I have a laravel application deployed on Ubuntu 20.04 VPS running on LEMP stack and I noticed that the site is loading fine in chrome, however in FireFox / Mobile browsers - it appears to be returning a file (application/octet-stream) with the following contents:
0000 1204 0000 0000 0000 0300 0000 8000
0400 0100 0000 0500 ffff ff00 0004 0800
0000 0000 7fff 0000 0000 0807 0000 0000
0000 0000 0000 0000 01
Here is my setup.
/etc/nginx/nginx.conf
user www;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
ssl_protocols TLSv1.2; # Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
access_log off;
log_not_found off;
error_log /var/log/nginx/error.log crit;
open_file_cache max=2000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
server_names_hash_bucket_size 100;
client_header_buffer_size 1k;
large_client_header_buffers 4 16k;
client_max_body_size 50m;
client_body_buffer_size 1m;
client_body_timeout 15;
client_header_timeout 15;
keepalive_timeout 75;
send_timeout 15;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/www.domain.com.conf
server {
root /home/www/www.domain.com/application/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
index index.html index.htm index.php;
charset utf-8;
server_name domain.com www.domain.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
error_page 404 /index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server http2;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
/etc/php/7.3/fpm/pool.d/global.conf
[global]
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s
/etc/php/7.3/fpm/pool.d/www.conf
[www]
user = www
group = www
listen = /run/php/php7.3-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660
pm = static
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.process_idle_timeout = 10s;
pm.max_requests = 500
request_terminate_timeout = 15s
rlimit_files = 65536
rlimit_core = 0
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php_admin_value[error_log] = /var/log/php-fpm-www-errors.log
php_admin_flag[log_errors] = On
php_admin_flag[display_errors] = Off
php_value[error_reporting] = E_ALL & ~E_DEPRECATED
php_value[memory_limit] = 128M
php_value[max_execution_time] = 10
php_value[max_input_time] = 10
php_value[max_input_vars] = 2500
php_value[post_max_size] = 30M
php_value[upload_max_filesize] = 30M
php_value[default_socket_timeout] = 10
php_value[realpath_cache_size] = 128k
php_value[realpath_cache_ttl] = 86400
php_value[expose_php] = 0
Sorry for the long post, but I tried to post all the configs that I've configured and is related to the issue.
Any ideas what might be wrong? Appreciate any help - first time encountering this problem.
I've fixed the problem, this was caused by use of http2 in my vhost /etc/nginx/sites-enabled/www.domain.com.conf server block:
listen 443 ssl http2;
listen 80 default_server http2;
Fixed config:
# Default server configuration
server {
root /home/www/www.domain.com/application/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
index index.html index.htm index.php;
charset utf-8;
server_name domain.com www.domain.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
error_page 404 /index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
}
# HTTPS redirect
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}