G. G.'s questions

Estou tentando descobrir que, embora o nginx esteja configurado para ouvir HTTP1.2, todas as solicitações nos logs são HTTP1.1

[11/Oct/2024:11:53:41 +0300] "GET /el_gr/tapetsaries-toixou/fototapetsaries-toixou/zoa/filtra/xromatikes_omades-psychra-kitrina-xroma-oxia_fusiko-gkri_mpez-leuko-anoichto_mob-mob-somon-anoichto_gkri-anthraki-gkri-thema_fototapetsarias-artistic-apoxrosi_fototapetsarias-egchromo?price=amshopby_slider_from-amshopby_slider_to HTTP/1.1" 200 50347 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.89 Mobile Safari/537.36 (compatible; GoogleOther)" 
     [11/Oct/2024:11:53:41 +0300] "GET /el_gr/catalog/product/view/id/144583/s/144583-fototsapetsaries-diafora-sxedia-megethi-100-159102/ HTTP/1.1" 200 55818 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)" 
     [11/Oct/2024:11:53:43 +0300] "GET /el_gr/catalog/product/view/id/134022/s/134022-fototsapetsaries-diafora-sxedia-megethi-100-148541/ HTTP/1.1" 200 56234 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)" 
     [11/Oct/2024:11:53:43 +0300] "GET /el_gr/catalog/product/view/id/153049/s/153049-fototsapetsaries-diafora-sxedia-megethi-100-167568/ HTTP/1.1" 200 55991 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)" 
    54.236.1.13 [ 54.236.1.13, 54.236.1.13, 127.0.0.1] [11/Oct/2024:11:53:46 +0300] "GET /el_gr/catalog/product/view/id/151013/s/151013-fototsapetsaries-diafora-sxedia-megethi-100-165532/ HTTP/1.1" 200 56020 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)" 
     [11/Oct/2024:11:53:47 +0300] "GET /el_gr/tapetsaries-toixou/fototapetsaries-toixou/zoa/filtra/xromatikes_omades-psychra-pastel-mov-therma-xroma-oxia_fusiko-gkri_mpez-leuko-anoichto_mob-mob-somon-kokkino-anoichto_gkri-kafe-thema_fototapetsarias-artistic-louloudia-vintage-apoxrosi_fototapetsarias-egchromo?price=amshopby_slider_from-amshopby_slider_to HTTP/1.1" 200 56578 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.89 Mobile Safari/537.36 (compatible; GoogleOther)" 
     [11/Oct/2024:11:53:48 +0300] "GET /el_gr/50369-tapetsaria-arts-crafts-prasino-no-36159-by-casadeco HTTP/1.1" 200 63129 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.89 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 
     [11/Oct/2024:11:53:48 +0300] "GET /el_gr/catalog/product/view/id/142099/s/142099-fototsapetsaries-diafora-sxedia-megethi-100-156618/ HTTP/1.1" 200 55810 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)" 
     [11/Oct/2024:11:53:49 +0300] "GET /el_gr/49391-wing-kremasto-ntoulapi-oikologiko-tzaki-no-14297-by-abb?swatch_colour_att=11095 HTTP/1.1" 200 69558 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)"
     [11/Oct/2024:11:53:49 +0300] "GET /el_gr/catalog/product/view/id/90457/s/58177-diaxoristika-domatiou-diafora-sxedia-102723/ HTTP/1.1" 200 68402 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)" 

Este é meu vhost:

server {
    listen 443 ssl;
    http2 on;
    server_name www.example.com;
    ssl_certificate /etc/nginx/ssl/2023/ssl_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/2023/example.key;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';

    return 301 https://example.com$request_uri;
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
     include /etc/nginx/bots.d/ddos.conf;
     include /etc/nginx/bots.d/blockbots.conf;

# apply ratebot rules
    limit_req zone=ratebot_soft nodelay;
    limit_req zone=ratebot_medium nodelay;
    limit_req zone=ratebot_hard nodelay;
}




server {
    listen 443 ssl;
    http2 on;
    server_name example.com;
    proxy_headers_hash_bucket_size 128;
    proxy_headers_hash_max_size 1024;
    ssl_certificate /etc/nginx/ssl/2023/ssl_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/2023/example.key;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';


     include /etc/nginx/bots.d/ddos.conf;
     include /etc/nginx/bots.d/blockbots.conf;

# apply ratebot rules
    limit_req zone=ratebot_soft nodelay;
    limit_req zone=ratebot_medium nodelay;
    limit_req zone=ratebot_hard nodelay;

    location / {
        proxy_pass http://127.0.0.1:6081;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Server $http_host;
        proxy_set_header Host $http_host;

        proxy_buffering off;
        proxy_buffer_size          16k;
        proxy_buffers              64 4k;
        proxy_busy_buffers_size    24k;
        fastcgi_buffer_size        32k;
        fastcgi_buffers            16 32k;

        if ($cors_origin) {
    add_header 'Access-Control-Allow-Origin' '$cors_origin' always;
    add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,HEAD,PATCH' always;
    add_header 'Access-Control-Allow-Headers' '*' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    }

    }
}

Este é um servidor dedicado em Hetzner. Ele está atrás de um firewall que está desligado. Também não estamos usando nenhum painel, apenas o Ubuntu 22 OS. O firewall CSF está habilitado

O Nginx funciona como um proxy para o varnish com terminação SSL. Então o Varnish lida com as primeiras solicitações

Anteriormente, o servidor Cloudflare também estava habilitado com suporte para http1.2

O que estou perdendo aqui, pessoal?

Tentei antes atualizar o Nginx de 1.14 para 1.14.1. Mas no apt-get upgrade eu obtive:

mysite systemd[1]: Starting A high performance web server and a        reverse proxy server...
mysite nginx[31861]: nginx: [emerg] duplicate upstream  "fastcgi_backend" in /etc/nginx/sites-enabled/mysite.conf.save:1
mysite nginx[31861]: nginx: configuration file  /etc/nginx/nginx.conf test failed
mysite systemd[1]: nginx.service: Control process exited,  code=exited status=1
mysite systemd[1]: Failed to start A high performance web server     and a reverse proxy server.
mysite systemd[1]: nginx.service: Unit entered failed state.
mysite systemd[1]: nginx.service: Failed with result 'exit-code'.
dpkg: error processing package nginx-full (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of nginx:
nginx depends on nginx-full (<< 1.14.1-0+xenial0.1~) | nginx-light (<<   1.14.1-0+xenial0.1~) | nginx-extras (<< 1.14.1-0+xenial0.1~); however:
Package nginx-full is not configured yet.
Package nginx-light is not installed.
Package nginx-extras is not installed.
nginx depends on nginx-full (>= 1.14.1-0+xenial0) | nginx-light (>=  1.14.1-0+xenial0) | nginx-extras (>= 1.14.1-0+xenial0); however:
Package nginx-full is not configured yet.
Package nginx-light is not installed.
Package nginx-extras is not installed.

Eu tenho isso no arquivo mysites.conf:

upstream fastcgi_backend {
server   127.0.0.1:9000;
#server unix:/run/php/php7.2-fpm.sock;
}

server {
listen 80;
server_name mysite.com;
return 301 https://www.example.com$request_uri;
}

server {
listen 80 default_server;
server_name www.example.com; # dev.www.example.com;
root   /home/public_html;

#check http_x_forwarded_proto value that comes from load balancer
set $my_http "http";
set $my_ssl "off";
set $my_port "80";

if ($http_x_forwarded_proto = "https") {
  set $my_http "https";
  set $my_ssl "on";
  set $my_port "443";
}

#cut off port from url
port_in_redirect off;

#setup log files
access_log  /home/www_logs/access.log;
error_log /home/www_logs/error.log;

include includes/blocks.conf;

# Include Security rules for Mageto
include includes/security.conf;

# Tell browsers that website should olways be accessible via HTTPS
# add_header Strict-Transport-Security "max-age=15984000" always;

# Include redirects
include includes/redirects.conf;

# Include static
include includes/static.conf;



# Add rewrite for product feeds
location ~ ^/en/skroutzfeed\.xml {
    expires 24h;
    try_files /home/public_html/skroutzfeed_en.xml /skroutzfeed_en.xml =404;
}
location ~ ^/el/skroutzfeed\.xml {
    expires 24h;
    try_files /home/public_html/skroutzfeed_gr.xml /skroutzfeed_gr.xml =404;
}
location ~ ^/skroutzfeed\.xml {
    expires 24h;
    try_files /home/public_html/skroutzfeed_gr.xml /skroutzfeed_gr.xml =404;
}
#include includes/phpmyadmin.conf;
#include includes/solr.conf;

#location ~ ^/el {
#    #set $magento_run_code "el";
#    #set $magento_run_type "store";
#}

#location ~ ^/en {
#    #set $magento_run_code "en";
#    #set $magento_run_type "store";
#}

location / {
    #expires 30d;
    index index.html index.php;
    set $magento_run_code "el";
    set $magento_run_type "store";
    try_files $uri $uri/ @handler;
}

location @handler {
    rewrite / /index.php;
}

#location = /js/index.php/x.js {
#    rewrite ^(.*\.php)/ $1 last;
#}

location ~ \.php {
    expires  off;
  # fastcgi_pass   fastcgi_backend;
    fastcgi_buffers 8 32k;
    fastcgi_buffer_size 64k;
    fastcgi_busy_buffers_size 64k;
    fastcgi_connect_timeout 3000s;
    fastcgi_read_timeout 3000s;
    fastcgi_send_timeout 3000s;
    fastcgi_param HTTPS $my_ssl;
    fastcgi_param REMOTE_ADDR $http_x_real_ip;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include fastcgi_params;
    fastcgi_param REMOTE_ADDR $http_x_real_ip;
}
}

Como verifiquei, tenho apenas essas linhas:

upstream fastcgi_backend {
server   127.0.0.1:9000;
#server unix:/run/php/php7.2-fpm.sock;
}

Eu quebrei meu site. Alguém pode ajudar por favor?