Rewrite migration from apache

Hi,

I’m migrating some sites from apache 2.0 to nginx. I have problems with
this rewrite:

RewriteRule ^([^/]{2,})/$ home.php?key=$1

I have changed to:

rewrite ^([^/]{2,})/$ home.php?key=$1 last;

but when I make a checkconfig, nginx output this:

directive “rewrite” is not terminated by “;” in /etc/nginx/nginx.conf:

Seems that {2,} is not accepted from nginx. Can anybody explain me
how can I solve this?

Thanks.

Denis F. Latypoff ha scritto:

the problem is in “{}” characters which are used by nginx as config block:

location / { # <- begin block
} # <- end block

your config is: rewrite ^([^/]{ # <- begin block without proper terminating a
directive by “;”.

Oh, thanks so much. Now it works! Bye.

Hello Matteo,

Tuesday, February 19, 2008, 3:37:36 PM, you wrote:

Hi,

I’m migrating some sites from apache 2.0 to nginx. I have problems with
this rewrite:

RewriteRule ^([^/]{2,})/$ home.php?key=$1

I have changed to:

• rewrite ^([^/]{2,})/$ home.php?key=$1 last;

• rewrite “^([^/]{2,})/$” home.php?key=$1 last;

but when I make a checkconfig, nginx output this:

directive “rewrite” is not terminated by “;” in /etc/nginx/nginx.conf:

Seems that {2,} is not accepted from nginx. Can anybody explain me
how can I solve this?

the problem is in “{}” characters which are used by nginx as config
block:

location / { # <- begin block
} # <- end block

your config is: rewrite ^([^/]{ # <- begin block without proper
terminating a
directive by “;”.

Hi folks,

I often have problems trying to use different locations without having
to duplicate config.
I think I must be thinking about it the wrong way!

Basically I just want to make /admin/ password-protected, but inherit
all the other config.

So I tried this:

location / {
include /path/to/php.conf; # includes all fastcgi stuff and some
rewrites
location ~ /admin/.* {
auth_basic “Restricted”;
auth_basic_user_file /path/to/admin.htusers;
}
}

But it doesn’t work, so I tried this way which I’ve made work before:

location / {
include /path/to/php.conf;
}

     location ~ /admin/.* {
auth_basic              "Restricted";
auth_basic_user_file    /path/to/admin.htusers;
include /path/to/php.conf;

}

But this doesn’t work either, it includes the PHP file but doesn’t do
the auth, and there’s no error in the log. I’ve tried various
permutations on ~ /admin/.* too.

What am I doing wrong?

Many thanks,
Igor

On 19 Feb 2008, at 11:23, Denis F. Latypoff wrote:

•      location ~ /admin/.* {
  

•      location /admin { # not tested
  

Thanks Denis, and sorry for the delay in replying.

Unfortunately that didn’t work, and I’m still having the same sort of
problems with the location directive.

On another PHP site, I’m trying to restrict access to /admin via IP.
I have the following config, which works fine, though perhaps not
optimal:

            rewrite  ^/speakers/(.+)/?$          /speakers/video/$1;
        }
            fastcgi_index      index.php;
            fastcgi_intercept_errors  on;
            include          conf/fastcgi_params;
        }
    }
    error_page  404         /404.html;
    error_page  500         /500.html;
}

I just want to do the following, but still have all the other
directives work, so that rewrites and PHP work under /admin:

     location /admin {
         allow   1.2.3.4;
         deny    all;
     }

How should I go about this? Where should I put the /admin location
block? Nothing I do seems to work. I understand that the first matched
regular expression stops the search, but as I can’t seem to get
nesting locations to work, what should I do?

(By the way, this is the first time we’ve used the FLV module, and
we’re really pleased with the results, so thanks!)

