Re: DAV + выделение regex + alias

Vadim Lazovskiy vadim.lazovskiy at gmail.com
Tue Apr 29 06:18:31 UTC 2014 

Нет, поторопился.

Сломались другие location с проксированием вот такого вида:

location /s/

    ...

    location /s/private/ {
        location ~
"^/s/private/(?<token>.*)/(?<expires>\d+)/(?<cam_id>\d{10})\.m3u8$" {
            secure_link $token,$expires;
            secure_link_md5 "...";

            if ($secure_link = "") {
                return 403;
            }

            if ($secure_link = "0") {
                return 410;
            }

            fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME  $document_root/m3u8.php;
            include fastcgi_params;

            fastcgi_param QUERY_STRING id=$id&$args;
        }
    }
}


2014/04/29 09:56:08 [debug] 3630#0: *240 test location: ~
"^/s/private/(?<token>.*)/(?<expires>\d+)/(?<id>\d{10})\.m3u8$"
2014/04/29 09:56:08 [debug] 3630#0: *240 http regex set $id to "0000000977"
2014/04/29 09:56:08 [debug] 3630#0: *240 http regex set $expires to
"1398801600"
2014/04/29 09:56:08 [debug] 3630#0: *240 http regex set $token to
"XXXXXXXXXXXXXXXXXXXXX"
2014/04/29 09:56:08 [debug] 3630#0: *240 test location: ~
"^/s/private/(?<token>.*)/(?<expires>\d+)/(?<id>\d{10})\.m3u8$"
2014/04/29 09:56:08 [debug] 3630#0: *240 http regex set $id to "0000000977"
2014/04/29 09:56:08 [debug] 3630#0: *240 http regex set $expires to
"1398801600"
2014/04/29 09:56:08 [debug] 3630#0: *240 http regex set $token to
"XXXXXXXXXXXXXXXXXXXXX"
2014/04/29 09:56:08 [debug] 3630#0: *240 using configuration
"*^/s/private/(?<token>.*)/(?<expires>\d+)/(?<id>\d{10})\.m3u8$"
2014/04/29 09:56:08 [debug] 3630#0: *240 http cl:-1 max:1048576
2014/04/29 09:56:08 [debug] 3630#0: *240 rewrite phase: 3
2014/04/29 09:56:08 [debug] 3630#0: *240 post rewrite phase: 4
2014/04/29 09:56:08 [debug] 3630#0: *240 generic phase: 5
2014/04/29 09:56:08 [debug] 3630#0: *240 generic phase: 6
2014/04/29 09:56:08 [debug] 3630#0: *240 generic phase: 7
2014/04/29 09:56:08 [debug] 3630#0: *240 access phase: 8
2014/04/29 09:56:08 [debug] 3630#0: *240 access phase: 9
2014/04/29 09:56:08 [debug] 3630#0: *240 access phase: 10
2014/04/29 09:56:08 [debug] 3630#0: *240 post access phase: 11
2014/04/29 09:56:08 [debug] 3630#0: *240 content phase: 12
2014/04/29 09:56:08 [debug] 3630#0: *240 content phase: 13
2014/04/29 09:56:08 [debug] 3630#0: *240 content phase: 14
2014/04/29 09:56:08 [debug] 3630#0: *240 content phase: 15
2014/04/29 09:56:08 [debug] 3630#0: *240 content phase: 16
2014/04/29 09:56:08 [debug] 3630#0: *240 content phase: 17
2014/04/29 09:56:08 [debug] 3630#0: *240 http filename: "/var/www/vhosts/
s2.domain.example.com
/s/private/XXXXXXXXXXXXXXXXXXXXX/1398801600/0000000977.m3u8<http://stream.surveillance.karelia.pro/s/private/XXXXXXXXXXXXXXXXXXXXX/1398801600/0000000977.m3u8>
"

Пытается отдать файл вместо проксирования.



2014-04-28 22:31 GMT+04:00 Maxim Dounin <mdounin at mdounin.ru>:

> Hello!
>
> On Mon, Apr 28, 2014 at 01:22:08PM +0400, Vadim Lazovskiy wrote:
>
> > Вопрос. Откуда берется домен в имени файла и как это побороть?
>
> Выглядит как баг regex location + alias + limit_except/if.
> Собственно, для случая if он уже давно задокументирован на
> http://wiki.nginx.org/IfIsEvil.
>
> Патч, видимо, какой-то такой:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1398709755 -14400
> #      Mon Apr 28 22:29:15 2014 +0400
> # Node ID cf4f92f40290c9d3b8a8fb8cf836d3ebd16224f5
> # Parent  539635cb8e98063b116555bdfd0c5ccfbfa8f184
> Fixed alias in regex locations with limit_except/if.
>
> The ngx_http_map_uri_to_path() function uses clcf->regex to detect if
> it's working within a location given by a regular expression.  Its
> behaviour was incorrect due to clcf->regex being false in implicit
> locations
> created by if and limit_except.  Fix is to preserve clcf->regex within
> implicit locations.
>
> diff --git a/src/http/modules/ngx_http_rewrite_module.c
> b/src/http/modules/ngx_http_rewrite_module.c
> --- a/src/http/modules/ngx_http_rewrite_module.c
> +++ b/src/http/modules/ngx_http_rewrite_module.c
> @@ -583,6 +583,7 @@ ngx_http_rewrite_if(ngx_conf_t *cf, ngx_
>      clcf = ctx->loc_conf[ngx_http_core_module.ctx_index];
>      clcf->loc_conf = ctx->loc_conf;
>      clcf->name = pclcf->name;
> +    clcf->regex = pclcf->regex;
>      clcf->noname = 1;
>
>      if (ngx_http_add_location(cf, &pclcf->locations, clcf) != NGX_OK) {
> diff --git a/src/http/ngx_http_core_module.c
> b/src/http/ngx_http_core_module.c
> --- a/src/http/ngx_http_core_module.c
> +++ b/src/http/ngx_http_core_module.c
> @@ -4597,6 +4597,7 @@ ngx_http_core_limit_except(ngx_conf_t *c
>      pclcf->limit_except_loc_conf = ctx->loc_conf;
>      clcf->loc_conf = ctx->loc_conf;
>      clcf->name = pclcf->name;
> +    clcf->regex = pclcf->regex;
>      clcf->noname = 1;
>      clcf->lmt_excpt = 1;
>
>
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx-ru mailing list
> nginx-ru at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru




-- 
Best Regards,
Vadim Lazovskiy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-ru/attachments/20140429/5c53b729/attachment-0001.html>

Подробная информация о списке рассылки nginx-ru