Need help on Nginx CGI Configuration - linux

I need to set the nginx configurations such that the URL "http://host/cgi-bin/hw.sh/some/path/to/data/" should trigger the shell script "hw.sh" present under path "/usr/lib/cgi-bin/".
Now, according to the instructions mentioned in page https://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-debian-squeeze-ubuntu-11.04-p3, we need to set the configurations under a ".vhost" file. But I have a default file already present under path "/etc/nginx/sites-available/default" instead of a .vhost file.
And when I use the same configurations, I get HTTP/1.1 403 Forbidden error. I have made sure that the script has required executable rights too. Below is the error received in nginx logs.
FastCGI sent in stderr: "Cannot get script name, are DOCUMENT_ROOT and SCRIPT_NAME (or SCRIPT_FILENAME) set and is the script executable?"
while reading response header from upstream,
client: host_ip, server: localhost,
request: "HEAD /cgi-bin/hw.sh/some/path/to/data/ HTTP/1.1",
upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "host_ip"
I need help in writing the correct configuration so that my URL above executes the hw.sh script under the path mentioned above and returns proper output. Could someone please help me out here?
Below is my configuration used under default file.
server {
listen 80 default_server;
[...]
location /cgi-bin/ {
# Disable gzip (it makes scripts feel slower since they have to complete
# before getting gzipped)
gzip off;
# Set the root to /usr/lib (inside this location this means that we are
# giving access to the files under /usr/lib/cgi-bin)
root /usr/lib;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
# Adjust non standard parameters (SCRIPT_FILENAME)
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
[...]
}

Line "fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;" in the configuration was causing the problem.
When i changed it to "fastcgi_param SCRIPT_FILENAME $request_filename;", everything is working as expected.

Related

NGINX deny access to remnant .htaccess files for ALL server blocks globally

i'm switching from apache to nginx and i am not yet ready to remove apache files such as .htaccess
therefore i want to deny access to them.
i know this is how:
location ~ /\.ht { deny all; }
BUT how to do it GLOBALLY? that is, for ALL server blocks (vhosts) at once.
i'm hoping to have it as a single directive under the main /etc/nginx/nginx.conf like so:
http {
# STUFF
server {
listen 80;
server_name _;
# STUFF
location ~ /\.ht {
deny all;
}
}
}
i tried the configuration above and reloaded nginx, but i am still able to download .htaccess file
after researching and experimenting...
yes... the only apparent way is to have an included conf file in each and every server block.
INCLUDED CONF FILE CONTENTS (potentially located at /etc/nginx/default.d/default.conf... up to you)
location ~ /\.ht {
deny all;
}
ENABLED SITE CONF FILE (potentially located at /etc/nginx/sites-enabled/domain.com.conf)
server {
# STUFF
include /path/to/included/file.conf
# (example) include /etc/nginx/default.d/default.conf
}
it's not as desirable to me, but it is efficient and logical
all the directives in "default.conf" should be coded just like any include (as if it is inline with the content)
in other words... you wouldn't use server {...} in the content of default.conf since it's being included inside a server block already

Nginx rewrites parent rules with same key in sub-files?

Accessing the /etc/nginx/nginx.conf file I have the following rule:
server {}
http {
access_log logs/access.log main;
error_log logs/error.log error;
include /etc/nginx/conf.d/*.conf;
In another file, called etc/nginx/conf.d/custom.conf, I have the code:
http {
blablabla …
When NGINX loads the settings, will the HTTP code block that was inside NGINX.CONF be “merged” with the settings included below or will it simply be replaced?
In this scenario for example, will the LOGS continue to be saved in the folder even if CUSTOM.CONF doesn't implement anything about it?
My current issue:
I can't see the logs that should be printed in the error/access.log files, remembering that my application is generating a 500 HTTP error.
Even if you can have more then a single http block you should not do it. But having an http block in another http block IS NOT ALLOWED and will raise an error on startup. Just tested this on my instance. So you should check the output of nginx -T and check the configuration.
The NGINX configuration works in an hierarchical order. Means a directive you set in the http context can be overwritten in the server or location context if supported.

