Re: [dl-ticket-service] Nginx + rest.php
Thank you for clarify this, it makes sense now. I figure out where the mistake in my nginx configuration was, it's working now (I'm using subdomain, not subfolder). Best regards! Dne 25.10.2014 18:16, Yuri D'Elia napsal(a): On 10/24/2014 06:04 PM, "Jan B. Kolář" wrote: I tested your config, it's working with one little problem. If I remove header that I send before, browser (Firefox) not asking for credentials on "rest.php" file. I can use Thunderbird extension without problem - that mean it's working. But browser don't show up username/password window. I will rectify this sentence. The username/password prompt is requested by the web server when using external authentication only. I know it's problem of Nginx, but maybe you can help me with with another little think. With your setup, if I try to enter /include/ directory, I always get back url "/include/=404" and my browser said, that server is redirecting to itself. Probably a missing space in the try_files directive.
Re: [dl-ticket-service] Nginx + rest.php
On 10/24/2014 06:04 PM, "Jan B. Kolář" wrote: > I tested your config, it's working with one little problem. If I remove > header that I send before, browser (Firefox) not asking for credentials > on "rest.php" file. I can use Thunderbird extension without problem - > that mean it's working. But browser don't show up username/password window. I will rectify this sentence. The username/password prompt is requested by the web server when using external authentication only. > I know it's problem of Nginx, but maybe you can help me with with > another little think. With your setup, if I try to enter /include/ > directory, I always get back url "/include/=404" and my browser said, > that server is redirecting to itself. Probably a missing space in the try_files directive.
Re: [dl-ticket-service] Nginx + rest.php
I tested your config, it's working with one little problem. If I remove
header that I send before, browser (Firefox) not asking for credentials
on "rest.php" file. I can use Thunderbird extension without problem -
that mean it's working. But browser don't show up username/password window.
Maybe it's my settings (I'm using Firefox on Debian), I don't know. I
was always testing with browser, because that was written in FAQ on page
with Thunderbird extension (... If the URL is correct, the browser
/must/ prompt for an username/password...). With header added, browser
asking for password as it should.
I know it's problem of Nginx, but maybe you can help me with with
another little think. With your setup, if I try to enter /include/
directory, I always get back url "/include/=404" and my browser said,
that server is redirecting to itself.
Thank you again for your time and solving this.
Dne 22.10.2014 17:28, Yuri D'Elia napsal(a):
On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:
Dear all,
I can't figure out how to set up Nginx for "rest.php" authentication to
work. I'm using Nginx+PHPfpm and MySQL as backend (I want use "Internal
authentication"). Web interface is working fine - I can log in without a
problem.
But I can't use integration with Thunderbird, because "rest.php" file is
always returning "401 Unauthorized" without asking for username and
password (no login dialog appear). I can't find any help in manual.
My Nginx config part for "rest.php" file is:
location = /rest.php {
fastcgi_pass_header Authorization;
fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
I just tried a stock DL 0.15 using nginx on Debian.
When installed as a subdirectory, I could get DL to work with the following:
location ^~ /dl {
# Protect the include directories
location ~ ^/dl(?:/|/.*/)include {
deny all;
}
index index.php index.html;
try_files $uri $uri/ =404;
# Enable PHP
location ~ \.php(?:$|/) {
include fastcgi_params;
# Set maximum body size (should be the same as PHP's post_max_size)
client_max_body_size 512M;
# Setup PATH_INFO
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
Notice the order of the location directives to protect the include directories,
and also the PHP location matching ``\.php(?:$|/)'' in order to allow PATH_INFO
to route requests properly.
After that I didn't need to forward any header explicitly, and it works fine.
Let me know if this helps.
Re: [dl-ticket-service] Nginx + rest.php
On 10/24/2014 02:10 PM, Amen Ankh wrote: > 192.168.---.--- - testuser [24/Oct/2014:13:22:42 +0200] > "POST /dl/rest.php/newticket HTTP/1.1" 200 122 "-" "dl-wx/0.11" "-" > > You're right... with version dl-wx 0.11 it works perfectly.. tested > with 2,6Gig file... thanks a lot. The REST protocol was broken in 0.11 to fix possible CSRF attacks. It's backward compatible, but not forward. That being said, Thunderbird should then also work. I've updated the Nginx example on the webpage and for the next release.
Re: [dl-ticket-service] Nginx + rest.php
192.168.---.--- - testuser [24/Oct/2014:13:22:42 +0200] "POST /dl/rest.php/newticket HTTP/1.1" 200 122 "-" "dl-wx/0.11" "-" You're right... with version dl-wx 0.11 it works perfectly.. tested with 2,6Gig file... thanks a lot. # # # # # # # # # # # # # # # # # # # # # # # # # # # ORIGINAL MESSAGE IS FOLLOWING # # # # # # # # # # # # # # # # # # # # # # # # # # MsgID: 5448f912.9050...@thregr.org From: Yuri D'Elia Date: Thu, 23 Oct 2014 14:48:18 +0200 Subject: Re: [dl-ticket-service] Nginx + rest.php > On 10/23/2014 02:36 PM, Amen Ankh wrote: > > Tested on Windows 7 64 Ultimate, nginx-1.7.1.3-RedKnight + PHP Farm > > > > In the Browser : works excellent > > > > In the WX Client via Rest : DL service error > > > > access.log: > > 192.168.---.--- - testuser [23/Oct/2014:13:48:56 +0200] > > "POST /dl/rest.php/newticket HTTP/1.1" 401 5 "-" "dl-wx/0.10" "-" > > Is this dl-wx 0.10, or did I forget to update the version in the User-agent? > > You need at least 0.11. > > >
Re: [dl-ticket-service] Nginx + rest.php
On 10/23/2014 02:36 PM, Amen Ankh wrote: > Tested on Windows 7 64 Ultimate, nginx-1.7.1.3-RedKnight + PHP Farm > > In the Browser : works excellent > > In the WX Client via Rest : DL service error > > access.log: > 192.168.---.--- - testuser [23/Oct/2014:13:48:56 +0200] > "POST /dl/rest.php/newticket HTTP/1.1" 401 5 "-" "dl-wx/0.10" "-" Is this dl-wx 0.10, or did I forget to update the version in the User-agent? You need at least 0.11.
Re: [dl-ticket-service] Nginx + rest.php
Tested on Windows 7 64 Ultimate, nginx-1.7.1.3-RedKnight + PHP Farm
In the Browser : works excellent
In the WX Client via Rest : DL service error
access.log:
192.168.---.--- - testuser [23/Oct/2014:13:48:56 +0200]
"POST /dl/rest.php/newticket HTTP/1.1" 401 5 "-" "dl-wx/0.10" "-"
PHP LOG:
[23-Oct-2014 13:48:56 --/--] DL: error: [192.168.---.---]
invalid credentials
# # # # # # # # # # # # # # # # # # # # # # # # # #
# ORIGINAL MESSAGE IS FOLLOWING
# # # # # # # # # # # # # # # # # # # # # # # # # #
MsgID: 5447cd25@thregr.org
From: Yuri D'Elia
Date: Wed, 22 Oct 2014 17:28:37 +0200
Subject: Re: [dl-ticket-service] Nginx + rest.php
> I just tried a stock DL 0.15 using nginx on Debian.
> When installed as a subdirectory, I could get DL to work with the following:
>
> location ^~ /dl {
> # Protect the include directories
> location ~ ^/dl(?:/|/.*/)include {
> deny all;
> }
>
> index index.php index.html;
> try_files $uri $uri/ =404;
>
> # Enable PHP
> location ~ \.php(?:$|/) {
> include fastcgi_params;
>
> # Set maximum body size (should be the same as PHP's post_max_size)
> client_max_body_size 512M;
>
> # Setup PATH_INFO
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> try_files $fastcgi_script_name =404;
>
> set $path_info $fastcgi_path_info;
> fastcgi_param PATH_INFO $path_info;
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
>
> fastcgi_index index.php;
> fastcgi_pass unix:/var/run/php5-fpm.sock;
> }
> }
>
> Notice the order of the location directives to protect the include
> directories, and also the PHP location matching ``\.php(?:$|/)'' in order to
> allow PATH_INFO to route requests properly.
