Re: [dl-ticket-service] Nginx + rest.php

2014-10-25 Thread Jan B. Kolář 

Thank you for clarify this, it makes sense now.

I figure out where the mistake in my nginx configuration was, it's 
working now (I'm using subdomain, not subfolder).


Best regards!

Dne 25.10.2014 18:16, Yuri D'Elia napsal(a):

On 10/24/2014 06:04 PM, "Jan B. Kolář" wrote:

I tested your config, it's working with one little problem. If I remove
header that I send before, browser (Firefox) not asking for credentials
on "rest.php" file. I can use Thunderbird  extension without problem -
that mean it's working. But browser don't show up username/password window.

I will rectify this sentence. The username/password prompt is requested
by the web server when using external authentication only.


I know it's problem of Nginx, but maybe you can help me with with
another little think. With your setup, if I try to enter /include/
directory, I always get back url "/include/=404" and my browser said,
that server is redirecting to itself.

Probably a missing space in the try_files directive.

Re: [dl-ticket-service] Nginx + rest.php

2014-10-24 Thread Jan B. Kolář 
I tested your config, it's working with one little problem. If I remove 
header that I send before, browser (Firefox) not asking for credentials 
on "rest.php" file. I can use Thunderbird  extension without problem - 
that mean it's working. But browser don't show up username/password window.


Maybe it's my settings (I'm using Firefox on Debian), I don't know. I 
was always testing with browser, because that was written in FAQ on page 
with Thunderbird extension (... If the URL is correct, the browser 
/must/ prompt for an username/password...). With header added, browser 
asking for password as it should.


I know it's problem of Nginx, but maybe you can help me with with 
another little think. With your setup, if I try to enter /include/ 
directory, I always get back url "/include/=404" and my browser said, 
that server is redirecting to itself.


Thank you again for your time and solving this.


Dne 22.10.2014 17:28, Yuri D'Elia napsal(a):

On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:

Dear all,

I can't figure out how to set up Nginx for "rest.php" authentication to
work. I'm using Nginx+PHPfpm and MySQL as backend (I want use "Internal
authentication"). Web interface is working fine - I can log in without a
problem.

But I can't use integration with Thunderbird, because "rest.php" file is
always returning "401 Unauthorized" without asking for username and
password (no login dialog appear). I can't find any help in manual.

My Nginx config part for "rest.php" file is:

location = /rest.php {
fastcgi_pass_header Authorization;
fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

I just tried a stock DL 0.15 using nginx on Debian.
When installed as a subdirectory, I could get DL to work with the following:

location ^~ /dl {
   # Protect the include directories
   location ~ ^/dl(?:/|/.*/)include {
   deny all;
   }

   index index.php index.html;
   try_files $uri $uri/ =404;
   
   # Enable PHP

   location ~ \.php(?:$|/) {
   include fastcgi_params;

   # Set maximum body size (should be the same as PHP's post_max_size)
   client_max_body_size 512M;

   # Setup PATH_INFO
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   try_files $fastcgi_script_name =404;
   
   set $path_info $fastcgi_path_info;

   fastcgi_param PATH_INFO   $path_info;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   
   fastcgi_index index.php;

   fastcgi_pass unix:/var/run/php5-fpm.sock;
   }
   }

Notice the order of the location directives to protect the include directories, 
and also the PHP location matching ``\.php(?:$|/)'' in order to allow PATH_INFO 
to route requests properly.

After that I didn't need to forward any header explicitly, and it works fine.
Let me know if this helps.

Re: [dl-ticket-service] Nginx + rest.php = solution founded

2014-10-20 Thread Jan B. Kolář 

Dne 20.10.2014 12:26, Yuri D'Elia napsal(a):

On 10/20/2014 12:01 PM, "Jan B. Kolář" wrote:

Dear all,

so I checked source code by myself and find solution for my problem with
Nginx + rest.php (see previous emails).

I don't know why, but Nginx need one more header in 401 response. So I
edited "include/fatal.php" file and added one line (bold):


function httpUnauthorized()
{
*header('WWW-Authenticate: Basic realm="My Realm"');*
   header("HTTP/1.0 401 Unauthorized");
   exit();
}

Without this header, Nginx is not asking for credentials on "rest.php"
file, so it was not possible to use dl with Thunderbird.

This doesn't cause any harm, but shouldn't be required at all.





Yes, you are right - it shouldn't be required. I get idea to add this 
header from this page - http://php.net/manual/en/features.http-auth.php. 
I wasn't ably to find much information about HTTP auth with PHP and 
Nginx, so I was just trying. I'm sorry, I don't have time to study this 
in more depth. It's just "dirty" solution for my problem - maybe it will 
be helpful for others.


Thank you for your work on this project!

[dl-ticket-service] Nginx + rest.php = solution founded

2014-10-20 Thread Jan B. Kolář 

Dear all,

so I checked source code by myself and find solution for my problem with 
Nginx + rest.php (see previous emails).


I don't know why, but Nginx need one more header in 401 response. So I 
edited "include/fatal.php" file and added one line (bold):



function httpUnauthorized()
{
*header('WWW-Authenticate: Basic realm="My Realm"');*
  header("HTTP/1.0 401 Unauthorized");
  exit();
}


Without this header, Nginx is not asking for credentials on "rest.php" 
file, so it was not possible to use dl with Thunderbird.


I can't check it on Apache though, so I don't know if this solution 
broke something else or not. If someone can check it on Apache, than 
maybe author can integrate this header in next version of DL.


Best regards,

Jan

Re: [dl-ticket-service] Nginx + rest.php

2014-10-18 Thread Jan B. Kolář 

Dear Yuri,

thank you for your reply. I checked log and it just say:

[18-Oct-2014 12:22:39 Europe/Prague] DL: error: [xx.xx.xx.xx] invalid 
credentials


No error in PHP or nginx logs.

I have added your suggested line but nothing changed. Server still not 
asking for credentials, just leave me with blank page (header from 
server said 401 Unauthorized).


Nobody use nginx with dl?

Jan

Dne 17.10.2014 20:12, Yuri D'Elia napsal(a):

On 10/17/2014 07:36 PM, "Jan B. Kolář" wrote:

My Nginx config part for "rest.php" file is:

location = /rest.php {
fastcgi_pass_header Authorization;

I have no experience with nginx.
If the headers are not forwarded by default, I would assume:

   fastcgi_pass_header X-Authorization;

is also needed. If you're using DL 0.14 the log should also contain some
extra info.

[dl-ticket-service] Nginx + rest.php

2014-10-17 Thread Jan B. Kolář 

Dear all,

I can't figure out how to set up Nginx for "rest.php" authentication to 
work. I'm using Nginx+PHPfpm and MySQL as backend (I want use "Internal 
authentication"). Web interface is working fine - I can log in without a 
problem.


But I can't use integration with Thunderbird, because "rest.php" file is 
always returning "401 Unauthorized" without asking for username and 
password (no login dialog appear). I can't find any help in manual.


My Nginx config part for "rest.php" file is:

location = /rest.php {
  fastcgi_pass_header Authorization;
  fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;
  }

It's same as for "admin.php" and it's working without problem.

Can you please help?

Best regards,

Jan