Re: [dl-ticket-service] Nginx + rest.php

2014-10-25 Thread Yuri D'Elia
On 10/24/2014 06:04 PM, Jan B. Kolář wrote:
 I tested your config, it's working with one little problem. If I remove 
 header that I send before, browser (Firefox) not asking for credentials 
 on rest.php file. I can use Thunderbird  extension without problem - 
 that mean it's working. But browser don't show up username/password window.

I will rectify this sentence. The username/password prompt is requested
by the web server when using external authentication only.

 I know it's problem of Nginx, but maybe you can help me with with 
 another little think. With your setup, if I try to enter /include/ 
 directory, I always get back url /include/=404 and my browser said, 
 that server is redirecting to itself.

Probably a missing space in the try_files directive.





Re: [dl-ticket-service] Nginx + rest.php

2014-10-25 Thread Jan B. Kolář

Thank you for clarify this, it makes sense now.

I figure out where the mistake in my nginx configuration was, it's 
working now (I'm using subdomain, not subfolder).


Best regards!

Dne 25.10.2014 18:16, Yuri D'Elia napsal(a):

On 10/24/2014 06:04 PM, Jan B. Kolář wrote:

I tested your config, it's working with one little problem. If I remove
header that I send before, browser (Firefox) not asking for credentials
on rest.php file. I can use Thunderbird  extension without problem -
that mean it's working. But browser don't show up username/password window.

I will rectify this sentence. The username/password prompt is requested
by the web server when using external authentication only.


I know it's problem of Nginx, but maybe you can help me with with
another little think. With your setup, if I try to enter /include/
directory, I always get back url /include/=404 and my browser said,
that server is redirecting to itself.

Probably a missing space in the try_files directive.









Re: [dl-ticket-service] Nginx + rest.php

2014-10-24 Thread Amen Ankh
192.168.---.--- - testuser [24/Oct/2014:13:22:42 +0200]
POST /dl/rest.php/newticket HTTP/1.1 200 122 - dl-wx/0.11 -

You're right... with version dl-wx 0.11 it works perfectly.. tested
with 2,6Gig file... thanks a lot.


# # # # # # # # # # # # # # # # # # # # # # # # # #
# ORIGINAL MESSAGE IS FOLLOWING
# # # # # # # # # # # # # # # # # # # # # # # # # #
MsgID: 5448f912.9050...@thregr.org
From: Yuri D'Elia wav...@thregr.org
Date: Thu, 23 Oct 2014 14:48:18 +0200
Subject: Re: [dl-ticket-service] Nginx + rest.php

 On 10/23/2014 02:36 PM, Amen Ankh wrote:
  Tested on Windows 7 64 Ultimate, nginx-1.7.1.3-RedKnight + PHP Farm
  
  In the Browser : works excellent
  
  In the WX Client via Rest : DL service error
  
  access.log:
  192.168.---.--- - testuser [23/Oct/2014:13:48:56 +0200]
  POST /dl/rest.php/newticket HTTP/1.1 401 5 - dl-wx/0.10 -
 
 Is this dl-wx 0.10, or did I forget to update the version in the User-agent?
 
 You need at least 0.11.
 
 
 




Re: [dl-ticket-service] Nginx + rest.php

2014-10-24 Thread Yuri D'Elia
On 10/24/2014 02:10 PM, Amen Ankh wrote:
 192.168.---.--- - testuser [24/Oct/2014:13:22:42 +0200]
 POST /dl/rest.php/newticket HTTP/1.1 200 122 - dl-wx/0.11 -
 
 You're right... with version dl-wx 0.11 it works perfectly.. tested
 with 2,6Gig file... thanks a lot.

The REST protocol was broken in 0.11 to fix possible CSRF attacks.
It's backward compatible, but not forward.

That being said, Thunderbird should then also work.
I've updated the Nginx example on the webpage and for the next release.





Re: [dl-ticket-service] Nginx + rest.php

2014-10-24 Thread Jan B. Kolář
I tested your config, it's working with one little problem. If I remove 
header that I send before, browser (Firefox) not asking for credentials 
on rest.php file. I can use Thunderbird  extension without problem - 
that mean it's working. But browser don't show up username/password window.


