🇸🇪Sweden @fred6633

Thanks jaypan, I think the problem can be solved with the alternate packade php-legacy.

Don't forget this :
https://www.drupal.org/project/drupal/issues/3034643 🐛 File not found web/update.php/selection Closed: outdated .
I had to add code under comment #15 in order to run update.php.

This code below breaks my site, if I enable aggregate css and javascript. It's a composer install with a web directory. Brave says too many redirects.

location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|webp|avif)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }

If I replace "try_files $uri @rewrite;" with "try_files $uri /index.php?$query_string;" it works.

I also have not been able to get this code to work with images that Drupal has converted to webp. Drupal creates a file "filename.png.webp". Drupal also sets "?itok=suhCNess", so the total name is "filename.png.webp?itok=suhCNess" But is has no effect to change the regex to "webp.*". The expiration directive still does not work.

The approach that works for me in order to get the expires directive to work with converted webp images is described here: https://linux-audit.com/web/nginx-adding-expires-header-to-improve-caching/

Below code breaks my site.

location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }

If I replace "try_files $uri @rewrite;" with "try_files $uri /index.php?$query_string;" it works.

Here is my code.

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
try_files $uri /index.php?$query_string;
 expires 1y;
log_not_found off;
add_header Cache-Control "private,must-revalidate";
}

Thanks!
Do you have a code to get expiration to work with images that Drupal converts to webp, eg "filename.png.webp"? Below does not work.

location ~* \.(css|gif|ico|jpeg|jpg|js|png|webp)$ {
        try_files $uri @rewrite;
        expires 1y;
        log_not_found off;
    }

I added this code to my virtual host:

# Deny Access to all of Wordpress Front End files
        location ~* ^/(/wp-admin*|/wp-cron*|/wp-config*) {
        rewrite ^ / permanent;
    }

https://www.drupal.org/project/drupal/issues/3336659 📌 Add a sample nginx configuration file Closed: duplicate

Thanks!

perhaps I would be flattered by the interest in my insignificant site...

Thanks!

Interesting. But the .htaccess file is crowded with rewrite rules. My apache server ignores .htaccess files and mod-rewrite is disabled. I have moved the rules in the .htaccess files to my v.conf except for the rewrite rules. Everything works. I ran into the problem I described when I temporarily enabled the .htacces files. If my aproach is less secure I take the risk. Apache advises against both the use .htaccess files and the rewrite module

I did som final tests.

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006

SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003

Either the above codes are in the .htaccess or in the v.conf they break css and js aggregation for me.

Well,

I have disabled it and I do have clean URLs.

Apache advises againt using it.

Sorry for my dump questions. I set AllowOverride to None in apache2.conf and merged the lines of code that don't cause problems in a Directive in my vconf file. Everything works now!

I found this thread:  https://www.drupal.org/forum/support/post-installation/2018-03-30/cssjs-... →

I was able to get aggregation to work by outcommenting these lines in .../sites/default/files/.htaccess

# Set the catch-all handler to prevent scripts from being executed.
#SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
#<Files *>
  # Override the handler again if we're run later in the evaluation list.
 # SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
#</Files>

Now I just wonder if this is a file that could be restored in an update? Maybe I could make it readonly?

Fred

I have put the code in /home/user_me/.profile. Log in via SSH and type ls -al and you see either .profile or .bash_profile.

I don't know if my solution is proper but the message is gone.

Fred

In $HOME/.profile or $HOME/.bash_profile works. Check which you have.

I made a fresh install today "composer create-project drupal/recommended-project my_site_name" in a test directory. Directly afterwards a "composer diagnose" returned this message. So obviously it is not an additional module that causes it.

Fred

Hello,

If anyone is interested, these lines in .htaccess at the top of the rewrite rules, just after "RewriteEngine on" solved the issue:

RewriteCond %{QUERY_STRING} ^.    

RewriteRule ^ %{REQUEST_URI} [QSD,R,L]

Fred

Hello,

Today I saw another "Alternate Page with Proper Canonical Tag" in Google Search conole : "https://mypage.com/?rest_route=/".

Why does Drupal create theses aliases to my front page?

Fred

Thanks,

I already have a Google search console account. It was there I noticed "Alternate Page with Proper Canonical Tag". 

"Now I have editet robots.txt and and the url is blocked when I test in Google search console.

Fred

Thanks,

Should it look like this?

Disallow: /?Itemid*