nginx hooks ? or any other approach - nginx

I have couple files on my web project. They are all sending to client with nginx help.
But i want to know (and to show for end users) how many times file was downloaded.
For example file has url like: example.com/file.ppt
and nginx settings is next:
location ~* \.(ppt|swf)$ {
root /path/to/static/content;
expires 30d;
}
so my question: can nginx sent some request by some url ? or something else, when someone tries to download certain file ?

You could count successed file downloads in nginx access.log for example with grep:
grep -c file.ppt access.log

Related

Trying to set file upload limit in mup/nginx-proxy

I am running into a file upload error with files > 10M. I have followed the advice here: http://meteor-up.com/docs.html#advanced-configuration which says how to set it in the nginx proxy by setting the clientUploadLimit: '50M'
I pushed the changes using mup proxy reconfig-shared, and it told me it had restarted the proxy. It didn't work, I still get the 413 (Request Entity Too Large) error.
I checked inside the nginx-proxy docker instance, and the file /etc/nginx/conf.d/my_proxy.conf has the correct entry client_max_body_size 50M. I restarted the EC2 box to make sure, but it's still not working.
This article https://www.tecmint.com/limit-file-upload-size-in-nginx/ suggests that the setting needs to go inside a http block, like this:
By default, Nginx has a limit of 1MB on file uploads. To set file upload size, you can use the client_max_body_size directive, which is part of Nginx’s ngx_http_core_module module. This directive can be set in the http, server or location context.
http {
client_max_body_size 100M;
}
I can't see how to achieve this, as the .conf file is read only and somehow locked.
Any ideas on how to proceed?
I suppose I could try a custom nginx.conf file, but I'm not sure what should go in there, and in fact whether it will even improve the situation.
Any help is appreciated :)
I'm happy to report that I solved it... I will explain how.
I was setting the limit in the nginx reverse proxy in the mup.js file
proxy: {
domains: 'website.com,www.website.com',
shared: { clientUploadLimit: '50M' }
}
But it turns out that there is an option to set it for each independent server like this:
proxy: {
domains: 'website.com,www.website.com',
clientUploadLimit: '50M'
}
The limit was being set to 10M by default. I found it by shelling into the nginx-proxy docker image and doing a search with the command grep -R client_max_body_size /etc/nginx and it showed me all the places where it was set (for each vhost)
So I changed the mup.js file for my server, did a mup stop, and a mup setup (to re-do the settings) and then a mup deploy
Now this is speculation but have you tried going to the docker container's root shell changed the permissions to give write permission to root or your user chmod 760 /etc/nginx/nginx.conf and edit the nginx file there?

check the existence of a site user using curl and nginx

On my site, registered users, after logging in, have the possibility to download files with the curl command, i.e.
curl -O https://example.com /assets/file/test.txt
I would like to somehow avoid that the user not logged in or deleted still has the possibility to download the file by running the command again or by going directly to the address from the browser.
I use Nginx as web server.
Is it possible to block access to the user that no longer exists or is no longer logged in?
I had thought about the possibility of doing something like this:
curl -u {{user.id}}:{{unique_value}} https://example.com/assets/file/test.txt
or
curl -O https://example.com/assets/file/test.txt?param={{unique_value}}
But I don't know how to verify the existence of the user, and if it is possible to do so, with nginx or some other tool.
I tried using cookie control with Nginx, but as far as I know it is easy to circumvent.
yeah you can use http basic auth to restrict file access to authorized people, per the documentation at https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
touch /etc/nginx/users.htpasswd;
htpasswd /etc/nginx/users.htpasswd user1 'password';
followed by
server {
listen 80;
listen [::]:80
location /assets{
root /wherever/assets/..;
auth_basic "assets";
auth_basic_user_file /etc/nginx/users.htpasswd;
}
}
now only curl -u user1:password1 can download files in /assets/