>
> After that I didn't need to forward any header explicitly, and it works fine.
> Let me know if this helps.
>
>
>
Re: [dl-ticket-service] Nginx + rest.php
On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:
> Dear all,
>
> I can't figure out how to set up Nginx for "rest.php" authentication to
> work. I'm using Nginx+PHPfpm and MySQL as backend (I want use "Internal
> authentication"). Web interface is working fine - I can log in without a
> problem.
>
> But I can't use integration with Thunderbird, because "rest.php" file is
> always returning "401 Unauthorized" without asking for username and
> password (no login dialog appear). I can't find any help in manual.
>
> My Nginx config part for "rest.php" file is:
>
> location = /rest.php {
>fastcgi_pass_header Authorization;
>fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock;
>fastcgi_index index.php;
>include fastcgi_params;
>}
I just tried a stock DL 0.15 using nginx on Debian.
When installed as a subdirectory, I could get DL to work with the following:
location ^~ /dl {
# Protect the include directories
location ~ ^/dl(?:/|/.*/)include {
deny all;
}
index index.php index.html;
try_files $uri $uri/ =404;
# Enable PHP
location ~ \.php(?:$|/) {
include fastcgi_params;
# Set maximum body size (should be the same as PHP's post_max_size)
client_max_body_size 512M;
# Setup PATH_INFO
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
Notice the order of the location directives to protect the include directories,
and also the PHP location matching ``\.php(?:$|/)'' in order to allow PATH_INFO
to route requests properly.
After that I didn't need to forward any header explicitly, and it works fine.
Let me know if this helps.
Re: [dl-ticket-service] Nginx + rest.php = solution founded
Dne 20.10.2014 12:26, Yuri D'Elia napsal(a):
On 10/20/2014 12:01 PM, "Jan B. Kolář" wrote:
Dear all,
so I checked source code by myself and find solution for my problem with
Nginx + rest.php (see previous emails).
I don't know why, but Nginx need one more header in 401 response. So I
edited "include/fatal.php" file and added one line (bold):
function httpUnauthorized()
{
*header('WWW-Authenticate: Basic realm="My Realm"');*
header("HTTP/1.0 401 Unauthorized");
exit();
}
Without this header, Nginx is not asking for credentials on "rest.php"
file, so it was not possible to use dl with Thunderbird.
This doesn't cause any harm, but shouldn't be required at all.
Yes, you are right - it shouldn't be required. I get idea to add this
header from this page - http://php.net/manual/en/features.http-auth.php.
I wasn't ably to find much information about HTTP auth with PHP and
Nginx, so I was just trying. I'm sorry, I don't have time to study this
in more depth. It's just "dirty" solution for my problem - maybe it will
be helpful for others.
Thank you for your work on this project!
Re: [dl-ticket-service] Nginx + rest.php = solution founded
On 10/20/2014 12:01 PM, "Jan B. Kolář" wrote:
> Dear all,
>
> so I checked source code by myself and find solution for my problem with
> Nginx + rest.php (see previous emails).
>
> I don't know why, but Nginx need one more header in 401 response. So I
> edited "include/fatal.php" file and added one line (bold):
>
>> function httpUnauthorized()
>> {
>> *header('WWW-Authenticate: Basic realm="My Realm"');*
>> header("HTTP/1.0 401 Unauthorized");
>> exit();
>> }
>
> Without this header, Nginx is not asking for credentials on "rest.php"
> file, so it was not possible to use dl with Thunderbird.
This doesn't cause any harm, but shouldn't be required at all.
