Welcome! Log In Create A New Profile

Advanced

Re: httptunnel and nginx

António P. P. Almeida
January 10, 2011 12:32PM
On 10 Jan 2011 16h45 WET, nginx-forum@nginx.us wrote:

Going out in a tangent, if you're using this config (also) for Drupal,
you're exposed to a lot of potential security holes.

The configuration is quite messy. How many locations and regexes are
needed for making a request? There's an example config along theses
lines in the current debian nginx package for Nginx on the unstable
release. I've procrastinated opening a bug report because of this
messy config because I no longer use the debian package, but roll my
own instead. But something must be done to stop this ugliness to
spread like wildfire.

You can get a better config by visiting the group
http://groups.drupal.org/nginx and checking out what's discussed
there.

It doesn't solve your tunnel issue, but takes care of security
issues.

If you're not using this for drupal then just ignore my rant.
--- appa

> and I configure nginx as it (file /etc/nginx/site-avaible/default):
> [code]server {
> listen 80; ## listen for ipv4; this line is default and
> implied
> #listen 8080; ## listen for ipv4; this line is default and implied
> listen [::]:80 default ipv6only=on; ## listen for ipv6
>
> #root /usr/share/nginx/www;
> root /var/www;
> index index.html index.htm index.php;
>
> # Make site accessible from http://localhost/
> server_name barmic.fr barmic.42;
>
> location / {
> # First attempt to serve request as file, then
> # as directory, then fall back to index.html
> try_files $uri $uri/ /index.html;
> }
>
> ## Indefero
> location /indefero {
> root /var/www/indefero;
> index index.php;
>
> #rewrite rules for indefero
> if (-e $request_filename) {
> break;
> }
> rewrite ^(.*)$ /index.php?_pluf_action=/$1 last;
> }
>
> #location /blog {
> # root /home/barmic/blog;
> # index index.html;
> #}
>
> location /doc {
> root /usr/share;
> autoindex on;
> allow 127.0.0.1;
> deny all;
> }
>
> location /images {
> root /usr/share;
> autoindex off;
> }
>
> #error_page 404 /404.html;
>
> # redirect server error pages to the static page /50x.html
> #
> #error_page 500 502 503 504 /50x.html;
> #location = /50x.html {
> # root /usr/share/nginx/www;
> #}
>
> # pass the PHP scripts to FastCGI server listening on
> # 127.0.0.1:9000
> #
> #location ~ \.php$ {
> # fastcgi_pass 127.0.0.1:9000;
> # fastcgi_index index.php;
> # include fastcgi_params;
> #}
>
> # This block adds a little security.
> # See /usr/share/doc/nginx/examples/drupal for context
> location ~ \..*/.*\.php$ {
> return 403;
> }
>
> # This is basic PHP block that can be used to handle all PHP
> requests.
> # See /usr/share/doc/nginx/examples/drupal for context
> location ~ \.php$ {
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> include fastcgi_params;
> # Intercepting errors will cause PHP errors to appear in Nginx logs
> fastcgi_intercept_errors on;
> fastcgi_pass unix:/tmp/phpcgi.socket;
> }
>
> # deny access to .htaccess files, if Apache's document root
> # concurs with nginx's one
> #
> #location ~ /\.ht {
> # deny all;
> #}
> }


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

httptunnel and nginx

barmic January 10, 2011 11:45AM

Re: httptunnel and nginx

António P. P. Almeida January 10, 2011 12:32PM

Re: httptunnel and nginx

barmic January 11, 2011 01:53AM

Re: httptunnel and nginx

barmic January 17, 2011 05:47AM

Re: httptunnel and nginx

barmic January 18, 2011 02:43AM

Re: httptunnel and nginx

vesperto January 17, 2011 06:00AM

Re: httptunnel and nginx

António P. P. Almeida January 17, 2011 09:06AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 138
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready