Tag Archives: nginx

letsencrypt renew – 404 – Detail: Invalid response

So!,

letsencrypt renew output

Domain: www.domain.com
Type: unauthorized
Detail: Invalid response from
 http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6:

nginx error log

66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 🙂

 

php-fpm – upstream: “fastcgi://127.0.0.1:9000”

 

2016/11/22 10:01:01 [error] 18314#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client:XX.XX.X.XXX, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "www.domain.com"

Lets edit /etc/php-fpm.d/www.conf and uncomment the line of 127.0.0.1:9000 and comment listen = /var/run/php-fpm/php-fpm.sock.

; Note: This value is mandatory.
listen = 127.0.0.1:9000
#listen = /var/run/php-fpm/php-fpm.sock

And restart PHP-FPM & nginx

/bin/systemctl restart  php-fpm.service
/bin/systemctl restart  nginx.service

nginx – avoid 501 and 502 nginx errors

This are my settings on /etc/php5/fpm/pool.d/www.conf to avoid 501 and 502 nginx errors… on CentOS 7 location of www.conf is at /etc/php-fpm.d/.
The server has 16Gb RAM. This configuration is for a 8Gb RAM server so…

pm.max_children = 70
pm.start_servers = 20
pm.min_spare_servers = 20
pm.max_spare_servers = 35
pm.max_requests = 500

Sources & more readings
http://myshell.co.uk/blog/2012/07/adjusting-child-processes-for-php-fpm-nginx/
http://jeremymarc.github.io/2013/04/22/nginx-and-php-fpm-for-performance/

ERROR 502 – connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream

 

2015/11/24 12:01:49 [error] 48055#0: *14094117 connect() to unix:/var/run/php5-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client:

Once again, i’m struggling with nginx + php-fpm

sudo nano /etc/php5/fpm/pool.d/www.conf

search for

listen = /var/run/php5-fpm.sock

and replace it for

listen = 127.0.0.1:7777

On the *.conf files of sites-enabled (/etc/nginx/sites-enabled/)

replace (or comment)

fastcgi_pass unix:/var/run/php5-fpm.sock;

with

fastcgi_pass 127.0.0.1:7777;

More readings

upstream sent too big header while reading response header from upstream

While I was running some scripts, of my new project, from time to time the PHP kinda had some breaks…. went to error.log and I saw the following error.

2015/08/02 19:42:19 [error] 25586#0: *8735692 upstream sent too big header while reading response header from upstream, client: 84.91.69.69, server: www.flow.domain.com, request: "GET /worker/?action=runHTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "flow.domain.com", referrer: "http://flow.domain.com/worker/?action=flushall"

I had to edit my nginx domain.conf and add the lines in bold!

location ~ \.php$ {
 try_files $uri =404;
 fastcgi_split_path_info ^(.+\.php)(.*)$;
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 access_log off;
 fastcgi_buffers 16 16k;
 fastcgi_buffer_size 32k;
}

OK!
Save it and restart nginx!
Should solve it! 🙂

NGINX Plus Release 6 with Enhanced Load Balancing, High Availability, and Monitoring Features

Well!
I can’t afford a NGINX Plus yet! 🙂
I might need to have one in one year of things work out like I want!

NGINX Plus looks hot!

demo-nginx-1024x708

New “Least Time” Load-Balancing Algorithm

R6Blogvisual-01-1024x590

Full-Featured TCP Load Balancing

R6Blogvisual-02-1024x361

High Availability

R6Blogvisual-03-1024x468

nginx – allow only one IP to access the domain/subdomain

Restricting Access

Access can be allowed or denied by the IP address of a client or by using the HTTP basic authentication.To allow or deny access from a certain set of addresses, or all addresses, use the allow and deny directives:

location / {
    allow 192.168.1.1/24;
    allow 127.0.0.1;
    deny 192.168.1.2;
    deny all;
}

Copy&Past from http://nginx.com/resources/admin-guide/restricting-access/

NAXSI: protecting websites with Nginx

NAXSI is Nginx Anti XSS & SQL injection. In simple words, it’s a firewall for web applications (WAF) for Nginx, protecting from XSS, SQL injections, CSRF, Local & Remote file inclusions. NAXSI is known for its fast working and simple configuring. It’s a good alternative for mod_security in Apache.

What would you need NAXSI for?

It’s obvious that’s the best way of protection from attacks is correctly written code, but in some situations WAF and particularly NAXSI can help:

  • low quality of site code with no resources or possibilities of rewriting it;
  • closed source code in which fixing mistakes is impossible;
  • the quality of code is unknown and unpredictable (i.e. shared hosting).

Read more at http://howtounix.info/howto/naxsi-nginx-firewall

Got it from my friend from hexcode.org