Unable to start nginx: [emerg] unknown directive "pagespeed"

Follow

Comments

6 comments

  • Avatar
    lenala

    Hi, is it possible to serve with Nginx optimized static files with mod_pagespeed ?

  • Avatar
    Alexandr Redikultsev

    Hi,

    It should be either nginx or pagespeed that are serving static files, they cannot work together, see the following article for clarification on this behavior: https://support.plesk.com/hc/en-us/articles/213927485--html-files-under-domain-show-white-page-with-nginx-enabled

  • Avatar
    Markus Wernecke

    Hi Plesk support team,
    thanks for implementing ngx_pagespeed compiled by nginx. I used self-compiled nginx versions with ngx_pagespeed + brotli + tls1.3 since 2017. Now it's great that Plesk supports this amazing feature. But please, it's necessary to provide a basic manual, because the example.com/pagespeed_global_admin and example.com/pagespeed_admin directories are open. The common way to disallow public access by
    pagespeed AdminPath /pagespeed_admin;
    location /ngx_pagespeed_statistics { allow 127.0.0.1; deny all; }
    location /ngx_pagespeed_global_statistics { allow 127.0.0.1; deny all; }
    location /ngx_pagespeed_message { allow 127.0.0.1; deny all; }
    location /pagespeed_console { allow 127.0.0.1; deny all; }
    location ~ ^/pagespeed_admin { allow 127.0.0.1; deny all; }
    location ~ ^/pagespeed_global_admin { allow 127.0.0.1; deny all; }
    seems not working. So everybody on earth can purge the cache.
    Greats and thanks

  • Avatar
    Alexandr Redikultsev

    Hi @Markus Wernecke,

    Thank you for the feedback!

    As for the issue you faced, I was not able to reproduce it, here is what I did:

    0. I enabled the module

    # plesk sbin nginx_modules_ctl -e pagespeed

    1. I followed your instructions posted on our forum (thanks so much by the way!): https://talk.plesk.com/threads/plesk-nginx-compiled-with-pagespeed.351508/#post-860179 

    2. Then I tried to access my test site http://wptest.tld/pagespeed_global_admin/ and I got error 403 from nginx.

    3. Then I removed the line `location ~ ^/pagespeed_global_admin { allow 127.0.0.1; deny all; }` from additional directives and was able to get the page.

    I tried to play around with some WordPress Toolkit security options suspecting that they might be interfering at some point, but even with all security features enabled there the directives for forbidding access were still working as they should.

    I suspect that there is a conflict between something else, do you perhaps have some other directives in the configs? Or maybe you can shed some more light on your web server configuration?

    P.S. By the way, I strongly suggest to avoid placing anything directly to /etc/nginx/nginx.conf file as there is a probability that the settings might be reverted. I suggest creating /etc/nginx/conf.d/pagespeed.conf with all the required directives to avoid it.

  • Avatar
    Markus Wernecke (Edited )

    Thank YOU very much for your interest, time and help. In my last post in the forum thread around pagespeed I posted my whole nginx.conf, totally. To complete everything I will give you the other relevant configurations here. Problem is: I use WoltLab software, not Wordpress, in some cases they are similar, in others totally different. You can see it in the rewrite code. But I also use wordpress for one subdomain. I use only nginx (no apache) on Ubuntu 18.04.2 and the new Plesk nginx-Caching is activated in apache & nginx settings in Plesk default settings (no adjustments by me).

    /etc/nginx/conf.d/ssl.conf

    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_cache shared:ssl_session_cache:10m;
    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
    ssl_dhparam /etc/dhparam/dhparam4096.pem;

    Plesk panel domain web-server-settings (Apache & Nginx - additional nginx settings)

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /usr/local/psa/var/modules/letsencrypt/etc/live/domain.com/fullchain.pem;
    resolver 8.8.4.4 8.8.8.8 valid=300s;
    resolver_timeout 10s;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_cache shared:ssl_session_cache:10m;
    ssl_dhparam /etc/dhparam/dhparam4096.pem;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    location ~* ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon)$ {
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "max-age=86400, public, must-revalidate, proxy-revalidate";
    try_files $uri @fallback;
    }
    location ~* \.(ico|jpeg|jpg|gif|png|bmp|css|js|cur|gz|svg|svgz|webp)$ {
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public";
    }
    location ~* \.(eot|opentype|woff|woff2|htc|webm|mp3|mpeg|mpg|mp4|ogg|ogv|vcf|tar|tgz|ttf|txt|wav|xls|xlsx|rar|zip)$ {
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "max-age=31536000, public";
    }
    location ~* \.(pdf)$ {
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "max-age=2592000, public";
    }
    location ~ \.(rss|atom)$ {
    etag on;
    if_modified_since exact;
    add_header Pragma "public";
    add_header Cache-Control "max-age=3600, public";
    }
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    location ~ .php$ {
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    }
    pagespeed On;
    location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
    add_header "" "";
    }
    location ~ "^/pagespeed_static/" { }
    location ~ "^/ngx_pagespeed_beacon$" { }
    pagespeed EnableFilters insert_ga;
    pagespeed AnalyticsID <UA-63270020-1>;
    pagespeed Statistics on;
    pagespeed StatisticsLogging on;
    pagespeed LogDir /var/log/pagespeed;
    pagespeed AdminPath /pagespeed_admin;
    location /ngx_pagespeed_statistics { allow 127.0.0.1; deny all; }
    location /ngx_pagespeed_global_statistics { allow 127.0.0.1; deny all; }
    location /ngx_pagespeed_message { allow 127.0.0.1; deny all; }
    location /pagespeed_console { allow 127.0.0.1; deny all; }
    location ~ ^/pagespeed_admin { allow 127.0.0.1; deny all; }
    location ~ ^/pagespeed_global_admin { allow 127.0.0.1; deny all; }
    if (!-e $request_filename)
    {
    rewrite ^/(forum/|photos/|blogs/|calendar/|marketplace/|chat/)?(.+)$ /$1index.php?$2 last;
    }
    location ~ /\.ht {
    deny all;
    }
    location ~ /cli.php|config.inc.php|global.php|options.inc.php {
    deny all;
    }
    location ~ /acp/templates/ {
    deny all;
    }
    location ~ /acp/uninstall/ {
    deny all;
    }
    location ~ /attachments/ {
    deny all;
    }
    location ~ /cache/ {
    deny all;
    }
    location ~ /images/proxy/ {
    deny all;
    }
    location ~ /language/ {
    deny all;
    }
    location ~ /lib/ {
    deny all;
    }
    location ~ /log/ {
    deny all;
    }
    location ~ /media_files/ {
    deny all;
    }
    location ~ /templates/ {
    deny all;
    }
    location ~ /*/templates/ {
    deny all;
    }
    location ~ /tmp/ {
    deny all;
    }
    location ~ /*/config.inc.php|global.php {
    deny all;
    }
    location ~ /*/lib/ {
    deny all;
    }
    location ~ /*/lib/core.functions.php {
    deny all;
    }
    location ~ /*/acp/templates/ {
    deny all;
    }

  • Avatar
    Alisa Kasyanova

    @Markus Wernecke
    Please check this page: https://www.modpagespeed.com/doc/admin
    I have used the Limiting Handler Access section. I added the "pagespeed GlobalAdminDomains Disallow *;" to the configuration file, and it "closed" the access to the page.

Please sign in to leave a comment.

Have more questions? Submit a request