By junukseo
Hi,
I am using Ubuntu 16.06 + Nginx + Php7 + MariaDB + wordpress with Letsencrypt SSL
but I must to to access Jpeg/jpg file by http
i dont know how do i that. i tried to modify my server block, jpeg files still redirect https automatically.
Please let me know how do i fix that.
My server block is below.
Thank you.
server {
listen 80;
ssl off;
server_name example.com www.example.com;
root /var/www/example;
index index.php;
return 301 https://$host$request_uri;
location /wp-content/uploads/2016/09{}
location ~ \.(jpg|jpeg)$ {
}
location /wp-content/uploads/{
}
location /wp-content/uploads/2016/{
}
}
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example;
index index.php;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
# Set caches, protocols, and accepted ciphers. This config will
# merit an A+ SSL Labs score.
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES25$
error_log /var/log/nginx/example.error.log warn;
location / {
try_files $uri $uri/ /index.php?$args;
}
# Allow Lets Encrypt Domain Validation Program
location ^~ /.well-known/acme-challenge/ {
allow all;
}
# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
deny all;
}
# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)$ {
deny all;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Rocket
# Add a slash at the end of request */wp-admin
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* \.(css|js|ico|gif|jpe?g|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
}
location ~ /.well-known {
allow all;
}
location ~ [^/]\.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 180;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi @junukseo Can I ask why you need JPEGs available on http-only? I haven’t tested this, but try replacing the first server block with this:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example;
location ~ \.(jpg|jpeg)$ {
try_files $uri =404;
break;
}
location / {
return 301 https://$server_name$request_uri;
}
}
To allow HTTP access for JPEG and JPG files on your Nginx server while the rest of your site remains redirected to HTTPS, you need to modify the configuration in your HTTP server block. From your configuration, it appears that all traffic on HTTP (port 80) is being redirected to HTTPS. You’ll want to specifically exclude .jpg and .jpeg files from this redirection.
Here’s how you can adjust your Nginx configuration to achieve this:
Step 1: Modify HTTP Server Block
You need to add a conditional redirection in your HTTP server block to exclude .jpg and .jpeg files from being redirected to HTTPS.
Here’s how you can modify the server block that listens on port 80:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example;
index index.php;
# Exclude jpg and jpeg files from redirection
location ~* \.(jpg|jpeg)$ {
try_files $uri $uri/ =404;
}
# Redirect all other requests to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
Explanation:
- Location Block for Images: The
location ~* \.(jpg|jpeg)$block is set to match any requests ending in.jpgor.jpeg. Thetry_filesdirective attempts to serve the file if it exists, and returns a 404 error if it does not. - General Redirection: The
location /block now only handles cases that are not caught by the specific image handling block. It redirects all other traffic to HTTPS.
Step 2: Ensure No Conflicts in HTTPS Block
Ensure that your server block listening on port 443 does not have conflicting directives that might prevent serving of JPEG/JPG files directly. Your existing configuration seems fine, but always check if additional conditions or locations might affect static file delivery.
Step 3: Reload Nginx
After making changes, reload Nginx to apply the new configuration:
sudo systemctl reload nginx
Testing the Configuration
- Test JPEG/JPG Accessibility via HTTP: Access a
.jpgor.jpegfile usinghttpand ensure it loads without being redirected tohttps. - Ensure Other Paths Are Secure: Make sure other parts of your website still redirect to HTTPS and that HTTPS is functioning as expected.
This setup should allow you to serve JPEG and JPG files over HTTP while keeping the rest of your site secure under HTTPS. Be sure to test your configuration thoroughly to ensure no security loopholes are introduced.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.