Nginx - basic http authentication on PHP-script

Posted by half_bit on Server Fault See other posts from Server Fault or by half_bit
Published on 2012-04-02T16:01:22Z Indexed on 2012/04/02 17:32 UTC
Read the original article Hit count: 247

Filed under:
|

I added a PHP-Script that serves as "cgi-bin",
Configuration:

location ~^/cgi-bin/.*\.(cgi|pl|py|rb) {
    gzip  off;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index cgi-bin.php;
    fastcgi_param SCRIPT_FILENAME    /etc/nginx/cgi-bin.php;
    fastcgi_param SCRIPT_NAME        /cgi-bin/cgi-bin.php;
    fastcgi_param X_SCRIPT_FILENAME  /usr/lib/$fastcgi_script_name;
    fastcgi_param X_SCRIPT_NAME      $fastcgi_script_name;
    fastcgi_param QUERY_STRING       $query_string;
    fastcgi_param REQUEST_METHOD     $request_method;
    fastcgi_param CONTENT_TYPE       $content_type;
    fastcgi_param CONTENT_LENGTH     $content_length;
    fastcgi_param GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param SERVER_SOFTWARE    nginx;
    fastcgi_param REQUEST_URI        $request_uri;
    fastcgi_param DOCUMENT_URI       $document_uri;
    fastcgi_param DOCUMENT_ROOT      $document_root;
    fastcgi_param SERVER_PROTOCOL    $server_protocol;
    fastcgi_param REMOTE_ADDR        $remote_addr;
    fastcgi_param REMOTE_PORT        $remote_port;
    fastcgi_param SERVER_ADDR        $server_addr;
    fastcgi_param SERVER_PORT        $server_port;
    fastcgi_param SERVER_NAME        $server_name;
    fastcgi_param REMOTE_USER        $remote_user;
}

PHP-Script:

<?php

$descriptorspec = array(
   0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
   1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
   2 => array("pipe", "w")   // stderr is a file to write to
);

$newenv = $_SERVER;
$newenv["SCRIPT_FILENAME"] = $_SERVER["X_SCRIPT_FILENAME"];
$newenv["SCRIPT_NAME"] = $_SERVER["X_SCRIPT_NAME"];

if (is_executable($_SERVER["X_SCRIPT_FILENAME"])) {
  $process = proc_open($_SERVER["X_SCRIPT_FILENAME"], $descriptorspec, $pipes, NULL, $newenv);
  if (is_resource($process)) {
    fclose($pipes[0]);
    $head = fgets($pipes[1]);
    while (strcmp($head, "\n")) {
      header($head);
      $head = fgets($pipes[1]);
    }
    fpassthru($pipes[1]);
    fclose($pipes[1]);
    fclose($pipes[2]);
    $return_value = proc_close($process);
  }
  else {
    header("Status: 500 Internal Server Error");
    echo("Internal Server Error");
  }
}
else {
  header("Status: 404 Page Not Found");
  echo("Page Not Found");
}
?>

The problem with it thought is that I cannot add basic authentication.
As soon as I enable it for location ~/cgi-bin it gives me a 404 error when I try to look it up.

How can I solve this?

I thought about restricting access to only my second server where I then add basic authentication over a proxy, but there must be a simpler solution.

Sorry for the bad title, I couldn't think of a better one.

© Server Fault or respective owner

Related posts about nginx

Related posts about authentication