Nginx - basic http authentication on PHP-script

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by half_bit on Server Fault See other posts from Server Fault or by half_bit
Published on 2012-04-02T16:01:22Z Indexed on 2012/04/02 17:32 UTC
Read the original article Hit count: 219

Filed under:
|

I added a PHP-Script that serves as "cgi-bin",
Configuration:

location ~^/cgi-bin/.*\.(cgi|pl|py|rb) {
    gzip  off;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index cgi-bin.php;
    fastcgi_param SCRIPT_FILENAME    /etc/nginx/cgi-bin.php;
    fastcgi_param SCRIPT_NAME        /cgi-bin/cgi-bin.php;
    fastcgi_param X_SCRIPT_FILENAME  /usr/lib/$fastcgi_script_name;
    fastcgi_param X_SCRIPT_NAME      $fastcgi_script_name;
    fastcgi_param QUERY_STRING       $query_string;
    fastcgi_param REQUEST_METHOD     $request_method;
    fastcgi_param CONTENT_TYPE       $content_type;
    fastcgi_param CONTENT_LENGTH     $content_length;
    fastcgi_param GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param SERVER_SOFTWARE    nginx;
    fastcgi_param REQUEST_URI        $request_uri;
    fastcgi_param DOCUMENT_URI       $document_uri;
    fastcgi_param DOCUMENT_ROOT      $document_root;
    fastcgi_param SERVER_PROTOCOL    $server_protocol;
    fastcgi_param REMOTE_ADDR        $remote_addr;
    fastcgi_param REMOTE_PORT        $remote_port;
    fastcgi_param SERVER_ADDR        $server_addr;
    fastcgi_param SERVER_PORT        $server_port;
    fastcgi_param SERVER_NAME        $server_name;
    fastcgi_param REMOTE_USER        $remote_user;
}

PHP-Script:

<?php

$descriptorspec = array(
   0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
   1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
   2 => array("pipe", "w")   // stderr is a file to write to
);

$newenv = $_SERVER;
$newenv["SCRIPT_FILENAME"] = $_SERVER["X_SCRIPT_FILENAME"];
$newenv["SCRIPT_NAME"] = $_SERVER["X_SCRIPT_NAME"];

if (is_executable($_SERVER["X_SCRIPT_FILENAME"])) {
  $process = proc_open($_SERVER["X_SCRIPT_FILENAME"], $descriptorspec, $pipes, NULL, $newenv);
  if (is_resource($process)) {
    fclose($pipes[0]);
    $head = fgets($pipes[1]);
    while (strcmp($head, "\n")) {
      header($head);
      $head = fgets($pipes[1]);
    }
    fpassthru($pipes[1]);
    fclose($pipes[1]);
    fclose($pipes[2]);
    $return_value = proc_close($process);
  }
  else {
    header("Status: 500 Internal Server Error");
    echo("Internal Server Error");
  }
}
else {
  header("Status: 404 Page Not Found");
  echo("Page Not Found");
}
?>

The problem with it thought is that I cannot add basic authentication.
As soon as I enable it for location ~/cgi-bin it gives me a 404 error when I try to look it up.

How can I solve this?

I thought about restricting access to only my second server where I then add basic authentication over a proxy, but there must be a simpler solution.

Sorry for the bad title, I couldn't think of a better one.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about nginx

Related posts about authentication

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle