incubator-pagespeed-ngx
incubator-pagespeed-ngx copied to clipboard
apache
Unfortunately, nginx and pagespeed stop working
Hi i am running a server with nginx and page speed module and it's working great and working yesterday. Today i see my server is down, and it's not working anymore with the pagespeed module. below is my server config file .
`user www-data; worker_processes 1; pid /run/nginx.pid; #include /etc/nginx/modules-enabled/*.conf; events { worker_connections 3096; use epoll; # Accept as many connections as possible, after nginx gets notification about a new connection. multi_accept on; accept_mutex on; # Workflows will take turns Connection } http { ## # Basic Settings ## charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; access_log off; log_not_found off; types_hash_max_size 2048; types_hash_bucket_size 64; client_max_body_size 50m; server_tokens off; server_name_in_redirect off; error_log /var/log/nginx-error.log warn; reset_timedout_connection on; send_timeout 3m; keepalive_timeout 300; keepalive_requests 100000; client_body_buffer_size 50k; client_header_buffer_size 3k; large_client_header_buffers 2 6k; client_body_timeout 10; client_header_timeout 10; include mime.types; default_type application/octet-stream; # Logging access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; # Gzip Settings gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 32 16k; gzip_http_version 1.1; gzip_min_length 250; gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon font/ttf font/eot font/otf font/woff2 application/x-font application/x-font-opentype application/x-font-otf font/woff application/x-font-truetype application/x-font-ttf application/x-font-woff application/x-font-woff2 image/webp; # Turn on caching of open files open_file_cache max=10000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; # buffers fastcgi_read_timeout 300; # Connect php-fpm via socket - works faster than by tcp upstream php-fpm { # This must corespond to "listen" directive in php-fpm pool server unix:/run/php-fpm/php7.4-fpm.sock; }
# DDoS Mitigation
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn perip 100;
limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}`
and here is domain block
`server { listen 94.237.89.197:80; listen [2a04:3542:1000:910:6cd2:15ff:fe93:755c]:80;
#include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://domain.com$request_uri;
}
}
server {
listen 94.237.89.197:443 ssl http2;
listen [2a04:3542:1000:910:6cd2:15ff:fe93:755c]:443 ssl http2;
server_name domain.com www.domain.com *.domain.com;
root /var/www/domain;
http2_push_preload on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
add_header Content-Security-Policy upgrade-insecure-requests; add_header Expect-CT 'enforce; max-age=7776000'; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
Optimize session cache
ssl_session_cache shared:SSL:50m; ssl_session_timeout 24h;
Enable session tickets
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] 208.67.222.222 208.67.220.220 [2620:119:35::35] [2620:119:53::53] valid=60s;
resolver_timeout 5s;
ssl_buffer_size 6k;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
include /etc/nginx/snippets/letsencrypt.conf;
#set client body size to 20M
client_max_body_size 10M;
index index.php index.html index.htm;
location ~ .php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; }
location / {
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$args;
#ignored: "-" thing used or unknown variable in regex/rew
if (!-f $request_filename){
set $rule_1 1$rule_1;
}
if (!-d $request_filename){
set $rule_1 2$rule_1;
}
if ($rule_1 = "21"){
rewrite /. /index.php last;
}
# START Nginx Rewrites for Rank Math Sitemaps
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
# END Nginx Rewrites for Rank Math Sitemaps
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/domain;
}
location /robots.txt {
alias /var/www/domain/robots.txt;
}
location ~ /.well-known {
allow all;
}
pagespeed on;
pagespeed FileCachePath "/var/cache/ngx_pagespeed/";
pagespeed RewriteLevel OptimizeForBandwidth;
location ~ ".pagespeed.([a-z].)?[a-z]{2}.[^.]{10}.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc)$ {
access_log off;
expires 365d;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js|woff2|woff|webp|eot|ttf|ogg)$ {
access_log off;
expires 365d;
add_header Cache-Control "public";
}
}`
