I’m having an issue with turning on support for the X-Accel-Redirect
header in DokuWiki, a php-based wiki application. The server in question
is an Ubuntu 11.10 box with Nginx 1.0.10 and PHP-FPM 5.3.6-13. I posted
a request for assistance on the DokuWiki forums, since obviously they’re
the best suited to help if the problem is with their application, but I
wanted to also try the mailing list and see if the Nginx community could
suggest a direction I could go in.
DokuWiki has a configuration option to enable serving static content
using either X-Sendfile or X-Accel-Redirect, and since the site has more
than a few images, I wanted to toggle it on. When I do this and reload a
page, I get a page without any CSS or images, and the nginx error.log
file shows lots of “access forbidden by rule” errors, both for the CSS
file and for the various image files, like this:
2011/11/08 21:01:23 [error] 6693#0: *12 access forbidden by rule,
client: 10.10.10.110, server: www.bigdinosaur.org, request: “GET
/mcwiki/lib/exe/css.php?t=vector&tseed=1320807658 HTTP/1.1”, upstream:
“fastcgi://unix:/var/run/php5-fpm.soc:”, host: “www.bigdinosaur.org”,
referrer: “http://www.bigdinosaur.org/mcwiki/wiki:genesis_base”
…
2011/11/08 21:01:23 [error] 6693#0: *12 access forbidden by rule,
client: 10.10.10.110, server: www.bigdinosaur.org, request: “GET
/mcwiki/_media/wiki:gb:gb-entrance.jpg?w=500 HTTP/1.1”, upstream:
“fastcgi://unix:/var/run/php5-fpm.soc:”, host: “www.bigdinosaur.org”,
referrer: “http://www.bigdinosaur.org/mcwiki/wiki:genesis_base”
When I look at the headers being sent by the server for each request, I
don’t see anything about X-Accel-Redirect, but that might be because the
content isn’t being served in the first place. Here’s what the headers
for each request look like:
GET /mcwiki/_media/wiki:gb:gb-entry.jpg?w=300 HTTP/1.1
Host: www.bigdinosaur.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1)
Gecko/20100101 Firefox/7.0.1
Accept: image/png,image/;q=0.8,/;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7
DNT: 1
Connection: keep-alive
Referer: http://www.bigdinosaur.org/mcwiki/wiki:genesis_base
Cookie: (redacted)
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2011 03:04:26 GMT
Content-Type: text/html
Last-Modified: Mon, 07 Nov 2011 23:50:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 10 Nov 2011 03:04:26 GMT
Cache-Control: public, proxy-revalidate, no-transform, max-age=86400
Content-Disposition: inline;
filename=“1d2bb3508bcd870b387232726c81cd22.media.300x169.jpg”;
Content-Encoding: gzip
I’ve read through the X-Accel docs as best as I can, and I think that
the problem might be that I have no explicitly defined “location”
setting for the specific directories that the images and css files are
stored in, since they are in subdirectories underneath the main Dokuwiki
root (which does have a location definition).
I also can’t understand from the docs if X-Accel can only be used on
files whose location is explicitly marked “internal”–the page on the
nginx wiki says they “should” be, and various other pages on the web
offer contradictory advice.
Making the issue more complex: one of the URIs referenced in the two
requests above, “/mcwiki/_media/”, is being rewritten to make it look
prettier. Here’s the relevant rewrite rule:
rewrite ^/mcwiki/_media/(.*) /mcwiki/lib/exe/fetch.php?media=$1 last;
Dokuwiki resizes and caches images in a cache directory, and the
“fetch.php” file includes some logic to tell Dokuwiki if the image it’s
being asked to serve needs to be sent from the main images directory, or
from the cache directory. That’s why in the header traffic I pasted
above the filename looks nothing like what’s being asked for in the GET
request.
My first thought was that the rewrite rules were somehow screwing things
up, so I removed all of them. However, the “access forbidden” problem
remained, with the error messages simply changing to show the
non-rewritten URI instead of the prettier one:
2011/11/08 17:11:57 [error] 5124#0: *130 access forbidden by rule,
client: 10.10.10.110, server: www.bigdinosaur.org, request: “GET
/mcwiki/lib/exe/fetch.php?w=300&media=wiki:gb:gb-sublevel.png HTTP/1.1”,
upstream: “fastcgi://unix:/var/run/php5-fpm.soc:”, host:
“www.bigdinosaur.org”, referrer:
“http://www.bigdinosaur.org/mcwiki/doku.php?id=wiki:grande_grinder”
I then thought that perhaps the problem is that there’s no explicit
location definition for the “/mcwiki/lib/exe” directory or for the
“/mcwiki/_media” rewritten location, so I added them into the site
config along with a “root” entry for each, and flagged them as
“internal” in case X-Accel-Redirect requires that. However, this just
caused every request to return a 404 response. Removing the “internal”
flag led to more 404s, so I removed the definitions.
Sorry for the long-winded message, but I wanted to get as much info in
as possible. Things are working just fine without X-Accel turned on, so
worst case I could just leave it off and continue on. However, I’d like
to enable it, as there are quite a few images on the wiki and serving
them directly out rather than making php-fpm do it could speed things
up. Any assistance would be appreciated!
Posted at Nginx Forum: