Configuration with Cloudflare

[ctekk7]

Describe the bug

• When configured with cloudflare rocket-nginx header is either "miss" (or "bypass") for images and files.
• The page itself has a HIT by rocket-nginx header.

Versions

• What version of Nginx are you using ?1.24
• What version of Rocket-Nginx are you using ? 3.2 latest
• What version of WP Rocket are you using ? 3.15.8.1
• Are you using Nginx as a reverse proxy (with Apache for instance) ? no
• No plesk installed (if that's relevant)
• Cloudflare with APO, Imageoptimization.
• Latest Wordpressversion.

To Reproduce

1. Setup rocket-nginx with cloudflare or other CDN
2. See headers in chrome inspector -> network tab and inspect images or files
3. Cloudflare header Cf-Cache-Status: HIT
4. X-Rocket-Nginx-Serving-Static: MISS

Expected behavior

• I expected images and files to have "hit" or to have a bit more detailled information in rocket-nginx the description how it works with a CDN.
• Is it correct, that there is index-https.html at the end of the image file for "X-Rocket-Nginx-File"?

NGINX config

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 1024;
}

http {
        client_body_timeout 300;
        client_header_timeout 300;
        send_timeout 60;

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 4096;
        server_tokens off;

        server_names_hash_bucket_size 64;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
        client_max_body_size 100M;
        fastcgi_read_timeout 300;
        keepalive_timeout 45;
}

nginx server

server {
        server_name www.yyy.de;
        root /var/www/www.yyy.de;

        index index.html index.htm index.php;

        location / {
            try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
            fastcgi_intercept_errors on;
        }

        add_header X-Content-Type-Options nosniff always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header Referrer-Policy strict-origin-when-cross-origin always;
        add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()";

        location ~ /\. { deny all; }
        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
            expires max;
            log_not_found off;
        }

        location ~* /(?:uploads|files)/.*\.php$ {
            deny all;
        }

        if ($host = yyy.de) {
            return 301 https://www.yyy.de$request_uri;
        }

        # Rocket-Nginx configuration
        include rocket-nginx/conf.d/default.conf;

        #SSL Entries
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/yyy/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/yyy/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = www.yyy.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;

    server_name www.yyy.de;
    return 404; # managed by Certbot

}

Headers

X-Rocket-Nginx-File: /var/www/yyy/wp-content/cache/wp-rocket/www.yyy.de//wp-content/uploads/img-min.png//index-https.html
X-Rocket-Nginx-Reason: Cookie
X-Rocket-Nginx-Serving-Static: BYPASS

X-Rocket-Nginx-File: /var/www/yyy/wp-content/cache/wp-rocket/www.yyy.de//wp-includes/js/yxxy.min.js//index-https.html
X-Rocket-Nginx-Reason:File not cached
X-Rocket-Nginx-Serving-Static:MISS

[maximejobin]

I expected images and files to have "hit" or to have a bit more detailled information in rocket-nginx the description how it works with a CDN.

WP Rocket does not create caching files for images. That would be useless.

The only modification Rocket-Nginx does to static files is change the caching headers. You should expect Cloudflare to handle static files caching.

You should not expect images to have a HIT from Rocket-Nginx.

Is it correct, that there is index-https.html at the end of the image file for "X-Rocket-Nginx-File"?

Rocket-Nginx simply checks if the URL follows the WP Rocket pattern for cached file. So yes, that is normal!

[ctekk7]

thank you, it seems it was not clear to why those files have those headers if they are not meant to be cached by rocket-nginx.

[maximejobin]

The reason is : coding with the "Nginx programming language" is really basic. Therefore, it would be complicated to manage cases like this efficiently simply to remove the headers.

[ctekk7]

Okay thank you for the insight

---

From: Maxime Jobin @.> Sent: Saturday, February 10, 2024 7:14:57 PM To: SatelliteWP/rocket-nginx @.> Cc: ctekk7 @.>; Author @.> Subject: Re: [SatelliteWP/rocket-nginx] Configuration with Cloudflare (Issue #209)

The reason is : coding with the "Nginx programming language" is really basic. Therefore, it would be complicated to manage cases like this efficiently simply to remove the headers.

— Reply to this email directly, view it on GitHubhttps://github.com/SatelliteWP/rocket-nginx/issues/209#issuecomment-1937086927, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQ3DWH6DWS3IHHKILJBW3MLYS62KDAVCNFSM6AAAAABCWNXK6SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZXGA4DMOJSG4. You are receiving this because you authored the thread.Message ID: @.***>