Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51554

Broken file serving under Apache and PHP-FPM via mod_proxy_fcgi, when the filename is not only plain ASCII or w/ blank spaces

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.8.8, 2.9.2, 3.0
    • 2.8.9, 2.9.3
    • Libraries
    • MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • m30_MDL-51554_Apache_PHP-FPM_Broken_File_Serving
    • Moderate
    • Hide

      (difficulty: moderate, requires system administration expertise to deploy PHP under Apache via PHP-FPM with mod_proxy _fcgi using CentOS 7 and/or Ubuntu 14.04)

      Prerequisites
      NB: This worked on Trisquel 7.0, I assume it should also work on Debian/Ubuntu

      • Install the php5-fpm package: apt-get install php5-fpm
      • Enable apache modules: a2enmod proxy_fcgi
      • Edit /etc/php5/fpm/pool.d/www.conf:
        • change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000
        • uncomment listen.allowed_clients and make sure it is: listen.allowed_clients = 127.0.0.1
      • Restart php5-fpm: service php5-fpm restart
      • Set up a virtual host with a config like this:

      <VirtualHost *:80>
              ServerName stable_master_fcgi.local
              ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/full/path/to/docroot/$1
              DirectoryIndex /index.php index.php
              DocumentRoot /full/path/to/docroot
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
      </VirtualHost>
      

      • Enable your vhost and add make an info.php file containing <? php phpinfo();
      • Access your new vhost in a browser and verify that Server API is FPM/FastCGI
      • Access the same URL, info.php, appending slash arguments composed by plain ASCII and UTF-8 encoded characters including "+" and " " chars to verify that SCRIPT_NAME contains the expected PATH_INFO value at the end and PATH_INFO is URL-encoded

      Testing

      1. Publish a resource, e.g. a PNG, whose name is not only plain ASCII text, including blank spaces, in a restricted access course (no guest, no front page) e.g.: filename_UTF 8_en+coded_それが動作するはず.png. The file should be shown to the user (no HTTP 404).
      2. [Regression test] Execute the testing instructions of MDL-47210 w/o considering the Windows/IIS setting: here, we want to preserve the successful redirect even with UTF-8 based filenames under a bugged mod_proxy_fcgi env.
      Show
      (difficulty: moderate, requires system administration expertise to deploy PHP under Apache via PHP-FPM with mod_proxy _fcgi using CentOS 7 and/or Ubuntu 14.04) Prerequisites NB: This worked on Trisquel 7.0, I assume it should also work on Debian/Ubuntu Install the php5-fpm package: apt-get install php5-fpm Enable apache modules: a2enmod proxy_fcgi Edit /etc/php5/fpm/pool.d/www.conf: change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000 uncomment listen.allowed_clients and make sure it is: listen.allowed_clients = 127.0.0.1 Restart php5-fpm: service php5-fpm restart Set up a virtual host with a config like this: <VirtualHost *:80> ServerName stable_master_fcgi.local ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/full/path/to/docroot/$1 DirectoryIndex /index.php index.php DocumentRoot /full/path/to/docroot ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Enable your vhost and add make an info.php file containing <? php phpinfo(); Access your new vhost in a browser and verify that Server API is FPM/FastCGI Access the same URL, info.php , appending slash arguments composed by plain ASCII and UTF-8 encoded characters including "+" and " " chars to verify that SCRIPT_NAME contains the expected PATH_INFO value at the end and PATH_INFO is URL-encoded Testing Publish a resource, e.g. a PNG, whose name is not only plain ASCII text, including blank spaces, in a restricted access course (no guest, no front page) e.g.: filename_UTF 8_en+coded_それが動作するはず.png. The file should be shown to the user (no HTTP 404). [ Regression test ] Execute the testing instructions of MDL-47210 w/o considering the Windows/IIS setting: here, we want to preserve the successful redirect even with UTF-8 based filenames under a bugged mod_proxy_fcgi env.

    Description

      Long story: https://moodle.org/mod/forum/discuss.php?d=319482.
      Shortly, when Apache is configured with PHP-FPM at least in a plain CentOS 7 (Apache/2.4.6 PHP/5.4.16) _SERVER["SCRIPT_NAME"] and _SERVER["PATH_INFO"] are different from those ones coming under PHP as module:

      1. _SERVER["SCRIPT_NAME"] contains _SERVER["PATH_INFO"]. This is kind a bug in PHP, https://bugs.php.net/bug.php?id=65641 which is fixed in 5.6.3 and 5.5.18.
      2. _SERVER["PATH_INFO"] is URL-encoded

      Attachments

        Issue Links

          Activity

            People

              matteo Matteo Scaramuccia
              matteo Matteo Scaramuccia
              cameron1729 cameron1729
              Dan Poltawski Dan Poltawski
              Damyon Wiese Damyon Wiese
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/15