Related

Tool NGINX Config Generator Tool
Droplet gets slow with time (response time 700ms to 3000ms), any tips please? Question Question
Connect to DB installed into dedicated VPS (private networking) Question Question

Question

I have Nginx + FastCGI for php. My server is sending duplicate headers. How to fix it?

Posted May 20, 2020 132 views
NginxPHPLEMPUbuntu 18.04

I am running a LEMP server with Ubuntu 18. If I curl my URL:
curl -i thexeno.com it shows the proper headers. But if I go to the website itself (under construction) it shows multiple headers including CSP which breaks a lot of stuff.

Could anyone help? I’ve checked every single file in /etc/nginx and I can’t figure out what is sending the duplicate header. my website/website.conf (renamed here) file lists the proper CSP and other headers I need.

Thanks.

Add a comment
By:
GreenSage
Add a comment
2 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
GreenSage May 20, 2020

That should read, “it shows multiple duplicate headers…”

Reply Report
GreenSage May 20, 2020

^ I was heading out to lunch when I wrote that sorry.

But if I go to the website itself (under construction) it shows multiple duplicate headers including CSP which breaks a lot of stuff. (On both Firefox and Chrome dev tools…displays something like this, notice all the duplicates)

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 May 2020 20:52:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self';:       font-src 'self';:       img-src 'self';:        style-src 'self';:  :
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline'
Content-Language: en
Cache-Control: no-cache, must-revalidate, stale-while-revalidate, max-age=0, private, no-transform
Pragma: no-cache
Expires: 0

Here’s a copy of my custom.conf:

server {
        listen 80;
        root /var/www/html/xxx;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name xxx;
        add_header Content-Security-Policy "
                default-src 'self';
                font-src 'self';
                img-src 'self';
                style-src 'self';
        ";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options DENY;
        fastcgi_pass_request_headers on;
        location / {
                try_files $uri $uri/ =404;
        }
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /\.ht {
                deny all;
        }
}
Reply Report
GreenSage May 22, 2020

Also, here’s something that may help I think? I followed this guide to the letter. https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04

How To Install Linux, Nginx, MySQL, PHP (LEMP stack) on Ubuntu 18.04
by Justin Ellingwood
by Mark Drake
This tutorial details the process for installing and configuring the components that constitute a LEMP stack on an Ubuntu 18.04 server, including Nginx, MySQL, and PHP. It also includes instructions for testing that these components can communicate effectively and serve your content correctly.
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help