我想知道为什么我的网站只在页面第二次或第三次刷新时加载。一旦资产被缓存,它会在几秒钟内加载,否则它会在花费太长时间后超时。
我怀疑这与我的 nginx 有关,因为它是我堆栈中了解最少的部分,但却经常被编辑。我似乎也无法访问错误日志。
我的设置有什么错误吗?
这是我的 default.conf:
upstream custodian {
# The web application.
server custodian:8000;
}
server {
listen 80 default deferred;
server_name custodian.fund www.custodian.fund;
root /var/www/letsencrypt;
location /.well-known/acme-challenge/ {
default_type "text/plain";
try_files $uri =404;
}
location / {
return 301 https://custodian.fund$request_uri;
}
}
# All http traffic will get redirected to SSL.
#return 307 https://$host$request_uri;
#}
server {
listen 443 ssl;
server_name www.custodian.fund;
return 301 https://custodian.fund$request_uri;
}
server {
# "deferred" reduces the number of formalities between the server and client.
listen 443 default deferred;
server_name www.custodian.fund;
# Static asset path, which is read from the custodian container's VOLUME.
root /custodian/static;
# Ensure timeouts are equal across browsers and raise the max content-length size.
keepalive_timeout 60;
client_max_body_size 5m;
# SSL goodness.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_certificate /etc/ssl/private/custodian.fund.pem;
ssl_certificate_key /etc/ssl/custodian.fund.key;
ssl_trusted_certificate /etc/ssl/private/custodian.fund.pem;
# ssl_certificate /etc/ssl/certs/productionexample.crt;
# ssl_certificate_key /etc/ssl/private/productionexample.key;
# Disallow access to hidden files and directories.
location ~ /\. {
return 404;
access_log off;
log_not_found off;
}
# Allow optionally writing an index.html file to take precedence over the upstream.
try_files $uri $uri/index.html $uri.html @custodian;
# Attempt to load the favicon or fall back to status code 204.
location = /favicon.ico {
try_files /favicon.ico = 204;
access_log off;
log_not_found off;
}
# Load the web app back end with proper headers.
location @custodian {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://custodian;
}
}
这是我的 nginx.conf:
# Number of workers to run, usually equals number of CPU cores.
worker_processes auto;
# Maximum number of opened files per process.
worker_rlimit_nofile 4096;
events {
# Maximum number of simultaneous connections that can be opened by a worker process.
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# ---------------------------------------------------------------------------
# Security settings from:
# https://gist.github.com/plentz/6737338
# Disable nginx version from being displayed on errors.
server_tokens off;
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";
# ---------------------------------------------------------------------------
# Avoid situations where a hostname is too long when dealing with vhosts.
server_names_hash_bucket_size 64;
server_names_hash_max_size 512;
# Performance optimizations.
sendfile on;
tcp_nopush on;
# http://nginx.org/en/docs/hash.html
types_hash_max_size 2048;
# Enable gzip for everything but IE6.
gzip on;
gzip_disable "msie6";
gzip_types text/plain application/xml;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 1000;
gunzip on;
# Default config for the app backend.
include /etc/nginx/conf.d/default.conf;
}