yeah cos i disabled the ssl to check if it still worked, is the '/' in the redirection that important? how could i change it?
I would leave it in, at least for now.
1 Like
oh, ok, i thought you pointed it out cos it may be the problem
What is the public IP of your origin server? Something must be wrong with its HTTPS configuration. We can check that if we know your IP.
3 Likes
this one
http://158.179.219.217/
1 Like
In general (however you are testing so things are dynamic right now) is the HTTPS to HTTP;
advise is the other way around.
1 Like
I see this
And nmap I see this
$ nmap -Pn -p80,443 158.179.219.217
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-29 11:05 PDT
Nmap scan report for 158.179.219.217
Host is up (0.17s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds
1 Like
Yeah, nginx is not responding to port 443 at all. Did you create an nginx server block for port 443?
Check firewall for port 443 open and also make sure nginx is actually listening.
Show us
sudo netstat -pant | grep -E ':443|:80' | grep -i listen
Use sudo ss -pant ... if you don't have netstat
3 Likes
It's how you define how nginx handles requests. See this site for examples (link here). Please do not use HSTS or Stapling until you are expert and know what they do.
Can you post output of below command? An upper case T is essential
sudo nginx -T
That all said, nginx IS listening on port 443. If you did not make a server block then it might be using some default one.
But, I think it more likely you have a firewall or some other problem with port 443.
curl -I https://158.179.219.217
curl: (7) Failed to connect to 158.179.219.217 port 443 after 99 ms:
No route to host
curl -I http://158.179.219.217
HTTP/1.1 200 OK
Server: nginx
4 Likes
I totally agree! 
1 Like
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/manuel-tornero.tech:12
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/manuel-tornero.tech:13
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
user www-data;
worker_processes auto;
worker_rlimit_core 736890;
worker_rlimit_nofile 736890;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 20000;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
reset_timedout_connection on;
send_timeout 30;
keepalive_timeout 30;
keepalive_requests 100000;
client_body_buffer_size 32k;
client_max_body_size 100m;
client_body_timeout 30;
client_header_timeout 30;
open_file_cache max=1000 inactive=10s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
types_hash_max_size 2048;
server_names_hash_max_size 2048;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=wp:10m rate=5r/s;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_buffer_size 4k;
ssl_session_tickets off;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:50m;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_prefer_server_ciphers off;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
##
# Logging Settings
##
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent $request_time '
'"$http_referer" "$http_user_agent"';
log_format we_log_ext '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
include /etc/nginx/conf.d/*.conf.log;
open_log_file_cache max=1000 inactive=30s valid=1m;
access_log off;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 256;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
font/ttf
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/xml
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/fastcgi.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
fastcgi_cache_path /run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m max_size=5526m inactive=7d;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;
fastcgi_cache_valid 200 30d;
fastcgi_cache_valid 301 302 303 307 308 404 410 451 1m;
fastcgi_cache_background_update on;
fastcgi_cache_lock on;
fastcgi_keep_conn on;
fastcgi_connect_timeout 30s;
fastcgi_read_timeout 60s;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_ignore_headers X-Accel-Redirect X-Accel-Expires X-Accel-Limit-Rate X-Accel-Buffering X-Accel-Charset Expires Cache-Control Set-Cookie Vary;
#fastcgi_next_upstream error timeout;
# configuration file /etc/nginx/conf.d/upstream.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
upstream php {
zone upstreams 64k;
server 127.0.0.1:9000;
# We recommend setting the 'keepalive' parameter to twice the number of servers listed in the upstream block.
# For FastCGI servers, it is required to set 'fastcgi_keep_conn' for keepalive connections to work (conf.d/fastcgi.conf)
# Note also that when you specify a load-balancing algorithm in the upstream block – with the hash, ip_hash, least_conn, least_time, or random directive – the directive must appear above the keepalive directive.
#keepalive 2;
}
# configuration file /etc/nginx/sites-enabled/default:
server {
listen 80 default_server;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# configuration file /etc/nginx/sites-enabled/default:22222:
# Webinoly Admin-Tools NGINX CONFIGURATION
# WebinolyNginxServerStart
server {
listen 22222 default_server deferred;
listen [::]:22222 default_server;
access_log /var/log/nginx/default:22222.access.log we_log;
error_log /var/log/nginx/default:22222.error.log;
root /var/www/default:22222/htdocs;
index index.php index.htm index.html;
autoindex on;
include common/auth.conf;
include common/acl.conf;
include common/php.conf;
include common/locations.conf;
include common/header.conf;
# Status pages
location = /nginx_status {
stub_status on;
access_log off;
}
location ~* ^/(status|ping)$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
# phpMyAdmin protection
location ~* ^/pma/(libraries|templates) {
autoindex off;
deny all;
access_log off;
log_not_found off;
}
}
# WebinolyNginxServerEnd
# configuration file /etc/nginx/common/auth.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
set $authfile ".htpasswd";
if ( -f /etc/nginx/apps.d/.htpasswd-$server_name ) {set $authfile "apps.d/.htpasswd-$server_name";}
# configuration file /etc/nginx/common/acl.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
satisfy any;
auth_basic "Restricted Area";
auth_basic_user_file $authfile;
# Whitelist (Allowed IP Address List)
include apps.d/*-acl.conf;
allow 127.0.0.1;
deny all;
# configuration file /etc/nginx/common/php.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
# Not remove these comments
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
#fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# WebinolyCustom
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SERVER_NAME $host;
fastcgi_param HTTP_HOST $http_host;
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_ACCEPT_ENCODING "";
# WebinolyCustomEnd
# configuration file /etc/nginx/common/locations.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
# Fallback robots.txt location (wp and proxy have higher priority if present)
location ~* ^/robots.txt$ {
access_log off;
log_not_found off;
}
# Security settings for better privacy
#######################################
# Deny hidden (dot) files except the "well-known" folder
location ~* /.well-known.*/$ {autoindex off;}
location ~* ^\/\.(?!(well-known/)).*$ {
deny all;
access_log off;
log_not_found off;
}
# Deny/Block some extensions
location ~* ^.+\.(7z|asc|asp|aspx|ba|bak|bash|bat|bin|bz2|c|cfg|cgi|class|com|conf|cpp|crt|cs|dat|db|dbf|deb|der|dll|dmg|dmp|dump|ear|exe|git|gz|h|hg|hqx|img|ini|iso|jar|jsp|log|mdb|msi|msm|msp|old|orig|original|out|pem|php#|php_bak|php~|pkg|pl|ppk|py|rar|rdf|rpm|run|save|sh|sql|srv|svn|swo|swp|sys|tar|taz|tcl|tgz|tk|tmp|tpl|tz|vb|war|wsf|z|zip)$ {
deny all;
access_log off;
log_not_found off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
location ~* "/(changelog|example|installation|legalnotice|license|readme|wp-config)\.(txt|html|htm|md)" {
return 403;
}
# configuration file /etc/nginx/common/header.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
include common/headers-http.conf;
include common/headers-html.conf;
# CORS and Cache for static files
##################################
# CORS only needed for:
# - Invocations of the XMLHttpRequest or Fetch APIs. (preflight mode may be needed, not included here)
# - Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by web sites that are permitted to do so.
# - WebGL textures.
# - Images/video frames drawn to a canvas using drawImage().
# - CSS Shapes from images.
# Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
# That means that most of the times is only used by fonts. (Simple request mode with wildcard is enough)
# NOTE: We have this location here (not in locations.conf) to add the HSTS header when needed in static files.
# Add the Strict-Transport-Security header to all HTTPS responses. https://hstspreload.org/#deployment-recommendations
# NOTE: The XML extension is not included in the static file list because it breaks the dynamically generated sitemaps (WordPress, for instance).
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xpi|xspf|z|zip)$ {
include common/headers-http.conf;
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# configuration file /etc/nginx/common/headers-http.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
add_header X-Cache-Status $upstream_cache_status;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
# configuration file /etc/nginx/common/headers-html.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
#add_header Content-Security-Policy " ";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Cache-Control "no-cache";
# configuration file /etc/nginx/sites-enabled/manuel-tornero.tech:
# WebinolySSLredirectStart - HTTP to HTTPS Redirect
server {
listen 80;
listen [::]:80;
server_name manuel-tornero.tech www.manuel-tornero.tech;
return 301 https://$host$request_uri;
}
# WebinolySSLredirectEnd
# WebinolyNginxServerStart
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name manuel-tornero.tech www.manuel-tornero.tech;
# WebinolySSLstart
ssl_certificate /etc/letsencrypt/live/manuel-tornero.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/manuel-tornero.tech/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/manuel-tornero.tech/chain.pem;
# WebinolySSLend
access_log off;
error_log /var/log/nginx/manuel-tornero.tech.error.log;
root /var/www/manuel-tornero.tech/htdocs;
index index.php index.html index.htm;
include common/auth.conf;
# WebinolyCustom
# WebinolyCustomEnd
include common/wpfc.conf;
include common/wpcommon.conf;
include common/locations.conf;
include common/headers.conf;
include /var/www/manuel-tornero.tech/*-nginx.conf;
include /etc/nginx/conf.d/*.conf.srv;
}
# WebinolyNginxServerEnd
# configuration file /etc/nginx/common/wpfc.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
# Not remove these comments
set $skip_cache 0;
# URL with a query string should always go to php
if ($query_string != "") {
set $skip_cache 1;
} #End
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|.*sitemap.*.xml|/feed/|/account/|/add_to_cart/|/cart/|/my-account/|/checkout/|/logout/)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart|[a-z0-9]+_cart_hash") {
set $skip_cache 1;
}
include apps.d/global*custom_cache.conf;
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
}
# configuration file /etc/nginx/common/wpcommon.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
# Limited Access (Only logged in users in wp-admin)
# https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-websites.html
location /wp-admin/ {
location ~* /wp-admin/admin-ajax.php$ {
limit_req zone=wp burst=8 nodelay;
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
location ~* /wp-admin/.*\.php$ {
limit_req zone=wp burst=15 nodelay;
include common/acl.conf;
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
}
location = /wp-login.php {
limit_req zone=one burst=2 nodelay;
include common/acl.conf;
include fastcgi_params;
fastcgi_pass php;
}
# Disallow php in upload folder
location /wp-content/uploads/ {
location ~* \.php$ {
deny all;
}
}
# Easy Digital Downloads
location ~* /wp-content/uploads/edd/(.*?)\.zip$ {
rewrite / permanent;
}
# WPRobotStart
location = /robots.txt {
# When native WP robots is used, the redirection to index.php makes that "access_log off" not work because index.php is running in a different location block.
try_files $uri $uri/ /index.php$is_args$args;
access_log off;
log_not_found off;
}
# WPRobotsEnd
# WPxmlrpcStart
location = /xmlrpc.php {
limit_req zone=one burst=1 nodelay;
include fastcgi_params;
fastcgi_pass php;
}
# WPxmlrpcEnd
# configuration file /etc/nginx/common/headers.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
include common/headers-http.conf;
include common/headers-html.conf;
include common/headers-https.conf;
# CORS and Cache for static files
##################################
# CORS only needed for:
# - Invocations of the XMLHttpRequest or Fetch APIs. (preflight mode may be needed, not included here)
# - Web Fonts (for cross-domain font usage in @font-face within CSS), so that servers can deploy TrueType fonts that can only be loaded cross-origin and used by web sites that are permitted to do so.
# - WebGL textures.
# - Images/video frames drawn to a canvas using drawImage().
# - CSS Shapes from images.
# Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
# That means that most of the times is only used by fonts. (Simple request mode with wildcard is enough)
# NOTE: We have this location here (not in locations.conf) to add the HSTS header when needed in static files.
# Add the Strict-Transport-Security header to all HTTPS responses. https://hstspreload.org/#deployment-recommendations
# NOTE: The XML extension is not included in the static file list because it breaks the dynamically generated sitemaps (WordPress, for instance).
location ~* \.(3gp|3gpp|7z|aac|ai|asf|asx|atom|avi|avif|bin|bmp|bz2|cast|cco|crt|css|cur|deb|der|dll|dmg|doc|docx|ear|eot|eps|exe|flv|gif|gz|heic|hqx|htc|ico|img|iso|jad|jar|jardiff|jng|jnlp|jpeg|jpg|js|json|kar|kml|kmz|m3u8|m4a|m4v|mid|midi|mml|mng|mov|mp3|mp4|mpeg|mpg|msi|msm|msp|odg|odp|ods|odt|ogg|ogv|otf|pdb|pdf|pem|pl|pm|png|ppt|pptx|prc|ps|ra|rar|rpm|rss|rtf|run|sea|sit|svg|svgz|swf|tar|taz|tcl|tgz|tif|tiff|tk|ts|ttf|txt|tz|war|wasm|wav|wbmp|webm|webmanifest|webp|wml|wmlc|wmv|woff|woff2|xhtml|xls|xlsx|xpi|xspf|z|zip)$ {
include common/headers-http.conf;
include common/headers-https.conf;
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# configuration file /etc/nginx/common/headers-https.conf:
# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost. #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs. #
# Please, read the documentation: https://webinoly.com/documentation/ #
#####################################################################################################
# Be aware that inclusion in the preload list cannot easily be undone.
# Don't request inclusion unless you're sure that you can support HTTPS for your entire site and all its subdomains the long term.
# https://hstspreload.org/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
about the firewall issue it may be but i just checked and the firewall was disable, i believe i deactivated it trying to make it work, but now its active with an exception on port 80 and 443
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
Try this style instead
listen 443 ssl;
http2 on;
1 Like
Check all your network setting there. Make sure port 443 is enabled and that it is set so it is handled by your nginx.
I didn't see anything wrong with your nginx although using the new style http2 directive as @Bruce5051 notes. It will avoid the deprecation warning. It isn't causing this problem but worth doing.
4 Likes
well, in the end the problem was i didnt open the 443 port on the iptables, thanks you all for the help
the command i use in case anybody has the same problem
iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
edit: updated 80 to 443
4 Likes
Which port was it?
3 Likes
443 my bad, it was the 443 port
1 Like
fixed the original post
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.