Welcome! Log In Create A New Profile

Advanced

Re: Allow internal redirect to URI x, but deny external request for x?

All files from this thread

File Name File Size   Posted by Date  
smime.p7s 3.5 KB open | download j94305 09/03/2019 Read message
smime.p7s 3.5 KB open | download j94305 09/04/2019 Read message
Francis Daly
September 02, 2019 05:04PM
On Sat, Aug 31, 2019 at 04:55:26PM -0500, J. Lewis Muir wrote:
> On 08/31, Francis Daly wrote:
> > On Sat, Aug 31, 2019 at 09:10:09AM -0500, J. Lewis Muir wrote:

Hi there,

> > Using "realpath" should not affect nginx at all. nginx invites the
> > fastcgi server to use pathname2 instead of pathname1; so the fastcgi
> > server is the only thing that should care.
>
> Hmm, I might not be understanding this. The rationale of using
> $realpath_root instead of $document_root was to make it so that a
> new version of the web app could be deployed atomically at any time
> by changing the "current" symlink,
....
> fastcgi_param DOCUMENT_ROOT $realpath_root;
> fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
>
> So, does that make sense, or am I still not understanding this? I don't
> know what you mean by "nginx invites the fastcgi server to use pathname2
> instead of pathname1." What are pathname1 and pathname2?

nginx does not "do" php. nginx does not care what your fastcgi server
will do with the key/value pairs that it sends. nginx cares that the
fastcgi server gives a valid response to the request that nginx makes.

Typically, your fastcgi server will use the value associated with
SCRIPT_FILENAME as "the name of the file to execute". If your fastcgi
server fails to find / read / execute that file, it will return its own
error indication.

(So your "if", or the more common "try_files", is just an early-out,
to sometimes avoid involving the fastcgi server. It may happen that the
file is present when nginx looks for it, but is absent when the fastcgi
server looks for it -- so that case does have to be handled anyway.)


In this case, if $document_root is /srv/www/my-app/current/ and
$realpath_root is /srv/www/my-app/releases/1.0.2/, and the script
name is test.php, then with one config, nginx would send the string
"/srv/www/my-app/current/test.php", and with the other config nginx
would send the string "/srv/www/my-app/releases/1.0.2/test.php".

(That is "pathname1" vs "pathname2".)

So if "one request" involves the fastcgi server reading
"/srv/www/my-app/current/test.php", and then reading a bunch of other
files in the same directory -- then I guess that unfortunate timing
could lead to it reading some files from releases/1.0.1 and some from
releases/1.0.2. (Assuming that it opens the directory afresh each time --
which can't be ruled out.)

But if "the app" involves a http request to part1.php and then a http
request to part2.php (or: a second http request to part1.php), I don't
think that the symlink+realpath thing will prevent those two requests
going to different release versions.

All the best,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 01:34PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 02:22PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 02:38PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 03:00PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 30, 2019 04:56PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 30, 2019 06:00PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 30, 2019 07:22PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 31, 2019 03:28AM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 11:06AM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 10:12AM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 31, 2019 04:52PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 05:56PM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly September 02, 2019 05:04PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 03, 2019 01:28PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 03, 2019 05:32PM

Re: Allow internal redirect to URI x, but deny external request for x?

Ian Hobson August 30, 2019 03:02PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir August 31, 2019 11:32AM

Re: Allow internal redirect to URI x, but deny external request for x?

Francis Daly August 30, 2019 04:34PM

Re: Allow internal redirect to URI x, but deny external request for x?

gariac August 30, 2019 05:24PM

Re: Allow internal redirect to URI x, but deny external request for x?

Ian Hobson August 31, 2019 10:42AM

Re: Allow internal redirect to URI x, but deny external request for x?

j94305 August 30, 2019 06:28PM

Re: Allow internal redirect to URI x, but deny external request for x?

gariac August 31, 2019 03:20PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 03, 2019 11:30PM

Re: Allow internal redirect to URI x, but deny external request for x? Attachments

j94305 September 03, 2019 11:56PM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 04, 2019 11:30AM

Re: Allow internal redirect to URI x, but deny external request for x? Attachments

j94305 September 04, 2019 11:44AM

Re: Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir September 04, 2019 12:32PM

Re: Allow internal redirect to URI x, but deny external request for x?

j94305 September 10, 2019 02:46PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 102
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready