Hide/strip set cookies on static files and howto use alias

Hi
I have a few questions about how do I configure it.

First question:

How do I strip the “Set-Cookie” header from all static files like css
and
jpg? I know i can setup a reverse proxy and use “proxy_hide_header
Set-Cookie”, but seems like foolish to make yet another host, just to
reverse to your self and add a few hundred msec to the request.

Second question:

I’m trying to make an alias to hide a folder in the lookup to the
subfolder,
the structure is:
/var/www/domain.tld/media/ads
/var/www/domain.tld/media/galleries
/var/www/domain.tld/media/misc
/var/www/domain.tld/media/thumbs

making the url like this /media/thumbs/5 subfolders/image-file

how do i change that into /thumbs/5 subfolders/image-file

I have tried with both alias and root but both returns a 404

Third question:
[error] 9178#9178: *13452 upstream timed out (110: Connection timed out)
while reading response header from upstream, client: upstream:
“fastcgi://unix:/var/run/php-fpm.sock”, host:

have a lot of those, any suggestions?

nginx.conf

#user nginx;
user apache;
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] 

“$request”

'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

aio threads;
sendfile        on;
sendfile_max_chunk  1m;
tcp_nopush     on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 15;

client_max_body_size 4G;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;
index              index.php index.html index.htm;

## Nginx’s Open file cache

open_file_cache max=5000 inactive=5m; ##If you have way
too
many files, change max from 5000 to more appropriate value.
open_file_cache_valid 20m; ## Tell nginx to check if information
it
is holding is valid every n minutes.
open_file_cache_min_uses 1; ## If files don’t change much often,
or
accesses less frequently, you can change inactive duration from 20m to
something else.
## Inactive
andopen_file_cache_min_uses works together.
## This sample tells nginx to cache a
file information as
long as minimum 2 requests are made during 5m window.
open_file_cache_errors on; ## Tell nginx to cache errors like 404
(file not found). If you are using nginx as load-balancer, leave this
off.

gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
  text/css
  text/javascript
  text/xml
  text/plain
  text/x-component
  application/javascript
  application/x-javascript
  application/json
  application/xml
  application/rss+xml
  application/atom+xml
  application/rdf+xml
  application/vnd.ms-fontobject
  font/truetype
  font/opentype
  image/svg+xml;

add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
add_header X-Content-Type-Options nosniff; #MIME-type sniffing

include /etc/nginx/conf.d/*.conf;

}

domain.tld.conf

server {
listen ip:80;
listen [ipv6]:80;
server_name domain.tld www.domain.tld;
index index.php =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
root /var/www/domain.tld;
expires max;
add_header Pragma “public”;

#include /etc/nginx/conf.d/mechbunny.inc;

set $site_root $document_root;


charset utf-8;
access_log  /var/log/nginx/access.log  main;
error_log  /var/log/nginx/error.log error;

location / {
    if ($arg_max) { expires max; }
    rewrite ^/page([0-9]+).html$ 

/index.php?controller=index&page=$1;
rewrite ^/galleries/(.)-([0-9]+).html$
/index.php?controller=gallery&id=$2;
rewrite ^/video/(.
)-([0-9]+).html$
/index.php?controller=video&id=$2;
rewrite ^/signup$ /index.php?controller=signup;
rewrite ^/upload$ /index.php?controller=upload;
rewrite ^/upload_photo$
/index.php?controller=upload&option=photo;
rewrite ^/login$ /index.php?controller=login;
rewrite ^/logout$ /index.php?controller=logout;
rewrite ^/contact$ /index.php?controller=contact;
rewrite ^/forgot-pass$ /index.php?controller=forgot_pass;
rewrite ^/my-profile$ /index.php?controller=my_profile;
rewrite ^/my-friends$ /index.php?controller=my_friends;
rewrite ^/my-friends/$ /index.php?controller=friends;
rewrite ^/my-friends/page([0-9]+).html$
/index.php?controller=friends&page=$1;
rewrite ^/edit-profile$ /index.php?controller=edit_profile;
rewrite ^/edit-content/(.)$
/index.php?controller=editContent&id=$1;
rewrite ^/static/(.
)$
/index.php?controller=displayStatic&id=$1;
rewrite ^/load/(.)$ /index.php?controller=loadLayout&id=$1;
rewrite ^/filter/(.
)$ /index.php?controller=setFilter&id=$1;
rewrite ^/embed/([0-9]+)$ /index.php?controller=embed&id=$1;
rewrite ^/dmca$ /index.php?controller=dmca;
rewrite ^/tos$ /index.php?controller=tos;
rewrite ^/crss/([0-9]+)$ /index.php?controller=crss&id=$1;
rewrite ^/rss$ /index.php?controller=rss;
rewrite ^/a/(.)$ /index.php?controller=link&slug=$1;
rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/$
/index.php?controller=index&mode=$1;
rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/page([0-9]+).html$
/index.php?controller=index&mode=$1&page=$2;
rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/(day|week|month)/$
/index.php?controller=index&mode=$1&dateRange=$2;
rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/(day|week|month)/page([0-9]+).html$
/index.php?controller=index&mode=$1&dateRange=$2&page=3;
rewrite
^/(my-uploads|favorites|most-recent|most-discussed|most-viewed|longest|top-rated|photos|random|my-friends)/page([0-9]+).html$
/index.php?controller=index&mode=$1&page=$2;
rewrite ^/uploads-by-user/([0-9]+)/$
/index.php?controller=index&mode=uploads-by-user&user=$1;
rewrite ^/uploads-by-user/([0-9]+)/page([0-9]+).html$
/index.php?controller=index&mode=uploads-by-user&user=$1&page=$2;
rewrite ^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/$
/index.php?controller=index&mode=search&type=$1&q=$2&page=1;
rewrite
^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=index&mode=search&type=$1&q=$2&page=$3;
rewrite
^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$
/index.php?controller=index&mode=search&type=$1&q=$2&page=1&sortby=$3;
rewrite
^/search/(videos|members|photos)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page([0-9]+).html$
/index.php?controller=index&mode=search&type=$1&q=$2&page=$4&sortby=$3;
rewrite ^/search/([A-Za-z0-9-\s]+)/$
/index.php?controller=index&mode=search&q=$1&page=1;
rewrite ^/search/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=index&mode=search&q=$1&page=$2;
rewrite
^/search/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$
/index.php?controller=index&mode=search&q=$1&page=1&sortby=$2;
rewrite
^/search/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page([0-9]+).html$
/index.php?controller=index&mode=search&q=$1&page=$3&sortby=$2;
rewrite ^/channels/$ /index.php?controller=channels;
rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/$
/index.php?controller=index&mode=channel&channel=$1;
rewrite ^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/page(.
).html$
/index.php?mode=channel&channel=$1&page=$3;
rewrite
^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/$
/index.php?controller=index&mode=channel&channel=$1&sortby=$3;
rewrite
^/channels/([0-9]+)/([A-Za-z0-9-\s]+)/(newest|rating|views|longest)/page(.).html$
/index.php?mode=channel&channel=$1&sortby=$2&page=$4;
rewrite ^/models/$ /index.php?controller=pornstars;
rewrite ^/models/page([0-9]+).html$
/index.php?controller=pornstars&page=$1;
rewrite ^/models/([A-Za-z0-9-\s]+)/$
/index.php?controller=pornstars&letter=$1&page=1;
rewrite ^/models/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=pornstars&letter=$1&page=$2;
rewrite ^/models/(.
)-(.).html$
/index.php?controller=pornstar_bio&id=$2;
rewrite ^/stars/$ /index.php?controller=pornstars;
rewrite ^/stars/page([0-9]+).html$
/index.php?controller=pornstars&page=$1;
rewrite ^/stars/([A-Za-z0-9-\s]+)/$
/index.php?controller=pornstars&letter=$1&page=1;
rewrite ^/stars/([A-Za-z0-9-\s]+)/page([0-9]+).html$
/index.php?controller=pornstars&letter=$1&page=$2;
rewrite ^/stars/(.
)-(.).html$
/index.php?controller=pornstar_bio&id=$2;
rewrite ^/mailbox/$ /mailbox.php;
rewrite ^/mailbox/([0-9]+)$ /mailbox.php?mode=inbox&page=$1;
rewrite ^/mailbox/inbox/(.
)$ /mailbox.php?mode=inbox&page=$1;
rewrite ^/mailbox/outbox/(.)$ /mailbox.php?mode=outbox&page=$1;
rewrite ^/mailbox/read/([0-9]+)$ /mailbox.php?mode=read&mid=$1;
rewrite ^/mailbox/read/([0-9]+)/delete/$
/mailbox.php?mode=read&mid=$1&delete=true;
rewrite ^/mailbox/read/([0-9]+)/spam/$
/mailbox.php?mode=read&mid=$1&spam=true;
rewrite ^/mailbox/compose/(.
)/reply/$
/mailbox.php?mode=compose&mid=$1&reply=true;
rewrite ^/mailbox/inbox/$ /mailbox.php?mode=inbox;
rewrite ^/mailbox/outbox/$ /mailbox.php?mode=outbox;
rewrite ^/mailbox/compose/$ /mailbox.php?mode=compose;
rewrite ^/user/(.)-(.)/$
/index.php?controller=user_profile&id=$2;
rewrite ^/members/$ /index.php?controller=members;
rewrite ^/members/page([0-9]+).html$
/index.php?controller=members&page=$1;
if ($request_method = ‘OPTIONS’) {
add_header ‘Access-Control-Allow-Origin’ ‘';
#
# Om nom nom cookies
#
add_header ‘Access-Control-Allow-Credentials’ ‘true’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST,
OPTIONS’;
#
# Custom headers and headers various browsers should be OK
with
but aren’t
#
add_header ‘Access-Control-Allow-Headers’
‘DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type’;
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header ‘Access-Control-Max-Age’ 1728000;
add_header ‘Content-Type’ ‘text/plain charset=UTF-8’;
add_header ‘Content-Length’ 0;
return 204;
}
if ($request_method = ‘POST’) {
add_header ‘Access-Control-Allow-Origin’ '
’;
add_header ‘Access-Control-Allow-Credentials’ ‘true’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST,
OPTIONS’;
add_header ‘Access-Control-Allow-Headers’
‘DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type’;
}
if ($request_method = ‘GET’) {
add_header ‘Access-Control-Allow-Origin’ ‘*’;
add_header ‘Access-Control-Allow-Credentials’ ‘true’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST,
OPTIONS’;
add_header ‘Access-Control-Allow-Headers’
‘DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type’;
}
}

