html – NGINX – Sites in LAN doesn’t access folders

In a LAN, I installed a NGINX and the default file configuration is:

server {
        listen 80;
        listen (::):80;

        root /var/www;

        index index.html index.htm;

        server_name _;

        location / {
                try_files $uri $uri/ =404;
        }

}

now tarefas.conf:

server {
        listen 80;
        listen (::):80;

        root /var/www/tarefas;

        index index.html index.htm;

        server_name tarefas.home;

        location / {
                try_files $uri $uri/ =404;
        }
        location ~.(css) {
                root /var/www/tarefas/css;
        }
        location ~.(js) {
                root /var/www/tarefas/js;
        }
}

In: http://serverip the file index.html inside www opened (ok, it’s correct), now: http://ipdoservidor/tarefas open the file index.html inside tarefas folder (ok, it’s correct to), but inside tarefas folder has /css and /js with your respective files, but when I try access http://serverip/tarefas the js and css files are trying opened by “https://superuser.com/” (/var/www Ex.: http://serverip/css/style.css instead http://serverip/TAREFAS/css/style.css).

Thanks.

nginx – Extremely High TTFB on WordPress website – Not dabase or server … what else could cause it?

I’m running a WordPress ecommerce website on a dedicated VPS with 4CPUs and 6gb RAM, so resources are not an issue . On top of this I have VestaCP installed, with a Nginx + Apache + Php-FPM server . Also using clouflare caching together with WP Rocket, which have worked together the best out of all tests so far .

After deploying the website in question I have been struggling with unbearably high TTFB times which account for around 2.5seconds average from multiple locations I have tested using KeyCDN .

So I made a new fresh wordpress install and realized that even though my TTFB still isn’t the best, I could reach around 400 to 500ms average from multiple locations .

This allowed me to rule out the possibility of having a bottleneck at the server side so after a bit more debugging and installing WordPress Query Monitor, I realized the total number of calls being done to the database only accounts for 0.09 seconds, so the database also does not seem to be an issue unless it’s causing a huge delay even before the first query after TTFB ends runs .

Another thing I have done was to disable every plugin but that also didn’t seem to help much, perhaps it took 300ms or so to the total loading time during the wait (TTFB) .

I feel a bit lost here and at this point am not sure what else I could do in order to debug this or what might be causing it .

Even though the db queries are running fast it still feels as it’s the database that hangs for a while before the website starts loading .

Would really appreciate some insights on how to further debug this issue and how to rule out the database as a bottleneck .

Thanks

reverse proxy – configure NGINX to redirect default IP to external site with out changing URL

I want to be able to visit https:// and for it to keep my ip address as the URL in the browser but redirect to an external site.

When visiting my server redirects to newurl.com but the browsers also shows newurl.com
How can I prevent it from changing the URL in browser?

below is my NGINX configuration

server {
listen 80 default_server;
listen [::]:80 default_server;

    server_name _;

  location / {
     proxy_pass https://newurl.com
     proxy_set_header Host newurl.com;
     proxy_redirect http://newurl.com originalurl.com/;
  }
}

NGINX block access to folder not working

I would like to block access to a specific folder.

www.example.com/user/login

Here is my nginx vhost:

server {
        listen 80;

        root /var/www/example.com;
        index index.php;


        server_name example.com;

        access_log /var/log/nginx/access.log main;
        error_log /var/log/nginx/error.log;

        if (!-e $request_filename) {
                rewrite ^/admin/(.*)?$ /admin/index.php?a=$1 break;
                rewrite ^/(.*)$ /index.php?a=$1 last;
                break;
        }

        if ($request_uri ~ "/index.(php|html?)") {
                rewrite ^ /$1 permanent;
        }

        location / {
                try_files $uri $uri/ /index.php;
        }


        location ~*  .(jpg|jpeg|png|gif|ico|css|js|woff)$ {
                expires 365d;
        }


location /user/login {
deny all;
        }


        location ~ (.sql.gz|.sql) { return 403; }

        location ~ .php$ {
                fastcgi_split_path_info ^(.+.php)(/.+)$;
                fastcgi_pass unix:/var/run/php7-fpm.sock;
#               fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
        }

}

server {
        listen 80;

        server_name  www.example.com;
        rewrite ^(.*) http://example.com$1 permanent;
}

I still have access to that folder. (yes I made nginx -s reload and restart nginx after each try).

