Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51554

Broken file serving under Apache and PHP-FPM via mod_proxy_fcgi, when the filename is not only plain ASCII or w/ blank spaces

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 2.8.9, 2.9.3
    • 2.8.8, 2.9.2, 3.0
    • Libraries
    • MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • m30_MDL-51554_Apache_PHP-FPM_Broken_File_Serving
    • Moderate
    • Hide

      (difficulty: moderate, requires system administration expertise to deploy PHP under Apache via PHP-FPM with mod_proxy _fcgi using CentOS 7 and/or Ubuntu 14.04)

      Prerequisites
      NB: This worked on Trisquel 7.0, I assume it should also work on Debian/Ubuntu

      • Install the php5-fpm package: apt-get install php5-fpm
      • Enable apache modules: a2enmod proxy_fcgi
      • Edit /etc/php5/fpm/pool.d/www.conf:
        • change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000
        • uncomment listen.allowed_clients and make sure it is: listen.allowed_clients = 127.0.0.1
      • Restart php5-fpm: service php5-fpm restart
      • Set up a virtual host with a config like this:

      <VirtualHost *:80>
              ServerName stable_master_fcgi.local
              ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/full/path/to/docroot/$1
              DirectoryIndex /index.php index.php
              DocumentRoot /full/path/to/docroot
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
      </VirtualHost>
      

      • Enable your vhost and add make an info.php file containing <? php phpinfo();
      • Access your new vhost in a browser and verify that Server API is FPM/FastCGI
      • Access the same URL, info.php, appending slash arguments composed by plain ASCII and UTF-8 encoded characters including "+" and " " chars to verify that SCRIPT_NAME contains the expected PATH_INFO value at the end and PATH_INFO is URL-encoded

      Testing

      1. Publish a resource, e.g. a PNG, whose name is not only plain ASCII text, including blank spaces, in a restricted access course (no guest, no front page) e.g.: filename_UTF 8_en+coded_それが動作するはず.png. The file should be shown to the user (no HTTP 404).
      2. [Regression test] Execute the testing instructions of MDL-47210 w/o considering the Windows/IIS setting: here, we want to preserve the successful redirect even with UTF-8 based filenames under a bugged mod_proxy_fcgi env.
      Show
      (difficulty: moderate, requires system administration expertise to deploy PHP under Apache via PHP-FPM with mod_proxy _fcgi using CentOS 7 and/or Ubuntu 14.04) Prerequisites NB: This worked on Trisquel 7.0, I assume it should also work on Debian/Ubuntu Install the php5-fpm package: apt-get install php5-fpm Enable apache modules: a2enmod proxy_fcgi Edit /etc/php5/fpm/pool.d/www.conf: change listen = /var/run/php5-fpm.sock to listen = 127.0.0.1:9000 uncomment listen.allowed_clients and make sure it is: listen.allowed_clients = 127.0.0.1 Restart php5-fpm: service php5-fpm restart Set up a virtual host with a config like this: <VirtualHost *:80> ServerName stable_master_fcgi.local ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/full/path/to/docroot/$1 DirectoryIndex /index.php index.php DocumentRoot /full/path/to/docroot ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Enable your vhost and add make an info.php file containing <? php phpinfo(); Access your new vhost in a browser and verify that Server API is FPM/FastCGI Access the same URL, info.php , appending slash arguments composed by plain ASCII and UTF-8 encoded characters including "+" and " " chars to verify that SCRIPT_NAME contains the expected PATH_INFO value at the end and PATH_INFO is URL-encoded Testing Publish a resource, e.g. a PNG, whose name is not only plain ASCII text, including blank spaces, in a restricted access course (no guest, no front page) e.g.: filename_UTF 8_en+coded_それが動作するはず.png. The file should be shown to the user (no HTTP 404). [ Regression test ] Execute the testing instructions of MDL-47210 w/o considering the Windows/IIS setting: here, we want to preserve the successful redirect even with UTF-8 based filenames under a bugged mod_proxy_fcgi env.

    Description

      Long story: https://moodle.org/mod/forum/discuss.php?d=319482.
      Shortly, when Apache is configured with PHP-FPM at least in a plain CentOS 7 (Apache/2.4.6 PHP/5.4.16) _SERVER["SCRIPT_NAME"] and _SERVER["PATH_INFO"] are different from those ones coming under PHP as module:

      1. _SERVER["SCRIPT_NAME"] contains _SERVER["PATH_INFO"]. This is kind a bug in PHP, https://bugs.php.net/bug.php?id=65641 which is fixed in 5.6.3 and 5.5.18.
      2. _SERVER["PATH_INFO"] is URL-encoded

      Attachments

        Issue Links

          Activity

            People

              matteo Matteo Scaramuccia
              matteo Matteo Scaramuccia
              cameron1729 cameron1729
              Dan Poltawski Dan Poltawski
              Damyon Wiese Damyon Wiese
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.