l0nax opened a new issue #1546: HTTPS not Working with Pagespeed URL: https://github.com/apache/incubator-pagespeed-ngx/issues/1546 Here is my Site Configuration: ``server { listen 80 http2; listen [::]:80; ### # Headers Settings ### include snippets/header.conf; more_set_headers 'Server: l0nax Server'; ## Accept only HTTP (GET|HEAD|POST) Method if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 405; } ### # pagespeed ### pagespeed on; pagespeed Statistics on; pagespeed StatisticsLogging on; pagespeed LogDir /var/log/pagespeed; pagespeed ModifyCachingHeaders on; pagespeed XHeaderValue "l0nax"; pagespeed EnableFilters make_show_ads_async; pagespeed EnableFilters make_google_analytics_async; # Enable Client Site Loading Measuring pagespeed EnableFilters add_instrumentation; pagespeed ReportUnloadTime on; # pagespeed Experiments pagespeed RunExperiment on; pagespeed UseAnalyticsJs off; pagespeed AnalyticsID UA-105614803-2; pagespeed EnableFilters insert_ga; # automaticly insert Google Analytics code # Bandwidth Optimizing pagespeed RewriteLevel OptimizeForBandwidth; pagespeed InPlaceResourceOptimization on; # SSL pagespeed LoadFromFile "https://l0nax.org" "/var/www/html/"; pagespeed FetchHttps enable,allow_self_signed; pagespeed SslCertDirectory /etc/ssl/certs; pagespeed SslCertFile l0nax.org.crt; pagespeed UseNativeFetcher off; location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; } root /var/www/html; # set Index File index index.html index.htm index.php; server_name l0nax.org; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?q=$uri&$args =404; } # pass PHP scripts to FastCGI server location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; # include fastcgi Config include fastcgi_params; include fastcgi.conf; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one location ~ /\.ht { deny all; } ### # Cache Settings ### include snippets/h5bp/basic.conf; ### # Gzip Settings ### gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; include snippets/gzip_filetypes.conf; ### # Error Sites ### # Coming Soon! } server { listen 443 ssl; server_name l0nax.org; pagespeed on; pagespeed UseNativeFetcher off; ### # Headers Settings ### include snippets/header.conf; more_set_headers 'Server: l0nax Server'; pagespeed Domain https://l0nax.org; pagespeed FetchHttps enable,allow_self_signed; pagespeed SslCertDirectory /etc/ssl/certs; pagespeed SslCertFile l0nax.org.crt; ### # SSL Settings ### # enable session resumption to improve https performance # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/ssl/dhparam.pem; ssl_certificate /etc/ssl/certs/l0nax.org.crt; ssl_certificate_key /etc/ssl/private/l0nax.org.key; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # enable stamping (brwoser will check Certitificate Revocation list [CRL]) ssl_trusted_certificate /etc/ssl/certs/l0nax.org.chain.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/certs/l0nax.org.chain.pem; # enable HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; }`` My nginx.conf File: `` user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; multi_accept on; } http { pagespeed off; ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; # Prevent Clickjacking Attack add_header X-Frame-Options "SAMEORIGIN"; # X-XSS Protection add_header X-XSS-Protection "1; mode=block"; # Disable Content Sniffing on some Browsers add_header X-Content-Type-Options nosniff; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; # gzip_http_version 1.1 2; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # pagespeed Settings ## pagespeed UsePerVHostStatistics on; pagespeed InPlaceResourceOptimization on; pagespeed CreateSharedMemoryMetadataCache "@@SHM_CACHE@@" 8192; pagespeed Statistics on; pagespeed StatisticsLogging on; pagespeed MessageBufferSize 200000; pagespeed FetcherTimeoutMs 10000; pagespeed NativeFetcherMaxKeepaliveRequests 50; pagespeed LogDir /var/log/pagespeed; pagespeed FileCachePath /var/cache/pagespeed; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } `` I have compiled with nginx with the following Options: `` configure arguments: --add-module=/root/incubator-pagespeed-ngx-latest-stable --prefix=/etc/nginx --sbin-path=/usr/sbin --with-http_ssl_module --with-compat --with-google_perftools_module --with-file-aio --with-http_auth_request_module --with-http_geoip_module --with-http_gzip_static_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads --with-openssl=/usr/local/src/openssl --with-http_gzip_static_module --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --add-module=/tmp/headers-more-nginx-module --with-http_v2_module `` ``nginx -v`` output: ``nginx version: nginx/1.13.10`` ``nginx -V`` output: `` nginx version: nginx/1.13.10 built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9) built with OpenSSL 1.1.1-pre4-dev xx XXX xxxx TLS SNI support enabled configure arguments: --add-module=/root/incubator-pagespeed-ngx-latest-stable --prefix=/etc/nginx --sbin-path=/usr/sbin --with-http_ssl_module --with-compat --with-google_perftools_module --with-file-aio --with-http_auth_request_module --with-http_geoip_module --with-http_gzip_static_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads --with-openssl=/usr/local/src/openssl --with-http_gzip_static_module --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --add-module=/tmp/headers-more-nginx-module --with-http_v2_module `` **My Problem:** My normal HTTP Site work's well with the PageSpeed Module. But if i try to connect to my Website via HTTPS it does not work! Here is the Output from my Chrome: [https://photos.app.goo.gl/qmLMheHysulPdqgz2](https://photos.app.goo.gl/qmLMheHysulPdqgz2) If i use the Normal nginx Software i can access my Website without this Error. **https://photos.app.goo.gl/qmLMheHysulPdqgz2** How i can fix this?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services