Wordpress NGINX + FastCGI 缓存,Err_too_many_requests

Wordpress NGINX + FastCGI 缓存,Err_too_many_requests

当我的 Wordpress 运行 NGINX 和 PHP8.0 并带有 FastCGI Cache 时,出现了一个奇怪的情况。

网站最终会陷入过多请求循环,但是,这不会立即发生,并且会自动摆脱这种循环。

例如,它可以正常工作 8 小时,然后进入错误“请求过多”循环,持续几个小时,然后自动退出。完全是自动的。

我的 WP-Config 文件有

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

我的服务器配置文件是

fastcgi_cache_path /usr/share/nginx/fastcgi_cache levels=1:2 keys_zone=phpcache:100m max_size=10g inactive=60m use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

server {
    listen 8080 ;
    listen [::]:8080 ;
    server_name example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 8080 ;
    listen [::]:8080 ;

    autoindex off;

    client_max_body_size 128M;

    #Hide the nginx version.
    server_tokens off;

    #Hide the PHP version.
    fastcgi_hide_header X-Powered-By;
    proxy_hide_header X-Powered-By;

    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    large_client_header_buffers 4 64k;
    proxy_max_temp_file_size 0;

    root /home/site/wwwroot;
    index  index.php;
    server_name  www.example.com;

    set $skip_cache 1;

    #Security only allow these requests
    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
      return 444;
    }

    location / {
      try_files $uri $uri/ /index.php?$args;
    }

    #Security don't allow any php files to run directly from the uploads folder
    location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    #Security don't allow direct access to any dot files
    location ~ /\.(svn|git)/* {
        deny all;
        access_log off;
        log_not_found off;
    }
    location ~ /\.ht {
        deny all;
        access_log off;
        log_not_found off;
    }
    location ~ /\.user.ini {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Security hide any hidden files
     location ~ /\. {
         deny all;
     }

     #Security  hide any backup or SQL dump files
     location ~ ^.+\.(sql|bak|php~|php#|php.save|php.swp|php.swo)$ {
         return 404;
     }

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
        set $skip_cache 1;
    }
    if ($query_string != "") {
        set $skip_cache 1;
    }

    # Don't cache uris containing the following segments
    if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
        set $skip_cache 1;
    }

    # Don't use the cache for logged in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $skip_cache 1;
    }

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    port_in_redirect off;
    absolute_redirect off;

    #deny access to xmlrpc
    location = /xmlrpc.php {
        deny all;
        error_page 403 http://www.google.com/;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /html/;
    }

    gzip on;

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types image/svg+xml image/x-icon text/plain text/html text/xml text/css text/javascript application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/x-font-ttf application/vnd.ms-fontobject font/opentype font/ttf font/eot font/otf image/vnd.microsoft.icon;

    location ~* \.(eot|ttf|woff|woff2|webmanifest)$ {
       add_header Access-Control-Allow-Origin *;
    }

    location ~* \.(css|js|ico|gif|jpeg|jpg|webp|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
       expires max;
    }

    location ~ [^/]\.php(/|$) {
        add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        fastcgi_index index.php;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache phpcache;
        fastcgi_cache_valid 200 301 302 60m;
        fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
        fastcgi_cache_min_uses 1;
        fastcgi_cache_lock on;
        add_header X-FastCGI-Cache $upstream_cache_status;

        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        fastcgi_pass 127.0.0.1:9000;
        include fastcgi_params;
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        fastcgi_connect_timeout         300;
        fastcgi_send_timeout           3600;
        fastcgi_read_timeout           3600;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    }
}

希望有人能提供任何调试技巧!

重定向循环发生时和不发生时 curl -I 的输出完全相同

curl -I https://www.example.com
HTTP/2 200 
content-type: text/html; charset=utf-8
date: Fri, 21 Oct 2022 02:24:16 GMT
server: nginx
vary: Accept-Encoding
link: <https://www.example.com/wp-json/>; rel="https://api.w.org/"
link: <https://www.example.com/wp-json/wp/v2/pages/9346>; rel="alternate"; type="application/json"
link: <https://www.example.com/>; rel=shortlink
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-fastcgi-cache: HIT

相关内容