Welcome to Centmin Mod Community
Become a Member

[Solved] static files expire

Discussion in 'Bug Reports' started by raciasolvo, Oct 20, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    works too autoprotect location match for .css with deliberate 1d expires AND minus other cache headers in staticfile.conf version so can tell them apart
    Code (Text):
    curl -I http://localhost/wp-content/cache/autoptimize/css/test.css      
    HTTP/1.1 200 OK
    Date: Thu, 20 Oct 2016 19:09:30 GMT
    Content-Type: text/css
    Content-Length: 0
    Last-Modified: Thu, 20 Oct 2016 19:03:21 GMT
    Connection: keep-alive
    ETag: "580914f9-0"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Expires: Fri, 21 Oct 2016 19:09:30 GMT
    Cache-Control: max-age=86400
    Accept-Ranges: bytes

     
  2. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  3. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    worked because you change autoprotect:
    Code (Text):
    location ~ ^/wp-content/cache/autoptimize/(.+/)?(.+)\.(css)$ { allow all; expires 1d; }

    You merged autoprotect with staticfiles like me :) Not good way. Are you sure that the autoprotect does not erase the other modules?
     
  4. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
  5. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
     
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    tools/autoprotect.sh auto detects and builds up it's rules based on detected .htaccess files - well that's eventually what i intend for it to do over time it should get smarter for more compatibility with various web app scripts requirements. So far it's building up over wordpress, invision board from user feedback.

    just prior to this thread you started, i left out the cache control headers from the exclusions which are now added :)

    It has to be at very top to protect users unaware of .htaccess deny from all public open accessible nginx hosted directories. Moving it down will open everything / directories placed above the autoprotect.conf include file that the end user adds themselves.
     
  7. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Yes, but autoprotect should not use prefix location. Prefix locations use modules from the bottom.
     
  8. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    guess needs more testing and tuning :)
     
  9. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what do you mean does not erase the other modules ?
     
  10. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    You added more power for autoprotect. Autoprotect does not run other locations after.
    And then you will to add another actions to the autoprotect. Just as for the staticfiles.
    Power off prefix location at the top:
    Code (Text):
    location $PROTECTDIR_PATH/ {

    I cannot now work with modules. For example, how I can add new HTTP-header to a autoprotected file?
     
  11. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    What do you think about this autoprotect?
    Code (Text):
    location $PROTECTDIR_PATH/ {
        #location ~ /module/file\.js { allow all; }
        #location ~ /module/file\.css { allow all; }
        location ~ $PROTECTDIR_PATH/bad\.file { deny all; }
        #location ~ /module/good\.file { allow all; }
    }

    powerfull and flexible for good files
     
  12. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    staticfiles are work with that code.
     
  13. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    which header do you want to add ?

    the autoprotect.sh generated location matches only happen for .htaccess deny from all directories which by all intended purposes from the web developer of the web script is not meant for public web access. So only additional headers you want to add are for exclusions for allowed js, css and image files right ?

    problem with that approach is i'd need to know the specific bad file before hand. It could be the whole directory and not one file.

    For .htaccess deny from all directories, the web developer of the script intended for the entire directory in general to be the 'bad' and not publicly accessible and some directories MAY allow js/css and image files as an exclusion. The tools/autoprotect.sh has anticipated that so that any .htaccess with deny form all, but contain allow syntax, automatically allow js/css and image files as well.

    i intention is for autoprotect.sh generated exclusions to allow css/js and images to have it's own of expires headers separate from staticfiles.conf ones which is what my above tests showed too. So css/js and images under autoptimize/ directory won't match staticfiles.conf location matches and only match css/js and images outside of autoptimize directory would match staticfiles.conf lcoation matches which it does from my testing so far.
     
  14. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    oh you mean you want to setup own location contexts for the modules/directories. In that case you can bypass autoprotect altogether using .autoprotect-bypass file dropped into the directory you want to exclude from autoprotect.sh see Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community

    tools/autoprotect.sh other intended purpose is just to alert end users to the fact that their uploaded web app script has a directory with .htaccess deny from all file in there where web app developer intended for directory to NOT be publicly accessible. So if you want you can bypass it with .autoprotect-bypass file added to directory and setup your own deny from protection location match in your vhost file.
    so serves as a tool for end user to make sure they have all .htaccess deny from all directories covered either automatically via tools/autoprotect.sh or manually done by end user themeslves with .autoprotect-bypass file. So you do not leave any not publicly accesible directories wide open :)
     
    Last edited: Oct 21, 2016
    • Informative Informative x 1
  15. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    4:57 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Sure.

    Ok, need tests for new update.

    All in all, we have best autoprotect file. Something like:
    Code (Text):
    location / { location ~ \.* { deny all; } }

    Works like iptables. Most of the good files are known. :)
     
  16. elargento

    elargento Member

    333
    17
    18
    Jan 4, 2016
    Ratings:
    +42
    Local Time:
    10:57 PM
    10
    how can I add expires headers for xenforo? Is there any guide?
     
  17. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    should already be done automatically, for each vhost at /usr/local/nginx/conf/staticfiles.conf include file that takes care of it
     
  18. elargento

    elargento Member

    333
    17
    18
    Jan 4, 2016
    Ratings:
    +42
    Local Time:
    10:57 PM
    10
    yes but the alert is because external files don't have expires header
    upload_2017-6-3_13-9-16.png
     
  19. eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,174
    Local Time:
    11:57 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    remote/externel assets you have no control over for expires so that is normal

    you can only control your local server hosted assets expire headers
     
    • Agree Agree x 1
..