.htaccess authentication with nginx - php

I've some issues with my configuration. I'm using Nginx as a reversed proxy for my Apache server. My website has .htaccess authentication but Nginx doesn't seem to understand it so I'm getting a 404 error.
I saw some translators on other answers but it doesn't translate this part.
AuthUserFile /var/www/mywebsite/private/.htpassword
AuthName "Acces Restreint"
AuthType Basic
Require valid-user
By the way, do you have any idea about how to translate this second part ?
php_value session.gc_maxlifetime 604800
SetEnv APPLICATION_ENV development
Thanks everyone for your help !

for perfomance related issues, nginx by default does not look up per-directory .htaccess files, which is a problem if your hosting does not let you edit webserver config.
if you can edit webserver config (or put new config into conf.d dir)
just add these lines, replacing /your/path correspondingly
location /your/path {
auth_basic "Acces Restreint";
auth_basic_user_file /var/www/mywebsite/private/.htpassword;
}
answering second part of your question needs more info on how you use PHP with nginx.
if you are tied to FastCGI (e.g. php-fpm), then you can use this method to set PHP' vars:
fastcgi_param PHP_VALUE "session.gc_maxlifetime=604800";
env APPLICATION_ENV development;

Related

Using heroku-fcgi to handle files without a .php extension (Apache)

Overview
I'm trying to host a few legacy PHP apps on Heroku with Apache. They all relied on the following deprecated syntax to parse any unknown file types (without the .php extension) as PHP.
DefaultType application/x-httpd-php
This has been replaced by AddType in Apache 2.4 (Heroku currently uses v2.4.37). Heroku also uses mod_proxy_fcgi to process PHP files via fcgi://heroku-fcgi.
Issue
I have a file foo.test and I want to have it handled by PHP FPM. Taking cues from the docs and the default Apache config provided by Heroku, here's what I've tried:
# .htaccess
<FilesMatch \.test$>
<If "-f %{REQUEST_FILENAME}">
SetHandler proxy:fcgi://heroku-fcgi
</If>
</FilesMatch>
# apache_app.conf (properly loaded via Procfile)
ProxyPassMatch "^/(.*\.test(/.*)?)$" "fcgi://heroku-fcgi/app/$1"
With both of these I get a plain-text 403 Access denied. response from PHP FPM. I'm sure both configs are properly loading and pointing to the FCGI handler because changing the endpoint results in other errors.
My Apache skills are long since rusty and I can't seem to find any good pointers online. The Apache error log is also clean. Any ideas (without the obvious "change all extensions to PHP, you dumbass") would be appreciated!
Fairly obvious solution. PHP FPM has its own configuration with a security.limit_extensions flag. It defaults to .php.
The solution was to unset that value: security.limit_extensions =. This naturally can pose some security threats, but these apps are only going up for static demo.
I was using heroku/heroku-buildpack-php but forked that to update this file. The htaccess FilesMatch should work now but I just ended up placing it into the Apache config file to avoid repetition across the sites I'll be serving.
security.limit_extensions can be customized with a configuration file passed as a Procfile argument.
https://devcenter.heroku.com/articles/custom-php-settings#php-fpm-settings
PHP-FPM settings:
In addition to php_value and php_flag for php.ini specific settings, any pool specific PHP-FPM configuration directives are valid in that configuration file, so you can use it to fine tune PHP-FPM’s behavior.
So you can set up it like the following
Procfile
web: vendor/bin/heroku-php-apache2 -C apache.conf -F fpm_custom.conf web/
apache.conf
<FilesMatch \.test$>
<If "-f %{REQUEST_FILENAME}"> # make sure the file exists so that if not, Apache will show its 404 page and not FPM
SetHandler proxy:fcgi://heroku-fcgi
</If>
</FilesMatch>
fpm_custom.conf
security.limit_extensions = .php .test

.htaccess Error : Invalid command 'AuthGroupFile'

before this i was working on windows and my project was working proper. recently i moved to ubuntu and i am trying setup project on LAMP.
i have created host for this (windows i was running directly through localhost) and when i am running it getting 500 Internal server Error.
when i looked in my log file i got Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration.
.htaccess File
#php_value zend.ze1_compatibility_mode off
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /opt/lampp/htdocs/uniplex_mobile/.htpasswd
AuthGroupFile /dev/null
<Files manageurls.html>
require valid-user
</Files>
<Files addurl.html>
require valid-user
</Files>
<Files editurl.html>
require valid-user
</Files>
AddType application/x-httpd-php .php .htm .html
my project is on smarty framework.
can anyone help to solve this?
Thanks in advance
You can try this.
a2enmod authz_groupfile
Assuming you're using apache 2.2, this means you're missing the mod_authz_groupfile module.
You need to look in your server config and look for the line that contains:
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
or something similar and make sure it's commented out.
Otherwise, just leave out the AuthGroupFile directive, it doesn't look like you're using it anyways.

