<div dir="ltr"><div dir="ltr">Configuration<div>/etc/nginx/sites-available:</div><div>chrony</div><div>default</div><div><br></div><div>/etc/nginx/sites-available/chrony:</div><div>server {<br>    listen 443 default_server ssl;<br>    listen [::]:443 default_server ssl;<br><br>    server_name <server fqdn>;<br>    root /var/www/chrony;<br>    index index.sh index.html;<br><br>    location /chrony {<br>        try_files $uri $uri/ $uri/index.sh;<br>    }<br><br>    location ~ "index\.sh"$ {<br>        gzip off;<br>        fastcgi_pass unix:/var/run/fcgiwrap.socket;<br>        include /etc/nginx/fastcgi_params;<br>        fastcgi_param DOCUMENT_ROOT $document_root;<br>        fastcgi_param SCRIPT_FILENAME $request_filename;<br>    }<br>} <br></div></div><div><br></div><div>/etc/nginx/sites-available/default:</div><div>server {                                                                                                                            <br>        listen 80 default_server;                                                                                                   <br>        listen [::]:80 default_server;                                                                                              <br> <br>        root /var/www/html;<br>        index index.html index.htm index.nginx-debian.html;                                                                         <br><br>        server_name _;                                                                                                              <br><br>        location / {                                                                                                                <br>                try_files $uri $uri/ =404;<br>        }<br>}<br></div><div><br></div><div>/etc/nginx/nginx.conf:</div><div>user www-data;<br>worker_processes auto;<br>pid /run/nginx.pid;<br>include /etc/nginx/modules-enabled/*.conf;<br><br>events {<br>        worker_connections 768;<br>}<br><br>http {<br>        sendfile on;<br>        tcp_nopush on;<br>        tcp_nodelay on;<br>        keepalive_timeout 65;<br>        types_hash_max_size 2048;<br>        include /etc/nginx/mime.types;<br>        default_type application/octet-stream;<br>        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE<br>        ssl_prefer_server_ciphers on;<br>        access_log /var/log/nginx/access.log;<br>        error_log /var/log/nginx/error.log;<br>        gzip on;<br>        gzip_disable "msie6";<br>        include /etc/nginx/conf.d/*.conf;<br>        include /etc/nginx/sites-enabled/*;<br>}<br><br>Filesystem:</div><div>/var/www/html/index.nginx-debian.html</div><div>/var/www/chrony/index.sh</div><div>/var/www/chrony/chrony.css<br><br>For https://<fqdn-server>/:</div><div>nginx default site delivered ok.</div><div><br></div><div>For https://<fqdn-server>/chrony:</div><div>404 - Not found. </div><div><br></div><div><br></div><div>Versions:</div><div>ii  fcgiwrap                              1.1.0-9                           armhf        simple server to run CGI applications over FastCGI<br>ii  libfcgi-bin                           2.4.0-8.4                         armhf        FastCGI bridge from CGI<br>ii  libfcgi0ldbl:armhf                    2.4.0-8.4                         armhf        Shared library of FastCGI<br>ii  libnginx-mod-http-auth-pam            1.10.3-1+deb9u3                   armhf        PAM authentication module for Nginx<br>ii  libnginx-mod-http-dav-ext             1.10.3-1+deb9u3                   armhf        WebDAV missing commands support for Nginx<br>ii  libnginx-mod-http-echo                1.10.3-1+deb9u3                   armhf        Bring echo and more shell style goodies to Nginx<br>ii  libnginx-mod-http-geoip               1.10.3-1+deb9u3                   armhf        GeoIP HTTP module for Nginx<br>ii  libnginx-mod-http-image-filter        1.10.3-1+deb9u3                   armhf        HTTP image filter module for Nginx<br>ii  libnginx-mod-http-subs-filter         1.10.3-1+deb9u3                   armhf        Substitution filter module for Nginx<br>ii  libnginx-mod-http-upstream-fair       1.10.3-1+deb9u3                   armhf        Nginx Upstream Fair Proxy Load Balancer<br>ii  libnginx-mod-http-xslt-filter         1.10.3-1+deb9u3                   armhf        XSLT Transformation module for Nginx<br>ii  libnginx-mod-mail                     1.10.3-1+deb9u3                   armhf        Mail module for Nginx<br>ii  libnginx-mod-stream                   1.10.3-1+deb9u3                   armhf        Stream module for Nginx<br>ii  nginx                                 1.10.3-1+deb9u3                   all          small, powerful, scalable web/proxy server<br>ii  nginx-common                          1.10.3-1+deb9u3                   all          small, powerful, scalable web/proxy server - common files<br>ii  nginx-full                            1.10.3-1+deb9u3                   armhf        nginx web/proxy server (standard version)<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 5, 2019 at 4:02 PM Francis Daly <<a href="mailto:francis@daoine.org">francis@daoine.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Dec 04, 2019 at 07:08:52PM +0100, Thomas Schweikle wrote:<br>
<br>
Hi there,<br>
<br>
> I'm a little bit lost now, since various configurations tried just dont<br>
> work. None of them.<br>
<br>
I'm not quite clear on what specifically you want your nginx to do.<br>
<br>
If it matters -- could you describe that?<br>
<br>
>     location /chrony {<br>
>         try_files $uri $uri/ $uri/ index.sh;<br>
>     }<br>
> <br>
>     location ~ "index\.sh"$ {<br>
<br>
I suspect that some of this was re-typed from the config, rather than<br>
having been copy-pasted.<br>
<br>
The "$ probably should be $"; and I'm not sure if the space before<br>
the index.sh is intended or not.<br>
<br>
>         fastcgi_param SCRIPT_FILENAME $request_filename;<br>
<br>
For testing, you could try to put <br>
<br>
  return 200 "in index.sh - $request_filename\n";<br>
<br>
in this location{}. It will *not* invoke fastcgi, but it will show you<br>
want filename nginx writes in the matching variable.<br>
<br>
> If i am looking at the debug logs all seems OK: nginx feeds<br>
> /var/www/chrony/index.sh to fcgiwraper. /var/www/chrony/index.sh is allowed<br>
> to be executed by all. group is root, owner is root. Only the owner is<br>
> allowed to write the file. All others are allowed to execute it.<br>
<br>
I do not know if it is the same version that you are using, but the<br>
code at <a href="https://github.com/gnosek/fcgiwrap/blob/master/fcgiwrap.c" rel="noreferrer" target="_blank">https://github.com/gnosek/fcgiwrap/blob/master/fcgiwrap.c</a> looks<br>
like it includes a "reason" message with a 403 code. That message might<br>
indicate why the system thinks there is a problem.<br>
<br>
> My first question: why doesn't nginx:<br>
<br>
If you can show the config you are using, it may be clear why nginx does<br>
what it does.<br>
<br>
If what you want is "serve dir/index.sh when the request is for dir/",<br>
then it might be enough to remove the try_files block, and fix the<br>
index.sh line.<br>
<br>
Good luck with it,<br>
<br>
        f<br>
-- <br>
Francis Daly        <a href="mailto:francis@daoine.org" target="_blank">francis@daoine.org</a><br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Thomas</div></div></div>