7c235d97c1879306e4e2d0b514fabbc4dbc9c864
By:
nhabbott

Nginx Cookieless Subdomain Not Properly Serving Files

July 25, 2016 495 views
Nginx LEMP Ubuntu

All of my static content is linked to https://static.mexicanraindeer.me, the problem is when the website sends get requests for the items. The response is HTTP/1.1 200 OK because the files are found, but all of them have ONLY the following content https://static.mexicanraindeer.me/path/tofile. I have included the two nginx server blocks below.

Main Domain Configuration

    server {
        listen 80;
        server_name mexicanraindeer.me;
        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl;
        listen [::]:80 default_server ipv6only=on;

        ssl_certificate /etc/letsencrypt/live/mexicanraindeer.me-0002/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mexicanraindeer.me-0002/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        root /usr/share/nginx/html;
        index index.php index.html index.htm;

        server_name mexicanraindeer.me;

        location / {
            try_files $uri $uri/index.php;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~* \.(png|js|otf|eot|svg|ttf|woff|woff2)$ {
            expires 365d;
        }

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;
        }
    }

Subdomain Configuration

    server {
        listen 443;

        ssl_certificate /etc/letsencrypt/live/mexicanraindeer.me-0002/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mexicanraindeer.me-0002/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        server_name static.mexicanraindeer.me;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 32k;
        gzip_types text/plain text/javascript text/css;
        gzip_vary on;

        location / {
            if ($request_filename ~ "\.(css|js|png|svg|ttf|eot|woff|otf|woff2|less|scss)$") {
                root /usr/share/nginx/static;
                add_header Pragma "public";
                add_header Cache-Control "public, must-revalidate, proxy-revalidate";
                add_header Access-Control-Allow-Origin *;
                access_log off;
                expires max;

                break;
            }
        }

        return 200 https://static.mexicanraindeer.me$request_uri;
    }
1 Answer
aha MOD July 25, 2016
Accepted Answer

It seems like that's caused by the very last line (return 200 ...) A return in nginx will literally return the content that you specify in the config line, not the contents of the requested file.

So what you are telling nginx is: "return a 200 OK status code WITH THE CONTENT: https://static.mexicanraindeer.me$requesturi"_

What happens when you just take out the return line?

  • I ended up fix the problem using the following locations.

    location / {
    }
    
    location ~ \.(css|js|png|scss|less|otf|eot|svg|ttf|woff|woff2) {
            charset UTF-8;
        add_header Pragma "public";
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        add_header Access-Control-Allow-Origin *;
        access_log off;
        expires max;
    
        location ~ \.(js) {
            charset UTF-8;
            add_header Vary "Accept-Encoding";
            add_header Pragma "public";
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            add_header Access-Control-Allow-Origin *;
            access_log off;
            expires max;
        }
    }
    
Have another answer? Share your knowledge.