h5bp / server-configs Goto Github PK

As of at least May 8th, node-mime currently supports the mime types that are hardcoded in node.js of this project.

https://github.com/bentomas/node-mime/blob/master/mime.types

It seems like the configuration interface is agnostic to what server is actually being used. We should remove references to any specific servers in the comments or code if so.

Shouldn't they be 4.0.0.0 now?

<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
            <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
            <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

In the current version of the nginx site config (2012-07-23 that is) following snippet

  # Cross domain webfont access
  location ~* \.(ttf|ttc|otf|eot|woff|font.css)$ {
      add_header "Access-Control-Allow-Origin" "*";
  }

is always outmatched by preceeding

  # Media: images, video, audio, HTC, WebFonts
  location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|eot|mp4|ogg|ogv|webm)$ {
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
  }

Unfortunately it's not possible to have multiple locations match as the docs say:
"The first regular expression to match the query will stop the search."

A possible fix would be to remove webfonts extensions from the media block and change the webfont block to

  # Cross domain webfont access
  location ~* \.(ttf|ttc|otf|eot|woff)$ {
    add_header Access-Control-Allow-Origin "http://www.clans.de";
    expires 1M;
    access_log off;
    add_header Cache-Control "public";
  }

if self.request.url.ends('/'):

should be

if self.request.url.endswith('/'):

Per request by @nimbupani, we'd like to implement a function that would simplify auto-loading the h5bp middleware.

Here is an example of the desired functionality:

var h5bp = require('h5bp');

// express stuff up here

// load the desired middleware based off an `options` object
app.use(h5bp.load({
  server: true,
  setContentType: true,
  removeEtag: true
});

I was browsing the IIS config and noticed a url that led to an empty wiki page - github.com/h5bp/html5-boilerplate/wiki/Version-Control-with-Cachebusting - is this an issue with changes to the projects folder structure?

Using the IIS7 > Web Forms web.config, I see this response from curl after I uncommented the ETag custom header:

HTTP/1.1 200 OK
...
ETag: "f5e4f29ee195cd1:0"
Server: Microsoft-IIS/7.5
E-TAG: IE=Edge,chrome=1

The ETag is not sent with a blank value & the X-UA-Compatible header is lost, its value somehow coming out in the E-TAG header. I found this Stack Overflow discussion which fixed the issue. Basically, change the etag section to:

<remove name="ETag" />

And then add the following to the rewrite rules:

<rewrite>
   <outboundRules>
      <rule name="Remove ETag">
         <match serverVariable="RESPONSE_ETag" pattern=".+" />
         <action type="Rewrite" value="" />
      </rule>
   </outboundRules>
</rewrite>

Now curl shows the right headers:

HTTP/1.1 200 OK
...
Server: Microsoft-IIS/7.5
X-UA-Compatible: IE=Edge,chrome=1

No ETags in sight.

location ~* \.(?:manifest|appcache|html|xml|json)$ {
    expires -1;
}

Should be:

location ~* \.(?:manifest|appcache|html|htm|php|xml|json)$ {
    expires -1;
}

The .php is debatable but the .htm was definitely left out.

Also, the .htc filetype is missing (which is ironic since the comment mentions HTC):

# Media: images, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|mp4|ogg|ogv|webm)$ {
  expires 1M;
  access_log off;
  add_header Cache-Control "public";
}

Fixed:

# Media: images, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
  expires 1M;
  access_log off;
  add_header Cache-Control "public";
}

Original issue/discussion - h5bp/html5-boilerplate#1115 - was apache-specific. Moving to this repo following the move of the .htaccess.

@drublic says:

I stumbled over keep-alive a view times lately while checking Google Page-Speed for some advice for a specific project.

Keep-alive is an HTTP feature which allows the server to send multiple requests through one TCP-connection as far as I understood. This improves performance up to 50% according to the Apache config docu. @getify states in #28 that a connection with keep-alive may be 20-30% faster.

From my experience and this SO question it seems like the HTTP header is set in a server-configuration and you can't change it easily via .htaccess.

Today I found this new answer on the SO question from above which describes that it is possible to use Header set Connection keep-alive in the .htaccess to control the behavior of this.

This works for me. I've tested this in two projects now, one of them is my blog. The request-header "Connection" is set to "keep-alive" now and Google Page-Speed does not show this anymore as "to be done". Here is a screenshot of the headers.