Best wishes
Igor

On Thu, Feb 28, 2008 at 07:41:34PM +0000, Igor C. wrote:

       # Then, rewrite using the last rules
           /frontend.php?CONTROL_PATH=$1  last;

   error_page  500         /500.html;

}

I just want to do the following, but still have all the other
directives work, so that rewrites and PHP work under /admin:

     fastcgi_index                index.php;
     fastcgi_intercept_errors     on;
     include                      conf/fastcgi_params;

     location ^~ /admin/ {

         allow   1.2.3.4;
         deny    all;

         location ~ \.php$ {
             fastcgi_pass         127.0.0.1:9999;
         }
     }

     location ~ \.php$ {
         fastcgi_pass             127.0.0.1:9999;
     }

How should I go about this? Where should I put the /admin location
block? Nothing I do seems to work. I understand that the first matched
regular expression stops the search, but as I can’t seem to get
nesting locations to work, what should I do?

    location /admin {
        allow   1.2.3.4;
        deny    all;
    }

Hi Igor, thank you very much. When I did

location ~^ /admin/

it still gave a 404, but when I changed it to

location ~^ /admin.php

it worked perfectly. Seems I’ve been trying to apply “location” to pre-
rewrite URLs, which just won’t work - is that right?

Igor

On Fri, Feb 29, 2008 at 09:39:20AM +0000, Igor C. wrote:

Hi Igor, thank you very much. When I did

location ~^ /admin/

it still gave a 404, but when I changed it to

location ~^ /admin.php

it worked perfectly. Seems I’ve been trying to apply “location” to pre-
rewrite URLs, which just won’t work - is that right?

Could you write what URIs and how you want to handle, for example:

   /       -> fascgi
   /admin/ -> fascgi, auth protected
  ...

?

Hi Igor,

Everything that doesn’t exist as a file gets routed to either /
frontend.php, or /admin.php if the URI starts with /admin. If so, it’s
IP-restricted in this case, basic_auth protected in other cases.

So we want to be able to do:

/ -> /frontend.php -> fastcgi

/speakers/show/all -> /frontend.php?control_path=/speakers/show/all ->
fastcgi

/admin -> /admin.php -> fastcgi, protected

/admin/speakers/edit/32 /admin.php?control_path=/admin/speakers/edit/
32 -> fastcgi, protected

I’m just wondering whether our approach of “rewrite first, then deal
with locations” is just wrong, maybe we should deal with locations
first and then rewrite if necessary.

Thanks for your help,
Igor

On Fri, Feb 29, 2008 at 11:13:48AM +0000, Igor C. wrote:

/speakers/show/all -> /frontend.php?control_path=/speakers/show/all ->
first and then rewrite if necessary.
location / {
error_page 404 = @fallback;
}

    location @fallback {
        fastcgi_pass   ...
        fastcgi_param  SCRIPT_FILENAME  /path/to/frontend.php;
        fastcgi_param  QUERY_STRING     control_path=$uri;
        ...
    }

    location /admin {
        allow   1.2.3.4;
        deny    all;
        error_page  404 = @admin;
    }

    location @admin {
        fastcgi_pass   ...
        fastcgi_param  SCRIPT_FILENAME  /path/to/admin.php;
        fastcgi_param  QUERY_STRING     control_path=$uri;
        ...
    }

On Fri, 2008-02-29 at 14:31 +0300, Igor S. wrote:

    location / {
        error_page  404 = @fallback;
    }

    location @fallback {
        fastcgi_pass   ...
        fastcgi_param  SCRIPT_FILENAME  /path/to/frontend.php;
        fastcgi_param  QUERY_STRING     control_path=$uri;
        ...
    }

Igor,

I’ve seen you use the “@” prefix on locations in several examples you’ve
given people. Is this just a notation you prefer or does it have some
significance?

Regards,
Cliff

Hello Igor,

Tuesday, February 19, 2008, 5:04:48 PM, you wrote:

Hi folks,

I often have problems trying to use different locations without having
to duplicate config.
I think I must be thinking about it the wrong way!

Basically I just want to make /admin/ password-protected, but inherit
all the other config.

So I tried this:

    location / {
            include /path/to/php.conf;      # includes all fastcgi stuff and some  

rewrites
location ~ /admin/.* {
auth_basic “Restricted”;
auth_basic_user_file /path/to/admin.htusers;
}
}

But it doesn’t work, so I tried this way which I’ve made work before:

    location / {
            include /path/to/php.conf;
     }

•      location ~ /admin/.* {
  

•      location /admin { # not tested
  

            auth_basic              "Restricted";
            auth_basic_user_file    /path/to/admin.htusers;
            include /path/to/php.conf;
    }

But this doesn’t work either, it includes the PHP file but doesn’t do
the auth, and there’s no error in the log. I’ve tried various
permutations on ~ /admin/.* too.