How do I create custom php.ini files for each virtual host?

I've installed EasyPHP WAMP for local development only (I'm not hosting any websites).
Is there a way to set custom php settings for separate virtual hosts?
Currently and out-of-the-box, the php.ini file is loaded from: C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\php\php_runningversion\php.ini It would be nice if, say, I could drop in a custom php.ini file into the virtual host directory to override settings in the original php.ini This way, I could better emulate a production server's environment on a per-site basis.
I've seen this work with online hosting accounts. But I can't figure out how to make this work on my machine.
Using custom php.ini files is pretty straighforward for CGI/FastCGI based PHP installations but it isn't feasible when running PHP as Apache module (mod_php) because the whole server runs a single instance of the PHP interpreter.
My advice:
Set from PHP itself as many settings as you can:
ini_set('memory_limit', '16M');
date_default_timezone_set('Europe/Madrid')
...
In other words, directives that can be changed at runtime.
Set the rest of stuff from per-directory Apache setting files (aka .htaccess):
php_flag short_open_tag off
php_value post_max_size 50M
php_value upload_max_filesize 50M
i.e., settings that need to be defined before the script starts running
Please have a look at the Runtime Configuration for further details.
Sometimes, you'll actually need different settings in development and production. There're endless ways to solve that with PHP code (from creating a boolean constant from the $_SERVER['HTTP_HOST'] variable to just having a config.php file with different values) but it's trickier with .htaccess. I normally use the <IfDefine> directive:
<IfDefine DEV-BOX>
#
# Local server directives
#
SetEnv DEVELOPMENT "1"
php_flag display_startup_errors on
php_flag display_errors on
php_flag log_errors off
#php_value error_log ...
</IfDefine>
<IfDefine !DEV-BOX>
#
# Internet server directives
#
php_flag display_startup_errors off
php_flag display_errors off
php_flag log_errors on
php_value error_log "/home/foo/log/php-error.log"
</IfDefine>
... where DEV-BOX is a string I pass to the local Apache command-line:
C:\Apache24\bin\httpd.exe -D DEV-BOX
If you run Apache as service, the -D DEV-BOX bit can be added in the Windows registry, e.g.:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Apache2.4\Parameters\ConfigArgs
Related: Find out how PHP is running on server (CGI OR fastCGI OR mod_php)
Developing Multiple Domains on One Machine?
Embedding php.ini settings in the httpd-vhost.conf, typically found in your server root under conf/extra/, is a great way to solve this common problem. If you never knew you could do this, see the PHP.net Manual under How To Change Configuration Settings. This will solve the pesky include_path problem, without adding configuration code to your bootstrapping code or anything else.
Of course, to use this effectively as localhost, you would need to make copies of a <VirualHost> block and configure each accordingly. Then, comment out all virtual host blocks except the one that you want to use!
Alternatively, one could start Apache with the -f option to point the server daemon to a different httpd.conf upon starting. Each httpd.conf would require an "if module block," such as and <IfModule phpx_module> block. Be sure to remember to account for Apache logging!
httpd -f /usr/local/apache2/conf/domains/fooDomain.conf
httpd -f /usr/local/apache2/conf/domains/barDomain.conf
Virtual Host Block With php.ini statements.
<VirtualHost 127.0.0.1:80>
UseCanonicalName On
ServerName localhost:80
ServerAdmin you#localhost
CustomLog "/var/www/someDomain.com/data/logs/httpd_access_log" common
ErrorLog "/var/www/someDomain.com/data/logs/httpd_error_log"
LogLevel warn
DocumentRoot "/var/www/someDomain.com/public"
<Directory "/var/www/someDomain.com/public">
# disable directory listing
Options -Indexes +FollowSymLinks
