docker-compose exec nginx nginx -t should work.
1 Like
I was looking for the complete config output via capital “T”:
nginx -T
2 Likes
Sorry @rg305, here you go now:
[ec2-user@ip-172-31-89-184 gotobot3]$ docker-compose exec nginx nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}#map expires
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/default.conf:
#Dozvoljava kompresiju
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
upstream rasa {
#server 184.72.-187.19:5005;
#I had to this for port 5005 but not for landing because there default port is 80
server rasa:5005;
}
upstream landing {
#server 184.72.187.19:8080;
#server 127.0.0.1:8080;
server landing;
}
upstream server {
#server 184.72.187.19:8080;
#server 127.0.0.1:8080;
server server:9000;
}
server {
listen 443 ssl;
server_name gotobot.co www.gotobot.co;
# server_name localhost;
# @TODO remove for production
#allow 127.0.0.1;
#allow 83.71.213.166;
#deny all;
#resolver 1.1.1.1 8.8.8.8 9.9.9.10;
resolver 127.0.0.11 valid=30s;
include partials/common.conf;
include partials/ssl.conf;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location ~* \.(?:ico|css|js|gif|jpeg|jpg|png)$ {
expires 9d;
add_header Pragma public;
add_header Cache-Control "public";
}
# location ~* \.(?:ico|css|js|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ {
# expires 365d;
# add_header Cache-Control "public, no-transform";
# }
#location ^~ / {
location ^~ / {
proxy_pass http://landing;
include partials/common_location.conf;
include partials/cors.conf;
#include partials/common.conf;
#include partials/ssl.conf;
}
# location / {
# proxy_pass http://api/webhooks/rest/webhook;
# include partials/common_location.conf;
# include partials/cors.conf;
# }
location = /hotel { rewrite ^ /hotel/ redirect; }
location /hotel {
#proxy_pass http://rasa;
rewrite /hotel/(.*) /$1 break;
proxy_pass http://rasa/webhooks/rest/webhook;
#include partials/common.conf;
#include partials/ssl.conf;
#proxy_set_header Accept '*/token';
}
location ^~ /server {
proxy_pass http://server/sendMail;
#include partials/common.conf;
#include partials/ssl.conf;
}
}
map $remote_addr $proxy_forwarded_elem {
# IPv4 addresses can be sent as-is
~^[0-9.]+$ "for=$remote_addr";
# IPv6 addresses need to be bracketed and quoted
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
# Unix domain socket names cannot be represented in RFC 7239 syntax
default "for=unknown";
}
map $http_forwarded $proxy_add_forwarded {
# If the incoming Forwarded header is syntactically valid, append to it
"~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
# Otherwise, replace it
default "$proxy_forwarded_elem";
}
# configuration file /etc/nginx/partials/common.conf:
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# configuration file /etc/nginx/partials/ssl.conf:
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1:secp256k1;
#ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
#ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
#ssl_certificate /etc/letsencrypt/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/privkey.pem;
ssl_certificate /etc/letsencrypt/live/www.gotobot.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.gotobot.co/privkey.pem;
#ssl_session_timeout 10m;
#ssl_session_cache shared:SSL:10m;
#ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_session_cache shared:le_nginx_SSL:10m;
#ssl_session_timeout 1440m;
#ssl_protocols TLSv1.2 TLSv1.3;
#ssl_prefer_server_ciphers off;
#ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";
# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
# configuration file /etc/nginx/partials/common_location.conf:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Forwarded $proxy_add_forwarded;
# configuration file /etc/nginx/partials/cors.conf:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
# configuration file /etc/nginx/conf.d/redirect_to_https.conf:
server {
listen 80;
server_name _;
location /.well-known/acme-challenge/ {
# allow letsencrypt to verify challenges
root /var/www/certbot;
# put extra configuration here, if needed
}
location / {
# return 301 https://$server_name$request_uri;
return 301 https://$host$request_uri;
# return 301 http://$host$request_uri;
}
}
[ec2-user@ip-172-31-89-184 gotobot3]$
1 Like
Ok try using this maping instead:
[added two lines]
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
~img/ max;
image/png max;
}#map expires
I’m sorry, but I’ve run out of ideas.
The is clearly an NGINX settings problem.
You might want to also look online, or within an NGINX forum, for additional help.
As a last comparison, please show:
nginx -V
1 Like
I’m using cmder - https://cmder.net/
But I always double check with this analysis - https://gtmetrix.com/
I can’t search trough your image.
Does it contain --with-http_addition_module ?
If not, you might need to add that in.
See: http://nginx.org/en/docs/http/ngx_http_addition_module.html
Otherwise, I would try without gzip.
change:
gzip on;
to
gzip off;
1 Like
Yes.
Yes I have this:
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
but without that I had other compression warning which got solved...
As a test, try without gzip, then put it back on.
1 Like
Done, situation is still the same.
ok , now I really give up - sorry 
1 Like
No problem, thank you for trying! 
1 Like
9peppe do you have any ideas?
Also, here - https://intodns.com/gotobot.co
And here is my record set on aws, what should I do? My 5.77.36.127 address is for MX records only since I store them on other provider.
1 Like
what is the purpose of this record? can you move it on another zone?
*.gotobot.co. 299 IN CNAME _48059b2175a51f92f93ff8f77ada213c.vhzmpjdqfx.acm-validations.aws.
putting it as a wildcard conflicts with the necessity to have an A and/or AAAA record on mail.gotobot.co
for me, I only see 4 NS records, all from amazon. I see the others if I query the co. zone, you need to login into your registrar's panel and remove the non-amazon nameservers or set the nodowntimedomains.com. ones as slaves. (backup, transfer the zone)
2 Likes
To me it looks like your caching is working:
% curl -I https://www.gotobot.co/img/home_mob-min.8acf0c60.png
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 26 Mar 2020 09:43:42 GMT
Content-Type: image/png
Content-Length: 4325
Connection: keep-alive
Last-Modified: Tue, 24 Mar 2020 19:48:31 GMT
ETag: "5e7a640f-10e5"
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
There are both a Last-Modified and an ETag headers.
If you want Expires too, you can use the map you wrote and add, in the server block, a line:
expires $expires;
removing the location blocks for static stuff. As in the example here at the bottom: Module ngx_http_headers_module
Using Expires can have unintended consequences, though. Last-modified and Etag are usually enough, add expire if responding with some 304 not modified is something you want to avoid.
2 Likes
I think it is not working properly since I checked on “gmetrix.com”:
Also, I now double checked on Google speed check and same error is happening.
But this is my code, I already have $expires?
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
~img/ max;
image/png max;
}#map expires
1 Like
your expires is a map, see it like a js dictionary.
you need to send the actual header too. add a line
expires $expires;
in your server block
to give you an example, you wrote
expires = {
"default": "off",
"text/html": "epoch",
"text/css": "max"
// and more
}
you also need
console.log(expires[mimetype])
2 Likes