Nginx, PHP, HTTPS global var and “single configuration” HTTP/HTTPS virtual host

I recently stumbled upon the problem of configuring a virtual host in Nginx so that it can serve HTTP and HTTPS writing just one configuration section.

I know that this is not the recommended way of configuring HTTP+HTTPS, but having two separate sections when the configuration is the same except for 3 lines (server certificates and listen 443) doesn’t make much sense.

I initially followed the official tutorial (most likely outdated) and added a part relative to PHP files

 
server {
    listen 80;
    listen 443 ssl;
    server_name domain.ext;
    ssl_certificate domain.crt;
    ssl_certificate_key domain.key;

    # ... rest of the configuration

    # PHP stuff
    location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_pass 127.0.0.1:9001;
    # Fixes random Bad gateway errors
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    }
}

Everything worked smoothly on two computers running Ubuntu 10.04 + Nginx and PHP-fpm from the Nginx PPA. I then tried to do the same on Ubuntu 11.10 and PHP-fpm installed from the official repositories: all hell broke lose.

All of a sudden the $_GLOBALS["HTTPS"] variable was not defined anymore even on secure connections. Setting such variable is an Apache specific behaviour, in all truth, but like most of the rest of the PHP community I learned to rely on it for secure connection detection.

Most of the guides I found online referred to setting the HTTPS variable explicitly in the appropriate server section via the fcgi_param directive, but I didn’t want to have two completely separate configuration sections.

I then resorted to a hybrid, which makes use of dual server sections and one include file.

The configuration file looks like this:

 
# Nginx config file

# HTTP server section
server {
    listen 80;
    include domain.inc;
}

# HTTPS server section
server {
    listen 443 ssl;
    server_name domain.ext;
    ssl_certificate domain.crt;
    ssl_certificate_key domain.key;
    include domain.inc;
    fastcgi_param HTTPS on;
}

The include file looks like this:

 
# Nginx include file: domain.inc

# ... rest of the configuration

# PHP stuff
location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_pass 127.0.0.1:9001;
    # Fixes random Bad gateway errors
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
}

… and the magic is done!

[ALTERNATIVE]

The problem is due to the fact that the fastcgi_params file is not present. Even if it were, the $https variable is not defined anymore in recent versions of nginx.

The solution is to add the following lines to your nginx.conf file

 
# Assigns $https depending on value of  $scheme
# $scheme is either "http" (default), or "https"
map $scheme $https {
	default off;
	https	on;
}

and then create the fastcgi_params file with the following content (will set a few parameters commonly used by Apache/PHP)

 
fastcgi_param	QUERY_STRING            $query_string;
fastcgi_param	REQUEST_METHOD     $request_method;
fastcgi_param	CONTENT_TYPE           $content_type;
fastcgi_param	CONTENT_LENGTH     $content_length;

fastcgi_param	SCRIPT_FILENAME       $request_filename;
fastcgi_param	SCRIPT_NAME              $fastcgi_script_name;
fastcgi_param	REQUEST_URI               $request_uri;
fastcgi_param	DOCUMENT_URI          $document_uri;
fastcgi_param	DOCUMENT_ROOT      $document_root;
fastcgi_param	SERVER_PROTOCOL     $server_protocol;

fastcgi_param	GATEWAY_INTERFACE	CGI/1.1;
fastcgi_param	SERVER_SOFTWARE	nginx/$nginx_version;

fastcgi_param	REMOTE_ADDR             $remote_addr;
fastcgi_param	REMOTE_PORT             $remote_port;
fastcgi_param	SERVER_ADDR               $server_addr;
fastcgi_param	SERVER_PORT               $server_port;
fastcgi_param	SERVER_NAME              $server_name;

fastcgi_param	HTTPS			        $https;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param	REDIRECT_STATUS	200;

Share

Windows 7 installation and FDDs

If:

  • the Windows 7 installer shows the blue background after “Starting Windows”
  • You are still able to move the mouse pointer
  • You do not actually have and FDD (Floppy Disk Drive)

Reset your computer, enter the BIOS, and check that your settings regarding FDDs are set to “Disable” (or “None”, depending on the BIOS).

It’s as stupid as it sound and it cost me 30 minutes.

Share

Howto: install mldonkey on FreeNAS 8.0

FreeNAS 8.0 has been released a while ago, but it’s still lacking many features that nowadays are fundamental to any NAS (most of which will be fixed in 8.1). In particular it lacks any form of torrent manager, so I decided to install MLDonkey on my box and write a small HowTo about it.
Continua a leggere

Share

Mumble e’ la nuova panacea del podcasting?Is Mumble the new panacea for podcasters?

Recording conference calls for multiple host podcasts has always been pretty much a huge pain in the ass. In particular, in the early days, this could not be done without multi-channel audio cards (or multiple audio cards), a hardware mixer and a whole messy bunch of cables.