location /thumbs/ {
    alias /var/www/domain.tld/media/thumbs/;
}

location /admin/ {
    #index index.php;
    try_files $uri $uri/ /index.php?q=$uri&$args;
    access_log off;
    log_not_found          off;

}

location ~ \.mp4$ {
    limit_rate_after       5m;
    limit_rate             832k;
    mp4;
    mp4_buffer_size       1m;
    mp4_max_buffer_size   5m;
    gzip off;
    sendfile              on;
    aio                    on;
  }

location ~ \.flv$ {
    flv;
    aio                    on;
    limit_rate_after       10m;
    limit_rate             812k;
    sendfile              on;
    }

location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
    access_log off;
    log_not_found          off;
    aio                    on;
    sendfile              on;

    expires max;
    add_header            Pragma 'public';
    add_header            X-Frame-Options SAMEORIGIN;
}

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
    try_files $uri $uri/ index.php;
    fastcgi_pass   unix:/var/run/php-fpm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME 

$document_root$fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny  all;
}

}

Posted at Nginx Forum:

Hi Francis D. thank you very much for your reply

Let’s brake this down one by one. I followed you suggestion and added
fastcgi_connect_timeout 600s; to the conf, however the pages still time
out
after ~75 sec as expected do to this
http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_connect_timeout
“Defines a timeout for establishing a connection with a FastCGI server.
It
should be noted that this timeout cannot usually exceed 75 seconds.”

2016/04/06 12:30:47 [error] 9286#9286: *348669 upstream timed out (110:
Connection timed out) while reading response header from upstream,
client:
108.162.216.74, server: myvid.top, request: "GET ", upstream:
“fastcgi://unix:/var/run/php-fpm.sock”, host: “myvid.top”

Posted at Nginx Forum:

On Mon, Apr 04, 2016 at 12:29:32PM -0400, JoakimR wrote:

Hi there,

I have a few questions about how do I configure it.

It’s worth making sure that you are aware how nginx works, which is
(very briefly and roughly):

  • one request is handled in one location{}
  • only the configuration in, or inherited into, that location matters
  • inheritance is typically by replacement, or not at all
  • directives from the “rewrite” module can interfere with the above
  • documentation for “location” is at Module ngx_http_core_module

First question:

How do I strip the “Set-Cookie” header from all static files like css and
jpg? I know i can setup a reverse proxy and use “proxy_hide_header
Set-Cookie”, but seems like foolish to make yet another host, just to
reverse to your self and add a few hundred msec to the request.

Where does the “Set-Cookie” header come from? Default nginx does not
add it.

Can you create a small configuration which shows the problem?