AllowOverride FileInfo
Require all granted
</Directory>
<IfModule alias_module>
# Alias /webpath /full/filesystem/path
ScriptAlias /cgi-bin/ "/var/www/someDomain.com/scripts/cgi-bin/"
</IfModule>
<IfModule php7_module>
# Use php7_module in opening statement above if on PHP 7+
# Domain specific PHP configuration options.
# The Apache process user must own any of the following directories.
php_admin_value include_path "/var/www/someDomain.com/application/controllers:/var/www/someDomain.com/application/models:/var/www/someDomain.com/application/views"
# Errors and Logging
php_admin_flag display_startup_errors off
php_admin_flag display_errors off
php_admin_flag html_errors off
php_admin_flag log_errors on
php_admin_value error_log "/var/www/someDomain.com/data/logs/php_error_log"
# File Related
php_admin_flag file_uploads on
php_admin_value upload_tmp_dir "/var/www/someDomain.com/data/uploads"
php_admin_value upload_max_filesize 10M
php_admin_value max_file_uploads 5
# Sessions
php_value session.save_handler "files"
php_value session.save_path "/var/www/someDomain.com/data/sessions"
# Caching
php_value soap.wsdl_cache_dir "/var/www/someDomain.com/data/cache/sopa.wsdl"
</IfModule>
</VirtualHost>
If you could use the %{SERVER_NAME} variable in conjunction with the <IfModule phpx_module> blocks to form a compound conditional, you could have just one httpd.conf`, or include a extra/php.conf with all the domain specific PHP.ini settings (in blocks, also). However, as long as "localhost" is the domain target, it will not do what you want. Thus, my answer in the virtual host block above.
Simple way to use custom php.ini file for vhost using Fast CGI is to copy the php.ini into a folder in the host like "customini".
After that to your vhost directive and add this simple line :
FcgidInitialEnv PHPRC "/path_to_your_custom_ini_dir_for_this_vhost/"
BE SURE TO HAVE / to your path no \, (it won't work with \)
Restart Apache.
That's all!
Full sample (on Windows Server here) :
<VirtualHost *:80>
DocumentRoot "C:/APACHE/htdocs/vhost/myvhost"
ServerName www.vhost.com
FcgidInitialEnv PHPRC "C:/APACHE/customini/myvhost/"
</VirtualHost>
Several commentors have mention Vagrant which is an excellent solution.
If you're not interested in using Vagrant, you can investigate using FastCGI as your interface to Apache and using the SetEnv PHPRC... suggestion proposed on this blog:
Apache & PHP: Multiple PHP.ini Configuration Files (Sunday, February 8, 2009)
Source: http://hyponiq.blogspot.com/2009/02/apache-php-multiple-phpini.html
The second work-around is to use the PHPRC environment variable
configurable in Apache using the SetEnv directive. This directive
allows you to set an environment variable that is then passed to any
CGI script and/or Server Side Include (SSI) set in any static (x)HTML
page (or other document type). In this instance, you'd be telling each
PHP-CGI instance where to find its configuration settings. The example
would be (coinciding with the previous one):
# vhosts.conf
NameVirtualHost *:81
<VirtualHost *:81>
ServerAdmin admin#example.com
ServerName vhost.example.com
DocumentRoot "C:/path/to/doc/root"
ErrorLog "logs/vhost.example.com-errors.log"
# Set the PHPRC environment variable
SetEnv PHPRC "C:/path/to/doc/root/php.ini"
<Directory "C:/path/to/doc/root">
# ... yadda, yadda, yadda ...
# you get the point!
</Directory>
</VirtualHost>
However, the PHP documentation changing the runtime
configuration
suggests that you can use certain values like php_value to try
loaalong with, possibly the SetEnv directive.
He suggests another option not using FastCGI, instead leveraging the php_value, php_flag etc. configuration options.
Other's seem to have had some success with executing scripts through FastCGI though, see: Separate php.ini for different virtual hosts
Other suggestions involve the PHPINI directive, which may be pertinent for your needs, see: How do I limit PHP apps to their own directories and their own php.ini?

