what's problem a cloudflare cache for Nginx origin server? - cloudflare

I am using two origin server for Apache and Nginx with Cloudflare CDN.
But caching does not work on Cloudflare for Nginx only.
Everytime no "HIT"
Everytime "DYNAMIC"
"Page Rules" setup for "Everything"
what is the difference between Apache and Nginx when using Cloudflare CDN?
Note: In Apache, it works very well.

Related

How to configure Varnish + Nginx reverse proxy on LAMP server

I have already installed LAMP server on Ubuntu (digital ocean droplet). Now I want to install Varnish + Nginx reverse proxy on it.
I have only 1 GB ram on digital ocean droplet. So, Does Varnish + Nginx + Apache is good or I should only install Nginx + Apache.
Actually website getting very good traffic. So I need to install Varnish, Nginx reverse proxy on the server for better performance.
Please guide me how can I configure this on the server.
Thanks
It depends on what exactly you want to store in your cache and whether you need any complex conditions for caching rules (like caching based on some headers, cookies, IP address, etc.)
If you only want to cache static static content, then you can simply use https://www.nginx.com/blog/nginx-caching-guide/ and mount your cache folder as tmpfs (which is placed in RAM): https://blog.wp-rocket.me/mount-folder-ram/
Then you won't need varnish in front of nginx and will still have fast cache.

Drupal - Mixed content error when using ssl certificate

I had a drupal installation working fine. I tried to migrate that one on a Docker Container runing behind a nginx reverse proxy. Everything seems fine but i have some .js and .css files that can't load because in drupal they are linked with http. The error is:
Mixed Content: The page at https://proxy.xx.xx/ was loaded
over HTTPS, but requested an insecure stylesheet
http://proxy.xx.xx/sites/default/files/css/css_xE-rWrJf-
fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css'. This request has been
blocked; the content must be served over HTTPS.
I have something like 7 of them and i can't find where those files are called in drupal or how to change the http to https.
Best regards.
Alright, so I got to work by adding the following to the Drupal settings.php:
$conf['reverse_proxy'] = TRUE;
$base_url = 'https://whatever-your-domain-is.com';
$conf['reverse_proxy_addresses'] = array('internal_nginx_proxy_ip');
$conf['reverse_proxy_header'] = 'HTTP_X_FORWARDED_FOR';
This works for jwilder's nginx-proxy container(s) together with JrCs' letsencrypt companion container. The nginx container is handling the HTTPS/SSL (certificates) and talks HTTP with the Drupal-container internally. The Drupal container only needs to be run with the 3 ENV VARS VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL for everything to be set up and work its magic.
Only downside: The Drupal container's apache logs show the internal IP of the nginx proxy. But the nginx logs show the correct client IPs and Drupal apparently gets them right as well, so it's only a minor nuisance for me.
I guess the additions to the settings.php should also be applicable to custom/manual setups.
We found what was wrong. Drupal was communicating with the Nginx proxy without ssl. Some config and it was ok.

apache redirect to SSL configured site

I am trying to setup a gitlab repository and I am quite new to the web server side of things. My setup is the following:
I have an apache server which is running my main website on port 8080.
I have the gitlab configured with SSL and Nginx and running on port 2443.
At the moment, the gitlab site can be accessed through https://www.example.com:2443.
What I would like to do is setup a redirect through my apache server where if someone comes to http://www.example.com/gitlab or https://www.example.com/gitlab, they get redirected to ``https://www.example.com:2443` (preferably without the web browser text field changing).
Could this be done easily with Apache? Also, since the redirect is to an SSL site, any special things we need to consider?
You can try adding the redirect directive to your Apache VirtualHosts (8080 and 443).
Redirect permanent /gitlab https://www.example.com:2443