Deploying ASP.net in Centos using mono

I want to deploy a solution built in ASPnet 4.0 framework application, the development was done in WindowsSO / IIS.
Now I need deploy on a Operating System Centos using as NginX Web server.
I'm using Centos-6.8, Nginx-1.10 and mono-4.6.1.5.
My nginx configuration file is:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
#root /usr/share/nginx/html/Site;
location / {
index index.aspx index.html index.htm index.aspx default.aspx Default.aspx Global.asax;
fastcgi_index Global.asax;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}
...
}
File fastcgi_params I include:
fastcgi_param PATH_INFO "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
Start service mono
fastcgi-mono-server4 /applications=/:/usr/share/nginx/html /socket=tcp:127.0.0.1:9000 &
I access to http://localhost/Default.aspx for testing, if it shows result.
The problem is when access to the Site folder http://localhost/Site/, displays the following message:
System.Web.HttpException
This type of page is not served.
Description: HTTP 403.The type of page you have requested is not served because it has been explicitly forbidden. The extension '.asax' may be incorrect. Please review the URL below and make sure that it is spelled correctly.
Details: Requested URL: /Site/Global.asax
Exception stack trace:
at System.Web.HttpForbiddenHandler.ProcessRequest (System.Web.HttpContext context) [0x00073] in <d3ba84a338d241e2ab5397407351c9cd>:0
at System.Web.HttpApplication+<Pipeline>c__Iterator1.MoveNext () [0x00dd7] in <d3ba84a338d241e2ab5397407351c9cd>:0
at System.Web.HttpApplication.Tick () [0x00000] in <d3ba84a338d241e2ab5397407351c9cd>:0
The nginx user has privileges on the Site folder, may be missing some dependency in the Web.Config of the application, any ideas? Thank you.
It sounds like there is a permission issue. Please check do be sure that the permissions on the Site is 755. If not please 'sudo chmod -R 755' the folder.
Some further reading.
https://askubuntu.com/questions/9402/what-file-permissions-should-i-set-on-web-root

nginx: [emerg] unknown directive " " in /etc/nginx/sites-enabled/example.com:3

I have followed this website http://raspberrypihelp.net/tutorials/24-raspberry-pi-webserver to setup the HTTP server nginx on my Raspberry Pi and try to setup a site call example.com. But when I run sudo service nginx restart, it said
Restarting nginx: nginx: [emerg] unknown directive " " in /etc/nginx/sites-enabled/example.com:3
Here is the code in example.com.
server {
server_name example.com 192.168.1.88;
access_log /srv/www/example.com/logs/access.log;
error_log /srv/www/example.com/logs/error.log;
root /srv/www/example.com/public/;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/www/example.com/public$fastcgi_script_name;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}
I am just following the steps but it can't run successfully.
I had the same problem which was that I copy/pasted the config code from the web and some dirty EOL(end of line) characters where there.
The editor didn't show them, but nginx treated them like a directive.
Just deleted every EOL and added again.
It sounds like you did some copy and paste work here. It's not uncommon to snag some extra characters that are invisible at the end of line (EOL). Try this:
Run your text through this tool:
http://www.textfixer.com/tools/remove-line-breaks.php
then fix any breaks that may have been removed and will be affected by the comments.
This worked for me. Hope it works for you.
It looks like the nginx binary was compiled with --without-http_fastcgi_module option.This is not default. Try donwloading or compiling a different binary.
Try running
nginx -V
(with uppercase V) to see what options were used to compile the nginx.
I edited some text in the mid of the conf file and nginx started showing this error at the starting of the file itself. I copied the contents of the file, created a new file, pasted the contents there and nginx stopped showing this error.
I faced similar issue with error message as "unknown directive 'index.html'" when running 'sudo nginx -t'. After correcting the HTML syntax errors in index.html, the issue was resolved.
Even if you miss a semicolon you will encounter the same error.
// Missed semicolon
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock
// With semicolon
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
In my case, I have store configuration file nginx.conf in the github. I have done wget to raw version of code, thus resulted this error.
Later, I have cloned my repository and used the nginx.conf file from clone and issue got resolved.
Really didn't got how that happened,
I've "docker run " my nginx 1.14 (default apt for debian:bullseye) to extract it's default nginx.conf, with intention to update it and than use it into my Dockerfile.
Anyhow, after having read comments in this thread, found this that the file is
"UTF-16LE" ... I'm not really expert, but is not "UTF-8".
solved as:
Issue seen from inside the container:
me#docker-nginx $ head nginx.conf
��
user www-data:qgis;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
error_log /dev/stdout warn;
events {
worker_connections 768;
me#docker-nginx $ dos2unix nginx.conf
dos2unix: converting UTF-16LE file nginx.conf to UTF-8 Unix format...
Solved also on working dir:
IntelliJ IDEA: select "convert" after "UTF-8"
I had the same problem when I looked inside my config file there was a syntax error so this might be the problem check this path
nano /etc/nginx/sites-available/example.com

Munin dynamic graph zoom (dynazoom) not working (CentOS6,nginx,php-fpm)

