Issue Cache expiration header in Additional Nginx directives - images not showing up

[octet]

Hi,

Trying to get Cache expiration to work on Plesk Obsidian, while using nginx and having no luck.

As soon as I apply the directives the images don't show anymore.

location ~* .(js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|woff|woff2|svg|ttf)$ {
expires 30d;
add_header Pragma "public";
add_header Cache-Control "public";
}

Any suggestions on how to overcome this without switching to Apache only please?

 

[Bitpalast]

I think it should be

location ~* \.(js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|woff|woff2|svg|ttf)$ {
expires 30d;
add_header Pragma "public";
add_header Cache-Control "public";
}

instead (include the backslash before the dot).

 

[octet]

Same error.

The requested content cannot be loaded.
Please try again later

 

[Bitpalast]

Are the images you are trying to load physical sources or are Apache rewrite rules in effect that work when Nginx is bypassed?

 

[octet]

Physical sources on a subdomain.

 

[Bitpalast]

Does the subdomain contain capital letters? In that case, remove them, spell all in lower case.

 

[octet]

No, all lower cases.

Found this bug, related to WordPress, but I'm not running WordPress, so I can't use the workaround.

Plesk Help Center

support.plesk.com

[FIXED BUG] Additional nginx directives/Leverage browser caching are ignored for WordPress website

Applicable to: Plesk for Linux Symptoms Additional nginx directives/Leverage browser caching are set under Domains > example.com > Apache & nginx Settings for a WordPress website. Fo...

support.plesk.com

 

[Bitpalast]

I have guts feeling that this might not be related to the server at all. Have you tested what happens on a different browser? Have you cleared the browser cache? Are any other special configuration entries in effect, e.g. HSTS?

 

[octet]

Yes, all cache deleted from the browser, server directly. HSTS enabled, see screenshot:

 

[Bitpalast]

In this case I'd first deactivate HSTS, because it could be preventing your browser from accessing the resource. The general route to take here is to first create a simple setup that works without all the extra gimmicks that noone really needs. Then, once the setup works, add the gimmicks step by step.

 

[octet]

I've tried without HSTS, same error, clearly seems to be a Plesk BUG, since it's has also been documented in the links I've posted above.

As soon as I remove directives, delete cache from the server and in the browser, the photos disappear.

 

[Bitpalast]

Why do you think it is a Plesk bug? Plesk has nothing to do with what Nginx is doing. Plesk is only providing an easy way to add an individual configuration directive to it. You can check /var/www/vhosts/system/<yourdomain>/conf/nginx.conf to see what is stored in your nginx configuration file.

I am using a very similar setup on a domain, and it does work trouble-free. The only difference in my setup here is that I am not using your additional lines
add_header Pragma "public";
add_header Cache-Control "public";
and I am using a smaller set of file extensions.

I still think it is related to other configurations, like redirects, that a request cannot find the image that is requested.

 

[octet]

nginx.conf below:

[root@ufo cache]# cat /var/www/vhosts/system/domain/conf/nginx.conf
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
    listen IP.IP.IP.IP:443 ssl http2;

    server_name domain;
    server_name www.domain;
    server_name ipv4.domain;

    ssl_certificate             /usr/local/psa/var/certificates/cert-ubByPa;
    ssl_certificate_key         /usr/local/psa/var/certificates/cert-ubByPa;
    ssl_client_certificate      /usr/local/psa/var/certificates/cert-7zLlB8;

    client_max_body_size 128m;

    proxy_read_timeout 600;

    root "/var/www/vhosts/domain/httpdocs";
    access_log "/var/www/vhosts/system/domain/logs/proxy_access_ssl_log";
    error_log "/var/www/vhosts/system/domain/logs/proxy_error_log";

    #extension letsencrypt begin
    location ^~ /.well-known/acme-challenge/ {
        root /var/www/vhosts/default/htdocs;

        types { }
        default_type text/plain;

        satisfy any;
        auth_basic off;
        allow all;

        location ~ ^/\.well-known/acme-challenge.*/\. {
            deny all;
        }
    }
    #extension letsencrypt end

    #extension sslit begin

    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;

    #OCSP Stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    #extension sslit end

    location / {
        proxy_pass https://IP.IP.IP.IP:7081;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;

    }

    location /internal-nginx-static-location/ {
        alias /var/www/vhosts/domain/httpdocs/;
        internal;
    }

    location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
        alias /var/www/vhosts/domain/web_users/$1/$2;
        fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass "unix:///var/www/vhosts/system/domain/php-fpm.sock";
        include /etc/nginx/fastcgi.conf;

    }

    location ~ ^/~(.+?)(/.*)?$ {
        proxy_pass https://IP.IP.IP.IP:7081;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Accel-Internal /internal-nginx-static-location;
        access_log off;

    }

    location ~ \.php(/.*)?$ {
        fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass "unix:///var/www/vhosts/system/domain/php-fpm.sock";
        include /etc/nginx/fastcgi.conf;

    }

    include "/var/www/vhosts/system/domain/conf/vhost_nginx.conf";
}
server {
    listen IP.IP.IP.IP:80;

    server_name domain;
    server_name www.domain;
    server_name ipv4.domain;

    client_max_body_size 128m;

    proxy_read_timeout 600;

    location / {
        return 301 https://$host$request_uri;
    }

Why do you think it is a Plesk bug?

Because:

 

[Bitpalast]

But that is not the issue. The issue you are describing is that the images are not delivered at all. At least this is what you wrote earlier.

 

[octet]

Correct, if I apply the additional directives, with or without these 2 lines:

add_header Pragma "public";
add_header Cache-Control "public";

photos don't show.

Anything seems wrong in the nginx.conf file? Maybe something related to .htaccess, although it should be ignored since it's nginx and not apache?

 

[Bitpalast]

All seems well with the nginx.conf file. Your additional directives can be found in /var/www/vhosts/system/<your domain>/conf/vhost_nginx.conf. I don't see why images should not be delivered.

 

[octet]

Your additional directives can be found in /var/www/vhosts/system/<your domain>/conf/vhost_nginx.conf.

add_header X-Frame-Options DENY always;
add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header 'Access-Control-Allow-Origin' "*";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";add_header Content-Security-Policy "default-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.gstatic.com *.torqen.uk *.paypal.com;";
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
text/xml
text/javascript;

I don't mind enabling it for one of the subdomains and PM you the real domain if you want to see for yourself, perhaps that would help?

 

[Bitpalast]

This does not look correct. Actually, the conf file should contain your additional nginx directives and not these other lines. Where do these other lines come from? Do you use an extension that is modifying the web server output, e.g. some kind of page compression tool or caching extension?

 

[octet]

It's what I've setup in additional directives for nginx in Plesk, see screenshot here:

 

[Bitpalast]

I am sorry for the misunderstanding, but at the beginning of the thread you wrote that you have this as additional nginx directives:

location ~* .(js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|woff|woff2|svg|ttf)$ {
expires 30d;
add_header Pragma "public";
add_header Cache-Control "public";
}

I am really sorry, but now the situation is totally different and I have already spent a lot of time on this. I feel uncomfortable with this. You description is now completely different from how you started the thread.

My suggestion is to create a support ticket with Plesk support to get this solved. Obviously we're talking about different things here. I cannot continue this thread. maybe someone else wants to.