apache + nginx wordpress dynamic cache

nginx.conf http section

    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
    proxy_cache_key "$host$request_uri $cookie_user";
    proxy_temp_path  /var/cache/nginx/temp;
    proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_valid any 1d;

location config:

    location / {
        proxy_pass      http://127.0.0.1:8080;
        proxy_pass_header "X-Accel-Redirect";
        proxy_pass_header "X-Accel-Expires";
        proxy_cache cache;

nginx + php-fpm + wordpress, dynamic cache

Add to /etc/nginx/nginx.conf to http section

log_format  cache '$remote_addr - [$time_local] "$host$request_uri" $status $upstream_cache_status';
fastcgi_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=dynamic:100m inactive=5m;
fastcgi_cache_key "$scheme://$host$request_uri";

Add to your virtualhost to location section

        fastcgi_pass_header "X-Accel-Redirect";
        fastcgi_pass_header "X-Accel-Expires";
        fastcgi_cache dynamic;
        fastcgi_cache_key $scheme$host$request_uri$request_method;
        fastcgi_pass_header Set-Cookie;
        fastcgi_pass_header Cookie;
        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
        fastcgi_cache_valid 200 301 302 10m;
        access_log /var/log/nginx/access-cache.log cache;

then reload nginx

nginx -t && nginx -s reload

Thats all

/var/cache/nginx/fastcgi_temp permission denied

check which user nginx is running

ps aux | grep "nginx: worker process"

in my case it "apache"

chown apache:apache /var/cache/nginx/ -R

ssllabs A+ nginx

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers !RC4:HIGH:!aNULL:!MD5:!kEDH;
    ssl_session_cache shared:SSL:10m;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    ssl_session_tickets off; # Requires nginx >= 1.5.9
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7
    resolver_timeout 5s;

allow, deny not working apache + nginx

For allow remote connections for specific IP add next to htaccess

SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Deny,Allow
Deny from all
allow from env=realremoteaddr

10.11.12.15|10.11.12.16 — allowed IP


For deny:

SetEnvIf Remote_Addr «10.11.12.15|10.11.12.16″ realremoteaddr
Order Allow,Deny
Allow from all
Deny from env=realremoteaddr

10.11.12.15|10.11.12.16 — now allowed IPs

nginx init.d script

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

nginx authorization some files

task :
mail page - authorization
static files - without authorization

nginx rewrite to https

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;

       [....]
}

nginx / apache parse access log

cat /var/log/nginx/access_log | awk '{print $1}' |sort | uniq -c | sort -k 1 -n