Forum: NGINX will request_uri get passed from cookieless server to 403 page on main server?

0a6a782bc68eeb9abb1fe1fb320e7d9a?d=identicon&s=25 Ian M. Evans (Guest)
on 2013-11-17 21:16
(Received via mailing list)
Migrating to a new server and thought I'd take the time to set up a
cookieless subdomain on it for static files.

In my current setup, 403 errors are sent to a php file which grabs the
$_SERVER["REQUEST_URI"], locates the page of the photo on the site, and
redirects the person to that page so they see it in our context.

So now I'm going to set up static.example.com.

If I set the 403 error page to go to
error_page 403 http://www.example.com/dhe403.shtml;

in order to run the PHP on the 403 error, does the REQUEST_URI get
passed
between servers or do I have to do some rewrite magic that I currently
don't do?

Thanks.
0a6a782bc68eeb9abb1fe1fb320e7d9a?d=identicon&s=25 Ian Evans (Guest)
on 2013-11-18 01:21
(Received via mailing list)
On 17/11/2013 3:16 PM, Ian M. Evans wrote:
> error_page 403 http://www.example.com/dhe403.shtml;
>
> in order to run the PHP on the 403 error, does the REQUEST_URI get passed
> between servers or do I have to do some rewrite magic that I currently
> don't do?
>
> Thanks.
>

Just trying to think this through on my own...is it possible to pass the
request_uri as a variable to the error page on the new server?

e.g.

error_page 403 http://www.example.com/dhe403.shtml?req=$request_uri;
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2013-11-19 00:27
(Received via mailing list)
On Sun, Nov 17, 2013 at 07:21:02PM -0500, Ian Evans wrote:
> On 17/11/2013 3:16 PM, Ian M. Evans wrote:

Hi there,

> >In my current setup, 403 errors are sent to a php file which grabs the
> >$_SERVER["REQUEST_URI"], locates the page of the photo on the site, and
> >redirects the person to that page so they see it in our context.

So when a 403 would be generated, you intercept it, do some processing,
and return an appropriate 302 instead.

> >So now I'm going to set up static.example.com.
> >
> >If I set the 403 error page to go to
> >error_page 403 http://www.example.com/dhe403.shtml;
> >
> >in order to run the PHP on the 403 error, does the REQUEST_URI get passed
> >between servers or do I have to do some rewrite magic that I currently
> >don't do?

No, it doesn't.

That directive says "instead of sending a 403, send a 302 for this other
url". What the browser does with that, is up to the browser.

> Just trying to think this through on my own...is it possible to pass the
> request_uri as a variable to the error page on the new server?

> error_page 403 http://www.example.com/dhe403.shtml?req=$request_uri;

You can try. You may have to take care about url escaping, though.

(You can possibly avoid that if you use something like
.../dhe403.shtml/$request_uri and handle it appropriately on the far
side.)

It would seem easier to either proxy_pass or fastcgi_pass to the old
server, in an error_page 403 location on the new server, if you're happy
to have that level of not-just-static involved (and not happy to run
the full php suite on the new server).

That way, the browser would get one redirect to the intended destination
instead of one to an intermediate location first.

  f
--
Francis Daly        francis@daoine.org
0a6a782bc68eeb9abb1fe1fb320e7d9a?d=identicon&s=25 Ian Evans (Guest)
on 2013-11-19 10:14
(Received via mailing list)
On 18/11/2013 6:26 PM, Francis Daly wrote:

Thanks for your response.

> (You can possibly avoid that if you use something like
> .../dhe403.shtml/$request_uri and handle it appropriately on the far
> side.)

Ok.

>
> It would seem easier to either proxy_pass or fastcgi_pass to the old
> server, in an error_page 403 location on the new server, if you're happy
> to have that level of not-just-static involved (and not happy to run
> the full php suite on the new server).
>
> That way, the browser would get one redirect to the intended destination
> instead of one to an intermediate location first.

Just to clarify, the two "servers" are on same physical box with the
same document root, just migrating to a better host. So php is
installed. I'm just creating two server blocks so that the images will
be served on a cookieless sub-domain for web performance reasons, i.e.:

server {
server_name www.example.com;
...
}

server {
server_name static.example.com;
...
}

On the www block, I currently have this 403 block:

error_page 403 = /dhe403.shtml;
location = /dhe403.shtml {
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_cache  off;
}

So I could add that to my static block as well?

