You can use this directive to check for WeChat in-app browser and set cache off:
if ($http_user_agent ~* "MicroMessenger") {
set $skip_cache 1;
}
You can use this directive to check for WeChat in-app browser and set cache off:
if ($http_user_agent ~* "MicroMessenger") {
set $skip_cache 1;
}
Goal:
geoip_country /usr/share/GeoIP/GeoIPv6.dat;
map $geoip_country_code $proxy_direct_pass {
default yes;
CN no;
}
location ~* ^/proxied-content/(.*)$ {
if ($proxy_direct_pass = yes) {
return 302 https://original_content/$1$is_args$args;
}
proxy_pass https://original_content/$1$is_args$args;
}
Case:
$http_accept
)image.png
can also be in WebP formatThe solution:
In nginx.conf
:
# Proxy cache pools for image caching
proxy_cache_path /dev/shm/image_cache
keys_zone=image_cache:10m;
proxy_cache_path /dev/shm/image_cache_webp
keys_zone=image_cache_webp:10m;
# Differenate WebP requests
map $http_accept $webp_pool {
default image_cache;
~*webp image_cache_webp;
}
In your site config:
proxy_cache $webp_pool;
The problem: when you enables X-Frame-Options
globally. You won’t be able to embed your posts with latest WordPress embed posts method.
The solution: you can simply exclude it in your Nginx configuration. I’ll use Nginx map for better performance:
map $request_uri $x_frame_options_headers {
default SAMEORIGIN;
# Matching WordPress embed page, ie. https://example.com/my-post/embed#?secret=vLi4CQcWkH
~/embed "";
}
# Don't allow the browser to render the page inside an frame or iframe
add_header X-Frame-Options $x_frame_options_headers;
Nginx:
client_max_body_size
PHP:
post_max_size
upload_max_filesize
The installation of GitLab in Fedora 19 went fine. I followed the official installation guide with some deviations where necessary, mostly taken from the CentOS guide in gitlab-recipes. I setup nginx using the ssl config, and poked some holes in iptables. For systemd services I used these files.
Source: SELinux policy for nginx and GitLab unix socket in Fedora 19
What programmers need to know about servers.
Source: Using SSL Certificates with HAProxy – Servers for Hackers
This article explains how to configure NGINX and NGINX Plus to accept the PROXY protocol. Table of Contents Introduction Using the PROXY protocol with SSL, HTTP/2, SPDY, and WebSocket Using the PROXY protocol with a TCP Stream Complete Example Introduction The PROXY protocol enables NGINX and NGINX Plus to receive client connection information passed through […]
Source: Configuring NGINX to accept the PROXY Protocol – NGINX
Check out the recently released RFC on TCP Fast Open, a spec that allows most TCP connections to send data during the initial SYN packet – reducing the initial round trips required from 2 to 1. Excellent for HTTPS connections.
Source: Shaving your RTT with TCP Fast Open – Bradley Falzon
I’m using Comodo Certificate, you will get these files from their email:
AddTrustExternalCARoot.crt
UTNAddTrustSGCCA.crt
ComodoUTNSGCCA.crt
EssentialSSLCA_2.crt
www_example_com.crt
Correct order:
www_example_com.crt
EssentialSSLCA_2.crt
ComodoUTNSGCCA.crt
UTNAddTrustSGCCA.crt
AddTrustExternalCARoot.crt
You can create a chained certificate required by Nginx:
cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > example.com.chained.crt
In fact, you can only need the first three certificates: most systems have their root CA.
cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt > example.com.chained.crt
Update Mar 21, 2015:
Comodo updated their certificates filename, so the correct order now is:
www_example_com.crt
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > example.com.chained.crt