Join the community today
Become a Member

Wordpress Swift Performance Plugin don't work with centminmod.

Discussion in 'Blogs & CMS usage' started by centz, Oct 12, 2018.

  1. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    I have disabled everything like nginx cache , staticfiles , opcache.

    but still don't work.

    I have email to Swift Performance Plugin support. they have check in my server and sent this to me.

    it seems there is an other cache layer (probably Nginx/FastCGI cache) which prevent Swift to load the optimized version. Please disable it in order to work

    if anyone want server password. I will give to you by msg.


    Thank you.
     
  2. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    never heard of this plugin it's Swift Performance Lite ?

    what do you mean doesn't work - can you elaborate ?

    how are you testing ? do you have cloudflare or a proxy in front of Centmin Mod Nginx ?

    how was wordpress installed ? via centmin.sh menu option 22

    More info needed
    • Server or VPS details ? XEN, KVM, OpenVZ, VMWare or dedicated server ? OS ? CentOS 6.9 or 7.4 ? 32bit or 64bit ?
    • What version of Centmin Mod ? .07 stable or 08 stable or .09 beta01 or another branch version ?
    • Was it fresh install or upgrade ?
    • Method of install ? Via centmin.sh menu option 1, Git install or curl one liner install as outlined at centminmod.com/download.html ?
    • How long ago did you install Centmin Mod ?
     
  3. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    Hi Eva.

    I waiting you all day :)

    I use Swift Performance Pro everything like Swift Performance Lite.

    Doesn't work meaning Plugin, not cache page, Plugin not Minify HTML, Plugin not Minify CSS.

    Support tell me plugin, not cache because there is another cache layer.

    I test with pc,mac , firefox chrome. no cloudflare or proxy.

    I have install wordpress with menu option 2 and follower this Nginx Wordpress Configuration

    • Server is KVM centos 7.4 64 bit.
    • PHP 7.2.x default beta installer
    • fresh install
    • I use only mysqladmin_shell.sh and acmetool.sh
    • I install like yesterday.
    This plugin work well on Runcloud , serverpilot , LEMP LAMP.

    I hope it will work with centminmod too because I love centminmod so much now.
     
  4. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Does plugin support Nginx ? does it have Nginx rules to provide you to support it ? did you follow guide and implement fastcgi_cache ? if you did reverse and remove that as that fastcgi_cache is for php caching.
     
  5. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
  6. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    you do not want to turn off php zend opcache caching - it will slow down PHP and shouldn't be the cause of swift plugin not working at aleast

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  7. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Also have you checked cache directory permissions/ownership are correct as per Swift Performance ?
     
  8. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    I have checked all cache directory.

    Screen Shot 2561-10-12 at 21.29.24.png Screen Shot 2561-10-12 at 21.31.12.png
     
  9. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    Code:
    #x# HTTPS-DEFAULT
     server {
     
       server_name domain.com www.domain.com;
       return 302 https://domain.com$request_uri;
      #include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    #       listen   80;
    #       server_name domain.com www.domain.com;
    #       return 302 https://$server_name$request_uri;
    
    server {
      listen 443 ssl http2 reuseport;
      server_name domain.com www.domain.com;
    
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      root /home/nginx/domains/domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      include /usr/local/nginx/conf/wpsecure.conf;
      include /usr/local/nginx/conf/wpnocache.conf;
      try_files $uri $uri/ /index.php?q=$uri&$args;
      }
    
     # include /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf;
     # include /usr/local/nginx/conf/pre-staticfiles-global.conf;
     # include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    Thank you for your help.

    You make my day. :)
     

    Attached Files:

  10. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    need output for all 4 curl header commands outlined here

    the one you showed reports swift-performance = hit counter so looks like it is working though ?
     
  11. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    Still not working.


    Code:
    HTTP/1.1 200 OK
    Date: Fri, 12 Oct 2018 15:11:26 GMT
    Content-Type: text/html;charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    swift-performance: HIT
    Last-Modified: Fri, 12 Oct 2018 11:05:52 GMT
    Etag: ac2c0869597de109ef365e173144d2fd
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 12 Oct 2018 15:11:50 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    swift-performance: MISS
    Location: https://cs-z.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Code:
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 12 Oct 2018 15:12:26 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://cs-z.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    Code:
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 12 Oct 2018 15:12:59 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://cs-z.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    This is page I want to cache. --> . 360 – csz
     
  12. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    The curl header swift-performance: HIT suggests caching is working though. I'd double check you uploaded/installed all wordpress files as well.

    nginx vhost you posted above looks good too. only thing is to rule out one of or both these include files
    Code (Text):
      include /usr/local/nginx/conf/wpsecure.conf;
      include /usr/local/nginx/conf/wpnocache.conf;
    

    comment out with hash # in front each one one at a time and restart nginx + php-fpm
    Code (Text):
    nprestart
    

    and see what happens
     
  13. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    @eva2000

    I have comment each one at a time,nprestart after that I try comment both ,nprestart everytime but don't work.

