We're using Nginx on the server reserved for development (testing) and we want to prevent anyone outside the company from gaining access to the sites under development. However one of the sites uses online payment and for that a folder need to be accessible by anyone, used for the callback from the credit card company..
Is there any way we can protect an entire website but leave just one folder and all the files inside open ?
Regards,
Wael
server {
auth_basic "go away";
location /a {
auth_basic off;
}
}
Related
I explain you my situation,
I have a website that we'll called website-a.com that is link to my personal project.
On this project, every users can have a page, with the url my-project.com/[username]. So the urls will then be my-project.com/user1, my-project.com/user2, ...
For the context, I'm building it in Next JS, with the following code architecture :
--
pages
-- [username]
-- index.tsx
-- about.tsx
--
And I'm using Nginx with pm2 and a proxy pass that points to my http://localhost:3000
Now, I'd like to redirect a second domain name to a specific page of a user.
So I would like that when I go to user1.com, it displays my-project.com/user1 without modifying the url.
I pointed the DNS of user1.com to my server, I created a new host nginx and I made a proxy_pass to http://localhost:3000/user1. It's working, but I don't have the ressources css and js, because next is trying to load them from user1.com and they don't exists (user1.com/css/abc.css, ...).
I also tried to modify the build-manifest.json in the .next folder created after the build and it didn't work
So either I would like to find a way for Next JS to take the resources from my-project.com even if it is on user1.com (let it be an absolute path), or put a configuration with the nginx host but I don't don't know which one.
Thanks you for your help
Newby at Nginx on Ubuntu. Main site is a WordPress site "example.com". No issue with this site. However, I need (cause someone did things in IIS and we need to move it to Nginx) to have a another site at "example.com/testsite" (not Wordpress, just static HTML).
Since this "testsite" was originally in IIS, sloppy coding was done and things are a complete mess of upper and lowercase.
So, I added a location block to my /ect/nginx/sites-enabled/example.com.conf
location /testsite {
alias /home/myusername/public_html/testsite;
index index.html;
}
This works! However as soon as a try to make this location case insensitve, I get a 404.
location ~* /testsite {
alias /home/myusername/public_html/testsite;
index index.html;
}
Ideas? Also, this site has tons of links that users can click on that are a mixture of upper/lower/proper and in no relation to the actual files that are on the server. Is there a way to make anything under that location block case insensitive (aka IIS way of doing it).
Thanks everyone.
I am new to Webserver configurations etc.
My question is how can I write a rule for a root directory and all the content to that if someone tries directly a not authorised error appears.
eg in the picture prevent access to ajax and all thats contained
the config below will take care of this: (it is considered that the directory ajax is located in root directory you defined in your nginx config, otherwise you have to specify full address of your ajax directory relative to your root directory.)
location ~* /ajax/* {
return 403;
}
I'm building a system which uses dynamic DNS for user accounts, so you register for a sub domain.
I have a few server directives in place to catch things like api. and www. and other special cases, and I have a directive which reads the wildcard domain name and uses it to set a domain specific assets location.
server {
server_name "~^(?<domain>[a-z0-9]+)\.example\.com$";
root /sites/core;
location /assets {
alias /site-assets/$domain;
}
}
What I want to do is check for the existence of the assets directory and present, on the same domain, a different site.
To clarify, if the assets directory in the example above exists, serve one set of files, otherwise, serve another. Since the site I want to serve won't be IN the directory in question, I can't use try_files or anything like that.
I read all the horror stories about using the if directive but I think I need something like
if (-d /site-assets/$domain) {
... Do something
}
Then change the root, but that doesn't work.
Any ideas how I can achieve this?
OK. I figured this out. If there's a problem with it, let me know.
I have the following in a server directive
server {
server_name "~^(?<domain>[a-z0-9]+)\.example\.com$";
set $site core;
if (!-d /path/to/assets/$domain) {
set $site join;
}
root /path/to/sites/$site;
}
If the assets directory for the given domain name does NOT exist, then I can serve up a joining page for my site, which can pick up the domain name and allow the user to register. If it does exist, then serve up the main app.
This seems to me like a simple use of the if directive so shouldn't get me in too much trouble.
is there anyway to do a #include with a file listed as an absolute path?
i am trying to include files from other websites (outsite the root of the sight that wants to include it)
any other suggestions?
You can only include files from your server, these may technically be outside your website if the Allow Parent Paths option is enabled or if you can use a virtual include to point to another virtual directory on your server.
There is no way to include files from websites outside of your server or sites on your server that your application does not have permissions to access.
Another way to go is to create a directory below the root folder of your website, then making that folder a symbolic link to the folder where the file you want to include is located. Now there is no way to create symbolic links in Windows out of the box, you need Microsoft Sysinternals Junction for that.
<!--#include file="c:\boot.ini"-->
There is a setting in IIS for allowing includes to parent paths, check that if the above doesn't work.
You can do it, using XMLHTTP and the VBscript Execute statement.
I wouldn't recommend it though as it creates substantial security risks.
A few links to get you started:
https://web.archive.org/web/20211020135215/https://www.4guysfromrolla.com/webtech/042602-1.shtml
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vsstmexecute.asp
https://web.archive.org/web/20210927184623/http://www.4guysfromrolla.com/webtech/110100-1.shtml
It is a very high security risk, because someone can inject code into your app. Take your precautions.
One tip: the page you need to load from another server needs to have an extension different from .asp because if not the other server is going to send it already executed. It seems clear but I forgot it the first time!