Re: Configuring nginx for both static pages and fcgi simultaneously

2016-08-03 Thread Maxim Dounin 
Hello!

On Wed, Aug 03, 2016 at 07:07:53PM +0200, B.R. wrote:

> I disagree: it is a good feature to check for script file existence before
> calling PHP on it with something like:
> try_files [...] =404;
> It helps mitigating attacks by avoiding to pave the way to undue files
> being interpreted.
> 
> That only works if the filesystem containing PHP scripts is accessible from
> nginx aswell, ofc.

While `try_files ... =404` may be usable to mitigate various PHP bugs and 
misconfigurations (assuming you don't care about efficiency), it's 
not something that can be used to differentiate static and dynamic 
content - and that's what the original question was about.

Additionally, the original question suggests that it's not about 
PHP with multiple scripts, but instead a real FastCGI application.  
Which makes `try_files ... =404` completely wrong.

-- 
Maxim Dounin
http://nginx.org/

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Configuring nginx for both static pages and fcgi simultaneously

2016-08-03 Thread B.R. 
I disagree: it is a good feature to check for script file existence before
calling PHP on it with something like:
try_files [...] =404;
It helps mitigating attacks by avoiding to pave the way to undue files
being interpreted.

That only works if the filesystem containing PHP scripts is accessible from
nginx aswell, ofc.
---
*B. R.*

On Mon, Aug 1, 2016 at 1:50 AM, Maxim Dounin  wrote:

> Hello!
>
> On Mon, Aug 01, 2016 at 01:38:29AM +0200, Richard Stanway wrote:
>
> > Are you sure you don't want to use try_files for this?
>
> If a required handling is known in advance there is no need to use
> try_files and waste resources on it.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Configuring nginx for both static pages and fcgi simultaneously

2016-07-31 Thread Maxim Dounin 
Hello!

On Mon, Aug 01, 2016 at 01:38:29AM +0200, Richard Stanway wrote:

> Are you sure you don't want to use try_files for this?

If a required handling is known in advance there is no need to use 
try_files and waste resources on it.

-- 
Maxim Dounin
http://nginx.org/

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Configuring nginx for both static pages and fcgi simultaneously

2016-07-31 Thread Richard Stanway 
Are you sure you don't want to use try_files for this?

http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files

On Mon, Aug 1, 2016 at 1:15 AM, Maxim Dounin  wrote:

> Hello!
>
> On Sun, Jul 31, 2016 at 06:55:54PM -0400, Denis Papathanasiou wrote:
>
> > I have the following configuration file defined in
> > /etc/nginx/conf.d/my-project.conf (this is on debian).
> >
> > It does what I want, in that it serves static contet in the /css,
> /images,
> > /js folders along with index.html correctly.
> >
> > And for dynamic requests (I'm running an fcgi-enabled server on port
> 9001)
> > to /contact, /login, and /singup it also works correctly.
> >
> > I would just like to be able to declare that anything *except*
> index.html,
> > /css, /images, and /js, it should all go to the fcgi server.
> >
> > I've experimented with various definitions of "location", but the only
> > one that seems to work is the one I have below, where all the possible
> > fcgi paths are defined explicitly.
> >
> > Is there a better, simpler way of doing this?
>
> So, you need to pass to fastcgi anything except /, /index.html,
> and anything starting with /css/, /images/, and /js/, right?
>
> Most simple solution would be exactly this, by defining a catch-all
> "location /" to pass anything to fastcgi, and explicitly excluding
> required paths using additional locations:
>
>root   /var/www/my-project/html;
>index  index.html;
>
>location / {
>fastcgi_pass ...
>include fastcgi_params;
>}
>
>location = / {}
>location = /index.html {}
>location /css/ {}
>location /images/ {}
>location /js/ {}
>
> --
> Maxim Dounin
> http://nginx.org/
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Configuring nginx for both static pages and fcgi simultaneously

2016-07-31 Thread Denis Papathanasiou 
I have the following configuration file defined in
/etc/nginx/conf.d/my-project.conf (this is on debian).

It does what I want, in that it serves static contet in the /css, /images,
/js folders along with index.html correctly.

And for dynamic requests (I'm running an fcgi-enabled server on port 9001)
to /contact, /login, and /singup it also works correctly.

I would just like to be able to declare that anything *except* index.html,
/css, /images, and /js, it should all go to the fcgi server.

I've experimented with various definitions of "location", but the only
one that seems to work is the one I have below, where all the possible
fcgi paths are defined explicitly.

Is there a better, simpler way of doing this?

server {
  listen   80;
  listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
  server_name  localhost;
  root   /var/www/my-project/html;

  location / {
index  index.html;
  }

  location /images/ {
root   /var/www/my-project/html;
  }
  location /css/ {
root   /var/www/my-project/html;
  }
  location /js/ {
root   /var/www/my-project/html;
  }

  location ~ ^/(contact|login|signup)$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass  127.0.0.1:9001;
  }
}
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx