all
I'm creating a simple service to return content of a file. This is very straightforward except that the service should return 404 if the file is outdated. I'm thinking to use Nginx Lua script to check the file date. Unfortunately, I didn't see such API to get modified date of file in standard IO module
Please let me know if there is a way to do it in Nginx. Thanks!
Related
I'm extending the WP REST API by writing a Controller class.
I'm trying to read the config for this class from a file, e.g:
{
"base-namespace": "myapi",
"version": "v1",
"resource": "things"
}
This would allow me to keep server and client in sync as they would both use the same config file.
However, I do not want WP to stay reading this file for every request it serves... Currently, if I read this file from anywhere in the plugin file (or any of its required files - including the Controller definition), and if I also echo out where I'm reading, I see it's always passing through that bit of code (including the reading) for every request.
I imagine I need to read this file somewhere outside the plugin itself - make it a global, and then access it when instantiating the Controller.
I'm new to WP - this is the first time dabbling with it. Where should this global variable definition go such that it's only executed once?
Note:
I have tried using require_once in my plugin to require a config file which does the file reading. I had put an echo statement there and it shows that that file gets executed for every request (despite the require_once).
I have also tried wrapping the file reading in an if(!isset($my_global_var) statement. But adding an echo statement inside the if statement shows that this global variable is always unset with every request served... clearly this needs to go in some kind of WP startup file which only gets executed once.
Thank you.
Store your config data as a PHP array in a .php file and then include it using the PHP include statement. Advanced PHP engines parse the PHP source once and cache a compiled representation of the script so that it does not have to re-parse the PHP sources everytime. So if your data is inside a PHP source file it would be saved in the PHP's engine compiled script cache.
Of course if your client is non-PHP it would need to have code to parse a PHP array.
I'm implementing something like this to let one service allow access to separate upstream service in nginx.
Briefly: A Rails app sets an HMAC cookie, which is then checked by some Lua code thanks to an access_by_lua directive in nginx.
To generate and verify the cookie, both Rails and nginx-Lua must of course share a secret key. I've tried setting this up as an environment variable in /etc/environment.
To make the var available in Rails, I had to fiddle with Unicorn's init script a bit. But at least that script is contained within the project, and just symlinked into place.
Meanwhile, to get at the variable in Lua, I do something like this: os.getenv("MY_HMAC_SECRET"). But in order for Lua to have access to that when running under nginx, it must first be listed using the env directive in the main nginx config.
So now, I'm feeling like my configuration is being spread out all over the place:
in /etc/environment (outside my project)
in /etc/nginx/nginx.conf (outside my project)
in unicorn's init script
in my site's nginx vhost config
It's starting to seem a little ridiculous just to make a simple string accessible in multiple places...
Is there a simpler way to do this? Honestly, the easiest way I can think of is hardcode it in the 2 places I need it, and be done. But that sounds nasty.
Better to put it only in the two places it's actually needed, in the two respective configuration files, than in the global environment where every process has access to it, as you have it now.
I would use init_by_lua directive in your vhost config.
init_by_lua 'HMAC_SECRET = "SECRET-STRING"';
server {
# and so on
}
So you'll have you secret in two places, but both in your project (if I understand correctly and vhost config is in your project).
You can even use init_by_lua_file and make some efforts to read and parse that file in your unicorn init.
Suppose the URL http://example.com/test.php. If I type this URL on the browser address bar, the PHP code is executed, and its output is returned to me. Fine. But, what if instead of executing it, I wanted to view it's source as plain text. Is there a a way to issue such request?
I believe that there must be some way, and my concern is that some outsider could retrieve sensitive code, such as configurations file, by guessing it's location. For example, Joomla instalations have a configuration.php on it's root folder. If someone retrieves such file as plain text, then these database credentials have been seriously compromised. Obviously, this could be prevented with proper permissions, but it's just too common to just issue 0777 as everything permissions and forgetting about access denials.
For PHP: if properly configured, there is no way to download it. File permissions won't help either way, as the webserver needs to be able to read the files, and that's the one serving contents. However. a webserver can for instance be configured to serve them with x-httpd-php-source, or the PHP/webserver configuration may be broken. Which is why files which don't need direct access (db config, class definitions, etc.) should be outside the document root, so there is no way those files will get served by accident even when the webserver config is incorrect / failing. If your current hoster does not allow you to store files outside the document root, switch hosting a.s.a.p.
There is a way to issue such request that downloads the source code of http://example.com/test.php if the server is configured to provide a URL to do so. Usually it isn't, so usually there is no way to issue such a request.
When using exist-db, a GET message will obtain an entire file from a collection (by providing the URI). In the case of a .xq file, however, the same GET message will instead execute the file.
I am wondering if there is anything I can attach to a GET message to cause exist-db to return the file rather than execute it. I should have all the necessary permissions, or I should be able to set them.
Thank you.
Assuming you are running eXist as a stand-alone server:
"GET accepts the following request parameters, which must be URL-encoded" _source=yes | no - which "Specifies whether the query should display its source code instead of being executed" - see the developers guide online for full details & example usage.
eXist sets this capability to 'no' as default in it's config - however you can override this permanently by adding specific files to the <allow-source></allow-source> section in the Web-application Descriptor file (descriptor.xml) read from WEB-INF directory of the web application or from the directory specified by the exist.home system property.
Hope that helps.
This is how I'm adding a static response header in my nginx.conf:
location /some-path/ {
add_header X-Some-Static-Header "some static value";
}
Is there a way to add a response header with a dynamic value? This value should be pulled in from a file, or an environment variable, or some similar external place.
I'm trying to add a "X-App-Version" header, which is to be read from a file. When a new version of the web application is deployed, this file will be updated with the new version number. Preferably, nginx should immediately start serving up the new version number, without a restart/reload.
How can this be done?
It doesn't look like there's a way to do this without simply changing the config file when you update the version number. That said, what you're asking for shouldn't be too difficult to automate if you can live with a restart/reload.
If you're using git, (or really any VCS,) you could use commit hooks to trigger a simple shell script to find and replace the line in the config file, run nginx -t -c /etc/nginx/nginx.conf, and restart the server.
I wish there was an existing NGINX module to do what you're asking, so I'm putting that on my todo list, but for most use cases this should probably be a reasonably acceptable hack.