You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pagespeed.apache.org by GitBox <gi...@apache.org> on 2018/03/26 23:13:38 UTC
[GitHub] l0nax opened a new issue #1546: HTTPS not Working with Pagespeed
l0nax opened a new issue #1546: HTTPS not Working with Pagespeed
URL: https://github.com/apache/incubator-pagespeed-ngx/issues/1546
Here is my Site Configuration:
``server {
listen 80 http2;
listen [::]:80;
###
# Headers Settings
###
include snippets/header.conf;
more_set_headers 'Server: l0nax Server';
## Accept only HTTP (GET|HEAD|POST) Method
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
###
# pagespeed
###
pagespeed on;
pagespeed Statistics on;
pagespeed StatisticsLogging on;
pagespeed LogDir /var/log/pagespeed;
pagespeed ModifyCachingHeaders on;
pagespeed XHeaderValue "l0nax";
pagespeed EnableFilters make_show_ads_async;
pagespeed EnableFilters make_google_analytics_async;
# Enable Client Site Loading Measuring
pagespeed EnableFilters add_instrumentation;
pagespeed ReportUnloadTime on;
# pagespeed Experiments
pagespeed RunExperiment on;
pagespeed UseAnalyticsJs off;
pagespeed AnalyticsID UA-105614803-2;
pagespeed EnableFilters insert_ga; # automaticly insert Google Analytics code
# Bandwidth Optimizing
pagespeed RewriteLevel OptimizeForBandwidth;
pagespeed InPlaceResourceOptimization on;
# SSL
pagespeed LoadFromFile "https://l0nax.org" "/var/www/html/";
pagespeed FetchHttps enable,allow_self_signed;
pagespeed SslCertDirectory /etc/ssl/certs;
pagespeed SslCertFile l0nax.org.crt;
pagespeed UseNativeFetcher off;
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
root /var/www/html;
# set Index File
index index.html index.htm index.php;
server_name l0nax.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?q=$uri&$args =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
# include fastcgi Config
include fastcgi_params;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
###
# Cache Settings
###
include snippets/h5bp/basic.conf;
###
# Gzip Settings
###
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
include snippets/gzip_filetypes.conf;
###
# Error Sites
###
# Coming Soon!
}
server {
listen 443 ssl;
server_name l0nax.org;
pagespeed on;
pagespeed UseNativeFetcher off;
###
# Headers Settings
###
include snippets/header.conf;
more_set_headers 'Server: l0nax Server';
pagespeed Domain https://l0nax.org;
pagespeed FetchHttps enable,allow_self_signed;
pagespeed SslCertDirectory /etc/ssl/certs;
pagespeed SslCertFile l0nax.org.crt;
###
# SSL Settings
###
# enable session resumption to improve https performance
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_certificate /etc/ssl/certs/l0nax.org.crt;
ssl_certificate_key /etc/ssl/private/l0nax.org.key;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# enable stamping (brwoser will check Certitificate Revocation list [CRL])
ssl_trusted_certificate /etc/ssl/certs/l0nax.org.chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/l0nax.org.chain.pem;
# enable HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
}``
My nginx.conf File:
``
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
multi_accept on;
}
http {
pagespeed off;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Prevent Clickjacking Attack
add_header X-Frame-Options "SAMEORIGIN";
# X-XSS Protection
add_header X-XSS-Protection "1; mode=block";
# Disable Content Sniffing on some Browsers
add_header X-Content-Type-Options nosniff;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
# gzip_http_version 1.1 2;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# pagespeed Settings
##
pagespeed UsePerVHostStatistics on;
pagespeed InPlaceResourceOptimization on;
pagespeed CreateSharedMemoryMetadataCache "@@SHM_CACHE@@" 8192;
pagespeed Statistics on;
pagespeed StatisticsLogging on;
pagespeed MessageBufferSize 200000;
pagespeed FetcherTimeoutMs 10000;
pagespeed NativeFetcherMaxKeepaliveRequests 50;
pagespeed LogDir /var/log/pagespeed;
pagespeed FileCachePath /var/cache/pagespeed;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
``
I have compiled with nginx with the following Options:
``
configure arguments: --add-module=/root/incubator-pagespeed-ngx-latest-stable --prefix=/etc/nginx --sbin-path=/usr/sbin --with-http_ssl_module --with-compat --with-google_perftools_module --with-file-aio --with-http_auth_request_module --with-http_geoip_module --with-http_gzip_static_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads --with-openssl=/usr/local/src/openssl --with-http_gzip_static_module --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --add-module=/tmp/headers-more-nginx-module --with-http_v2_module
``
``nginx -v`` output: ``nginx version: nginx/1.13.10``
``nginx -V`` output:
``
nginx version: nginx/1.13.10
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)
built with OpenSSL 1.1.1-pre4-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --add-module=/root/incubator-pagespeed-ngx-latest-stable --prefix=/etc/nginx --sbin-path=/usr/sbin --with-http_ssl_module --with-compat --with-google_perftools_module --with-file-aio --with-http_auth_request_module --with-http_geoip_module --with-http_gzip_static_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads --with-openssl=/usr/local/src/openssl --with-http_gzip_static_module --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --add-module=/tmp/headers-more-nginx-module --with-http_v2_module
``
**My Problem:**
My normal HTTP Site work's well with the PageSpeed Module.
But if i try to connect to my Website via HTTPS it does not work!
Here is the Output from my Chrome: [https://photos.app.goo.gl/qmLMheHysulPdqgz2](https://photos.app.goo.gl/qmLMheHysulPdqgz2)
If i use the Normal nginx Software i can access my Website without this Error.
**https://photos.app.goo.gl/qmLMheHysulPdqgz2**
How i can fix this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services