You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pagespeed.apache.org by GitBox <gi...@apache.org> on 2018/03/29 17:54:37 UTC
[GitHub] Fertusco opened a new issue #1547: Nginx + Pagespeed + Varnish over SSL
Fertusco opened a new issue #1547: Nginx + Pagespeed + Varnish over SSL
URL: https://github.com/apache/incubator-pagespeed-ngx/issues/1547
I'm running Nginx on port 80 redirecting (301) all traffic to the port 443 over SSL. This way, I proxy_pass to the Varnish on port 6081, witch send back the cached content or use Nginx on port 8000 as Backend. The ngx_pagespeed is "On" on server directive over port 443 and "Off" on server directive over port 8000.
In that case, the ngx_pagespeed optimize the content delivered by varnish over the port 443.
Is this a good approach?
Redirect to SSL
```
server {
listen 80;
server_name www.mydomain.com.br mydomain.com.br;
return 301 https://www.mydomain.com.br$request_uri;
}
```
Server 443 SSL
```
server {
listen 443 default ssl http2;
server_name www.mydomain.com.br;
ssl_certificate /etc/letsencrypt/live/mydomain.com.br/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com.br/privkey.pem;
access_log /srv/www/mydomain.com.br/logs/nginx.log main;
error_log /srv/www/mydomain.com.br/logs/error.log;
pagespeed on;
pagespeed Domain https://www.griferelogios.com.br;
pagespeed LoadFromFileMatch "^https?://www.griferelogios.com.br/" "/srv/www/griferelogios.com.br/public_html/";
pagespeed LoadFromFileRuleMatch allow \.css$;
pagespeed LoadFromFileRuleMatch allow \.jpe?g$;
pagespeed LoadFromFileRuleMatch allow \.png$;
pagespeed LoadFromFileRuleMatch allow \.gif$;
pagespeed LoadFromFileRuleMatch allow \.js$;
location / { ## Execute PHP scripts
proxy_pass http://127.0.0.1:6081;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS "on";
proxy_set_header Ssl-Offloaded "1";
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
Backend
```
server {
listen 8000;
server_name www.mydomain.com.br;
access_log /srv/www/mydomain.com.br/logs/nginx.log main;
error_log /srv/www/mydomain.com.br/logs/error.log;
root /srv/www/mydomain.com.br/public_html;
pagespeed off;
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location ~* /rss/order/new {
return 403;
}
location ~* /rss/catalog/notifystock {
return 403;
}
location ~* /rss/catalog/review {
return 403;
}
location ^~ /downloader/ {
deny all;
}
location /var/export/ { ## Allow admins only to view export folder
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
location /. { ## Disable .htaccess and other hidden files
return 404;
}
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
allow all;
}
location @handler { ## Magento uses a common front handler
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location /home {
rewrite ^ http://www.griferelogios.com.br permanent;
}
location ~ .php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
fastcgi_param MAGE_RUN_TYPE store;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_param HTTPS "on";
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
}
```
Ps: Varnish doesn't cache the content over "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" passing by directly to the backend.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services