Learn about Centmin Mod LEMP Stack today
Become a Member

Static files error at .ssl.conf

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Manhhailua, Jul 13, 2016.

Tags:
  1. Manhhailua

    Manhhailua Member

    39
    2
    8
    Jul 7, 2016
    Hanoi
    Ratings:
    +5
    Local Time:
    10:14 AM
    1.11.1
    10.0.x
    I'm using centmin and let's encrypt (acme.sh) for my ghost blog (codek.org). Here is my nginx vhost ssl:
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name codek.org www.codek.org;
    #       return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl http2;
      server_name codek.org www.codek.org;
    
      ssl_dhparam                     /usr/local/nginx/conf/ssl/codek.org/dhparam.pem;
      ssl_certificate          /root/.acme.sh/codek.org/codek.org.cer;
      ssl_certificate_key      /root/.acme.sh/codek.org/codek.org.key;
      include                             /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
      # You'd want to include subdomains if you're using SSL wildcard certificates
      # include subdomain
      #add_header Public-Key-Pins 'pin-sha256="qbAycx+EgKOAuOn4PSjtlxTXvoCRzhE4DctHLPq6FoI="; pin-sha256="lzTqiEEpyqe/1A1dmrl/qvIcPo0cxrUav05iiJW5QYI="; max-age=86400; includeSubDomains';
      # exclude subdomains
      #add_header Public-Key-Pins 'pin-sha256="qbAycx+EgKOAuOn4PSjtlxTXvoCRzhE4DctHLPq6FoI="; pin-sha256="lzTqiEEpyqe/1A1dmrl/qvIcPo0cxrUav05iiJW5QYI="; max-age=86400';
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      # resolver 8.8.8.8 8.8.4.4 valid=10m;
      # resolver_timeout 10s;
      # ssl_stapling on;
      # ssl_stapling_verify on;
      # ssl_trusted_certificate /usr/local/nginx/conf/ssl/codek.org/codek.org-trusted.crt; 
    
      # ngx_pagespeed & ngx_pagespeed handler
      #include /usr/local/nginx/conf/pagespeed.conf;
      #include /usr/local/nginx/conf/pagespeedhandler.conf;
      #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/codek.org/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/codek.org/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/codek.org/autoprotect-codek.org.conf;
      root /home/nginx/domains/codek.org/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
        deny all;
      } 
    
      location / {
        include /usr/local/nginx/conf/503include-only.conf;
    
        # block common exploits, sql injections etc
        #include /usr/local/nginx/conf/block.conf;
    
        # Enables directory listings when index file not found
        #autoindex  on;
    
        # Shows file listing times as local time
        #autoindex_localtime on;
    
        # Enable for vBulletin usage WITHOUT vbSEO installed
        # More example Nginx vhost configurations at
        # http://centminmod.com/nginx_configure.html
        #try_files    $uri $uri/ /index.php;
    
        proxy_cache CODEK_CACHE;
        proxy_cache_valid 200 30m;
        proxy_cache_valid 404 10m;
       
        proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
        proxy_ignore_headers Set-Cookie;
    
        proxy_hide_header Set-Cookie;
        proxy_hide_header X-powered-by;
       
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
       
        expires 10m;
    
        proxy_pass http://codek;
        add_header X-Cache $upstream_cache_status;
    
      }
    
      # Static files
      location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff)$ {
        # Use the nginx cache zone called APP
        proxy_cache CODEK_CACHE;
        # For valid responses, cache it for 1 day
        proxy_cache_valid 200 1d;
        # For not found, cache it for 10 minutes
        proxy_cache_valid 404 10m;
    
        # Ghost sends Cache-Control max-age=0 on CSS/JS for now
        # See https://github.com/TryGhost/Ghost/issues/1405?source=c#issuecomment-28196957
        proxy_ignore_headers "Cache-Control";
        access_log off;
        # Allow the browser to cache static files for 30 days
        expires 30d;
        proxy_pass http://codek;
      }
    
      location /content/images {
        alias /home/admin/web/codek.org/public_html/content/images;
        access_log off;
        expires max;
      }
    
      location /assets {
        alias /home/admin/web/codek.org/public_html/content/themes/ghost-wbkd/assets;
        access_log off;
        expires max;
      }
    
      location /shared {
        alias /home/admin/web/codek.org/public_html/core/shared;
        access_log off;
        expires max;
      }
    
      location ~ ^/(?:ghost|signout) {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://codek;
        add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
      }
    
      # include /usr/local/nginx/conf/staticfiles.conf;
      # include /usr/local/nginx/conf/php.conf;
      # include /usr/local/nginx/conf/drop.conf;
      # include /usr/local/nginx/conf/errorpage.conf;
      # include /usr/local/nginx/conf/vts_server.conf;
    }
    
    If I use my own static file config, errors were: url too many time redirected
    If I use default static files config ("/usr/local/nginx/conf/staticfiles.conf"), they were all 404.
     
  2. eva2000

    eva2000 Administrator Staff Member

    28,942
    6,570
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,751
    Local Time:
    1:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such specific configuring for Ghost installs.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    With that said, if you remove these lines and restart nginx does it work
    Code (Text):
      # Static files
      location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff)$ {
        # Use the nginx cache zone called APP
        proxy_cache CODEK_CACHE;
        # For valid responses, cache it for 1 day
        proxy_cache_valid 200 1d;
        # For not found, cache it for 10 minutes
        proxy_cache_valid 404 10m;
    
        # Ghost sends Cache-Control max-age=0 on CSS/JS for now
        # See https://github.com/TryGhost/Ghost/issues/1405?source=c#issuecomment-28196957
        proxy_ignore_headers "Cache-Control";
        access_log off;
        # Allow the browser to cache static files for 30 days
        expires 30d;
        proxy_pass http://codek;
      }
    

    if it still doesn't work, you might need to enable nginx debug mode for troubleshooting yourself

    Latest update on September 14, 2015 to Centmin Mod 1.2.3-eva2000.08 stable (123.08stable) and higher has added Nginx debug mode support. Nginx debug mode is disabled by default.

    To enable, edit centmin.sh and change variable NGINX_DEBUG=n default to NGINX_DEBUG=y and recompile Nginx via centmin.sh menu option 4 and then setting error_log in nginx vhosts to debug as outlined at nginx.org/en/docs/debugging_log.html & wiki.nginx.org/Debugging.

    You do not want to leave Nginx debug mode running forever, so after debugging, set NGINX_DEBUG=n in centmin.sh and recompile Nginx again via centmin.sh menu option 4 and remove error_log debugging mode to disable Nginx debug mode again.

    To update your Centmin Mod builds code for Nginx debug mode support if you do not have a NGINX_DEBUG variable in centmin.sh, follow instructions at centminmod.com/upgrade.html and respective version threads below:

    Centmin Mod is provided as is, but you can try debugging mode for Nginx for further troubleshooting if you have problems with Nginx (i.e. segfaults / signal 11 issues) as outlined at nginx.org/en/docs/debugging_log.html & wiki.nginx.org/Debugging.
     
    • Informative Informative x 1