I'd suggest adding this to the .htaccess file as it seems to improve performance and I've not encountered any problem with setting this header.

Looking forward to your feedback!

Could help some: I just found the "new .appcache" extenstion and how to easily add manifest for any hosting that uses web.config.
Place in root of a Web App for caching kick start

<configuration>
    <system.web>
        <httpHandlers>
            <add verb="GET,HEAD" path="*.appcache"        type="System.Web.StaticFileHandler" />
        </httpHandlers>
    </system.web>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension=".appcache"      mimeType="text/cache-manifest" />
        </staticContent>
    </system.webServer>
</configuration>

Edit
http://www.html5rocks.com/en/tutorials/appcache/beginner (plus others) the extension appcache
The reason I needed to find a solution was cos of a hosted solution at an IIS site, where web.config is the only way
GoDaddy seems to have IIS and some user posted a solution for altering mime type for an unconnected problem, above solution tested on my localhost IIS7 that I use for testing.

Edit Edit
I have not investigated if similiar could be added to other server configs: left to the reader ...

So I opened a pull for some audio MIME types on the .htaccess here: h5bp/html5-boilerplate#1078
Then I said to myself, "I'd like to try out nginx sometime, I wonder if it has its own config.. hmm it does! But i don't want to edit 2+ sever configs every month!"

Is there an easier way to update MIME types for all server configs at once? Looks like they are already out of sync...
TIA

What is this ( https://github.com/paulirish/html5-boilerplate-server-configs/blob/master/lighttpd.conf#L148 ) line in lighttpd.conf for ?

".*" => "access plus 1 month"

Because it completely disables PHP parsing for me. If I remove it, everything is working again. Am I doing something wrong ?

On some managed hosting environments (confirmed on RackSpace CloudSites) I was noticing HTTP 500 errors on requests to static content files (css, js, typeography) where ASP.NET Forms authentication was enabled.

Removing the mimeMap elements fixed the problem, but I'm working on a fix that I'd like to commit to the repo.

That way people can cleanly link here and get all the goodness in one go.

I'm thinkin we could use a pre-commit hook to just wget it over from the other repo. That way its easily in both spots.. Thoughts?

I am trying the web.config. I am running Windows 7 Ultimate 64bit with IIS 7.5

I receive the following error trying to use the web.config as is:

'There is a duplicate 'system.web.extensions / scripting / scriptResourceHandler' section defined'

The problem line is given as

7: <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />

Wiki is missing so the link fails.

When running the app in the 'publlish' sub folder the web config throws up the error outlined here:
http://forums.iis.net/p/1180093/1989644.aspx
This is caused by the root folder web.config defining this custom header and then the publish sub folder also setting the same heading.

This can be fixed by changing this:

            <add name="X-UA-Compatible" value="IE=Edge,chrome=1" />

To this:

            <remove name="X-UA-Compatible" /> 
            <add name="X-UA-Compatible" value="IE=Edge,chrome=1" />

Some simple optimizations could reduce size (most importantly in terms of human reading and maintenance), e.g. static_files item declarations without or with identical mime_type can be combined in one mapping declaration.

This is the incorrect log format being used by your config:

log_format  main '$remote_addr - $remote_user [$time_local]  $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

This is the correct log format:

log_format  main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

Whoever wrote the config swapped the request and status values, thus breaking Apache log format compatibility (http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats).

The official Nginx config uses the correct (latter) format.

The nginx.conf enables way too few and too small buffers:

gzip_buffers 4 8k;

This bad value seems to be based on the old Nginx < 0.7 defaults (http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_buffers).

My suggestion: Don't specify the value at all in your config. Let Nginx choose between 32 * 4k or 16 * 8k based on the detected size of a memory page. That offers the best performance.

This is highly insecure especially for n00bs. Ideally this should be an opt-in.

Apache

The "font/opentype" mimetype is invalid. Mime consists of a content type before the slash and a subtype after the slash.

The valid content types are application/, audio/, example/, image/, message/, model/, multipart/, text/ and video/. There is no such thing as "font/".

Application-specific binary data such as javascript, fonts and so on are all registered under application/*. Fonts tend to use "application/font-NAME".

OpenType doesn't have a formal registration, but they have some informal types. Informal subtypes must be prefixed with "x-".