Upload file to Nginx with cURL

All,
I'm trying to upload a local file to my remote Nginx server via cURL. I have built Nginx from source with the upload module and the DAV module. At the bottom of the Nginx page, there is an example form to upload a file. I'm not sure how I would implement the form, and (several) Google searches have returned little helpful information about uploading directly to Nginx via cURL.
Current tech stack:
Nginx
Green Unicorn
Flask
Of all the different avenues I've tried, the following is the one that seems the most appropriate for the task.
curl -X POST -F "image=#example.gif" http://54.226.64.199/upload
However, the response is underwhelming.
I've tried --uploade-file as well, the response is a 405. From what I've read, upload only accepts a POST command, not PUT, hence why I get a 405.
I don't need a full solution (would be great!), only pointing in the right direction.
Any help is appreciated. Thanks
EDIT: sorry wanted to include part of my .conf
location /upload {
upload_store /tmp;
#upload_pass #none;
upload_store_access all:rw;
upload_cleanup 400 404 499 500-505;
}
You can do this by specifying filename into URL, without using any external module :
location ~ "/upload/([0-9a-zA-Z-.]*)$" {
alias /storage/www/upload/$1;
client_body_temp_path /tmp/upload_tmp;
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
dav_access group:rw all:r;
}
And use : curl -T example.gif http://54.226.64.199/upload/example.gif

How do I allow a PUT file request on Nginx server?

I am using an application which needs to PUT a file on a HTTP server. I am using Nginx as the server but getting a 405 Not Allowed error back. Here is an example of a test with cURL:
curl -X PUT \
-H 'Content-Type: application/x-mpegurl' \
-d /Volumes/Extra/playlist.m3u8 http://xyz.com
And what I get back from Nginx:
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.1.19</center>
</body>
</html>
What do I need to do to allow the PUT?
Any clues would be awesome!
To add HTTP and WebDAV methods like PUT, DELETE, MKCOL, COPY and MOVE you need to compile nginx with HttpDavModule (./configure --with-http_dav_module). Check nginx -V first, maybe you already have the HttpDavModule (I installed nginx from the Debian repository and I already have the module).
Then change your nginx-config like that:
location / {
root /var/www;
dav_methods PUT;
}
You can get more info on the nginx docs entry for the HttpDavModule.
Another reason for 405 Not Allowed is that you don't have permission to write files on the destination you're PUTing. If you have HttpDavModule and still getting this error, make sure you've given nginx write permissions where you're PUTing the files.
Adding this block solved the problem for me in a Laravel application.
location / {
try_files $uri $uri/ /index.php?$query_string;
}
nginx is mainly a proxy and a lot of other things, it share something with web server, not all.
You may want to check: https://www.nginx.com/resources/wiki/modules/upload/,
better is to have a rest interface and let nginx do the proxy, balancing, buffering, TSL ..

nginx + ssi + remote uri access does not work

I have a setup where my nginx is in front with apache+PHP behind.
My PHP application cache some page in memcache which are accessed by nginx directly except some dynamic part which are build using SSI in Nginx.
The first problem I had was nginx didnt try to use memcache for ssi URI.
<!--# include virtual="/myuser" -->
So I figured that if I force it to use a full URL, it would do it.
<!--# include virtual="http://www.example.com/myuser" -->
But in logs file (both nginx and apache) I can see that a slash has been added at the beginning of the url
http ssi filter "/http://www.example.com/myuser"
In the source code of the SSI module I see a PREFIX that seems to be added, but I can really tell if I can disable it.
Anybody got this issue?
Nginx version : 0.7.62 on Ubuntu Karmic 64bits
Thanks a lot
You can configure nginx to include remote URLs despite you cannot refer them directly in SSI instructions. In site config create location with local path and named remote location that points where you want to. For example:
server {
....
location /remote {
proxy_pass #long_haul; # or use "try_files" to provide fallback
}
location #long_haul {
proxy_pass http://porno.com;
}
....
}
and in served html use include directive that refers /remote path:
<!--# include virtual="/remote/rest-of-url&and=parameters" -->
Note that you may customize URL that is passed further with variables and regexp. For example:
location ~/remote(.+) {
proxy_pass #long_haul$1?$args;
}
It has nothing about nginx, you just can't do that. SSI doesn't accept remote uri. you can only specify a local file path.
See
http://en.wikipedia.org/wiki/Server_Side_Includes

Resources