Hi Edgar,
I found that I was wrong about .htaccess not working inside of <Directory> tag:
RewriteMap and standard rewrite lookup of the user dirs goes here
<Directory /PATH_TO_WWW/*>
Standard directory conf goes here
RewriteRule ^(.*\.php)$ fcgi://IP_OF_THE_FPM:FPM_PORT/$1 [P,L]
</Directory>
Basically the secret (for me at least) I needed to put rewrite rule
that proxies through inside directory tags that are for common
directory of the users with *.
so if I have users in /var/www/$username , the directory tag should
look like this: <Directory /var/www/*>
TL;DR: use proxy rewirte rule inside of directory tags for the common
users directory.
Thank you very much,
Sergei.
On 9 July 2014 13:35, Sergei Franco <sergei.franco@xxxxxxxxx> wrote:
> Hi,
>
> Here is (redacted) portion of virtual section I use (I replaced real
> IP address with [IP]):
>
> RewriteMap vhost dbm=db:/[somepath]/vhost.db
> RewriteMap port-fpm dbm=db:/[somepath]/fpmports.db
>
> RewriteCond ${lowercase:%{SERVER_NAME}} ^(.+)$
> RewriteRule ^.*$ - [E=WEBSITE:%1]
>
> RewriteCond ${vhost:%{env:WEBSITE}} ^(/.*)$
> RewriteRule ^.*$ - [E=WEBDIR:%1]
>
> RewriteCond ${port-fpm:%{env:WEBSITE}} ^(.+)$
> RewriteRule ^.*$ - [E=PORTFPM:%1]
>
> RewriteCond %{env:WEBDIR} ^(/.*)$
> RewriteRule ^/(.*)$ %1/htdocs/$1
>
> RewriteRule ^/(.*\.php)$ fcgi://REDACTEDIP:%{env:PORTFPM}/$1 [P,L]
>
> rest is pretty standard.
>
> The above rules are there to dynamically assign port and vhost
> directory... This all works really well (were we have nodes behind LVS
> which listen to different port per user). The only thing does not work
> is htaccess being ignored due to apache not considering local requests
> that are rewritten to mod_proxy_fcgi.
>
> Regarding the logs,
>
> Here is the debug (I assume this is picked up from <Directory> definition):
> [Wed Jul 09 13:10:30.072748 2014] [authz_core:debug] [pid 2195]
> mod_authz_core.c(802): [client REDACTEDIP:31561] AH01626:
> authorization result of <RequireAny>: granted, referer:
> http://test.REDACTED/wordpress/wp-login.php?loggedout=true
>
> More rewrite debug:
>
> Here is the result of the 'php' file (expected 403 but got pass through):
> [Wed Jul 09 13:15:30.561226 2014] [rewrite:trace2] [pid 3030]
> mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
> [test.REDACTED/sid#7f70347d8f30][rid#7f702f4090a0/initial] rewrite
> '/wordpress/wp-login.php' ->
> 'fcgi://REDACTEDIP:PORT/REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-login.php'
>
> And here is the result of the non-php file (expected 403, got 403):
> [Wed Jul 09 13:15:30.709276 2014] [rewrite:trace2] [pid 3030]
> mod_rewrite.c(468): [client REDACTEDIP:23497] REDACTEDIP - -
> [test.REDACTED/sid#7f70347d8f30][rid#7f70347ad0a0/initial] [perdir
> /REDACTEDPATH/test.REDACTED/htdocs/wordpress/] forcing responsecode
> 403 for /REDACTEDPATH/test.REDACTED/htdocs/wordpress/wp-includes/css/dashicons.min.css,
> referer: http://testREDACTED./wordpress/wp-login.php?loggedout=true
>
>
> Thank you very much.
>
> Sergei.
>
>
> On 9 July 2014 12:36, Edgar Pettijohn <edgar@xxxxxxxxxxxxxxxxxxx> wrote:
>>
>> On 07/08/2014 06:00 PM, Sergei Franco wrote:
>>> Hi,
>>>
>>> I am using apache 2.4.7 with mod_proxy_fcgi for purpose of passing
>>> through php to php-fpm (this will be used for shared hosting
>>> environment).
>>> The htaccess works fine for non php files, but once it hit rewrite
>>> rule that proxies through the php requests, the htaccess is ignored.
>>>
>>> I know why it is happening.
>>>
>>> The question how do I force apache to treat the request to php file as
>>> a request to local file, and then proxy it through?
>>>
>>> I have spent substantial time in researching on this problem, and
>>> following "answers" were given as solution:
>>>
>>> 1) "use apache configuration instead of .htaccess" it is valid
>>> solution, but not for shared hosting environment (I am not going to
>>> give access to apache configuration to shared hosting customers ;)).
>>> 2) "don't use .htaccess, as it has performance/security/other issues",
>>> well how else would shared hosting customers control access/url
>>> rewriting on their site? Besides if the .htaccess was not a
>>> requirement I would simply use nginx.
>>> 3) "put rewrite rule for proxy inside of <directory>" - this is
>>> incorrect, and it does not work.
>>>
>>>
>>> This behaviour appears to be not a bug but a "feature" as per
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=54887
>>>
>>>
>>> Thank you very much.
>>>
>>>
>>> Sergei.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>>
>> Your httpd.conf and logs would be helpful.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|