3

I am moving Moodle (moodle.org) from an Apache host to a Ubuntu 12.04 LTS host running Nginx. The way the host is set up means that it will running quite a few domains where every domain (or other site) will reside in a user dir.

I am running Nginx with php5-fpm. I found quite a few configurations for running php-fpm inside a user dir, which all work. The problem however is that Moodle makes extensive use of slash arguments in PHP, causing many urls to look like this:

/home/[user]/public_html/theme/image.php/standard/theme/1377637305/favicon

I am running this Nginx configuration:

server {
        #listen   80; ## listen for ipv4; this line is default and implied
        #listen   [::]:80 default ipv6only=on; ## listen for ipv6

        root /usr/share/nginx/www;
        index index.html index.htm index.php;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to index.html
                try_files $uri $uri/ /index.html;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                deny all;
        }


        location ~ ^/~(?<userdir_user>.+?)(?<userdir_uri>/.*)?$ {
                alias /home/$userdir_user/public_html$userdir_uri;
                index index.html index.htm index.php;
                autoindex off; ## to allow autoindex a la apache

                include php5_generic;
        }
}

## php5_generic
        location ~ \.php {
                fastcgi_split_path_info ^(.+\.php)(/.*)$;

                # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                # With php5-cgi alone:
                fastcgi_pass 127.0.0.1:9000;
                # With php5-fpm:
        #       fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }

The problem I have is that this configuration does work for plain php files, but not for HTTP GET requests using slash arguments. The Nginx error log reports that php-fpm raises errors like there:

*615 open() "/home/[user]/public_html/theme/image.php/standard/core/1377637305/moodlelogo" failed (20: Not a directory),

or 

5 FastCGI sent in stderr: "Access to the script '/home/[user]/public_html/lib/javascript.php/1377637305/lib/javascript-static.js' has been denied (see security.limit_extensions)"

What is going wrong here?

mauritslamers
  • 161
  • 1
  • 5

1 Answers1

3

I found a solution, after using the example configuration on http://wiki.nginx.org/PHPFcgiExample as basis. This solution also suggests (as opposite to many other examples) to keep the cgi.fix_pathinfo setting in php.ini to 1.

Instead of going for a complete user_dir solution I went for a hardcoded solution, because I don't know (yet) how to make the $userdir_user variable work inside a subsequent regex.

The second thing to look for is the fix for the fastcgi_split_path_info. The reason is that otherwise the ~user part is translated into the path given to PHP.

server {
    index index.php index.html index.htm;

    location ~ ^/~user(?<userdir_uri>/.*)?$ {
            alias /home/user/public_html$userdir_uri;
            #autoindex on;

            #If this doesn't work, set cgi.fix_pathinfo=1 in /etc/php5/fpm/php.ini
            location ~ [^/]\.php(/|$) {
                    fastcgi_split_path_info ^/~user/(.+?\.php)(/.*)$;
                    include fastcgi_params;
                    fastcgi_pass 127.0.0.1:9000;
                    fastcgi_index index.php;
            }

    }

}
mauritslamers
  • 161
  • 1
  • 5