22's generated /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf include file where ${vhostname} = your domain name

if you edit your /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf

find your woocommerce location context and add staticfiles.conf include just below existing php.conf include file to it so it looks like
Code (Text):
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
so end result is
Code (Text):
# Whitelist Exception for https://wordpress.org/plugins/woocommerce/
location ~ ^/wp-content/plugins/woocommerce/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf
  #include /usr/local/nginx/conf/wpincludes/${vhostname}/wpwhitelist_common.conf;
}
restart nginx

does woocommerce directories static files get an expiry header ?

cr0 · Sep 12, 2017

eva2000 said: ↑
i think i know what the expires issue is it's related to centmin.sh menu option 22's generated /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf include file where ${vhostname} = your domain name

if you edit your /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf

find your woocommerce location context and add staticfiles.conf include just below existing php.conf include file to it so it looks like
Code (Text):
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
so end result is
Code (Text):
# Whitelist Exception for https://wordpress.org/plugins/woocommerce/
location ~ ^/wp-content/plugins/woocommerce/ {
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  # below include file needs to be manually created at that path and to be uncommented
  # by removing the hash # in front of below line to take effect. This wpwhitelist_common.conf
  # allows you to add commonly shared settings to all wp plugin location matches which
  # whitelist php processing access at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf
  #include /usr/local/nginx/conf/wpincludes/${vhostname}/wpwhitelist_common.conf;
}
restart nginx

does woocommerce directories static files get an expiry header ?
Click to expand...
After checking on Caching Checker - Test your website's browser caching settings, yes they do.
Code:
https://MYDOMAIN.com/wp-content/plugins/woocommerce/assets/fonts/star.woff 30 days
Yeah! I will be checking out the logs, now that they're working

cr0 · Sep 12, 2017

eva2000 said: ↑
one possibility is the autoprotect include file /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf in vhost as outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all
Code (Text):
include /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf;
what is in it's contents via cat command
Code (Text):
cat /usr/local/nginx/conf/autoprotect/MYDOMAIN.com/autoprotect-MYDOMAIN.com.conf
could be auto generated location contexts took priority over expires set in staticfiles.conf include and missing some expires entries though unlikely
Click to expand...
PHP:

# /home/nginx/domains/MYDOMAIN.com/public/wp-content/plugins/akismet location /wp-content/plugins/akismet/ { location ~ ^/wp-content/plugins/akismet/(.+/)?(form|akismet)\.(css|js)$ { allow all; expires 30d;} location ~ ^/wp-content/plugins/akismet/(.+/)?(.+)\.(png|gif)$ { allow all; expires 30d;} location ~* /wp-content/plugins/akismet/.*\.php$ { include /usr/local/nginx/conf/php.conf; allow 127.0.0.1; deny all; } } # /home/nginx/domains/MYDOMAIN.com/public/wp-content/uploads/wc-logs location ~* ^/wp-content/uploads/wc-logs/ { allow 127.0.0.1; deny all; } # /home/nginx/domains/MYDOMAIN.com/public/wp-content/uploads/sucuri location ~* ^/wp-content/uploads/sucuri/ { allow 127.0.0.1; deny all; } # /home/nginx/domains/MYDOMAIN.com/public/wp-content/uploads/woocommerce_uploads location ~* ^/wp-content/uploads/woocommerce_uploads/ { allow 127.0.0.1; deny all; }

eva2000 · Sep 12, 2017

autoprotect looks fine

cr0 said: ↑

After checking on Caching Checker - Test your website's browser caching settings, yes they do.
Click to expand...

glad to hear i updated wpsecure templates for this update inc/wpsetup.inc · centminmod/centminmod@768d859 · GitHub for now you'd need to add /usr/local/nginx/conf/staticfiles.conf include to each location context in your your /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Nginx PageSpeed PageSpeed isn't compressing images even with tweaked conf.

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

cr0 Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Nginx PageSpeed PageSpeed isn't compressing images even with tweaked conf.

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

cr0 Member

cr0 Member

eva2000 Administrator Staff Member

.