Re: [dl-ticket-service] Nginx + rest.php
On 10/18/2014 08:22 PM, Amen Ankh wrote: > Same Problem here, > > dl cant be used via rest.php and (dl-wx) on Windows with NGINX+PHP-Farm. > Testet with dl-wx-0.10-win32 and dl-wx-0.11-win32. There is no Error > output in error.log (PHP+NGINX) :testet with tail. Could somebody send me their full nginx configuration? I can try to configure it here to see what's the problem. The configuration found in the readme was sent to me, so I assume it should be relatively straightforward to fix. > By the way i am thinking about programming a clinet by my self on > dotnet/MONO to bypass the giant python client 30,93 MB Memmory Usage on > Standby and 20.1 MB Application Folder Size!!! Yeah, the client on windows bundles the entire python runtime + wxpython, but there's not much I can do about it. It's a long time (10+ years) that I stopped programming on windows. If you could provide a dotnet client it would definitely be nicer (especially for the UI).
Re: [dl-ticket-service] Nginx + rest.php
Same Problem here,
dl cant be used via rest.php and (dl-wx) on Windows with NGINX+PHP-Farm.
Testet with dl-wx-0.10-win32 and dl-wx-0.11-win32. There is no Error
output in error.log (PHP+NGINX) :testet with tail.
The WX Client says:
Upload error
DL service error: Found
-
see attachement...
By the way i am thinking about programming a clinet by my self on
dotnet/MONO to bypass the giant python client 30,93 MB Memmory Usage on
Standby and 20.1 MB Application Folder Size!!!
# # # # # # # # # # # # # # # # # # # # # # # # # #
# ORIGINAL MESSAGE IS FOLLOWING
# # # # # # # # # # # # # # # # # # # # # # # # # #
MsgID: 5442666d.2050...@smurv.cz
From: "Jan B. Kolář"
Date: Sat, 18 Oct 2014 15:09:01 +0200
Subject: Re: [dl-ticket-service] Nginx + rest.php
> Dear Yuri,
>
> thank you for your reply. I checked log and it just say:
>
> [18-Oct-2014 12:22:39 Europe/Prague] DL: error: [xx.xx.xx.xx] invalid
> credentials
>
> No error in PHP or nginx logs.
>
> I have added your suggested line but nothing changed. Server still not
> asking for credentials, just leave me with blank page (header from
> server said 401 Unauthorized).
>
> Nobody use nginx with dl?
>
> Jan
>
> Dne 17.10.2014 20:12, Yuri D'Elia napsal(a):
> > On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:
> >> My Nginx config part for "rest.php" file is:
> >>
> >> location = /rest.php {
> >> fastcgi_pass_header Authorization;
> > I have no experience with nginx.
> > If the headers are not forwarded by default, I would assume:
> >
> >fastcgi_pass_header X-Authorization;
> >
> > is also needed. If you're using DL 0.14 the log should also contain some
> > extra info.
> >
> >
> >
>
>
>
Re: [dl-ticket-service] Nginx + rest.php
Dear Yuri,
thank you for your reply. I checked log and it just say:
[18-Oct-2014 12:22:39 Europe/Prague] DL: error: [xx.xx.xx.xx] invalid
credentials
No error in PHP or nginx logs.
I have added your suggested line but nothing changed. Server still not
asking for credentials, just leave me with blank page (header from
server said 401 Unauthorized).
Nobody use nginx with dl?
Jan
Dne 17.10.2014 20:12, Yuri D'Elia napsal(a):
On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:
My Nginx config part for "rest.php" file is:
location = /rest.php {
fastcgi_pass_header Authorization;
I have no experience with nginx.
If the headers are not forwarded by default, I would assume:
fastcgi_pass_header X-Authorization;
is also needed. If you're using DL 0.14 the log should also contain some
extra info.
Re: [dl-ticket-service] Nginx + rest.php
On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:
> My Nginx config part for "rest.php" file is:
>
> location = /rest.php {
>fastcgi_pass_header Authorization;
I have no experience with nginx.
If the headers are not forwarded by default, I would assume:
fastcgi_pass_header X-Authorization;
is also needed. If you're using DL 0.14 the log should also contain some
extra info.
