Text
SSL, php-fpm and nginx
Like many switching to the nginx/php-fpm combo, I ran into a situation with some PHP scripts that relied on $_SERVER[“HTTPS”] having a value of ‘on’. As of nginx 1.0.4, this isn’t provided out of the box. Of course, the rest of the $_SERVER[“SSL_*”] values that are present under Apache and mod_php (or php-fpm) aren’t available either.
The closest approximation I could come up with to Apache’s mod_ssl +StdEnvVars for nginx is this: create a file in your nginx config directory (commonly /usr/local/nginx/conf) called fastcgi_ssl.conf. Add the following to it:
# Provide as much of Apache's SSL +StdEnvVars data as possible.
fastcgi_param HTTPS on;
fastcgi_param SSL_PROTOCOL $ssl_protocol;
fastcgi_param SSL_CIPHER $ssl_cipher;
fastcgi_param SSL_SESSION_ID $ssl_session_id;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
# _SERVER entries for these will be empty unless you
# rely on client-side certs you've issued
#fastcgi_param SSL_CLIENT_CERT $ssl_client_cert;
#fastcgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
#fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
#fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
#fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial;
Include this file only inside server {} blocks that are configured for SSL use in nginx, and you’ll find that a environment checks for HTTPS work a lot better from within PHP.
Text
Getting PEAR2 Pyrus Running
I had a heck of a time getting PEAR2’s pyrus.phar 2.0.0a3 running. I downloaded pyrus.phar, ran ‘php pyrus.phar list-packages’ and got nothing.
Turns out the problem was having Suhosin installed as well. Once I added:
suhosin.executor.include.whitelist=”phar”
… to my php.ini directives, ‘php pyrus.phar list-packages’ gave me a list of packages.
I always forget this, but the trick is always remember: if it doesn’t work for some reason, check suhosin settings. Make sure you have suhosin logging turned on, and check the log!
Quote
You should think of your investors as the Honey Badger. They just want a launch. When it comes to everything else, Honey Badger Don’t Care.—The Wise Spouse
Text
RESTful Routing, LocationMatch, ForceType and SetHandler
For years I’ve been seeing articles about RESTful routing, and watching developers contort their code including route aware this and that. All these gyrations come with a performance penalty, not to mention a code maintenance cost. (More lines to maintain = more pain in the ass.)
There are a few brave souls who’ve bucked this trend and gone with the original tools designed for this job — mod_rewrite and the like.
What I haven’t seen much that makes perfect sense to me is extension-free files with a ForceType or SetHandler directive applied to them.
I know examples with Apache and PHP show that I’m a geezer, but humor me anyway.
In either case, you create a file called ‘foo’ (no extension) in your document root. In it, you put something like this:
How you’d do this with funky new stuff such as Lighty, Nginx, and node.js, I don’t know exactly. I’m sure it’s possible. But, it’s an exercise for those of you fascinated by the shiny and the new.
The point is this: save your CPU cycles for the stuff that actually matters. Leave the easy stuff like routing where it belongs: outside your app.
Image
Atlassian gives a prize for installing all their tools successfully. Here’s mine.
I especially like the bikini-briefs-with-bunny-tail kneeguards!
