I have some mp3 files in different directories other than root directory.
When users click on the links to mp3, instead of downloading it starts streaming in most browsers (mostly in mobile browsers).
I have tried adding the below code in the .htaccess, but no luck
<FilesMatch "\.(?i:mp3)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
My server is build in apache and nginxcp (nginx admin). Can anyone help me out?
EDIT: Below is the edited file for my domain vhost file. But after i rebuild host and restart nginx, the file change to its original one and the code "location ~ .mp3$ { add_header Content-Disposition attachment; }" becomes disappears.
server {
error_log /var/log/nginx/vhost-error_log warn;
listen 198.xxx.xx.xxx:80;
listen [::]:80;
server_name dl.xxxx.com www.dl.xxxx.com;
access_log /usr/local/apache/domlogs/dl.xxxx.com-bytes_log bytes_log;
access_log /usr/local/apache/domlogs/dl.xxxx.com combined;
root /home/xxxx/public_html/download;
#location / {
location ~*.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
expires 1M;
try_files $uri #backend;
}
location / {
error_page 405 = #backend;
add_header X-Cache "HIT from Backend";
proxy_pass 198.xxx.xx.xxx:8081;
include proxy.inc;
include microcache.inc;
}
location #backend {
internal;
proxy_pass http://198.xxx.xx.xxx:8081;
include proxy.inc;
include microcache.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://198.xxx.xx.xxx:8081;
include proxy.inc;
include microcache.inc;
}
location ~ /\.ht {
deny all;
}
location ~ \.mp3$ { add_header Content-Disposition attachment; }
}
Related
I have a setup where a server running nginx will be the front-end and also a load balancer that will upstream to a number of other servers which will be backend.
What I currently have is the webservers running nginx and reverse proxying to apache2 running on port 8000.
The idea is to have visitors first log in to the subdomain apps.xxxx.xxx which contains a list of all the companies applications. Upon clicking on one, then you get redirected to one of the apps which also has it's own login credentials that will be provided to potential customers to have a test run before purchasing.
All these apps are required to run from the one domain but from different paths.
Eg. apps.xxxx.xxx/app1 appps.xxxx.xxx/app2
Find attached my nginx config on the app servers
server {
listen 80 default_server;
root /home/MY_NAME/myapp/public;
index index.html index.htm index.php;
server_name _;
#location / {
# try_files $uri $uri/ /index.php$is_args$args;
#}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
location / {
proxy_pass http://SAME_SERVER:8000;
include proxy_params;
#try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
sendfile off;
client_max_body_size 100m;
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
I've spend a bit of time searching for an answer to this but can't seem to lock it down and any help would be appreciated.
I've setup SSL on an Nginx server but can't seem to get the non-www https domain to redirect to the www https domain.
I am trying to fix this:
https://example.com -> https://www.example.com
Below is my current config:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
access_log /var/log/nginx/site.access.log;
error_log /var/log/nginx/site.error.log;
server_name example.com www.example.com;
root /var/www/site;
index index.php index.html index.htm;
client_max_body_size 10m;
# unless the request is for a valid file, send to bootstrap
if (!-e $request_filename)
{
rewrite ^(.+)$ /index.php?q=$1 last;
}
# catch all
error_page 404 /index.php;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/site$fastcgi_script_name;
include fastcgi_params;
}
# deny access to apache .htaccess files
location ~ /\.ht
{
deny all;
}
location = /xmlrpc.php {
deny all;
}
location ~* \.html$ {
expires -1;
}
location ~ \.(htc|less|js|js2|js3|js4)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(css|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
expires 3600s;
add_header Pragma "public";
add_header Cache-Control "max-age=3600, public";
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|_ttf|wav|wma|wri|woff|woff2|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
try_files $uri $uri/ $uri.html /index.php?$args;
}
location ~* \.(eot|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
None of the below answers have resolved my issue's. I am currently hosting the site on AWS could it be the way I have setup my bucket to redirect to the domain?
I had letsencrypt cert installed before , but then it got expired and now i am not able to renew it .
so I am trying to switch off the SSL i have removed the code related with SSL but still the url is redirecting to https.
server {
listen 80 ;
listen [::]:80 ipv6only=on;
root /var/www/laravel/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name domain.in www.domain.in;
ssl off;
#charset utf-8;
#include h5bp/basic.conf;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ /.well-known {
allow all;
}
location ~ \.php$ {
try_files $uri =404;
client_max_body_size 1024M;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Any Idea how to fix this issue
Thanks
I'm having issues redirecting from www to non-www only for https/ssl. Any ideas why this might be happening? It works fine for non-secure URL's. Here's my config:
html {
# Compression
# Enable Gzip compressed.
gzip on;
# Enable compression both for HTTP/1.0 and HTTP/1.1.
gzip_http_version 1.1;
# Compression level (1-9).
# 5 is a perfect compromise between size and cpu usage, offering about
# 75% reduction for most ascii files (almost identical to level 9).
gzip_comp_level 5;
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
gzip_min_length 128;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
gzip_vary on;
# Compress all output labeled with one of the following MIME-types.
gzip_types application/atom+xml application/x-javascript application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
}
server {
listen 80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen *:443 ssl;
server_name www.example.com;
return https://example.com$request_uri 301;
}
server {
listen 443 ssl;
server_name example.com;
root /home/forge/default/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_param DB_PASSWORD "password";
fastcgi_param DB_USERNAME "user";
fastcgi_param DB_NAME "db";
fastcgi_param DB_HOST "localhost";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# Expire rules for static content
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
# access_log logs/static.log; # I don't usually include a static log
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
}
OK, so I figured this out a while ago but forgot to post the answer, so here it is.
server {
listen 80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /home/forge/default/public;
if ($host = 'www.example.com') {
rewrite ^/(.*)$ https://example.com/$1 permanent;
}
}
How robust this is I'm not entirely sure but it works.
Essentially, you listen on port 80 for www and non-www and return a 301 redirect to the secure non-www URL. You then check in your SSL server block listening on port 443 if the host that has been requested matches the www version of the secure URL and if it does you permanently rewrite it to the secure non-www version.
nginx takes SSL-certificate from 'default_server' or from first described for the particular IP+port pair.
So, you should
swap SSL-enabled server blocks
or just add default_server parameter to listen directive in your second block.
I've been using a vanilla apache install until recently with no major problems.
Today I installed Nginx Admin (the cpanel nginx plugin) which acts as a reverse proxy for Apache to deliver static files.
This all works very well and there is a noticable performance boost which I am pleased with.
However my site hosts a large amount of MP3 files which prior to using Nginx would all get cached by the browser meaning that a user only had to download them once and subsequent listens were instananeous.
Now, with Nginx Admin installed the browser requests the file from the server every time.
I have tried adding the following to my nginx config file:-
location ~* \.(mp3)$ {
expires max;
}
But even this had no effect. What might be causing this and what else can I try to rectify this issue?
Strangely under apache my header looks like this:-
Server Apache
Connection Keep-Alive
Keep-Alive timeout=5, max=98
Vary Accept-Encoding,User-Agent
This returns a 304 Not Modified response after being cached
and with nginx admin installed the headers are as follows:-
Server nginx admin
Date Thu, 24 Nov 2011 12:46:27 GMT
Content-Type audio/mpeg
Content-Length 5263187
Last-Modified Mon, 26 Sep 2011 18:29:39 GMT
Connection keep-alive
Expires Thu, 01 Dec 2011 12:46:27 GMT
Cache-Control max-age=604800
X-Cache HIT from Backend
Accept-Ranges bytes
Which no matter what always returns a 200 OK.
