Re: Configuring nginx for both static pages and fcgi simultaneously
Hello! On Wed, Aug 03, 2016 at 07:07:53PM +0200, B.R. wrote: > I disagree: it is a good feature to check for script file existence before > calling PHP on it with something like: > try_files [...] =404; > It helps mitigating attacks by avoiding to pave the way to undue files > being interpreted. > > That only works if the filesystem containing PHP scripts is accessible from > nginx aswell, ofc. While `try_files ... =404` may be usable to mitigate various PHP bugs and misconfigurations (assuming you don't care about efficiency), it's not something that can be used to differentiate static and dynamic content - and that's what the original question was about. Additionally, the original question suggests that it's not about PHP with multiple scripts, but instead a real FastCGI application. Which makes `try_files ... =404` completely wrong. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Configuring nginx for both static pages and fcgi simultaneously
I disagree: it is a good feature to check for script file existence before calling PHP on it with something like: try_files [...] =404; It helps mitigating attacks by avoiding to pave the way to undue files being interpreted. That only works if the filesystem containing PHP scripts is accessible from nginx aswell, ofc. --- *B. R.* On Mon, Aug 1, 2016 at 1:50 AM, Maxim Douninwrote: > Hello! > > On Mon, Aug 01, 2016 at 01:38:29AM +0200, Richard Stanway wrote: > > > Are you sure you don't want to use try_files for this? > > If a required handling is known in advance there is no need to use > try_files and waste resources on it. > > -- > Maxim Dounin > http://nginx.org/ > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Configuring nginx for both static pages and fcgi simultaneously
Hello! On Mon, Aug 01, 2016 at 01:38:29AM +0200, Richard Stanway wrote: > Are you sure you don't want to use try_files for this? If a required handling is known in advance there is no need to use try_files and waste resources on it. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Configuring nginx for both static pages and fcgi simultaneously
Are you sure you don't want to use try_files for this? http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files On Mon, Aug 1, 2016 at 1:15 AM, Maxim Douninwrote: > Hello! > > On Sun, Jul 31, 2016 at 06:55:54PM -0400, Denis Papathanasiou wrote: > > > I have the following configuration file defined in > > /etc/nginx/conf.d/my-project.conf (this is on debian). > > > > It does what I want, in that it serves static contet in the /css, > /images, > > /js folders along with index.html correctly. > > > > And for dynamic requests (I'm running an fcgi-enabled server on port > 9001) > > to /contact, /login, and /singup it also works correctly. > > > > I would just like to be able to declare that anything *except* > index.html, > > /css, /images, and /js, it should all go to the fcgi server. > > > > I've experimented with various definitions of "location", but the only > > one that seems to work is the one I have below, where all the possible > > fcgi paths are defined explicitly. > > > > Is there a better, simpler way of doing this? > > So, you need to pass to fastcgi anything except /, /index.html, > and anything starting with /css/, /images/, and /js/, right? > > Most simple solution would be exactly this, by defining a catch-all > "location /" to pass anything to fastcgi, and explicitly excluding > required paths using additional locations: > >root /var/www/my-project/html; >index index.html; > >location / { >fastcgi_pass ... >include fastcgi_params; >} > >location = / {} >location = /index.html {} >location /css/ {} >location /images/ {} >location /js/ {} > > -- > Maxim Dounin > http://nginx.org/ > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Configuring nginx for both static pages and fcgi simultaneously
I have the following configuration file defined in /etc/nginx/conf.d/my-project.conf (this is on debian). It does what I want, in that it serves static contet in the /css, /images, /js folders along with index.html correctly. And for dynamic requests (I'm running an fcgi-enabled server on port 9001) to /contact, /login, and /singup it also works correctly. I would just like to be able to declare that anything *except* index.html, /css, /images, and /js, it should all go to the fcgi server. I've experimented with various definitions of "location", but the only one that seems to work is the one I have below, where all the possible fcgi paths are defined explicitly. Is there a better, simpler way of doing this? server { listen 80; listen [::]:80 default_server ipv6only=on; ## listen for ipv6 server_name localhost; root /var/www/my-project/html; location / { index index.html; } location /images/ { root /var/www/my-project/html; } location /css/ { root /var/www/my-project/html; } location /js/ { root /var/www/my-project/html; } location ~ ^/(contact|login|signup)$ { include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9001; } } ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx