Bonjour
Depuis hier après-midi, je me gratte les cheveux pour mettre au point le fichier de config de Nginx.
Je l'ai recompilé ce matin à la version 8.9.9, avec le module pagespeed 1.9.32.11-beta.
Il marche très bien en http ( port 80 ), mais pas en https ( port 443 ).
C'est vrai que j'attends la validation du certificat Standard de Gandi...
Nginx n'écoute même pas sur ce port 443.
. Une commande du type : "openssl s_client -servername pronostics-courses.fr -connect pronostics-courses.fr :443" rend "Unable to connect, error 111".
Voici le fichier nginx.conf
Normalement, depuis la version 1.8.31.2 de Pagespeed, le paramètre :
pagespeed FetchHttps enable;
pagespeed SslCertDirectory /etc/ssl/private;
devrait être reconnu ( il l'est ), et faire que . Pagespeed soit compatible avec https.
Qua faire ?
Depuis hier après-midi, je me gratte les cheveux pour mettre au point le fichier de config de Nginx.
Je l'ai recompilé ce matin à la version 8.9.9, avec le module pagespeed 1.9.32.11-beta.
Il marche très bien en http ( port 80 ), mais pas en https ( port 443 ).
C'est vrai que j'attends la validation du certificat Standard de Gandi...
Nginx n'écoute même pas sur ce port 443.
. Une commande du type : "openssl s_client -servername pronostics-courses.fr -connect pronostics-courses.fr :443" rend "Unable to connect, error 111".
Voici le fichier nginx.conf
Normalement, depuis la version 1.8.31.2 de Pagespeed, le paramètre :
pagespeed FetchHttps enable;
pagespeed SslCertDirectory /etc/ssl/private;
devrait être reconnu ( il l'est ), et faire que . Pagespeed soit compatible avec https.
Qua faire ?
Code:
#user nobody;
user nginx;
pid /var/run/nginx.pid;
#worker_processes 1;
worker_processes 4;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
debug_connection 127.0.0.1;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
#keepalive_timeout 65;
keepalive_timeout 70;
#gzip on;
# PageSpeed
# enable ngx_pagespeed
pagespeed on;
# enable Https.
pagespeed FetchHttps enable,allow_self_signed;
#pagespeed FetchHttps enable;
pagespeed SslCertDirectory /etc/ssl/private;
pagespeed DefaultSharedMemoryCacheKB 50000;
pagespeed CreateSharedMemoryMetadataCache "/var/ngx_pagespeed_cache/" 51200;
pagespeed FileCachePath /var/ngx_pagespeed_cache;
pagespeed FileCacheSizeKb 102400;
pagespeed FileCacheCleanIntervalMs 3600000;
pagespeed FileCacheInodeLimit 500000;
pagespeed InPlaceResourceOptimization off;
#pagespeed EnableFilters in_place_optimize_for_browser;
pagespeed PrivateNotVaryForIE off;
# enable collapse whitespace filter
#pagespeed EnableFilters collapse_whitespace;
# enable JavaScript library offload
pagespeed EnableFilters canonicalize_javascript_libraries;
# combine multiple CSS files into one
pagespeed EnableFilters combine_css;
# combine multiple JavaScript files into one
pagespeed EnableFilters combine_javascript;
# remove tags with default attributes
pagespeed EnableFilters elide_attributes;
# improve resource cacheability
pagespeed EnableFilters extend_cache;
# flatten CSS files by replacing @import with the imported file
pagespeed EnableFilters flatten_css_imports;
pagespeed CssFlattenMaxBytes 5120;
# defer the loading of images which are not visible to the client
#pagespeed EnableFilters lazyload_images;
# enable JavaScript minification
pagespeed EnableFilters rewrite_javascript;
# enable image optimization
#pagespeed EnableFilters rewrite_images;
# pre-solve DNS lookup
pagespeed EnableFilters insert_dns_prefetch;
# rewrite CSS to load page-rendering CSS rules first.
pagespeed EnableFilters prioritize_critical_css;
# make Google analytics async
#pagespeed EnableFilters make_google_analytics_async;
server {
# Listen on port 80 and 443
# on both IPv4 and IPv6
listen 5.135.147.77:443;
ssl on;
listen [2001:41d0:52:100::350]:443 ipv6only=on ssl;
listen 5.135.147.77:80;
listen [2001:41d0:52:100::350]:80 ipv6only=on;
# Set website folder
root /var/www/html;
server_name pronostics-courses.fr www.pronostics-courses.fr;
rewrite_log on;
#charset koi8-r;
#access_log logs/host.access.log main;
index index.php index.html index.htm;
# Enable SSL
ssl_certificate /etc/ssl/private/pronostics-courses.fr.pem; # Cle publique.
ssl_certificate_key /etc/ssl/private/pronostics-courses.fr.key; # Cle privee.
ssl_session_timeout 5m; # Session
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Protocols
#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; # Ciphers.
ssl_prefer_server_ciphers on; #
pagespeed Statistics on;
pagespeed StatisticsLogging on;
pagespeed LogDir /var/log/pagespeed;
pagespeed AdminPath /pagespeed_admin;
pagespeed StatisticsLoggingIntervalMs 60000;
pagespeed StatisticsLoggingMaxFileSizeKb 1024;
location ~ ^/pagespeed_admin {
allow 127.0.0.1;
allow 82.225.74.10;
deny all;
}
# Ensure requests for pagespeed optimized resources go to the pagespeed handler
# and no extraneous headers get set.
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/ngx_pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
location ~ "^/ngx_pagespeed_statistics" {
allow 127.0.0.1;
allow 82.225.74.10;
deny all;
}
location ~ "^/ngx_pagespeed_global_statistics" {
allow 127.0.0.1;
allow 82.225.74.10;
deny all;
}
location ~ "^/ngx_pagespeed_message" {
allow 127.0.0.1;
allow 82.225.74.10;
deny all;
}
#location / {
# root /var/www/html;
# index index.php index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
#
# .. Je passe
# les règles de redirection.
#
include php.conf;
include drop.conf;
}
}
