By Cameron A.
I am running a LEMP server with Ubuntu 18. If I curl my URL: curl -i thexeno.com it shows the proper headers. But if I go to the website itself (under construction) it shows multiple headers including CSP which breaks a lot of stuff.
Could anyone help? I’ve checked every single file in /etc/nginx and I can’t figure out what is sending the duplicate header. my website/website.conf (renamed here) file lists the proper CSP and other headers I need.
Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
^ I was heading out to lunch when I wrote that sorry.
But if I go to the website itself (under construction) it shows multiple duplicate headers including CSP which breaks a lot of stuff. (On both Firefox and Chrome dev tools…displays something like this, notice all the duplicates)
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 May 2020 20:52:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self';: font-src 'self';: img-src 'self';: style-src 'self';: :
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline'
Content-Language: en
Cache-Control: no-cache, must-revalidate, stale-while-revalidate, max-age=0, private, no-transform
Pragma: no-cache
Expires: 0
Here’s a copy of my custom.conf:
server {
listen 80;
root /var/www/html/xxx;
index index.php index.html index.htm index.nginx-debian.html;
server_name xxx;
add_header Content-Security-Policy "
default-src 'self';
font-src 'self';
img-src 'self';
style-src 'self';
";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
fastcgi_pass_request_headers on;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Also, here’s something that may help I think? I followed this guide to the letter. https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.