You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pagespeed.apache.org by GitBox <gi...@apache.org> on 2018/09/22 14:49:01 UTC
[GitHub] SilverFoxA opened a new issue #1597: NGINX pagespeed CloudFlare ssl gives “NET::ERR_CERT_AUTHORITY_INVALID”
SilverFoxA opened a new issue #1597: NGINX pagespeed CloudFlare ssl gives “NET::ERR_CERT_AUTHORITY_INVALID”
URL: https://github.com/apache/incubator-pagespeed-ngx/issues/1597
I have rebuilt nginx with pagespeed running on ubuntu. Here's my config file. When accessing the website via port 443 or ssl it gives me the following error `NET::ERR_CERT_AUTHORITY_INVALID`.
When I tried toggling pagespeed UseNativeFetcher off; I get the following error
`nginx: [emerg] "pagespeed" directive "UseNativeFetcher" cannot be set at this scope. in /etc/nginx/sites-enabled/live:70`
I'm not able to figure out where actually I'm doing wrong or what I'm missing out.
```
server {
listen 80;
listen [::]:80;
server_name domain.com www.domain.com;
# Redirect all traffic to SSL
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
ssl_protocols SSLv3 TLSv1;
# disables all weak ciphers
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
root /var/www/live/website/public;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
## Access and error logs.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
## Keep alive timeout set to a greater value for SSL/TLS.
keepalive_timeout 75 75;
## See the keepalive_timeout directive in nginx.conf.
## Server certificate and key.
ssl on;
ssl_certificate /etc/ssl/site_ssl/public.pem;
ssl_certificate_key /etc/ssl/site_ssl/private.key;
ssl_session_timeout 5m;
## Strict Transport Security header for enhanced security. See
## http://www.chromium.org/sts. I've set it to 2 hours; set it to
## whichever age you want.
add_header Strict-Transport-Security "max-age=7200";
pagespeed on;
pagespeed FileCachePath "/var/cache/ngx_pagespeed/";
pagespeed RewriteLevel OptimizeForBandwidth;
pagespeed EnableFilters trim_urls;
pagespeed RewriteLevel OptimizeForBandwidth;
pagespeed EnableFilters lazyload_images;
pagespeed EnableFilters collapse_whitespace;
#pagespeed UseNativeFetcher off;
#pagespeed RespectXForwardedProto on;
pagespeed FetchHttps enable,allow_self_signed,allow_unknown_certificate_authority;
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
pagespeed SslCertDirectory /etc/ssl/site_ssl;
pagespeed SslCertFile /etc/ssl/site_ssl/public.pem;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|svg|woff|woff2|ttf)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
expires 7d;
access_log off;
add_header Cache-Control "public";
}
location ~ /\.ht {
deny all;
}
}
TIA
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services