Maybe it's my settings (I'm using Firefox on Debian), I don't know. I 
was always testing with browser, because that was written in FAQ on page 
with Thunderbird extension (... If the URL is correct, the browser 
/must/ prompt for an username/password...). With header added, browser 
asking for password as it should.


I know it's problem of Nginx, but maybe you can help me with with 
another little think. With your setup, if I try to enter /include/ 
directory, I always get back url /include/=404 and my browser said, 
that server is redirecting to itself.


Thank you again for your time and solving this.


Dne 22.10.2014 17:28, Yuri D'Elia napsal(a):

On 10/17/2014 07:36 PM, Jan B. Kolář wrote:

Dear all,

I can't figure out how to set up Nginx for rest.php authentication to
work. I'm using Nginx+PHPfpm and MySQL as backend (I want use Internal
authentication). Web interface is working fine - I can log in without a
problem.

But I can't use integration with Thunderbird, because rest.php file is
always returning 401 Unauthorized without asking for username and
password (no login dialog appear). I can't find any help in manual.

My Nginx config part for rest.php file is:

location = /rest.php {
fastcgi_pass_header Authorization;
fastcgi_pass unix:/var/run/dl.smurv.cz-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

I just tried a stock DL 0.15 using nginx on Debian.
When installed as a subdirectory, I could get DL to work with the following:

location ^~ /dl {
   # Protect the include directories
   location ~ ^/dl(?:/|/.*/)include {
   deny all;
   }

   index index.php index.html;
   try_files $uri $uri/ =404;
   
   # Enable PHP

   location ~ \.php(?:$|/) {
   include fastcgi_params;

   # Set maximum body size (should be the same as PHP's post_max_size)
   client_max_body_size 512M;

   # Setup PATH_INFO
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   try_files $fastcgi_script_name =404;
   
   set $path_info $fastcgi_path_info;

   fastcgi_param PATH_INFO   $path_info;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   
   fastcgi_index index.php;

   fastcgi_pass unix:/var/run/php5-fpm.sock;
   }
   }

Notice the order of the location directives to protect the include directories, 
and also the PHP location matching ``\.php(?:$|/)'' in order to allow PATH_INFO 
to route requests properly.

After that I didn't need to forward any header explicitly, and it works fine.
Let me know if this helps.







Re: [dl-ticket-service] Nginx + rest.php

2014-10-23 Thread Yuri D'Elia
On 10/23/2014 02:36 PM, Amen Ankh wrote:
 Tested on Windows 7 64 Ultimate, nginx-1.7.1.3-RedKnight + PHP Farm
 
 In the Browser : works excellent
 
 In the WX Client via Rest : DL service error
 
 access.log:
 192.168.---.--- - testuser [23/Oct/2014:13:48:56 +0200]
 POST /dl/rest.php/newticket HTTP/1.1 401 5 - dl-wx/0.10 -

Is this dl-wx 0.10, or did I forget to update the version in the User-agent?

You need at least 0.11.





Re: [dl-ticket-service] Nginx + rest.php = solution founded

2014-10-20 Thread Jan B. Kolář

Dne 20.10.2014 12:26, Yuri D'Elia napsal(a):

On 10/20/2014 12:01 PM, Jan B. Kolář wrote:

Dear all,

so I checked source code by myself and find solution for my problem with
Nginx + rest.php (see previous emails).

I don't know why, but Nginx need one more header in 401 response. So I
edited include/fatal.php file and added one line (bold):


function httpUnauthorized()
{
*header('WWW-Authenticate: Basic realm=My Realm');*
   header(HTTP/1.0 401 Unauthorized);
   exit();
}

Without this header, Nginx is not asking for credentials on rest.php
file, so it was not possible to use dl with Thunderbird.

This doesn't cause any harm, but shouldn't be required at all.





Yes, you are right - it shouldn't be required. I get idea to add this 
header from this page - http://php.net/manual/en/features.http-auth.php. 
I wasn't ably to find much information about HTTP auth with PHP and 
Nginx, so I was just trying. I'm sorry, I don't have time to study this 
in more depth. It's just dirty solution for my problem - maybe it will 
be helpful for others.


Thank you for your work on this project!