ioweb-gr edited a comment on issue #1897:
URL:
https://github.com/apache/incubator-pagespeed-mod/issues/1897#issuecomment-963235129
Well since PLESK autoconfigures most of them I'm not exactly sure about
every detail but let me post the nginx conf and the vhost conf and maybe we can
shed some light to what the issue is.
<summary>
vhost.conf
<details>
```
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
#IF YOU REQUIRE TO APPLY CUSTOM MODIFICATIONS, PERFORM THEM IN THE FOLLOWING
FILES:
#/var/www/vhosts/system/subdomain.example.com/conf/vhost.conf
#/var/www/vhosts/system/subdomain.example.com/conf/vhost_ssl.conf
<IfModule mod_ssl.c>
<VirtualHost <ip>:7081 >
ServerName "subdomain.example.com"
ServerAlias "www.subdomain.example.com"
ServerAlias "ipv4.subdomain.example.com"
UseCanonicalName Off
# mailconfig
<IfModule mod_proxy_http.c>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}
^/autodiscover/autodiscover\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI}
^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI}
^/email\.mobileconfig$ [NC]
RewriteRule ^(.*)$
http://127.0.0.1:8880/mailconfig/
[P,QSA,L,E=REQUEST_URI:%{REQUEST_URI},E=HOST:%{HTTP_HOST}]
</IfModule>
<Proxy "http://127.0.0.1:8880/mailconfig/";>
RequestHeader set X-Host "%{HOST}e"
RequestHeader set X-Request-URI
"%{REQUEST_URI}e"
</Proxy>
</IfModule>
# mailconfig
DocumentRoot "/var/www/vhosts/subdomain.example.com/httpdocs"
CustomLog
/var/www/vhosts/system/subdomain.example.com/logs/access_ssl_log plesklog
ErrorLog
"/var/www/vhosts/system/subdomain.example.com/logs/error_log"
<IfModule mod_suexec.c>
SuexecUserGroup "sys_subdomain" "psacln"
</IfModule>
<IfModule mod_userdir.c>
UserDir
"/var/www/vhosts/subdomain.example.com/web_users/*"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID
"27f55b23-084b-4c81-9aef-889d453c5c7c"
</IfModule>
Alias "/plesk-stat"
"/var/www/vhosts/system/subdomain.example.com/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat
/var/www/vhosts/system/subdomain.example.com/statistics/webstat
Alias /webstat-ssl
/var/www/vhosts/system/subdomain.example.com/statistics/webstat-ssl
Alias /ftpstat
/var/www/vhosts/system/subdomain.example.com/statistics/ftpstat
Alias /anon_ftpstat
/var/www/vhosts/system/subdomain.example.com/statistics/anon_ftpstat
Alias /awstats-icon /usr/share/awstats/icon
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /opt/psa/var/certificates/scfzuSka7
SSLCACertificateFile /opt/psa/var/certificates/scfKX2i16
TimeOut 3600
<Directory /var/www/vhosts/subdomain.example.com/httpdocs>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_proxy_fcgi.c>
<Files ~ (\.php$)>
SetHandler
proxy:unix:/var/www/vhosts/system/subdomain.example.com/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
</IfModule>
SSLRequireSSL
Options -Includes -ExecCGI
</Directory>
<Directory
"/var/www/vhosts/system/subdomain.example.com/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile
"/var/www/vhosts/system/subdomain.example.com/pd/d..httpdocs@plesk-stat"
require valid-user
</Directory>
Alias /error_docs
/var/www/vhosts/subdomain.example.com/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407
/error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
DirectoryIndex "index.html" "index.cgi" "index.pl"
"index.php" "index.xhtml" "index.htm" "index.shtml"
Include
"/var/www/vhosts/system/subdomain.example.com/conf/vhost_ssl.conf"
<Directory /var/www/vhosts/subdomain.example.com>
AllowOverride AuthConfig FileInfo Indexes Limit
Options=Indexes,SymLinksIfOwnerMatch,MultiViews,FollowSymLinks,ExecCGI,Includes,IncludesNOEXEC
</Directory>
#extension letsencrypt begin
Alias /.well-known/acme-challenge
"/var/www/vhosts/default/htdocs/.well-known/acme-challenge"
<Location /.well-known/acme-challenge/>
# Require all granted
Order Deny,Allow
Allow from all
Satisfy any
</Location>
<LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
# Require all denied
Order Allow,Deny
Deny from all
</LocationMatch>
#extension letsencrypt end
#extension sslit begin
#extension sslit end
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost [2a01:4f9:3a:1041::2]:7081 127.0.0.1:7081>
ServerName "subdomain.example.com"
ServerAlias "www.subdomain.example.com"
ServerAlias "ipv6.subdomain.example.com"
UseCanonicalName Off
# mailconfig
<IfModule mod_proxy_http.c>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}
^/autodiscover/autodiscover\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI}
^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI}
^/email\.mobileconfig$ [NC]
RewriteRule ^(.*)$
http://127.0.0.1:8880/mailconfig/
[P,QSA,L,E=REQUEST_URI:%{REQUEST_URI},E=HOST:%{HTTP_HOST}]
</IfModule>
<Proxy "http://127.0.0.1:8880/mailconfig/";>
RequestHeader set X-Host "%{HOST}e"
RequestHeader set X-Request-URI
"%{REQUEST_URI}e"
</Proxy>
</IfModule>
# mailconfig
DocumentRoot "/var/www/vhosts/subdomain.example.com/httpdocs"
CustomLog
/var/www/vhosts/system/subdomain.example.com/logs/access_ssl_log plesklog
ErrorLog
"/var/www/vhosts/system/subdomain.example.com/logs/error_log"
<IfModule mod_suexec.c>
SuexecUserGroup "sys_subdomain" "psacln"
</IfModule>
<IfModule mod_userdir.c>
UserDir
"/var/www/vhosts/subdomain.example.com/web_users/*"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID
"27f55b23-084b-4c81-9aef-889d453c5c7c"
</IfModule>
Alias "/plesk-stat"
"/var/www/vhosts/system/subdomain.example.com/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat
/var/www/vhosts/system/subdomain.example.com/statistics/webstat
Alias /webstat-ssl
/var/www/vhosts/system/subdomain.example.com/statistics/webstat-ssl
Alias /ftpstat
/var/www/vhosts/system/subdomain.example.com/statistics/ftpstat
Alias /anon_ftpstat
/var/www/vhosts/system/subdomain.example.com/statistics/anon_ftpstat
Alias /awstats-icon /usr/share/awstats/icon
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /opt/psa/var/certificates/scfzuSka7
SSLCACertificateFile /opt/psa/var/certificates/scfKX2i16
TimeOut 3600
<Directory /var/www/vhosts/subdomain.example.com/httpdocs>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_proxy_fcgi.c>
<Files ~ (\.php$)>
SetHandler
proxy:unix:/var/www/vhosts/system/subdomain.example.com/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
</IfModule>
SSLRequireSSL
Options -Includes -ExecCGI
</Directory>
<Directory
"/var/www/vhosts/system/subdomain.example.com/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile
"/var/www/vhosts/system/subdomain.example.com/pd/d..httpdocs@plesk-stat"
require valid-user
</Directory>
Alias /error_docs
/var/www/vhosts/subdomain.example.com/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407
/error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
DirectoryIndex "index.html" "index.cgi" "index.pl"
"index.php" "index.xhtml" "index.htm" "index.shtml"
Include
"/var/www/vhosts/system/subdomain.example.com/conf/vhost_ssl.conf"
<Directory /var/www/vhosts/subdomain.example.com>
AllowOverride AuthConfig FileInfo Indexes Limit
Options=Indexes,SymLinksIfOwnerMatch,MultiViews,FollowSymLinks,ExecCGI,Includes,IncludesNOEXEC
</Directory>
#extension letsencrypt begin
Alias /.well-known/acme-challenge
"/var/www/vhosts/default/htdocs/.well-known/acme-challenge"
<Location /.well-known/acme-challenge/>
# Require all granted
Order Deny,Allow
Allow from all
Satisfy any
</Location>
<LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
# Require all denied
Order Allow,Deny
Deny from all
</LocationMatch>
#extension letsencrypt end
#extension sslit begin
#extension sslit end
</VirtualHost>
</IfModule>
<VirtualHost <ip>:7080 >
ServerName "subdomain.example.com"
ServerAlias "www.subdomain.example.com"
ServerAlias "ipv4.subdomain.example.com"
UseCanonicalName Off
# mailconfig
<IfModule mod_proxy_http.c>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}
^/autodiscover/autodiscover\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI}
^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/email\.mobileconfig$
[NC]
RewriteRule ^(.*)$ http://127.0.0.1:8880/mailconfig/
[P,QSA,L,E=REQUEST_URI:%{REQUEST_URI},E=HOST:%{HTTP_HOST}]
</IfModule>
<Proxy "http://127.0.0.1:8880/mailconfig/";>
RequestHeader set X-Host "%{HOST}e"
RequestHeader set X-Request-URI "%{REQUEST_URI}e"
</Proxy>
</IfModule>
# mailconfig
Include
"/var/www/vhosts/system/subdomain.example.com/conf/vhost.conf"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
[R=301,L,QSA]
</IfModule>
</VirtualHost>
<VirtualHost [2a01:4f9:3a:1041::2]:7080 127.0.0.1:7080>
ServerName "subdomain.example.com"
ServerAlias "www.subdomain.example.com"
ServerAlias "ipv6.subdomain.example.com"
UseCanonicalName Off
# mailconfig
<IfModule mod_proxy_http.c>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}
^/autodiscover/autodiscover\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI}
^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/email\.mobileconfig$
[NC]
RewriteRule ^(.*)$ http://127.0.0.1:8880/mailconfig/
[P,QSA,L,E=REQUEST_URI:%{REQUEST_URI},E=HOST:%{HTTP_HOST}]
</IfModule>
<Proxy "http://127.0.0.1:8880/mailconfig/";>
RequestHeader set X-Host "%{HOST}e"
RequestHeader set X-Request-URI "%{REQUEST_URI}e"
</Proxy>
</IfModule>
# mailconfig
Include
"/var/www/vhosts/system/subdomain.example.com/conf/vhost.conf"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
[R=301,L,QSA]
</IfModule>
</VirtualHost>
```
</details>
</summary>
<summary>nginx.conf
<details>
```
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <ip>:443 ssl http2;
server_name subdomain.example.com;
server_name www.subdomain.example.com;
server_name ipv4.subdomain.example.com;
ssl_certificate /opt/psa/var/certificates/scfzuSka7;
ssl_certificate_key /opt/psa/var/certificates/scfzuSka7;
client_max_body_size 128m;
proxy_read_timeout 3600;
# mailconfig
location ~* ^/autodiscover/autodiscover\.xml$ {
try_files $uri @mad;
}
location ~* ^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ {
try_files $uri @mad;
}
location ~* ^/email\.mobileconfig$ {
try_files $uri @mad;
}
location @mad {
rewrite ^(.*)$ /mailconfig/ break;
proxy_pass http://127.0.0.1:8880;
proxy_set_header X-Host $host;
proxy_set_header X-Request-URI $request_uri;
}
# mailconfig
root "/var/www/vhosts/subdomain.example.com/httpdocs";
access_log
"/var/www/vhosts/system/subdomain.example.com/logs/proxy_access_ssl_log";
error_log
"/var/www/vhosts/system/subdomain.example.com/logs/proxy_error_log";
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains" always;
#OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
#extension sslit end
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/subdomain.example.com";
}
location / {
proxy_pass https://<ip>:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~
^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://<ip>:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location @fallback {
proxy_pass https://<ip>:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~
^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip|webp))$
{
try_files $uri @fallback;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
fastcgi_read_timeout 3600;
alias /var/www/vhosts/subdomain.example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
try_files $uri $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass
"unix:/var/www/vhosts/system/subdomain.example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://<ip>:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_read_timeout 3600;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
try_files $uri $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass
"unix:/var/www/vhosts/system/subdomain.example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
add_header X-Powered-By PleskLin;
include
"/var/www/vhosts/system/subdomain.example.com/conf/vhost_nginx.conf";
}
server {
listen [2a01:4f9:3a:1041::2]:443 ssl http2;
server_name subdomain.example.com;
server_name www.subdomain.example.com;
server_name ipv6.subdomain.example.com;
ssl_certificate /opt/psa/var/certificates/scfzuSka7;
ssl_certificate_key /opt/psa/var/certificates/scfzuSka7;
client_max_body_size 128m;
proxy_read_timeout 3600;
# mailconfig
location ~* ^/autodiscover/autodiscover\.xml$ {
try_files $uri @mad;
}
location ~* ^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ {
try_files $uri @mad;
}
location ~* ^/email\.mobileconfig$ {
try_files $uri @mad;
}
location @mad {
rewrite ^(.*)$ /mailconfig/ break;
proxy_pass http://127.0.0.1:8880;
proxy_set_header X-Host $host;
proxy_set_header X-Request-URI $request_uri;
}
# mailconfig
root "/var/www/vhosts/subdomain.example.com/httpdocs";
access_log
"/var/www/vhosts/system/subdomain.example.com/logs/proxy_access_ssl_log";
error_log
"/var/www/vhosts/system/subdomain.example.com/logs/proxy_error_log";
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains" always;
#OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
#extension sslit end
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/subdomain.example.com";
}
location / {
proxy_pass https://[2a01:4f9:3a:1041::2]:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~
^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://[2a01:4f9:3a:1041::2]:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location @fallback {
proxy_pass https://[2a01:4f9:3a:1041::2]:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~
^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip|webp))$
{
try_files $uri @fallback;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
fastcgi_read_timeout 3600;
alias /var/www/vhosts/subdomain.example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
try_files $uri $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass
"unix:/var/www/vhosts/system/subdomain.example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://[2a01:4f9:3a:1041::2]:7081;
proxy_hide_header upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_read_timeout 3600;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
try_files $uri $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass
"unix:/var/www/vhosts/system/subdomain.example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
add_header X-Powered-By PleskLin;
include
"/var/www/vhosts/system/subdomain.example.com/conf/vhost_nginx.conf";
}
server {
listen <ip>:80;
server_name subdomain.example.com;
server_name www.subdomain.example.com;
server_name ipv4.subdomain.example.com;
client_max_body_size 128m;
proxy_read_timeout 3600;
# mailconfig
location ~* ^/autodiscover/autodiscover\.xml$ {
try_files $uri @mad;
}
location ~* ^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ {
try_files $uri @mad;
}
location ~* ^/email\.mobileconfig$ {
try_files $uri @mad;
}
location @mad {
rewrite ^(.*)$ /mailconfig/ break;
proxy_pass http://127.0.0.1:8880;
proxy_set_header X-Host $host;
proxy_set_header X-Request-URI $request_uri;
}
# mailconfig
location / {
return 301 https://$host$request_uri;
}
}
server {
listen [2a01:4f9:3a:1041::2]:80;
server_name subdomain.example.com;
server_name www.subdomain.example.com;
server_name ipv6.subdomain.example.com;
client_max_body_size 128m;
proxy_read_timeout 3600;
# mailconfig
location ~* ^/autodiscover/autodiscover\.xml$ {
try_files $uri @mad;
}
location ~* ^(/\.well-known/autoconfig)?/mail/config\-v1\.1\.xml$ {
try_files $uri @mad;
}
location ~* ^/email\.mobileconfig$ {
try_files $uri @mad;
}
location @mad {
rewrite ^(.*)$ /mailconfig/ break;
proxy_pass http://127.0.0.1:8880;
proxy_set_header X-Host $host;
proxy_set_header X-Request-URI $request_uri;
}
# mailconfig
location / {
return 301 https://$host$request_uri;
}
}
```
</details>
</summary
It's my understanding that with this setup, if a static file is to be
served, it won't be forwarded to apache, instead it will be served directly by
nginx.