Also, I'd have this "rewrite anything not static" location in the static
server:

if ($request_uri !~*
"\.(gif|js|jpg|jpeg|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mov)$")
{
rewrite ^(.*) http://www.example.com$1 permanent;
break;
}

If I put the 403 location before it, will it still redirect any
non-static files EXCEPT for the dhe403.shtml?

Thanks!
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2013-11-19 10:31
(Received via mailing list)
On Tue, Nov 19, 2013 at 04:13:30AM -0500, Ian Evans wrote:
> On 18/11/2013 6:26 PM, Francis Daly wrote:

Hi there,

> Just to clarify, the two "servers" are on same physical box with the
> same document root, just migrating to a better host. So php is
> installed.

> On the www block, I currently have this 403 block:
>
> error_page 403 = /dhe403.shtml;
> location = /dhe403.shtml {
> fastcgi_pass unix:/var/run/php-fpm.sock;
> fastcgi_cache  off;
> }
>
> So I could add that to my static block as well?

Yes.

*If* that php is set to always return cookies, then you might want to
run a separate php-fpm that does not return cookies for the static
site. But that's a side issue.

> Also, I'd have this "rewrite anything not static" location in the static
> server:
>
> if ($request_uri !~*
>
"\.(gif|js|jpg|jpeg|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mov)$")
> {
> rewrite ^(.*) http://www.example.com$1 permanent;
> break;
> }

That's not a location. That's an if() block.

> If I put the 403 location before it, will it still redirect any
> non-static files EXCEPT for the dhe403.shtml?

I believe that if() at server level gets tested before all locations --
but it shouldn't be too hard to check.

Compare that output of "curl -i url" with what you want to see.

If it doesn't work first time, perhaps putting the if() block inside a
"location /" and adjusting accordingly would do what you want.

  f
--
Francis Daly        francis@daoine.org
0a6a782bc68eeb9abb1fe1fb320e7d9a?d=identicon&s=25 Ian Evans (Guest)
on 2013-11-19 10:47
(Received via mailing list)
On 19/11/2013 4:31 AM, Francis Daly wrote:
> *If* that php is set to always return cookies, then you might want to
> run a separate php-fpm that does not return cookies for the static
> site. But that's a side issue.

Will look into that. Thanks, hadn't thought of it. Did a cursory glance
at Google and can't see how just yet how to disable them.

>
> That's not a location. That's an if() block.

I meant that...but it's 4am here and I haven't slept yet. :-)
0a6a782bc68eeb9abb1fe1fb320e7d9a?d=identicon&s=25 Ian Evans (Guest)
on 2013-11-23 18:56
(Received via mailing list)
On 19/11/2013 4:31 AM, Francis Daly wrote:
 > *If* that php is set to always return cookies, then you might want to
 > run a separate php-fpm that does not return cookies for the static
 > site. But that's a side issue.

Still experimenting with this...

What setting stops the php-fpm from not returning cookies?

Is it 'fastcgi_ignore_headers'?

Thanks.
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2013-11-23 22:04
(Received via mailing list)
On Sat, Nov 23, 2013 at 12:55:09PM -0500, Ian Evans wrote:
> On 19/11/2013 4:31 AM, Francis Daly wrote:

Hi there,

> > *If* that php is set to always return cookies, then you might want to
> > run a separate php-fpm that does not return cookies for the static
> > site. But that's a side issue.
>
> Still experimenting with this...
>
> What setting stops the php-fpm from not returning cookies?

By "return" here, I meant "generate a new one if the request did not
include one".

It should be a php configuration, probably involving "session", possibly
"session.use_cookies".

> Is it 'fastcgi_ignore_headers'?

No, but you could probably "fastcgi_hide_header Set-Cookie;", if your
fastcgi server insists on sending that header.

I don't know if it is sufficient to try in nginx -- Set-Cookie probably
comes with some "please do not cache" headers that you would want to
remove as well, if they aren't otherwise needed.

  f
--
Francis Daly        francis@daoine.org
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.