We Keep Coding

Static files served with Nginx empty or don't load?

I was used to serving static files through express static but want to move to Nginx. I keep my static files in a public folder: /home/user/Documents/app.com/CURRENT PROJECT/public/.
On my websites they are called like this: app.com/css/styles.js, app.com/fonts/font.woff2, app.com/js/main.js.
I wasn't able to figure it out with nginxs examples. When I tried my config they just returned 302 codes. I have tried these versions of the config + I have the entire version bellow if anyone needs it for reference.
location ~ \.(css|js|woff|woff2|png|jpg|jpeg|webp|svg|mp3) {
root '/home/user/Documents/app.com/CURRENT PROJECT/public';
gzip_static on;
expires max;
}
#for each path
location /css/ {
root '/home/user/Documents/app.com/CURRENT PROJECT/public';
gzip_static on;
expires max;
autoindex on;
}
Full:
/etc/nginx/nginx.conf
user www-data;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 8192;
multi_accept on;
}
http {
upstream loadbalance {
least_conn;
server app:8003;
}
limit_req_zone $binary_remote_addr zone=ip:10m rate=4r/s;
http2_push_preload on;
server {
listen 80;
listen 443 ssl http2;
server_name www.app.com;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
return 301 https://app.com$request_uri;
}
server {
limit_req zone=ip burst=20 delay=14;
server_name app.com;
##
# SSL Settings
##
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
# added
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
location ~ \.(css|js|woff|woff2|png|jpg|jpeg|webp|svg|mp3) {
root '/home/user/Documents/app.com/CURRENT PROJECT/public';
gzip_static on;
expires max;
autoindex on;
#add_header Cache-Control private;
}
location / {
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://loadbalance;
}
}
# Gzip Settings
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 32 16k;
gzip_http_version 1.1;
gzip_min_length 1024;
gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
client_body_timeout 16;
client_body_buffer_size 12K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
access_log off;
error_log /dev/null;
include servers/*;
}

Having Latency problem with AWS ELB backed Nginx, Is there any way to add gzip, cache, SSL configurations in ELB? is gzip support on ELB?

I added SSL to my ELB by using the AWS Certificate Manager and running Nginx on ELB backed EC2 instance.
Configured SSL in Nginx conf file
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
#if user hits http, then he will be redirected https
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
sendfile on;
default_type application/octet-stream;
gzip on;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.";
gzip_min_length 256;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_comp_level 9;
root /usr/share/nginx/html;
location / {
try_files $uri $uri/ /index.html =404;
}
}
}
am facing some latency issues, So How can I add gzip, cache, some SSL configurations in ELB?

X-Accel-Redirect not working with SSL

I am using the X-Accel-redirect feature of Nginx for playing videos with a php file named video2.php with the following code:
header("X-Accel-Redirect: /Restr/" . $file);
(of course, much more executable code before, not necessary by now)
I also have the following file, pla.php, with 2 players embedded:
First player as source src="http://example.com/video2.php" type="video/mp4", The second as source src="video2.php" type="video/mp4"
First player works and second doesn't when I am in https mode.
Both players work when I am in http mode. The first player plays in https because the full link in http.
That means Nginx works fine with SSL in all cases but one. X-Accel-redirect feature is not working when the domain is set to https. It works perfectly in http mode.
The nginx.conf is
user nobody;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events
{
worker_connections 1024;
use epoll;
}
http
{
open_file_cache max=5000 inactive=30s;
open_file_cache_valid 120s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
open_log_file_cache max=1024 inactive=30s min_uses=2;
server_names_hash_max_size 10240;
server_names_hash_bucket_size 1024;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 5;
gzip on;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_http_version 1.1;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml application/javascript application/json;
ignore_invalid_headers on;
client_header_timeout 3m;
client_body_timeout 3m;
client_max_body_size 200m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /tmp/nginx_temp;
log_format bytes_log "$msec $bytes_sent .";
include /etc/nginx/conf.d/*.conf;
}
In xxx.xxx.xxx.xx.conf
server {
listen xxx.xxx.xxx.xx:82;
access_log /var/log/nginx/access.xxx.xxx.xxx.xx.log;
error_log /var/log/nginx/error.xxx.xxx.xxx.xx.log;
server_name xxx.xxx.xxx.xx;
root /usr/local/apache/htdocs;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot)\$ {
expires 7d; #Comment this out if you are using the apache backend cache-control/expires headers.
try_files \$uri \#backend;
}
error_page 405 = \#backend;
error_page 500 = \#custom;
add_header X-Cache "HIT from Backend";
proxy_pass http://xxx.xxx.xxx.xx:8181;
include proxy.inc;
}
location \#backend {
internal;
proxy_pass http://xxx.xxx.xxx.xx:8181;
include proxy.inc;
}
location \#custom {
internal;
proxy_pass http://xxx.xxx.xxx.xx:8181;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?\$ {
proxy_pass http://xxx.xxx.xxx.xx:8181;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
}
It seems here is the key, all is set to http only, not https.
the code of proxy.inc below from etc/nginx/
proxy_buffering off;
proxy_connect_timeout 59s;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass_header Set-Cookie;
proxy_redirect off;
proxy_hide_header Vary;
proxy_hide_header X-Powered-By;
proxy_set_header Accept-Encoding '';
#If you want to get the cache-control and expire headers from apache, comment out 'proxy_ignore_headers' and uncomment 'proxy_pass_header Expires;' and 'proxy_pass_header Cache-Control
#proxy_pass_header Expires;
#proxy_pass_header Cache-Control;
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Any help will be apreciated

Strange NGINX throughput when switched from Apache

System information (AWS EC2 Instance (m4.large) behind the ElasticBeanstalk):
Region: us-west-1
Memory: 8GB
CPU: 2 core / 2.4GHz
PHP Version: 7.0.22 (ZTS) with FPM
Nginx Version: 1.10.2
There is an API used by web/mobile/other. Each endpoint is making database requests and using cache (APCu or Redis)
Apache
Apache serves ~40 requests per second. Latency was ~500-1200ms (depends on the API endpoint).
Nginx
Then we decided to move to Nginx. But faced the strange behavior - throughput decreased to ~ 20 requests per second. And the latency is constantly increasing (e.g.: test starts with 300ms and ends with >31000ms)
/etc/nginx/nginx.conf:
user webapp;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 10000;
error_log /var/log/nginx/error.log;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 4096;
use epoll;
multi_accept on;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
charset utf-8;
client_max_body_size 50m;
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/json;
gzip_disable "MSIE [1-6]\.";
include /etc/nginx/mime.types;
default_type application/octet-stream;
upstream php {
server 127.0.0.1:9000;
}
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
}
/fpm/pools/www.conf:
[www]
user = webapp
group = webapp
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 75
pm.start_servers = 30
pm.min_spare_servers = 30
pm.max_spare_servers = 35
pm.max_requests = 500
... the rest is default
Performance is measured by Apache Jmeter, using custom scenarios.
Tests are run from the same region (another EC2 instance).
cURL stats:
lookup: 0.125
connect: 0.125
appconnect: 0.221
pretransfer: 0.221
redirect: 0.137
starttransfer: 0.252
total: 0.389
tcptraceroute is also perfect (1ms)
Please advise! I cannot find the cause of the problem by myself..
Thanks!

Adding expire headers in nginx

It used to be so easy to set header expiration with apache mod_headers, but I am having a hard time to figure out where to add it in nginx confi file.
This is my nginx.conf:
#user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;
tcp_nodelay on;
gzip on;
gzip_http_version 1.1;
#gzip_http_version 1.0;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-javascript text/xml;
#gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
Where should I add the header expiration part like
location ~* \.(js|css)$ {
expires 30d;
}
I tried adding it inside "http" or including in another block "server", but it generates errors like unknown directive "server" or "location".

It is as easy to add expires headers in nginx. You need to place your location block inside a server block. There must be a default file in /your/nginx_dir/sites-enabled/.
If it is you can edit it directly and add your location block inside it, or you can copy the the whole content of the default file inside the http block of your nginx.conf.
If you choose to edit the default file in place, don't forget to add a line like this in your nginx.conf
include /etc/nginx/sites-enabled/*;
If you can't find the default file, just edit your nginx.conf so it will look like this
#....
server_tokens off;
#up to here the conf is the same as yours
#edit starts here, just add this server block
server {
#default_server is not necessary but is useful if you have many servers
#and want to capture requests where the host header doesn't match any server name
listen 80 default_server;
#requests with host header that matches server name will be handled by this server
server_name your.domain.com localhost;
#change your document root accordingly
root /path/to/your/html/root;
#you can have as many location blocks as you need
location ~* \.(js|css)$ {
expires 30d;
}
}
#end of conf changes
include /etc/nginx/conf.d/*.conf;
Since you are coming from apache, just think of nginx's server as apache's VirtualHost. Don't forget to reload nginx after each change in the conf files

check inside /etc/nginx/conf.d/ you'll probably find a file called default then you'll find the location / inside here.