Nginx Proxy/ Apache - cache static file or duplicate to nginx server

It setup wordpress on apache server and config it runs smooth.
Now i want to setup a nginx proxy to server static files.
So i have some questions:
Do i need to duplicate uploads folder of wordpress and put in nginx server ?
Or try to cache all static file in nginx server ?
On apache server i use module deflate, expires, pagespeed, opcache. So if i add nginx proxy to server static files, should i remove the deflate, expires, pagespee module ? Because we can do this work on nginx server.
In case of using Nginx, the Apache HTTPD sever is good but redundant. Nginx can communicate to PHP-FPM directly which is the most efficient solution so far, with that option you can do:
improve performance
simplify deployment procedure
setup gzip and other headers in one place
serve static content more efficiently
reduce amount of overall memory
utilise Nginx cache (with Wordpress plugin to invalidate its cache on page content update)

How to configure mod_pagespeed for SSL pages

We have website e.g. http://www.acb.com which points to a hardware load-balancer which is suppose to load-balance two dedicated server. Each server is running apache as a frontend and uses mod_proxy to forward request to tomcat.
Some pages of our website require SSL like https://www.abc.com/login or https://www.abc.com/checkout
SSL is terminated at hardware load-balancer.
When I configured mod_pagespeed it compressed, minimized and merged css file and rewrote them with an absolute url http://www.abc.com/css/merged.pagespeedxxx.css instead of relative url /css/merged.pagespeedxxx.css.
It works fine for non ssl pages but when I navigate to an ssl page such as https://www.abc.com/login all the css and js files are blocked by browser like chrome as their absolute url is not using ssl.
How can I resolve this issue ?
Check for https string in this documentation and this one.
You should show us in your question your current ModPagespeedMapOriginDomain && ModPagespeedDomain settings.
From what I understand from these lines:
The origin_specified_in_html can specify https but the origin_to_fetch_from can only specify http, e.g.
ModPagespeedMapOriginDomain http://localhost https://www.example.com
This directive lets the server accept https requests for www.example.com without requiring a SSL certificate to fetch resources - in fact, this is the only way mod_pagespeed can service https requests as currently it cannot use https to fetch resources. For example, given the above mapping, and assuming Apache is configured for https support, mod_pagespeed will fetch and optimize resources accessed using https://www.example.com, fetching the resources from http://localhost, which can be the same Apache process or a different server process.
And these ones:
mod_pagespeed offers limited support for sites that serve content through https. There are two mechanisms through which mod_pagespeed can be configured to serve https requests:
Use ModPagespeedMapOriginDomain to map the https domain to an http domain.
Use ModPagespeedLoadFromFile to map a locally available directory to the https domain.
The solution would be something like that (or the one with ModPagespeedLoadFromFile)
ModPagespeedMapOriginDomain http://localhost https://www.example.com
BUT, the real problem for you is that apache does not directly receive the HTTPS requests as the hardware load balancer handle it on his own. So the mod-pagespeed output filter does not even know it was requested for an SSL domain. And when it modify the HTML content, applying domain rewrite maybe, it cannot handle the https case.
So... one solution (untested) would be using another virtualhost on the apache server, still HTTP if you want, dedicated to https handling. All https related urls (/login,/checkout,...) would then be redirected to this specific domain name by the hardware load balancer. Let's say http://secure.acb.com. This name is only in use between the load balancer and front apaches (and quite certainly apache should restrict access to this VH to the load balancer only).
Then in these http://secure.acb.com virtualhosts mod_pagespeed would be configured to externally rewrite domains to https://www.example.com. Something like:
ModPagespeedMapOriginDomain http://secure.example.com https://www.example.com
Finally the end user request is https://www.example.com/login, the load balancer manages HTTPS, talk to apache with http://secure.example.com, and page results contains only references to https://www.example.com/* assets. Now when theses assets are requested with an https domain request you still have the problem of serving theses assets. So the hardware load balancer should allow all theses assets url in the https domain and send them to the http://secure.abc.com virtualhosts (or any other static VH).
This sounds like you configured the rewritten URL as http://www.abc.com/css/merged.pagespeedxxx.css yourself - therefor: Try to use a protocol-relative URL, e.g. remove http: and just state //www.abc.com/css/merged.pagespeedxxx.css - this will use the same protocol as the embedding page was requested in.
One of the well standardized but relatively unknown features of URLs