Nginx - basic http authentication on PHP-script
Posted
by
half_bit
on Server Fault
See other posts from Server Fault
or by half_bit
Published on 2012-04-02T16:01:22Z
Indexed on
2012/04/02
17:32 UTC
Read the original article
Hit count: 247
nginx
|authentication
I added a PHP-Script that serves as "cgi-bin",
Configuration:
location ~^/cgi-bin/.*\.(cgi|pl|py|rb) {
gzip off;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index cgi-bin.php;
fastcgi_param SCRIPT_FILENAME /etc/nginx/cgi-bin.php;
fastcgi_param SCRIPT_NAME /cgi-bin/cgi-bin.php;
fastcgi_param X_SCRIPT_FILENAME /usr/lib/$fastcgi_script_name;
fastcgi_param X_SCRIPT_NAME $fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_USER $remote_user;
}
PHP-Script:
<?php
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a file to write to
);
$newenv = $_SERVER;
$newenv["SCRIPT_FILENAME"] = $_SERVER["X_SCRIPT_FILENAME"];
$newenv["SCRIPT_NAME"] = $_SERVER["X_SCRIPT_NAME"];
if (is_executable($_SERVER["X_SCRIPT_FILENAME"])) {
$process = proc_open($_SERVER["X_SCRIPT_FILENAME"], $descriptorspec, $pipes, NULL, $newenv);
if (is_resource($process)) {
fclose($pipes[0]);
$head = fgets($pipes[1]);
while (strcmp($head, "\n")) {
header($head);
$head = fgets($pipes[1]);
}
fpassthru($pipes[1]);
fclose($pipes[1]);
fclose($pipes[2]);
$return_value = proc_close($process);
}
else {
header("Status: 500 Internal Server Error");
echo("Internal Server Error");
}
}
else {
header("Status: 404 Page Not Found");
echo("Page Not Found");
}
?>
The problem with it thought is that I cannot add basic authentication.
As soon as I enable it for location ~/cgi-bin
it gives me a 404 error when I try to look it up.
How can I solve this?
I thought about restricting access to only my second server where I then add basic authentication over a proxy, but there must be a simpler solution.
Sorry for the bad title, I couldn't think of a better one.
© Server Fault or respective owner