The best and most common informal mime type for it is: application/x-font-opentype.

I just discovered that the Nginx conf already does the right thing in this regard, but Apache is affected.

The .htaccess cache settings are awesome, but I'm running into an issue with the cache busting settings for JS and CSS versioning.

<IfModule mod_rewrite.c>
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
</IfModule>

I can't seem to get this to work with the WordPress rewrite settings already present in the .htaccess file.

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /
  RewriteRule ^index\.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]
</IfModule>

At best, the rewrite on my JS files never happens. At worst, it breaks the site.

Anyone had any luck getting this to work with WordPress?

From Ron Adams, on the mailing list:

I realize this discussion could be more related to the
html5boilerplate-server-configs project.

I recently deployed a new site using the HTML5 boilerplate, and its
awesome :)

With todays release of IE9 however, I noticed that IE9 was not loading
the stylesheet (see: http://i.imgur.com/4LhQO.png ). The stylesheet
loads fine in IE8, 7, Chrome, Firefox, etc. We tested the site with
the IE9 platform preview, and that works fine as well.

Looking at the HTTP request with Fiddler2, I noticed that the
style.css was returning a HTTP 406 error, and the content-type was
incorrectly set to "text/html; charset=utf-8". (see: http://imgur.com/K25x5
)

You can see another request for style.css below, that returns HTTP
200, but that request was coming from google chrome.

What would cause the web server to serve one mimetype for IE9 and
another for chrome, firefox and the other browsers.

A workaround for this was to edit my web.config file (based on the
html5boilerplate-server-config web.config file)

from:

<remove fileExtension=".css"/>
 <mimeMap fileExtension=".css" mimeType="text/css; charset=UTF-8"/>

to:

 <remove fileExtension=".css"/>
 <mimeMap fileExtension=".css" mimeType="text/css"/>

That fixes the issue, but more importantly, why would IE9 be the only
problematic browser? Why would IE9 be the only browser to see "text/
html; charset=utf-8" in Fiddler?

I'd like to push this fix into the server-configs project, but at the
same time, it seems like a crappy work-around and if anyone knew how
to dive deeper, I'd like to know more info.

Thanks.

Hello,

is there any reason why h5bp excludes a lot of files instead of only enabling it for a few ones? See https://github.com/FabianBeiner/html5-boilerplate/commit/aa7a89b906a1b56c23e1b0c338f0dbb8e6447582

Best,
Fabian

You have .js set to serve as "application/x-javascript" but the nginx.conf doesn't white list that as a gzippable type.

So... If one of them is wrong, I'm guessing the mime.types file is the better of the two to change? Should it not be set to "text/javascript"? See any other in there that raise a red flag?

App goes boom when you access a dirty path like http://localhost:8080///././.././../>$>$>4.$>././/.4/.4/.4.//./4//.//.>$>$>$.$>..

If I include the file expires.conf in my site configuration, this rewrite:

    rewrite "([a-z0-9]{32})\.png" /index.php?page=log&id=$1 last;

stops working, and gives a 404. The error started happening on my site after I included the expires.conf (because I moved from apache to nginx recently) and it used to work on Apache, so I decided to use it on nginx as well... any idea on how to fix this issue (while still keeping expires.conf of course)

Hey,
I want to start a discussion about the node server config as I think there might be room for improvement.

IMO, we have to treat node kinda differently, since it isn't exclusively an http server. That's why, for example, the current node config uses the connect middleware framework (which is an excellent choice).

I think, we should aim to make the node config more boilerplate-y itself.

Here are my suggestions:

1. Use express instead of connect.
   why, you might ask? well, connect is a framework to build other frameworks. express is a framework built on top of connect geared towards web developers (the targeted audience of h5bp, in my eyes) and the newest connect doesn't include a router middleware anymore
2. use connect.compress() middlware included in connect 2.0 to enable compression
3. maybe, but only maybe use connect-assetmanager for concatenation and minification of JS and CSS.
   that kinda makes h5bp's build system obsolete though. that's why i'm not sure if I like this idea

what do you think?

Hi
According to the Wiki we should use the .js mimType as "text/javascript"
but in the master web.config mimType as "application/javascript"

Can you please update the WiKi so that we don't get confused
according to RFC we should not use "text/javascript" (http://www.rfc-editor.org/rfc/rfc4329.txt )

Wiki- https://github.com/h5bp/server-configs/wiki/web.config
2. Gzip Components

....
6. Use UTF-8 encoding


.....

server-configs: https://github.com/h5bp/server-configs/blob/master/web.config
Line 114 -115


.....