    When it cache I will be like this -->
    Code:
    view-source:https://cs-z.com/360-2/?force-cached=1
     
  14. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what do you mean ?
     
  15. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    To troubleshoot Nginx and PHP-FPM issues you'd want to check the domain site's vhost access.log and error.log logs located within directory at /home/nginx/domains/yourdomain.com/logs. You can see a full overview at centminmod.com/configfiles.html

    FAQ item 19 has more info on all Centmin Mod relevant log files locations and how to use tail command to view a sample of the entries.

    Also post the contents of your site's nginx vhost http /usr/local/nginx/conf/conf.d/yourdomain.com.conf and/or /usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf in BBCODE CODE tags as outlined at How to use forum BBCODE code tags | Centmin Mod Community
     
  16. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    swift performance can show like the preview cache , or html minify.

    just add ?force-cached=1 . end of the url.

    I do not think it matters.
     
  17. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    This is access.log

    Code:
    66.228.37.207 - - [12/Oct/2018:15:52:09 +0000] "GET /wp-content/cache/swift-performance/cs-z.com/js/44cb642784a9974780f7d68a611a9625.js HTTP/2.0" 200 98306 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:09 +0000] "GET /wp-content/uploads/2018/10/b1-1.jpg HTTP/2.0" 200 47835 "https://cs-z.com/wp-content/cache/swift-performance/cs-z.com/css/dc6bc30f7f893be124d9761763caf5dd.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:09 +0000] "GET /wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2 HTTP/2.0" 200 77160 "https://cs-z.com/wp-content/cache/swift-performance/cs-z.com/css/dc6bc30f7f893be124d9761763caf5dd.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/wifi.png HTTP/2.0" 200 5570 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/phone.png HTTP/2.0" 200 1748 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/eye.png HTTP/2.0" 200 3103 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/thief.png HTTP/2.0" 200 4361 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/bulb.png HTTP/2.0" 200 4066 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/microphone-1.png HTTP/2.0" 200 3476 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    66.228.37.207 - - [12/Oct/2018:15:52:10 +0000] "GET /wp-content/uploads/2018/10/setup.jpg HTTP/2.0" 200 150605 "https://cs-z.com/360-2/?force-cached=1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3542.0 Safari/537.36"
    
    This error log
    Code:
    2018/10/11 21:09:20 [error] 2350#2350: *11 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "PURGE /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:09:21 [error] 2349#2349: *14 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "GET /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:09:26 [error] 2350#2350: *18 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "PURGE /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:11:40 [error] 2727#2727: *6 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "PURGE /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:11:47 [error] 2727#2727: *16 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "GET /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:12:00 [error] 2727#2727: *25 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "GET /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:13:13 [error] 2728#2728: *41 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "GET /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:19:21 [error] 3349#3349: *15 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "GET /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/11 21:20:41 [error] 3349#3349: *49 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "GET /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    2018/10/12 15:38:20 [error] 7158#7158: *54 access forbidden by rule, client: 103.40.116.160, server: cs-z.com, request: "PURGE /.* HTTP/1.1", host: "cs-z.com", referrer: "https://cs-z.com/.*"
    This is ssl.conf
    Code:
    #x# HTTPS-DEFAULT
     server {
      
       server_name cs-z.com www.cs-z.com;
       return 302 https://cs-z.com$request_uri;
      #include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    #       listen   80;
    #       server_name cs-z.com www.cs-z.com;
    #       return 302 https://$server_name$request_uri;
    
    server {
      listen 443 ssl http2 reuseport;
      server_name cs-z.com www.cs-z.com;
    
      include /usr/local/nginx/conf/ssl/cs-z.com/cs-z.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/cs-z.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/cs-z.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/cs-z.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/cs-z.com/autoprotect-cs-z.com.conf;
      root /home/nginx/domains/cs-z.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      # include /usr/local/nginx/conf/wpsecure.conf;
      include /usr/local/nginx/conf/wpnocache.conf;
      try_files $uri $uri/ /index.php?q=$uri&$args;
      }
    
     # include /usr/local/nginx/conf/pre-staticfiles-local-cs-z.com.conf;
     # include /usr/local/nginx/conf/pre-staticfiles-global.conf;
     # include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  18. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  19. centz

    centz New Member

    20
    1
    3
    Sep 30, 2018
    Bangkok, Thailand
    Ratings:
    +2
    Local Time:
    9:36 PM
    Nginx 1.15.x
    MariaDB 10.1.x
    @eva2000

    I have followed all but still don't work.
     
  20. eva2000

    eva2000 Administrator Staff Member

    37,263
    8,145
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,538
    Local Time:
    12:36 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Then not much more I can do on my end. You'll need to work on it at your end. Key would be the error logs too.
     
..