Copy-paste the configuration and a “curl -v” request and response to
show the Set-Cookie header; that should make it more obvious what needs
to be fixed.

how do i change that into /thumbs/5 subfolders/image-file

For anything involving “root” or “alias”, the questions to consider are:

  • what file on your filesystem do you wish to fetch?

  • what url do you wish to use, to fetch that file?

And just in case it is not immediately obvious from those answers:

  • what is the intended mapping between url and filename?

With that information, it may become clear what “root” or “alias”
directive to use in the “location” that handles the request.

For the above, I suspect that “root /var/www/domain.tld/media;” may be
what you want, in the location{} that handles these requests.

I have tried with both alias and root but both returns a 404

What does the error log show?

Usually it shows the request, and the filename attempted, for a 404.
That
may give a hint at what configuration should be used.

What request did you make? What location{} did you put your root or
alias directive in?

Third question:
[error] 9178#9178: *13452 upstream timed out (110: Connection timed out)
while reading response header from upstream, client: upstream:
“fastcgi://unix:/var/run/php-fpm.sock”, host:

have a lot of those, any suggestions?

Either: ask your fastcgi server why it is slow to respond
(check its logs); or ask nginx to wait longer before giving up
(Module ngx_http_fastcgi_module).

These are the “location” definitions that you show:

location / {
location /thumbs/ {
location /admin/ {
location ~ \.mp4$ {
location ~ \.flv$ {
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
location = /50x.html {
location ~ \.php$ {
location ~ /\.ht {

For each test request that you make, which location block have you
configured nginx to use to handle it? Is that the one that you want
nginx to use to handle it?

Good luck with it,

f

Francis D. [email protected]

Hi Francis, and of course everyone else

Another Q

Hi do have this in my domain.conf

location /admin {
  index index.php;
  access_log off;
  log_not_found          off;
  expires        0;
}

but yet, everything is logged? do you have some kind of answer to this?

Posted at Nginx Forum:

On Sat, Apr 09, 2016 at 09:16:33AM -0400, JoakimR wrote:

Hi there,

Another Q

For ease of searching in future, it probably will be simpler if new
unrelated questions start new message threads, with a Subject: line that
is relevant.

Hi do have this in my domain.conf

location /admin {
  index index.php;
  access_log off;
  log_not_found          off;
  expires        0;
}

but yet, everything is logged? do you have some kind of answer to this?

In nginx, a http request is logged in the location where it ends.

So your “everything” request is not finally handled in the location that
you show. (Or you’ve found a bug in nginx.)

If it is not clear to you which location{} is used for the request,
and what subrequest is made, and which location{} is used for that
subrequest; then possibly enabling the debug log on a test server will
help you track it.

Note - the debug log contains lots of information, most of which
probably
counts as “noise” for the one specific thing you are trying to find.

f

Francis D. [email protected]

On Fri, Apr 08, 2016 at 05:06:19AM -0400, JoakimR wrote:

Hi there,

Hi Francis D. thank you very much for your reply

You’re welcome.

Let’s brake this down one by one. I followed you suggestion and added
fastcgi_connect_timeout 600s; to the conf, however the pages still time out
after ~75 sec as expected do to this

You may want to read the previous mail again. I’m pretty sure I did not
mention fastcgi_connect_timeout.

2016/04/06 12:30:47 [error] 9286#9286: *348669 upstream timed out (110:
Connection timed out) while reading response header from upstream, client:
108.162.216.74, server: myvid.top, request: "GET ", upstream:
“fastcgi://unix:/var/run/php-fpm.sock”, host: “myvid.top”

You have nginx as the client, talking to your fastcgi(php) server. This
log file suggests that the fastcgi server is not writing to nginx
quickly enough.

The default nginx timeout is (I think) 60 seconds between reads. That
is usually suitable for fastcgi responses.

If your fastcgi server should be able to respond within that time, then
the problem you must address is why your fastcgi server is slower than
it should be.

If your fastcgi server is one of the few that has good reason to respond
more slowly than the nginx default timeout, then you must learn from
your fastcgi server how long it will take before it responds (at least,
for these requests); and then configure nginx to be willing to wait that
long (for these responses).

Nothing on the nginx side will determine how long it takes your fastcgi
server to respond. You must know how long that is; and configure your
nginx appropriately.

(If your php script starts with “sleep(100)”, for example, it will
probably take it at least that long to write something. If it needs to
do that sleep, then you need to configure the client to be willing to
wait that long.)

f

Francis D. [email protected]