CentOS 6.3
munin 2.0.17-1
php54 (php-fpm)
nginx 1.2.6-1
Setup munin via the 'epel' repo and after tinkering, I got it working with multiple nodes. However the graph zoom did not work on any of the graphs. I ended up switching the *_strategy mode from HTML to cgi per a suggestion I found online - which made it so that none of the graphs are updating (since cgi isn't working) and the zoom is still broken.
All of the guides that I can find online (including the official: http://munin-monitoring.org/wiki/CgiHowto2) refer to using spawnfcgi (which I used to use on an older CentOS5 server) and spawning specific instances for this. However, I'm utilizing php-fpm rather than spawnfcgi on this server am having trouble adapting this to work.
By not working, I mean simply that the graph will not load on the 'zoom' screen but rather shows a broken image link. nginx error log shows:
2013/09/05 16:31:59 [error] 29384#0: *2 open() "/usr/share/nginx/vhosts/munin.mydomain.com/public_html/munin-cgi/munin-cgi-graph/mydomain.com/host.mydomain.com/postfix_mailvolume-pinpoint=1378299671,1378407671.png" failed (2: No such file or directory), client: 10.30.2.1, server: munin.mydomain.com, request: "GET /munin-cgi/munin-cgi-graph/mydomain.com/host.mydomain.com/postfix_mailvolume-pinpoint=1378299671,1378407671.png?&lower_limit=&upper_limit=&size_x=800&size_y=400 HTTP/1.1", host: "munin.mydomain.com", referrer: "http://munin.mydomain.com/static/dynazoom.html?cgiurl_graph=/munin-cgi/munin-cgi-graph&plugin_name=mydomain.com/host.mydomain.com/postfix_mailvolume&size_x=800&size_y=400&start_epoch=1378299671&stop_epoch=1378407671"
Here is the munin.conf:
[16:42:21]$ cat /etc/munin/munin.conf | sed -e '/^#/d' -e '/^$/d'
htmldir /usr/share/nginx/vhosts/munin.mydomain.com/public_html/
includedir /etc/munin/conf.d
graph_strategy cgi
cgiurl_graph /munin-cgi/munin-cgi-graph
html_strategy cgi
[host.mydomain.com]
address 127.0.0.1
use_node_name yes
[otherhost.mydomain.com]
address 1.2.3.4
use_node_name yes
Here is the vhost for nginx:
[16:44:16]$ cat /etc/nginx/conf.d/vhosts/munin.thegnomedev.com.conf | sed -e '/^$/d' -e '/^#/d'
server {
listen 80;
server_name munin.mydomain.com;
access_log /var/log/nginx/munin.mydomain.com combined;
error_log /var/log/nginx/error.log warn;
rewrite_log on;
root /usr/share/nginx/vhosts/munin.mydomain.com/public_html/;
index index.php index.html index.htm;
location / {
auth_basic "Restricted";
auth_basic_user_file /usr/share/nginx/vhosts/munin.mydomain.com/.htpasswd;
}
location ^~ /cgi-bin/munin-cgi-graph/ {
fastcgi_split_path_info ^(/cgi-bin/munin-cgi-graph)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
}
location /munin/static/ {
alias /etc/munin/static/;
}
location /munin/ {
fastcgi_split_path_info ^(/munin)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
}
# Deny hidden file types
location ~ /(\.ht|\.git|\.svn) {
deny all;
}
}
At this point, I'm frustrated enough that I think I'm hitting brain lock. I'll admit, it's likely that my lack of full understanding of nginx's syntax as well as how it interacts with php-fpm is probably to blame - especially if there is a simply syntax change that I can make to have this working.
Any help with resolving this with my existing stack would be most appreciated. Have been googling and trying various things for the better part of the day.
Thanks
This is a bug related to SELinx in RHEL according to https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1000736.
Description of problem:
zooming doesn't work when selinux is in enforcing mode
Version-Release number of selected component (if applicable):
munin-2.0.17-1.el6.noarch
selinux-policy-3.7.19-195.el6_4.12.noarch
selinux-policy-targeted-3.7.19-195.el6_4.12.noarch
Steps to Reproduce:
1. click on munin graph to zoom in
Actual results:
no graph image
Expected results:
graph image
Additional info:
it works with selinux in permissive mode
If you disable SELinux it work fine:
sudo setenforce 0
According to the last comment in the bug report this should be fixed in RHEL 6.5 (Centos should pick it up).
You've mapped location /cgi-bin/munin-cgi-graph/ via FastCGI passthrough to PHP-FPM, but that works for PHP scripts, not for arbitrary CGI scripts such as Munin's CGI grapher, which is actually Perl. To make that CGI script speak the FastCGI protocol, the wrapper you need to use would be the generic spawn-fcgi.

Resources