Hi,

I tried to use the mod_expire options for lighty from commit d365c5c, but they didn't work for me (no "Cache-Control" in HTTP headers).

Thanks to this forum post http://nixcraft.com/web-servers/12005-lighttpd-mod_expire-how-check-its-work.html I got it to work, so the right syntax for mod_expire should look like:

$HTTP["url"] =~ "\.(ico|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" {
    expire.url = ( "" => "access plus 10 years" )
}

I'm using lighttpd 1.4.28 on Gentoo...

Thanks!

One example is in expires.conf:

location ~* \.(ttf|ttc|otf|eot|woff|font.css)$ {

Should be:

location ~* \.(?:ttf|ttc|otf|eot|woff|font.css)$ {

Otherwise nginx wastes memory and time storing the capture into a string in $1.

This fix needs to be done in every file, to make sure that none use (). They must always use (?:).

I saw the issue in several files.

Bad:

location ~ (?:^|/)\. {
   return 403;
}

Good:

location ~ (?:^|/)\. {
   deny all;
}

Since we changed how we are doing things in node, we need to explain this in the docs.

This suggests express should support connect's gzip middleware? Unsure if this has already been considered. Please close if so!

Hi guys, I'm new in node.js, and I'm not sure what I am doing wrong
i have installed h5bp npm package, included in my app.js and tried to create server with express option as it is in the example (I read in issues that npm is updated). but the console keep saying that there is no such method. I'm a big fan of html5 bolerplate, I used it in several project with apache and iis but never with node.js. Any help will be appreciated. If you say that it's not finished yet I'll understand, but it seems it is. all the rules from htaccess are kinda included in h5bp.js.

As per nginx issue #243 (http://trac.nginx.org/nginx/ticket/243) mime-types for office files > 2003 (docx, xlsx, pptx, ...) are missing. This appears to be the same on this version of mime.types. Imho they should be added too.

The two rules handling ico files are not consistent

# Favicon
location ~* \.ico$ {
  expires 1w;
  access_log off;
  add_header Cache-Control "public";
}

location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|mp4|ogg|ogv|webm)$ {
  expires 1M;
  access_log off;
  add_header Cache-Control "public";
}

Currently gae/ directory contains only python (2.5) runtime template.

Would be nice to add python27 and java runtimes configuration templates.

https://github.com/niftylettuce/html5-express-boilerplate/blob/master/server.js

Hi

The comments re cache busting gives an example of /css/style.v20110203.css to /css/style.css. However, the regex (.\d) suggests digits after the "." meaning the "v" will cause no match. Either add "v" to the expression or remove the v from the example?

The .htaccess and web.config files have both. Again, this should be an opt-in (much as I would love to enforce no-www rule!).

I wonder why we don't remove etags in web.config. This stackoverflow answer suggests that there is a Rewrite module that would help, but I am ignorant about web.configs in general, so I would appreciate someone more knowledgeable to chime in!

It would be great to have.

originally requested by @rrallian

"During testing the time difference between level 1 and 9 was around 2 hundredths of a second per file on a P3 500MHz"

So it seems there is no drawback to setting this to 9 -- why is it set to 2?

@paulirish says "sure, let's change it"

but: actually we should probably find the referenced test or another one just to make sure-- maybe it's 2 10ths and not 2 hundrendths, in which case a lower compression level would be warranted...

Curious as to whether there Is any reason why we don't set:

add_header "X-UA-Compatible" "IE=Edge,chrome=1"; (or similar)

in nginx.conf?

Cheers

It seems that there's been a decision made to move the node server configs into a separate repo so that it can become an npm package. If so, it needs to be extracted while preserving the full history of the commits to the directory.

@AD7six and @alrra did this recently for the .htaccess migration, so I'll leave it up to one of them to handle the migration to the new https://github.com/h5bp/node-server-config repo.

It would also be good to work out if we can or want to use git subtree to keep a synced version in this repo, as the Solarized project does, since it can provide a single point of reference and ensure parity between the configurations.

mimeMap fileExtension=".json" mimeType="application/json />
should read
mimeMap fileExtension=".json" mimeType="application/json" />