Instead of:

location /user/login {
deny all;
        }

I tried also the following directives:

location = /user/login {
deny all;
        }

location ^~ /user/login {
deny all;
        }

But none of them is blocking access to that folder.

Can anyone help to spot the problem?

NGINX limit_req_zone – limit_req are blocking immediately

want to protect wp-login from brute force attacks.
I want to limit to 15 attempts/requests of the wp-login.php file per minute.

I added this rule to nginx.conf

limit_req_zone $binary_remote_addr zone=wordpress:10m rate=15r/m;
    limit_req_status 429;

And to a global.d/secure.conf file I added the following:

location = /wp-login.php {
    limit_req zone=wordpress;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    #fastcgi_pass 127.0.0.1:9000;
}

The problem is that the first time I enter a www.example.com/wp-login I get a 502 bad gateway error. If I refresh the page, I get the 429 error.

I expected the wp-login to work. Only after 15 attempts it should fail.

Anybody knows what I am doing wrong? For the time being you can test the behavior in this website. Just append /wp-login.php or /wp-admin

nginx – List of all Permissions-Policy header keys and values?

Does someone have a list of all Permissions-Policy header keys and values?

What I have:

more_set_headers "Permissions-Policy: camera=(self); fullscreen=(self); geolocation=(self); payment=()";

It was somehow (old – don’t use it):

more_set_headers "Feature-Policy: camera 'self'; fullscreen *; geolocation 'self'; payment 'none'";

Extra: How can I make fullscreen recursive again?

Deny access to all the content of a section of website with Nginx from Plesk

I need to deny access to a part of website and allow some IP Addresses to access it for example my site is example.com it is accessible by every one but example.com/test and all its files are accessible only for 123.123.123.123, so I tried this code in PLESK.

Domains > example.com >Apache & nginx Settings. In the Additional nginx directives section I added this code and my IP address.

Code:

location ^~ /test {
allow 203.0.113.2;
deny all;
}

this worked for example.com/test but for example.com/test/file.php it did not work the files are accessible, and they are being downloaded instead of being executed, I Googled for solution but I did not find anything so what should I add to fix this and to deny access to all the content of /test
because I need to upload an angular project in this directory that I want to limit access to, so I need to deny access to different directories and different file formats.

nginx – how can I deny access to all the content of a section of website

I need to deny access to a part of website and allow some IP Addresses to access it for example my site is emample.com it is accessible by every one but emample.com/test and all its files are accessible only for 123.123.123.123 , so I tried this code in PLESK

Domains > example.com >Apache & nginx Settings. In the Additional nginx directives section I added this code and my ip address

Code:

location ^~ /test {
allow 203.0.113.2;
deny all;
}

this worked for emample.com/test but for emample.com/test/file.php it did not work the files are accessible, and they are being downloaded instead of being executed, I googled for solution but I did not find anything so what should I add to fix this and to deny access to all the content of /test
because I need to upload an angular project in this director that I want to limit access to, so I need to deny access to different directors and different file format

logging – Generating Nginx log file entries for logrotate testing

How can I generate Nginx log file data for one or more test (burner) domains on a test server? I want to essentially mimic a live website with regular traffic being logged but without the provision of a legit website?

I have started learning about logrotate and I am adapting it for the sites on my servers. In order to more fully understand how it works, I am ideally looking to replicate log file entries as if the test domains are live sites, without opening the domains up to a larger audience since they’re essentially disposable domains for this purpose.

I have full (root) access to my VPS, I have Nginx set up as I want it, the test domains are all web-side rather than internal, and I have log files that currently just get bigger as time progresses…hence the need for logrotate.

I do not need a benchmarking, concurrency or load testing tool in the traditional sense as I don’t want to overwhelm the server, so something like ab or siege that can run in drip-drip-drip mode might be a route to investigate.

nginx – how can I deny access to all the content of a section of website

I need to deny access to a part of website and allow some IP Addresses to access it for example my site is emample.com it is accessible by every one but emample.com/test and all its files are accessible only for 123.123.123.123 , so I tried this code in PLESK

Domains > example.com >Apache & nginx Settings. In the Additional nginx directives section I added this code and my ip address

Code:

location ^~ /test {
allow 203.0.113.2;
deny all;
}

this worked for emample.com/test but for emample.com/test/file.php it did not work the files are accessible, and they are being downloaded instead of being executed, I googled for solution but I did not find anything so what should I add to fix this and to deny access to all the content of /test