Re: [dl-ticket-service] Nginx + rest.php
Thank you for clarify this, it makes sense now. I figure out where the mistake in my nginx configuration was, it's working now (I'm using subdomain, not subfolder). Best regards! Dne 25.10.2014 18:16, Yuri D'Elia napsal(a): On 10/24/2014 06:04 PM, "Jan B. Kolář" wrote: I tested your config, it's working with one little problem. If I remove header that I send before, browser (Firefox) not asking for credentials on "rest.php" file. I can use Thunderbird extension without problem - that mean it's working. But browser don't show up username/password window. I will rectify this sentence. The username/password prompt is requested by the web server when using external authentication only. I know it's problem of Nginx, but maybe you can help me with with another little think. With your setup, if I try to enter /include/ directory, I always get back url "/include/=404" and my browser said, that server is redirecting to itself. Probably a missing space in the try_files directive.
Re: [dl-ticket-service] Nginx + rest.php
I tested your config, it's working with one little problem. If I remove header that I send before, browser (Firefox) not asking for credentials on "rest.php" file. I can use Thunderbird extension without problem - that mean it's working. But browser don't show up username/password window. Maybe it's my settings (I'm using Firefox on Debian), I don't know. I was always testing with browser, because that was written in FAQ on page with Thunderbird extension (... If the URL is correct, the browser /must/ prompt for an username/password...). With header added, browser asking for password as it should. I know it's problem of Nginx, but maybe you can help me with with another little think. With your setup, if I try to enter /include/ directory, I always get back url "/include/=404" and my browser said, that server is redirecting to itself. Thank you again for your time and solving this. Dne 22.10.2014 17:28, Yuri D'Elia napsal(a): On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote: Dear all, I can't figure out how to set up Nginx for "rest.php" authentication to work. I'm using Nginx+PHPfpm and MySQL as backend (I want use "Internal authentication"). Web interface is working fine - I can log in without a problem. But I can't use integration with Thunderbird, because "rest.php" file is always returning "401 Unauthorized" without asking for username and password (no login dialog appear). I can't find any help in manual. My Nginx config part for "rest.php" file is: location = /rest.php { fastcgi_pass_header Authorization; fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock; fastcgi_index index.php; include fastcgi_params; } I just tried a stock DL 0.15 using nginx on Debian. When installed as a subdirectory, I could get DL to work with the following: location ^~ /dl { # Protect the include directories location ~ ^/dl(?:/|/.*/)include { deny all; } index index.php index.html; try_files $uri $uri/ =404; # Enable PHP location ~ \.php(?:$|/) { include fastcgi_params; # Set maximum body size (should be the same as PHP's post_max_size) client_max_body_size 512M; # Setup PATH_INFO fastcgi_split_path_info ^(.+\.php)(/.+)$; try_files $fastcgi_script_name =404; set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5-fpm.sock; } } Notice the order of the location directives to protect the include directories, and also the PHP location matching ``\.php(?:$|/)'' in order to allow PATH_INFO to route requests properly. After that I didn't need to forward any header explicitly, and it works fine. Let me know if this helps.
Re: [dl-ticket-service] Nginx + rest.php = solution founded
Dne 20.10.2014 12:26, Yuri D'Elia napsal(a): On 10/20/2014 12:01 PM, "Jan B. Kolář" wrote: Dear all, so I checked source code by myself and find solution for my problem with Nginx + rest.php (see previous emails). I don't know why, but Nginx need one more header in 401 response. So I edited "include/fatal.php" file and added one line (bold): function httpUnauthorized() { *header('WWW-Authenticate: Basic realm="My Realm"');* header("HTTP/1.0 401 Unauthorized"); exit(); } Without this header, Nginx is not asking for credentials on "rest.php" file, so it was not possible to use dl with Thunderbird. This doesn't cause any harm, but shouldn't be required at all. Yes, you are right - it shouldn't be required. I get idea to add this header from this page - http://php.net/manual/en/features.http-auth.php. I wasn't ably to find much information about HTTP auth with PHP and Nginx, so I was just trying. I'm sorry, I don't have time to study this in more depth. It's just "dirty" solution for my problem - maybe it will be helpful for others. Thank you for your work on this project!
[dl-ticket-service] Nginx + rest.php = solution founded
Dear all, so I checked source code by myself and find solution for my problem with Nginx + rest.php (see previous emails). I don't know why, but Nginx need one more header in 401 response. So I edited "include/fatal.php" file and added one line (bold): function httpUnauthorized() { *header('WWW-Authenticate: Basic realm="My Realm"');* header("HTTP/1.0 401 Unauthorized"); exit(); } Without this header, Nginx is not asking for credentials on "rest.php" file, so it was not possible to use dl with Thunderbird. I can't check it on Apache though, so I don't know if this solution broke something else or not. If someone can check it on Apache, than maybe author can integrate this header in next version of DL. Best regards, Jan
Re: [dl-ticket-service] Nginx + rest.php
Dear Yuri, thank you for your reply. I checked log and it just say: [18-Oct-2014 12:22:39 Europe/Prague] DL: error: [xx.xx.xx.xx] invalid credentials No error in PHP or nginx logs. I have added your suggested line but nothing changed. Server still not asking for credentials, just leave me with blank page (header from server said 401 Unauthorized). Nobody use nginx with dl? Jan Dne 17.10.2014 20:12, Yuri D'Elia napsal(a): On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote: My Nginx config part for "rest.php" file is: location = /rest.php { fastcgi_pass_header Authorization; I have no experience with nginx. If the headers are not forwarded by default, I would assume: fastcgi_pass_header X-Authorization; is also needed. If you're using DL 0.14 the log should also contain some extra info.
[dl-ticket-service] Nginx + rest.php
Dear all, I can't figure out how to set up Nginx for "rest.php" authentication to work. I'm using Nginx+PHPfpm and MySQL as backend (I want use "Internal authentication"). Web interface is working fine - I can log in without a problem. But I can't use integration with Thunderbird, because "rest.php" file is always returning "401 Unauthorized" without asking for username and password (no login dialog appear). I can't find any help in manual. My Nginx config part for "rest.php" file is: location = /rest.php { fastcgi_pass_header Authorization; fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock; fastcgi_index index.php; include fastcgi_params; } It's same as for "admin.php" and it's working without problem. Can you please help? Best regards, Jan