Welcome! Log In Create A New Profile

Advanced

Re: Allow internal redirect to URI x, but deny external request for x?

All files from this thread

File Name File Size   Posted by Date  
smime.p7s 3.5 KB open | download j94305 09/03/2019 Read message
smime.p7s 3.5 KB open | download j94305 09/04/2019 Read message
J. Lewis Muir
August 31, 2019 10:12AM
On 08/31, Francis Daly wrote:
> On Fri, Aug 30, 2019 at 04:59:36PM -0500, J. Lewis Muir wrote:
>
> Hi there,
>
> > I was wishing for a way to specify a new root but with a modified
> > request URI. So, I tried the alias directive, and I assumed that
> > $document_root and $realpath_root would refer to the aliased document
> > root, but obviously that can't be since nginx has no way of knowing what
> > the aliased document root should be when all it has is a location alias
> > which is the full path to the resource. Sorry for the trouble.
>
> It sounds like your desires are for requests:
>
> * starts with /my-app/current/ -> reject
> * starts with /my-app/releases/ -> reject
> * matches /my-app/something.php, or /myapp/something.php/anything ->
> fastcgi-process the file /srv/www/my-app/current/something.php
> * matches /my-app/something -> just send the file
> /srv/www/my-app/current/something
>
> Is that correct? If so -- do exactly that.

Yes!

> For example (but mostly untested):
>
> ==
> location ^~ /my-app/current/ { return 200 "nothing to see at /current/\n"; }
> location ^~ /my-app/releases/ { return 200 "nothing to see at /releases/\n"; }
> location ^~ /my-app/ {
> location ~ \.php($|/) {
> fastcgi_split_path_info ^/my-app(/.*php)(.*);
> root /srv/www/my-app/current/;
> include fastcgi.conf;
> fastcgi_pass unix:php.sock;
> }
> alias /srv/www/my-app/current/;
> }
> ==

Wow! I had given up on getting this approach to work. Honestly, I
don't think I would have thought of your solution. Brilliant!

I tried it, and it worked after making a few tweaks! Here's what
worked:

location ^~ /my-app/current/ {
return 404;
}

location ^~ /my-app/releases/ {
return 404;
}

location ^~ /my-app/ {
index index.php;
location ~ [^/]\.php(?:/|$) {
root /srv/www/my-app/current;
fastcgi_split_path_info ^/my-app(/.+?\.php)(/.*)?$;
include php-fpm-realpath.conf;
}
alias /srv/www/my-app/current/;
}

I changed the root directive to come before the fastcgi_split_path_info,
but that was just aesthetic; it worked fine the other way
too. Previously, I had the fastcgi_split_path_info call in
php-fpm-realpath.conf along with the following file-exists check after
it:

if (!-f $realpath_root$fastcgi_script_name) {
return 404;
}

But I moved the fastcgi_split_path_info call out of
php-fpm-realpath.conf so that I could use the custom regex like in your
suggestion.

So, your solution solved my problem! Thank you!

On a related note, while considering those return-404s for
/my-app/current/ and /my-app/releases/, I realized that those could, in
theory, conflict with the URIs of a web app if the web app actually used
those same URIs. For example, maybe the web app is a GitLab-type app
and a URI of /my-app/releases/ might very well be part of the app's URI
set for displaying software releases or something. This has nothing to
do with your solution and everything to do with my initial design choice
that I was trying to achieve, and it's something I hadn't considered
before.

For my current app, it doesn't use those URIs, so it's not a problem,
but as a general scheme, it's not perfect. I think one solution would
be to move the app root directory to a different name so that it can't
conflict. For example, have it live at

/srv/www/my-app-deployment

or something like that. Then I could just return a 404 for any request
on that, e.g.:

location ^~ /my-app-deployment/ {
return 404;
}

Thanks again!

Lewis
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 01:34PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 02:22PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 02:38PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 03:00PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 30, 2019 04:56PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 06:00PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 30, 2019 07:22PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 31, 2019 03:28AM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 11:06AM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 10:12AM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 31, 2019 04:52PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 05:56PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly September 02, 2019 05:04PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 03, 2019 01:28PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 03, 2019 05:32PM

Re: Allow internal redirect to URI x, but deny external request for x?

Ian Hobson August 30, 2019 03:02PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 11:32AM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 30, 2019 04:34PM

Re: Allow internal redirect to URI x, but deny external request for x?

gariac August 30, 2019 05:24PM

Re: Allow internal redirect to URI x, but deny external request for x?

Ian Hobson August 31, 2019 10:42AM

Re: Allow internal redirect to URI x, but deny external request for x?

j94305 August 30, 2019 06:28PM

Re: Allow internal redirect to URI x, but deny external request for x?

gariac August 31, 2019 03:20PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 03, 2019 11:30PM

Re: Allow internal redirect to URI x, but deny external request for x? Attachments

j94305 September 03, 2019 11:56PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 04, 2019 11:30AM

Re: Allow internal redirect to URI x, but deny external request for x? Attachments

j94305 September 04, 2019 11:44AM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 04, 2019 12:32PM

Re: Allow internal redirect to URI x, but deny external request for x?

j94305 September 10, 2019 02:46PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 111
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready