Apache + Nginx directives

[Sally1]

Hello,

I have a question regarding the proper configuration of apache and nginx together. Found here in the Forum some snippets, but get depending on the snippets different X Cache Status.

1. When I add GZIP Apache and Expires Caching to Apache HTTP / HTTPS I get the X Cache Status HIT

2. When i take out Additional Nginx Directives i get X Cache Status MISS
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";


Can someone point me in the right direction, how I can get the best out of Apache and Nginx together, and how can I get the correct Configuration?


Thx
Sally


CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65





Additional Directives Apache HTTP:

# Cloudflare CF Visitor
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://domain.org$1 [L,R=301]
# BEGIN rlrssslReallySimpleSSL rsssl_version[2.5.11]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# TTFB
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 100
# GZIP Apache
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
FileETag None
ExpiresDefault "access plus 1 week"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/html "access plus 1 days"
ExpiresByType application/x-compressed "access plus 1 week"
ExpiresByType application/x-gzip "access plus 1 week"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
</IfModule>
## EXPIRES CACHING ##


Additional Directives Apache HTTPS:

# GZIP Apache
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
FileETag None
ExpiresDefault "access plus 1 week"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/html "access plus 1 days"
ExpiresByType application/x-compressed "access plus 1 week"
ExpiresByType application/x-gzip "access plus 1 week"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
</IfModule>
## EXPIRES CACHING ##

#TTFB
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 100



NGINX Settings:





Additional Nginx directives:

# X Cache Status
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
# enable GZIP compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/html text/javascript text/plain text/xml;
# Sec Headers - X-XSS-Protection
add_header x-xss-protection "1; mode=block" always;
# Sec Headers - X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
# Seec Headers - HTTP Strict Transport Security (HSTS)
add_header Strict-Transport-Security max-age=61536000;
# Sec Headers - X-Content-Type: nosniff
add_header X-Content-Type-Options nosniff;
# Sec Headers - Referrer Policy
add_header Referrer-Policy no-referrer-when-downgrade;
# Sec Headers - Feature Policy
add_header Feature-Policy "microphone 'none'; camera 'none';";

 

[Sally1]

Hello, i checked today again without Cloudflare for the Domain enabled, X Cache Status is Bypass now, any idea?

Thx
Sally

 

[mrsombre]

There are lots of different settings and options in your post. I suppose it's hard to find a root cause of your problem in such complicated situation.
Try to create a test domain and with default options and add settings one by one, check result after each change. This way you can find how exactly each options affects domain behaviour.

 

[Sally1]

Hi,

thanks for the reply. Already did Test on my Testdomain. Have there the same issue. I was just wondering, if the standard settings Apache + Nginx and Nginx Service Static Files are correct in this way. I added the Sec Headers to Nginx Directives, do they as well be added under Apache Directives ?

Thx
Sally

 

[mrsombre]

Sec Headers to Nginx Directives, do they as well be added under Apache Directives

Nginx and apache have different configs. If nginx enabled as a reverse proxy it handle request first. Process custom rules, adds cookies, etc. Then pass this request to apache and return answer from apache to end user.
Some requests can be handled by nginx and not passing to apache (for example when static file cache hit nginx will return request immediately without proxying to apache)

 

[Sally1]

Hello,

thanks for your answer. Just for better understand how to: I have wp rocket on my website also installed, and have added the code to a htaccess File on my Website, in theory I can copy this code directly to apache and nginx settings - Apache additional configuration http / https? Or should the wp rocket code stay in the hta File on the Website, and I add just the additional GZIP Compession Code, TTFB, 301 redirect to the apache additional directives?

As the wp rocket htaccess adds also headers, expires values, do I have to set the same headers as well in nginx, with the same values?

The Apache Common Settings are set at the moment all to Defaults, do I have to edit the specific setting like additional headers and set there manually every security header as well, or its ok to just add them to the additional config in apache / nginx, do the order of the directives play a role, like first TTFB value, 301 redirect, then gzip then expires etc ?

Apache Common Settings:

Handlers

Deny access to the site

Index files

Expires

Additional header


Please see here the example wp rocket code:

# BEGIN WP Rocket v3.3.6
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset UTF-8
# Force UTF-8 for a number of file formats
<IfModule mod_mime.c>
AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml
</IfModule>
# FileETag None is not enough for every server.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
# Since we’re sending far-future expires, we don’t need ETags for static content.
# developer.yahoo.com/performance/rules.html#etags
FileETag None
<IfModule mod_alias.c>
<FilesMatch "\.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$">
<IfModule mod_headers.c>
Header set X-Powered-By "WP Rocket/3.3.6"
Header unset Pragma
Header append Cache-Control "public"
Header unset Last-Modified
</IfModule>
</FilesMatch>
<FilesMatch "\.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$">
<IfModule mod_headers.c>
Header unset Pragma
Header append Cache-Control "public"
</IfModule>
</FilesMatch>
</IfModule>
# Expires headers (for better cache control)
<IfModule mod_expires.c>
ExpiresActive on
# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault "access plus 1 month"
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"
# Your document html
ExpiresByType text/html "access plus 0 seconds"
# Data
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
# Feed
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
# Favicon (cannot be renamed)
ExpiresByType image/x-icon "access plus 1 week"
# Media: images, video, audio
ExpiresByType image/gif "access plus 4 months"
ExpiresByType image/png "access plus 4 months"
ExpiresByType image/jpeg "access plus 4 months"
ExpiresByType image/webp "access plus 4 months"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
# HTC files (css3pie)
ExpiresByType text/x-component "access plus 1 month"
# Webfonts
ExpiresByType font/ttf "access plus 4 months"
ExpiresByType font/otf "access plus 4 months"
ExpiresByType font/woff "access plus 4 months"
ExpiresByType font/woff2 "access plus 4 months"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
# CSS and JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
</IfModule>
# Gzip compression
<IfModule mod_deflate.c>
# Active compression
SetOutputFilter DEFLATE
# Force deflate for mangled headers
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
# Don’t compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
</IfModule>
</IfModule>
# Compress all output labeled with one of the following MIME-types
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml
</IfModule>
<IfModule mod_headers.c>
Header append Vary: Accept-Encoding
</IfModule>
</IfModule>
# END WP Rocket

Thanks a Lot!

Best regards
Sally

 

[mrsombre]

Or should the wp rocket code stay in the hta File on the Website, and I add just the additional GZIP Compession Code, TTFB, 301 redirect to the apache additional directives

This is a right choice. Apache will use .htaccess directives per sites, so you rarely need to use additional directives option. Just extend .htaccess file.

As the wp rocket htaccess adds also headers, expires values, do I have to set the same headers as well in nginx, with the same values

Nginx works as a reverse proxy, so it will bypass most headers to end user and you'll not need to configure it additionally.

do the order of the directives play a role

Only redirect rules order play a role. Headers will be used by browser in any order.
You can any options you want to apply to the end of apache .htaccess file.

Also as i recommended before trying do it step by step and check results are same as you expect
You can start with empty testing site. Do not add wp rocket rules, just add one header to the site .htaccess. Then open site in browser, open dev tools and check network panel. Verify you see expected header. Then add next and go on. After checking your rules add wp rocket rules and verify it's keep working as intended. And this is all.

In most cases you don't need to use nginx and apache additional directives, hust use .htaccess

 

[Sally1]

Hello Dmitry,

thanks, four your detailed explanation. I will start to test on a staging website as you recommend.

Thanks a Lot!

Best regards
Sally

 

[mrsombre]

Thanks a Lot!

You are welcome. Feel free to reply if you'll stuck with something complex.

 

[Sally1]

Hello Dmitry,

tested yet on my other Domain again without Cloudflare active, without caching Plugin on Website.

Apache Common Settings: all default

additional Apache directives http / https empty

nginx settings

Proxy mode ON

Serve static files directly by nginx ON

ac3 avi bmp bz2 css cue dat doc docx dts eot exe flv gif gz htm html ico img iso jpeg jpg js mkv mp3 mp4 mpeg mpg ogg pdf png ppt pptx qt rar rm svg swf tar tgz ttf txt wav woff woff2 xls xlsx zip

Enable nginx caching ON


Cache timeout 5 sec

Cache key $scheme$request_method$host$request_uri

Cache requests with cookies

_ga
_gat
_gid
wordpress_test_cookie=WP+Cookie+check



Disable caching for locations

/wp-admin/
/wp-login.php
/xmlrpc.php


Bypass cache when


HTTP no-cache headers are received in request / OFF

HTTP authorization headers are received in request / OFF

GET nocache parameter is received in request / OFF

Return stale cached records OFF

Upstream returns 5xx server error OFF

Upstream returns 4xx client error OFF

Cache is being updated ON


HTTPD and Nginx Service restarted, Browser Caches cleared.


Checking with Chrome:

Website Domains Names & Hosting | Domain.com

content-type:
text/html; charset=UTF-8

server: nginx
status: 200
x-cache-status: STALE

When checking an jpg or other File, x-cache-status is not shown.

Any Ideas?

Thx
Sally