Quantcast
Channel: Nginx Forum - How to...
Viewing all 2931 articles
Browse latest View live

redirect a suffix without move the old links (no replies)

December 17, 2018, 6:21 am
$
0
0
Hello, i need to do a redirect like this:

domain.com/example > domain.com/example2

but the old links, example:

domain.com/example/this-is-a-redirect-example

do not be moved to the example2, is this possible?

i tried the following sitntax:

rewrite ^/example/ https://domain.com/example2/ perment;

Any help will be apreciated!
Very thanks in advance!

ps. i try google this a lot, but i think i cant express the right words to find a properly anwser.
Search

Set an Nginx Bitrate Limit (no replies)

December 17, 2018, 6:46 am
$
0
0
I run video site, in my Nginx conf i put this code to limit the bandwidth usage:

mp4;
limit_rate 150k;
limit_rate_after 4m;
I would like to setup a dynamic bitrate. For example i could set the dynamic bitrate to 1.2x video file bitrate.

It would provides ability to limit download speed depending on video file bitrate. I would specify a bitrate multiplier ( for example 1.2 )

Or if that's not possible limit rate to 1k after video bitrate for example.

Thanks for your help.

nginx bitrate

How to make to support 0-rtt in nginx web server (no replies)

December 19, 2018, 6:06 am
$
0
0
Hi,
I am testing TLS 1.3 0-rtt in my nginx web server. My nginx is compiled with Boringssl. My browser is firefox nightly.

I first access my web server and after about 10 minutes, I again access my server.
And I looked at wireshark log. It shows client hello packet does not contain application data which means early-data 0rtt is not sent. It processes through regular procedures.
I have enabled firefox 0-rtt. I think it should be because of nginx configuration. Please help with my problem.

NGINX - OpenResty - How to reverse proxy a call to 2 different servers based based on a string? (no replies)

December 20, 2018, 9:18 pm
$
0
0
I'm trying to configure NGINX/OpenResty to proxy SOAP calls to 2 different servers based on a string present on the SOAP request.

What I'm able to do:
I am able to proxy requests to 2 different servers based on the path the SOAP client is calling:
location /pathA {
proxy_pass http://www.ServerA.com/PathA/;
}
location /pathB {
proxy_pass http://www.ServerB.com/PathB/;
}

What I can't do:
I can't separate the traffic based on the content of the request. The main reason I believe is that I can't correctly assemble the LUA script to extract the information and later use it to proxy the request.

location / {
conten_by_lua '
ngx.req.read_body()
local match = ngx.re.match(ngx.var.request_body,"STRING TO FIND")
if match then
proxy_pass http://www.ServerA.com/PathA/;
else
proxy_pass http://www.ServerB.com/PathB/;

how can I achieve this?

I installed OpenResty and LUA is working fine.

I think I read somewhere that if the request is not an HTTP POST "ngx.req.read_body()" would not work. Is that correct?

Thank you for your help.

Weighted load balancing Nginx (no replies)

January 1, 2019, 6:40 am
$
0
0
Its my first time working with Nginx, and i started doing some balancing.

I have the next shema:

Nodejs app1 running (IP:5050).
Nodejs app2 running (IP:6060).

And i have this load balancing config:

upstream backend {
#least_conn;
#ip_hash;
server 172.29.24.1:5050 weight=3;
server 172.29.24.1:6060 weight=5;
}

I need to get this:

Make 1 of every 3 times load the first application and 2 of every 3 for the second application

Advanced HTTP Basic Auth query with determine IP address (no replies)

January 1, 2019, 12:01 pm
$
0
0
Hello forum user, I have a page that can only be reached via IP address. Now I want to make this page open from the outside. But then an Auth _ Basic query is to come up.


I entered the following line in the domain configuration.

location / {
if ($remote_addr != XXX.XXX.XXX.XX)
{
try_files $uri $uri/ =404;
auth_basic "Externe Zugriffskontrolle";
auth_basic_user_file /.../...../........../........../.htpasswd;
}
}


Unfortunately, I keep getting the error message: "nginx: [emerg] " try _ files "directive is not allowed here in ... " Without a query it works. But then the query is always there. Can anyone help me?

Thanks in advance ...

How to make nginx to be able to send early data with post request. (no replies)

January 1, 2019, 7:22 pm
$
0
0
I cannot send early data in post request in my local nginx web server. I am using TLS 1.3. I know that it is not secure to do that. But I only want to test it. Is it related with nginx version. If so, what can I do for that? Please advise me how to send early data with post method.