Audio mixer and cable spaghetti

A damn mess... (This picture is somebody else's, but I couldn't find the author. All credits to him/her)

Things have always been a little confusing on the software side: depending on the operating system there is the chance to have software mixers performing the same task as the hardware one, but they usually require applications to explicitly support their API/communication protocol (e.g. JACK on Linux).

Furthermore, even in the case that the audio protocol is standard for the whole system, the application may not support per-caller streaming, which makes editing and mastering the levels in post-production extremely hard (although there are some tools, such as Levelator, that help in the task).

Now we all have an open-source, multi-platform alternative (runs on Linux, MacOS, Windows), and its name is Mumble.

Screenshot of Mumble on Peppermint Linux

Mumble is born as an open-source, standards-based, low-latency, high-quality Voice-over-IP communication tool for gamers: as opposed to common alternatives such as Ventrilo, Skype and TeamSpeak that are instead closed-source (TeamSpeak had a particularly bad history of slow upgrades).
While open-source is nice and everything, Mumble was not better suited than the rest of the pack when it came to podcasting, it actually was a little worse than some of the competition (there are multiple plugins for Skype that allow call recording).

But Mumble does now have a trump card to play: since version 1.2.3 it allows to record the conversations going on a channel in a server, either as a mixdown (one file for the whole conversation) or using one file per participant.

Screenshot of Mumble Recorder

Not only that, but multiple recording formats are supported: PCM uncompressed (wave), AU uncompressed, FLAC lossless compression, and OGG lossy compression.

Screenshot of Mumble Recorder's compression formats

There is even FLAC for all of us audiophiles.

The beauty of it all is that such freedom of choice also allows older, or low-power systems to be used as recording stations; while one would require a fairly powerful system to record a party of 10 in FLAC, I was able to record an OGG compressed multi-channel discussion between me and a friend on a 1.5 GHz Pentium-M with lots of headroom.

Share

P!=NP has been proved?


Via Slashdot

“Researcher Vinay Deolalikar from HP Labs claims proof that P != NP. The 100-page paper has apparently not been peer-reviewed yet, so feel free to dig in and find some flaws. However, the attempt seems to be quite genuine, and Deolalikar has published papers in the same field in the past. So this may be the real thing. Given that $1M from the Millennium Prize is involved, it will certainly get enough scrutiny. Greg Baker broke the story on his blog, including the email Deolalikar sent around.”

If this is true, we have one of the most incredible and revolutionary discoveries of the last decennia.

Share

Nuovo indirizzo per il podcast “Into the NeXuS”

Attenzione, da qualche giorno il sito del pocast è all’indirizzo indicato qui sotto. Il presente blog non verrà più usato a tale scopo.
http://nexus.thenexus.it/wordpress/podcast

Potete seguire il feed RSS all’indirizzo qui sotto.
http://nexus.thenexus.it/wordpress/podcast/feed/

In alternativa potete fare riferimento al sito di blip.tv, al seguente indirizzo.
http://intothenexus.blip.tv

Share

LHC funziona… ed il mondo non è esploso!


Ieri ho seguito con molta partecipazione l’ennesimo tentatio di “fare fisica” (come dicono gli stessi addetti ai lavori) con il mastodontico acceleratore e collisore di particelle che si trova tra – o meglio sotto – le Alpi di diversi paesi.

Dopo i due lunghi stop forzati, dovuti prima alla rottura di uno dei super-magneti (se non ricordo male) e poi del sistema di raffreddamento (complice un pezzettino di pane lasciato forse cadere da un uccello di passaggio), finalmente LHC è stato in grado di portare i flussi a 3.5 TeV (tera elettron-volt) ciascuno, allinearli, ed osservare numerosi e costanti fenomeni dovuti alle collisioni delle particelle ivi contenute.

Anche questa volta non tutto è andato perfettamente liscio, ma per fortuna si è trattato solo di un piccolo intoppo: circa un’ora di stop e si è ripreso. In un primo momento, infatti, a causa dell’accoppiamento elettro-magnetico che si è venuto a creare tra il sistema di generazione ed immissione dei flussi ed il circuito dell’acceleratore vero e proprio, i flussi non sono riusciti a raggiungere i 3.5 TeV previsti.

Share

Mini-server casalingo


Vista la necessità di dirottare la maggior parte delle finanze verso un altro progetto particolarmente importante, di cui spero di parlare presto, mi sono però concesso una ulteriore folle spesa. Tale spesa è dettata dalla necessità, sempre più reale, di avere a disposizione un piccolo server casalingo che metta a disposizione in continuazione tutta una serie di servizi di cui ho bisogno: da un repository di codice (SVN) a macchine virtuali che siano up 24/24, passando per un server di backup (rsync o simile).

Continua a leggere

Share