What am I doing wrong?

Many thanks,
Igor

On Fri, Feb 29, 2008 at 11:20:42PM -0800, Cliff W. wrote:

        fastcgi_param  QUERY_STRING     control_path=$uri;
        ...
    }

Igor,

I’ve seen you use the “@” prefix on locations in several examples you’ve
given people. Is this just a notation you prefer or does it have some
significance?

Yes, these are named locaitons, they had appeared in 0.6.6 and 0.5.31.
The main feature - while internal redirect via error_page $uri is not
changed, so they are handily to use in fallback handlers.

The named locaiton are always internal and do not intersect with site’s
URI
space.

In 0.6.27 post_action will support named location too.

Hi Igor,

I’ve been trying this out taking the approach of the example you gave
me - very happy about it, and have a couple of questions.

• Using “error_page 404 @fallback” instead of "if (! -f " seems to
  generate 404 errors in the log for every hit transferred to the
  @fallback. Is that inevitable?

• Is there any way to use “fastcgi_intercept_errors on” with this setup?

Thanks very much,
Igor

Thanks very much Igor, that’s really helpful, and shows a completely
different approach from the one I’ve been taking. Excellent stuff.

Igor

On Mon, Mar 03, 2008 at 02:07:41PM +0000, Igor C. wrote:

Hi Igor,

I’ve been trying this out taking the approach of the example you gave
me - very happy about it, and have a couple of questions.

• Using “error_page 404 @fallback” instead of "if (! -f " seems to
  generate 404 errors in the log for every hit transferred to the
  @fallback. Is that inevitable?

   log_not_found  off;

• Is there any way to use “fastcgi_intercept_errors on” with this setup?

Yes. But you also need to add

 location @fallback {

     recursive_error_pages  on;

to redirect it via error_page, because this is second error_page
redirection
in request.

Thanks Igor,

On 3 Mar 2008, at 14:15, Igor S. wrote:

• Using “error_page 404 @fallback” instead of "if (! -f " seems to
  generate 404 errors in the log for every hit transferred to the
  @fallback. Is that inevitable?

  log_not_found  off;

If no 404s are recorded at all there’s no way to tell if (for example)
someone has a remote broken link, someone is trying particular URLs
for vulnerabilities, etc. Is it possible to log only 404s which get
404 codes back from the PHP app via @fallback ?

redirection
in request.

Perfect! Thanks.

Cheers,
Igor

On 3 Mar 2008, at 16:55, Igor S. wrote:

If no 404s are recorded at all there’s no way to tell if (for
example)
someone has a remote broken link, someone is trying particular URLs
for vulnerabilities, etc. Is it possible to log only 404s which get
404 codes back from the PHP app via @fallback ?

In access_log only.

Ah, yes, of course!

However I seem to still get the 404s (e.g. request for “/transcripts/
view/theme/parttime-work/” gives 404 “/transcripts/view/theme/parttime-
work/index.html is not found”) recorded in error_log, even when
“log_not_found off” is in main “server” context or in any “location”
context.

Igor

On Mon, Mar 03, 2008 at 04:52:50PM +0000, Igor C. wrote:

If no 404s are recorded at all there’s no way to tell if (for example)
someone has a remote broken link, someone is trying particular URLs
for vulnerabilities, etc. Is it possible to log only 404s which get
404 codes back from the PHP app via @fallback ?

In access_log only.

On Mon, Mar 03, 2008 at 05:44:02PM +0000, Igor C. wrote:

Ah, yes, of course!

However I seem to still get the 404s (e.g. request for “/transcripts/
view/theme/parttime-work/” gives 404 “/transcripts/view/theme/parttime-
work/index.html is not found”) recorded in error_log, even when
“log_not_found off” is in main “server” context or in any “location”
context.

In this case you should get 403 error:
“directory index of “…” is forbidden”.

I will probably create “log_forbidden on|off”.