AuthUserFile not specified in the configuration error?

I got an error "AuthUserFile not specified in the configuration" in my error log file. how to fix it.
Here is my .htaccess file, its located in amazon file server.
## mod auth_mysql
AuthBasicAuthoritative Off
AuthMYSQL on
AuthMySQL_Authoritative on
AuthMySQL_DB dbname
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_Password_Table tbl_name
AuthMySQL_Username_Field user_name
AuthMySQL_Password_Field password
AuthMySQL_Empty_Passwords off
AuthMySQL_Encryption_Types SHA1Sum
# Standard auth stuff
AuthType Basic
AuthName "restricted zone"
Require valid-user
you shall simply put a
AuthUserFile /dev/null
in your .htaccess. That did the trick for me.
for the rest of the pain that brings the configuration of auth_mysql, you have my full comprehension :)
That error isn't refering to your .htaccess but rather the main httpd.conf Apache configuration file. Add that line to your httpd.conf and then restart your httpd service.

.htaccess files, PHP, includes directories, and windows XAMPP configuration nightmare

XAMPP makes configuring a local LAMP stack for windows a breeze. So it's quite disappointing that enabling .htaccess files is such a nightmare.
My problem:
I've got a PHP application that requires apache/php to search for an /includes/ directory contained within the application. To do this, .htaccess files must be allowed in Apache and the .htaccess file must specify exactly where the includes directory is.
Problem is, I can't get my Apache config to view these .htaccess files. I had major hassles installing this app at uni and getting the admins there to help with the setup. This shouldn't be so hard but for some reason I just can't get Apache to play nice.
This is my setup:
c:\xampp
c:\xampp\htdocs
c:\xampp\apache\conf\httpd.conf - where I've made the changes listed below
c:\xampp\apache\bin\php.ini - where changes to this file affect the PHP installation
It is interesting to note that c:\xampp\php\php.ini changes mean nothing - this is NOT the ini that affects the PHP installation.
The following lines are additions I've made to the httpd.conf file
#AccessFileName .htaccess
AccessFileName htaccess.txt
#
# The following lines prevent .htaccess and .htpasswd
# files from being viewed by Web clients.
#
#<Files ~ "^\.ht">
<Files ~ "^htaccess\.">
Order allow,deny
Deny from all
</Files>
<Directory "c:/xampp/htdocs">
#
# AllowOverride controls what directives may be placed in
# .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
The following is the entire .htaccess file contained in:
c:\xampp\htdocs\application\htaccess.txt
<Files ~ "\.inc$">
Order deny,allow
Deny from all
</Files>
php_value default_charset "UTF-8"
php_value include_path ".;c:\xampp\htdocs\application\includes"
php_value register_globals 0
php_value magic_quotes_gpc 0
php_value magic_quotes_runtime 0
php_value magic_quotes_sybase 0
php_value session.use_cookies 1
php_value session.use_only_cookies 0
php_value session.use_trans_sid 1
php_value session.gc_maxlifetime 3600
php_value arg_separator.output "&"
php_value url_rewriter.tags "a=href,area=href,frame=src,input=src,fieldset="
The includes directory exists at the location specified.
When I try to access the application I receive the following error:
Warning: require(include.general.inc) [function.require]: failed to open stream: No such file or directory in C:\xampp\htdocs\application\menu\logon.php on line 21
Fatal error: require() [function.require]: Failed opening required include.general.inc (include_path='.;C:\xampp\php\pear\random') in C:\xampp\htdocs\application\menu\logon.php on line 21
The include path c..\random\ is specified in the php.ini file listed above. The XAMPP install fails to allow another include path as specified in the htaccess.txt file.
I'm guessing there's probably an error with the httpd.conf OR the htaccess.txt file.. but it doesn't seem to be reading the .htaccess file. I've tried to be as thorough as possible so forgive the verbosity of the post.
Now I know a workaround could be to simply add the include_path to the PHP file, but I'm not going to have access to the php.ini file on the location I plan to deploy my app. I will, however, be able to request the server admin allows .htaccess files.
renamed htacces.txt to .htaccess and ammended the appropriate directives in the httpd.conf file and all seems to work. The application suggested the naming of htaccess.txt and the ammended directives in the httpd. These are obviously wrong (at least for a XAMPP stack).
By the way, using ini_set() is a much friendlier way if the app needs to be deployed to multiple locations so thanks especially for that pointer.
Why do you need to rename .htaccess to htaccess.txt
Try setting the include_path using set_include_path() and see if that helps (as an intermediate fix)
Verify which php.ini to use through a phpinfo()
You can alter the include_path on each request using ini_set(). This would avoid having to use htaccess at all.
My htaccess works under XAMPP fine - though some modules are disabled by default - are you sure that the modules you want are enabled?
I think the searchprase you are looking for is:
AllowOverride All
My guess is that within xampp you need to enable AllowOverride (through an .htaccess) in httpd.conf. It's a simple security measure that prevents newbies from installing a hackable platform :P
You need to enable AllowOverride All in main http.conf file. Look inside XAMPP_DIR/apache/conf/http.conf)
Simply Do this:
open file ...\xampp\apache\conf\httpd.conf
find line "LoadModule rewrite_module modules/mod_rewrite.so"
if here is a # before this line remove it.(remove comment)
its working

Categories