My nginx config file is as follows:-
user nobody;
# no need for more workers in the proxy mode
worker_processes 4;
error_log /var/log/nginx/error.log info;
worker_rlimit_nofile 20480;
events {
worker_connections 5120; # increase for busier servers
use epoll; # you should use epoll here for Linux kernels 2.6.x
}
http {
server_name_in_redirect off;
server_names_hash_max_size 10240;
server_names_hash_bucket_size 1024;
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_http_version 1.1;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_buffers 16 8k;
# You can remove image/png image/x-icon image/gif image/jpeg if you have slow CPU
gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
reset_timedout_connection on;
connection_pool_size 256;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
client_max_body_size 200M;
client_body_buffer_size 128k;
request_pool_size 32k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /tmp/nginx_proxy/;
client_body_in_file_only on;
log_format bytes_log "$msec $bytes_sent .";
include "/etc/nginx/vhosts/*";
}
With this domain specific file being included:-
server {
error_log /var/log/nginx/vhost-error_log warn;
listen x.x.x.x:x;
server_name songbanc.com www.songbanc.com;
access_log /usr/local/apache/domlogs/mydomain.com-bytes_log bytes_log;
access_log /usr/local/apache/domlogs/mydomain.com combined;
root /home/mydomain/public_html;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
expires 7d;
try_files $uri #backend;
}
error_page 405 = #backend;
add_header X-Cache "HIT from Backend";
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
}
location #backend {
internal;
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
location ~* \.(mp3)$ {
expires max;
}
}
I believe the reason may be because your conf file was unnecessarily complex and errors start to creep into such configs.
location ~ .*\.(php|jsp|cgi|pl|py)?$ should be location ~ .*\.(php|jsp|cgi|pl|py)$.
The long nested if block under location / is similarly not required.
The add_header X-Cache directive should be in proxy.inc.
Named locations such as "#backend" do not need "internal" directives.
Anyway, after striping things down, we are left with:
server {
error_log /var/log/nginx/vhost-error_log warn;
listen x.x.x.x:x;
server_name songbanc.com www.songbanc.com;
access_log /usr/local/apache/domlogs/mydomain.com-bytes_log bytes_log;
access_log /usr/local/apache/domlogs/mydomain.com combined;
root /home/mydomain/public_html;
index index.html index.php;
error_page 418 = #backend;
location / {
expires 7d;
add_header Cache-Control "public";
try_files $uri $uri/ #backend;
}
location ~* \.mp3$ {
# Add rewrite rules to handle these requests here
add_header Cache-Control "public";
expires max;
}
location ~ .*\.(php|jsp|cgi|pl|py)$ {
return 418;
}
location #backend {
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
}
This should have the static files cached and dynamic ones not cached. requires rewrite rules for the mp3 block to be translated from the backend.
Alternatively, you can just pass the mp3 requests to the backend.
server {
error_log /var/log/nginx/vhost-error_log warn;
listen x.x.x.x:x;
server_name songbanc.com www.songbanc.com;
access_log /usr/local/apache/domlogs/mydomain.com-bytes_log bytes_log;
access_log /usr/local/apache/domlogs/mydomain.com combined;
root /home/mydomain/public_html;
index index.html index.php;
error_page 418 = #backend;
location / {
expires 7d;
add_header Cache-Control "public";
try_files $uri $uri/ #backend;
}
location ~* \.mp3$ {
add_header Cache-Control "public";
expires max;
return 418;
}
location ~ .*\.(php|jsp|cgi|pl|py)$ {
return 418;
}
location #backend {
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
}
I am not 100% certain if directives such as "expires" and "add_header" are not cleared when a redirect is triggered. If you find that you are not getting the you headers with the config above, this slightly longer one should do it.
server {
error_log /var/log/nginx/vhost-error_log warn;
listen x.x.x.x:x;
server_name songbanc.com www.songbanc.com;
access_log /usr/local/apache/domlogs/mydomain.com-bytes_log bytes_log;
access_log /usr/local/apache/domlogs/mydomain.com combined;
root /home/mydomain/public_html;
index index.html index.php;
error_page 418 = #backend;
location / {
expires 7d;
add_header Cache-Control "public";
try_files $uri $uri/ #backend;
}
location ~* \.mp3$ {
error_page 418 = #backend_alt;
return 418;
}
location ~ .*\.(php|jsp|cgi|pl|py)$ {
return 418;
}
location #backend {
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
}
location #backend_alt {
proxy_pass http://x.x.x.x:8081;
include proxy.inc;
add_header Cache-Control "public";
expires max;
}
location ~ /\.ht {
deny all;
}
}