So for static files it would be
Client -> Https -> Nginx -> Fetch the file and serve by nginx
But for dynamic requests it would be
Client -> Https -> Nginx -> Forward to Apatche -> Fetch the result and serve
by nginx
Then the application has some .htaccess rules for main dir and pub dir
<summary>.htaccess root dir
<details>
```
############################################
## overrides deployment configuration mode value
## use command bin/magento deploy:mode:set to switch modes
# SetEnv MAGE_MODE developer
############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi
# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php
############################################
## GoDaddy specific options
# Options -MultiViews
## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini
############################################
## this line is specific for 1and1 hosting
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php
############################################
## enable usage of methods arguments in backtrace
SetEnv MAGE_DEBUG_SHOW_ARGS 1
############################################
## default index file
DirectoryIndex index.php
<IfModule mod_php7.c>
############################################
## adjust memory limit
php_value memory_limit 756M
php_value max_execution_time 18000
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
#php_flag zlib.output_compression on
###########################################
## disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
</IfModule>
<IfModule mod_security.c>
###########################################
## disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter on all content
###SetOutputFilter DEFLATE
# Insert filter on selected content types only
#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
text/javascript application/javascript application/x-javascript
application/json image/svg+xml
# Netscape 4.x has some problems...
#BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
############################################
## workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch
with HHVM (or any other)
## Please, set it on virtual host configuration level
## SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
############################################
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT}
"android|blackberry|ipad|iphone|ipod|iemobile|opera
mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
AddType 'text/html; charset=UTF-8' html
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresDefault "access plus 1 year"
ExpiresByType text/html A0
ExpiresByType text/plain A0
</IfModule>
###########################################
## Deny access to root files to hide sensitive application information
RedirectMatch 403 /\.git
<Files composer.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files composer.lock>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .gitignore>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .htaccess>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .htaccess.sample>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .php_cs.dist>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files CHANGELOG.md>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files COPYING.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files Gruntfile.js>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files LICENSE.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files LICENSE_AFL.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files nginx.conf.sample>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files package.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files php.ini.sample>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files README.md>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files magento_umask>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files auth.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .user.ini>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
# For 404s and 403s that aren't handled by the application, show plain 404
response
ErrorDocument 404 /pub/errors/404.php
ErrorDocument 403 /pub/errors/404.php
################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
#FileETag none
# ######################################################################
# # INTERNET EXPLORER #
# ######################################################################
# ----------------------------------------------------------------------
# | Document modes |
# ----------------------------------------------------------------------
# Force Internet Explorer 8/9/10 to render pages in the highest mode
# available in the various cases when it may not.
#
# https://hsivonen.fi/doctype/#ie8
#
# (!) Starting with Internet Explorer 11, document modes are deprecated.
# If your business still relies on older web apps and services that were
# designed for older versions of Internet Explorer, you might want to
# consider enabling `Enterprise Mode` throughout your company.
#
# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
#
http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
<IfModule mod_headers.c>
Header set X-UA-Compatible "IE=edge"
# `mod_headers` cannot match based on the content-type, however,
# the `X-UA-Compatible` response header should be send only for
# HTML documents and not for the other resources.
<FilesMatch
"\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-UA-Compatible
</FilesMatch>
</IfModule>
```
</details>
</summary>
<summary>.htaccess pub dir
<details>
```
############################################
## Optional override of deployment mode. We recommend you use the
## command bin/magento deploy:mode:set to switch modes instead
# Options are default, production, or developer
# SetEnv MAGE_MODE default
############################################
## Uncomment these lines for CGI mode.
## Make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi
# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php
############################################
## GoDaddy specific options
# Options -MultiViews
## You might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## If it still doesn't work, rename php.ini to php5.ini
############################################
## This line is specific for 1and1 hosting
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php
############################################
## Default index file
DirectoryIndex index.php
<IfModule mod_php5.c>
############################################
## Adjust memory limit
php_value memory_limit 756M
php_value max_execution_time 18000
############################################
## Disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
# Disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
</IfModule>
<IfModule mod_php7.c>
############################################
## Adjust memory limit
php_value memory_limit 756M
php_value max_execution_time 18000
############################################
## Disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## Enable resulting html compression
#php_flag zlib.output_compression on
###########################################
# Disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
</IfModule>
<IfModule mod_security.c>
###########################################
# Disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## Enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter on all content
###SetOutputFilter DEFLATE
# Insert filter on selected content types only
#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
text/javascript
# Netscape 4.x has some problems...
#BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_ssl.c>
############################################
## Make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## Enable rewrites
Options +SymLinksIfOwnerMatch
RewriteEngine on
############################################
## You can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## Workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## Never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## Rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresDefault "access plus 1 year"
ExpiresByType text/html A0
ExpiresByType text/plain A0
</IfModule>
###########################################
## Deny access to release notes to prevent disclosure of the installed
Magento version
<Files RELEASE_NOTES.txt>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
# For 404s and 403s that aren't handled by the application, show plain 404
response
ErrorDocument 404 /errors/404.php
ErrorDocument 403 /errors/404.php
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
#FileETag none
###########################################
## Deny access to cron.php
<Files cron.php>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
## Deny access to .user.ini
<Files .user.ini>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<IfModule mod_headers.c>
############################################
## Prevent clickjacking
Header set X-Frame-Options SAMEORIGIN
</IfModule>
```
</details>
</summary>
404 errors are handled by the application otherwise show the default apache
404 documents.
I haven't enabled pagespeed configuration on apache.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