Check Header on outbound (no replies)

January 3, 2019, 8:23 am
$
0
0
Hello.

I'm attempting to do a header verification within NGINX and I can't seem to find a good place to start.

I'm running NGINX 1.14.0 on Ubuntu 18.04 with default settings. My flow begins from inside our private network:

MyApp -> Proxy(Check Header) -> Outside Service.

In the case that the header doesn't match the definition, it should kick back a 403 to 'MyApp'.

I feel like I'm over-complicating this. Can someone point me in the right direction on where to start?

Thanks..

Best,

Jason M.
Search

Newbie question (no replies)

January 9, 2019, 12:11 pm
$
0
0
I am new to nginx, so sorry for stupid question ...

I configured some apps behind it, like for example added a block to /etc/nginx/sites-enabled/default:

## Emby ##
location /emby {
rewrite /emby/(.*) /$1 break;
proxy_pass http://127.0.0.1:8096;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#auth_basic "Restricted";
#auth_basic_user_file "/etc/nginx/.htpasswd";
}

So now I can I open it as <domain>/emby

Can I customize it to be emby. <domain> or other name?

Thx

Nginx rewrite not work (no replies)

January 10, 2019, 12:51 am
$
0
0
nginx rewite does not work. Now I use it for the first time, so I haven't got a lot of it yet. I have such a link: myhost.ddns.net/newproj/index.php?oldal=menu1 I want to convert this. I tried it in several ways, but it doesn't work.
location /newproj/ {rewrite ^/index/(.*)$ /index.php?oldal=$1 last; }
what's the problem?
(Sorry for my english)

Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error (no replies)

January 11, 2019, 11:00 am
$
0
0
Hey Guys -

I have used Nginx for Windows for a while now in my home lab which I use for various purposes including hosting an internal website (uses Organizr v2) and reverse proxy. It listens on 80 & 443 but forwards all requests to 80 to 443 as I also have installed a 3rd party signed SSL vert for my home domain.

This worked well until a recent migration of my Nginx installation to a new system. Now when I visit my homepage, I can view the content loaded from the actual root of the site, but not anything reverse-proxy pulls from an HTTP source. The only way I can view it is to click the small shield icon to the right of Chrome's address bar and choose to "Load unsafe scripts." Although able to view it afterwards, the URL changes to "Not Secure." I didn't have this issue with my old install and for the most part, nginx.conf is the same even though there are minor differences with the version of Nginx & PHP.

Below are details of my environment, a few notes, and finally the beginning of my nginx.conf (assuming that's where the issue will be resolved.) Any assistance would be appreciated...

Environment
- Windows 10 x64 1809
- Nginx 1.15.8 (for Windows)
- PHP 7.3.0-nts-Win32-VC15-x64

Notes
- I compared the old and new conf files side by side using NotePad++ but didn't see anything notable which was different. I would have copied the exact old conf and use it, but was having issues with hosting being really slow on that old system recently which I know wasn't related to resources
- Following the "/files" location shown at the end of the snippet below, there are approximately 15 additional locations - each with fairly similar formatting and are the only parts of the conf file I left out to keep it clean. The only other change was changing the name of the domain
- I only apply PHP config to root instead of entire site as there is another app referenced by reverse proxy which has it's own different PHP installation. Prior to applying it only to the root, I was unable to use that app via RP
- Other than the issue described, the service starts & everything works well
- Windows Firewall is disabled (all 3) and there are no other firewalls on my PC
- Issue exists on multiple PCs & multiple browsers

nginx.conf Snippet
worker_processes 1;
events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

#Redirect requests for port 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}

# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;

# Configures NGINX to listen on 443 with SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;

#PHP Config in Root Only
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;

# The below section configures reverse proxy for locally hosted services
#CrushFTP Configuration
location /files {
proxy_pass http://192.168.0.35:4333/files;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
}
...
...
...

Any suggestions? Happy to post more details if needed. Thanks!

Nginx doesn't detect the OpenVPN client private IP (no replies)

January 11, 2019, 2:20 pm
$
0
0
Hello,

I guess I should try to post this issue on the Nginx forum first.

Simply put, in our case, one VPN client (an offsite laptop) would like to visit a web app (e.g., https://sub.example.com) that is only open to the IPs from the intranet IP range. We set this up by using the "allow/deny" directives.

However, the Nginx front-end node (provides reverse proxy) fails to detect the VPN private IP from the OpenVPN client. So the OpenClient got an error of "430 Fordidden". When the lap sits on the intranet, it can connect to the web app successfully, without OpenVPN obviously.


Here is some basic information:
1. we have a public IP
2. general traffic path: Internet ---> Router (DD-WRT v24 sp1) ---> Front-end Node (Nginx Reverse Proxy) ----> upstream web server (with the web apps as virtual hsots)
3. DD-WRT (v24 sp1) define the intranet size: 10.12.0.1/16
3. The dnsmasq service on the DD-WRT serves as the local DNS server (IP: 10.12.0.1, obviously)
4. The OpenVPN service on the DD-WRT serves as the OpenVPN server. Bridge mode is used. The OpenVPN server is configured to assign a private VPN IP to each OpenVPN client from the pool of 10.12.8.1 --10.12.8.100)
5. Behind the router sits a front-end node that uses Nginx for reverse proxy.

Everything seems work just fine from the OpenVPN side. For example, when connected from an offsite public Wi-Fi at Starbucks to the intranet via OpenVPN,

===========
1. the OpenVPN client can connect to the OpenVPn server on the router successfully. The private VPN IP assigned as expected, for example, 10.12.8.2

2. the OpenVPN client can use the local DNS server (10.12.0.1) on the DD-WRT router to resolve all the server hostnames on the intranet. Direct visit by the local intranet IP addresses works just fine.

3. computers on the Intranet physically can connect to the subdomain (https://sub.exmaple.com) successfully. This subdomain has the following access restriction on its reverse proxy confguration on the front-end node


allow 10.12.0.0/16;
deny all;

When an offsite computer connects to the intranet through OpenVPn from a public Wi-Fi, an error of "403 Forbidden" showed up on the web browser for https://sub.example.com.

The log on the front-end node show

2019/01/11 15:27:45 [error] 17942#17942: *2513 access forbidden by rule, client: 172.58.232.64, server: sub.example.com, request: "GET / HTTP/1.1", host: "sub.example.com"

where 17.58.232.64 is the IP assigned to the offsite laptop by the public Wi-Fi when the laptop connected to it.


Our request is to how to help Nginx to detected the VPN private IP of 10.12.8.2. assigned by the OpenVPN server, so that the access restriction on the Nginx front-end for this subdomain of https://sub.example.com can work.

If something is missed, please let me know and we can provide extra information.


Can someone here help?

Thanks.

Nginx version: 1.10.3
OpenVPN Server 2.3.2

Where is the location of "if" statement? (no replies)

January 13, 2019, 2:03 am
$
0
0
Hello.
I want to add below "if" statement:

if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}

But where is the location of it? Under "http"?

Thank you.

Constant 10053 Error in Log (no replies)

January 13, 2019, 5:30 pm
$
0
0
Hey Guys -

I recently moved my hosting to a new and up to date (1.15.8) version of NGINX (for Windows) with PHP 7.3.0 on a new system running Windows Server 2016. I mostly use the installation to host an internal page (Organizrv2), reverse proxy of internal sites, and to apply SSL using a 3rd party signed cert.

When performance seemed slower than before, I started looking through NGINX's error.log and found 3 different issues. I wanted to post details about them in hopes someone could help me find a solution. Below are the errors followed by a snippet from my nginx.conf...

This error was listed every 1-3 seconds when it seemed someone was actively browsing. To note, 192.168.0.35 is the IP NGINX is hosted upon:
2019/01/13 17:38:10 [crit] 6288#3576: *129415 SSL_write() failed (SSL:) (10053: An established connection was aborted by the software in your host machine) while sending to client, client: 192.168.0.35, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"

This error appears a good amount too, but not nearly as often as the above one:
2019/01/13 17:21:57 [error] 6288#3576: *127342 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading response header from upstream, client: 192.168.0.35, server: mydomain, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"

Finally, I had a couple of "10060: A connection attempt failed because the connected party did not properly respond after a period of time" entries, but understand this as the site it references can be slow to respond.

nginx.conf Snippet
Below is the first part of my nginx.conf. The last part I left out as it only defines RP locations, is repetitive, and I didn't think was needed:

worker_processes 1;
events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

#Redirect requests from 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}

# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;

# Configures NGINX to listen on 443 for SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;

# The below section configures reverse proxy for locally hosted services
# CrushFTP HTTP Configuration
location /crush {
proxy_pass http://192.168.0.25:8686/crush;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
client_max_body_size 10000M;
proxy_request_buffering off;
}
... and so on...

php.ini
My php.ini is all defaults except for the below uncommented lines (if needed):
extension_dir = "ext"
extension=php_openssl.dll
extension=php_pdo_sqlite.dll
extension=php_curl.dll
extension=php_sqlite3.dll
sqlite3.extension_dir = ext

Any suggestions? Thanks!!

How to open the site without using port. (no replies)

January 14, 2019, 4:18 am
$
0
0
Hello guys,

I'm new to nginx and still trying to figure out how the things happens.
From more than a week I'm reading articles, watching videos and still can't fix my problem.
I'll be glad if someone help me a little.

My confing is windows server 2012, MYSQL, NGINX, PHP and phpMyAdmin.

This is my nginx conf file:

listen 8080;
server_name 192.168.200.95;

location / {
root html;
index index.html index.htm index.php /_h5ai/server/php/index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

# phpmyadmin on port 81
server {
listen 81;
server_name localhost;
root phpmyadmin;
index index.php /_h5ai/server/php/index.php;
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
location ~ .php$ {
#root phpmyadmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# phpmyadmin end

When I enter "192.168.200.95:8080/site" in my browser everything works fine, but I want to reach my site without using the port. I have tried using proxy_pass , but without success.

Thank you in advance!
Search

Reverse Proxy to multiple servers one subdomain (no replies)

January 14, 2019, 1:25 pm
$
0
0
I'm a total newbie to nginx, but I managed to get it up and running on a Raspberry Pi, with SSL from certbot / Let's Encrypt, and was able to point it back to a web app running on a Linux server without issue. What I'm trying to do is the following and would appreciate any help that could be provided.

I have one sub-domain pointing to my home IP address, home.domain.com

I have a few Linux boxes running various web apps that I'd like to be able to point to as follows:

home.domain.com/server1/app1
home.domain.com/server2/app2
home.domain.com/server1/app1
home.domain.com/server2/app2

And so on. I've tried digging around and playing around with some things on my own, but haven't been able to get it working. Any help would be greatly appreciated, thanks in advance!

How to use Nginx to rout traffic to a squid forwarding proxy (no replies)

January 16, 2019, 1:30 pm
$
0
0
Hi,

We are running squid with a custom authentication application. Is it possible to have nginx pass a proxy tunnel to a squid forward proxy?
I've seen the https://github.com/chobits/ngx_http_proxy_connect_module , but that looks like trying to have nginx manage the proxy tunnel directly.
Any help would be appreciated. Thanks

curl -> nginx -> squid

weird 403 (no replies)

January 17, 2019, 3:07 am
$
0
0
hello,
I have a wamp net setup with nginx and laravel, dev environment. Until yesterday everything was working fine. Then I had to do git pull as my colleague did push some new features, after that basic installation of laravel is still working fine, but when I request a particular url as:

http://mysite/games/mygame

nginx throws a 403, treating that as folder, when it should not. I did not change nginx conf from yesterday, so I really dont understand, until yesterday that url was working just fine.

This is my conf:

server
{
listen 127.0.0.1:80;
error_log C:\wamp.net-1.1.1\bin\1-nginx_1.13.1_x86\logs\error.log emerg;
server_name "setonline.test";
root "C:/wamp.net-1.1.1/sites/setonline/public/";
location /
{
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$
{
fastcgi_pass 127.0.0.1:728;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

server
{
listen 127.0.0.1:443 ssl;
server_name "setonline.test";
root "C:/wamp.net-1.1.1/sites/setonline/public/";
ssl_certificate "C:/wamp.net-1.1.1/bin/1-nginx_1.13.1_x86/conf/vhosts/setonline.test.crt";
ssl_certificate_key "C:/wamp.net-1.1.1/bin/1-nginx_1.13.1_x86/conf/vhosts/setonline.test.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /
{
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$
{
fastcgi_pass 127.0.0.1:728;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

any suggestion?
thanks a lot

Multiple listen() call in Nginx server (no replies)

January 18, 2019, 7:59 am
$
0
0
Hi,

While running Nginx server, even if I enabled only one port (443), listen() API is calling two times. Why it is so? Only one listen() call is required ?

Thanks in advance

Does Nginx automatically cache subfolders ? (no replies)

January 20, 2019, 12:49 am
$
0
0
Hello

I use Nginx as an http cache in front of my Cloudera manager server and basically it works well.
However, one thing is not clear to me. When I specify a location to cache (which is actually a path), does it also automatically cache all subfolders ?
For example, if I specify /api/v16/clusters will it also cache /api/v16/clusters/cluster1/services ?

Because I think I see many misses in the access log for subfolders of paths I explicitly cache.

Thank you

Guy
Viewing all 2931 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>