Forum: NGINX Define a proxy for Nginx

2974d09ac2541e892966b762aad84943?d=identicon&s=25 odesport (Guest)
on 2013-11-04 14:01
(Received via mailing list)
Hello,

My Nginx servers are behind a proxy. Some PHP apps need to reach
external
web sites (for RSS feeds for example). I've tried this in nginx.conf :

env http_proxy=http://myproxy:port

but there is no effect.

How can I define a proxy for nginx ?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,244407,244407#msg-244407
34011bc56457235a2caa5ed1d4a29f3c?d=identicon&s=25 Jonathan Matthews (Guest)
on 2013-11-04 15:02
(Received via mailing list)
On 4 November 2013 13:00, odesport <nginx-forum@nginx.us> wrote:
> Hello,
>
> My Nginx servers are behind a proxy. Some PHP apps need to reach external
> web sites (for RSS feeds for example). I've tried this in nginx.conf :
>
> env http_proxy=http://myproxy:port
>
> but there is no effect.
>
> How can I define a proxy for nginx ?

I don't know the answer to that specific question, but I believe
you're asking the /wrong/ question :-)

Nginx doesn't execute your PHP, it just passes the requests to another
process. Your PHP apps will be executing in the context of this
different process (such as php-fpm) and it is /that/ process which you
need to inform about an outbound HTTP proxy. The specifics of how you
do that will depend on which process you've chosen to contain your
PHP, and the way in which your PHP makes outbound HTTP calls.

HTH,
Jonathan
--
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 odesport (Guest)
on 2013-11-04 15:10
(Received via mailing list)
I can't modify PHP code. I've managed to do this for Apache by adding
the
line

export http_proxy="http://myproxy:port"

in /etc/apache2/envvars

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,244407,244410#msg-244410
34011bc56457235a2caa5ed1d4a29f3c?d=identicon&s=25 Jonathan Matthews (Guest)
on 2013-11-05 12:43
(Received via mailing list)
On 4 November 2013 14:09, odesport <nginx-forum@nginx.us> wrote:
> I can't modify PHP code. I've managed to do this for Apache by adding the
> line
>
> export http_proxy="http://myproxy:port"
>
> in /etc/apache2/envvars

Glad to hear you've solved your problem :-)

J
526b09f2b949aae346eda86df5827b1f?d=identicon&s=25 "António P. P. Almeida" <appa@perusio.net> (Guest)
on 2013-11-05 16:25
(Received via mailing list)
Assuming you're using php-fpm or php-cgi you can set a param to pass
that
as a server variable:

fastcgi_param HTTP_PROXY 'http://proxy:myport';

Then you'll have a $_SERVER['HTTP_PROXY'] entry for the global $_SERVER.

HTH,

----appa
2974d09ac2541e892966b762aad84943?d=identicon&s=25 odesport (Guest)
on 2013-11-05 16:35
(Received via mailing list)
Thanks, but with fastcgi_param I have to modify PHP code.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,244407,244462#msg-244462
526b09f2b949aae346eda86df5827b1f?d=identicon&s=25 "António P. P. Almeida" <appa@perusio.net> (Guest)
on 2013-11-05 16:50
(Received via mailing list)
No you don't. It's a server config. It will set the same global as the
Apache env thing AFAIK.

----appa
34011bc56457235a2caa5ed1d4a29f3c?d=identicon&s=25 Jonathan Matthews (Guest)
on 2013-11-06 10:24
(Received via mailing list)
On 5 November 2013 15:25, António P. P. Almeida <appa@perusio.net>
wrote:
> Assuming you're using php-fpm or php-cgi you can set a param to pass that as
> a server variable:
>
> fastcgi_param HTTP_PROXY 'http://proxy:myport';
>
> Then you'll have a $_SERVER['HTTP_PROXY'] entry for the global $_SERVER.

I don't think this is right, for a couple of reasons.

Firstly, some reading has suggested that there isn't a way to force
the stock PHP HTTP request libraries to use a proxy just by setting an
envvar. Witness, for instance, the code-level changes that are
(/were?) required to get a relatively mainstream piece of s/w like WP
to work with an outbound proxy:
http://wpengineer.com/1227/wordpress-proxysupport/

Secondly, the specific string mentioned would (unless I'm missing
something, which is very possible!) open a security hole: $_SERVER
contains all user-specified HTTP request headers with added "HTTP_"
prefixes. The method suggested, if it worked, would mean that, as a
user, I could simply provide a "Proxy: my.proxy.server.ip" header and
get all outbound HTTP traffic (for my request) proxied via *my*
external server. Thereby exposing internal information such as 3rd
party API passwords, internal HTTP API call details, etc etc.

Again, I may be missing something with either of these points but,
obviously, I don't see what it might be! :-)

Regards,
Jonathan
526b09f2b949aae346eda86df5827b1f?d=identicon&s=25 "António P. P. Almeida" <appa@perusio.net> (Guest)
on 2013-11-06 10:40
(Received via mailing list)
As for the first point, of course that variable needs to be used on the
application side.
The OP suggested that is cased since he described basically that with
the
Apache env var
directive.

As for  the second, I was not considering security issues, but:

1. You need to be able to edit the php-fpm configuration.

2. You need to do a reload for the config to take effect.

In a properly setup Nginx both of these require *root* access.

Yes it's hardly the best way to do things. But then it works and it
isn't
either the worst.

Note that it's not a header at all, but a parameter passed through the
FCGI
daemon on each
request.

----appa



On Wed, Nov 6, 2013 at 10:24 AM, Jonathan Matthews
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.