Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing setup doc: PHP rewrite, cron & data dir #92

Closed
rugk opened this issue May 21, 2016 · 2 comments
Closed

Missing setup doc: PHP rewrite, cron & data dir #92

rugk opened this issue May 21, 2016 · 2 comments

Comments

@rugk
Copy link
Contributor

rugk commented May 21, 2016
edited
Loading

You are really missing some setup steps.
E.g. you do a request /api/index.php/polls, which usually returns a 404 error as such a file (dir: /api/index.php, file: polls) does not exist.
This means some kind of server rewrite is needed. Can you say me which one for nginx?
In what format should this requests be passed to index.php. /api/index.php?polls e.g.?

Furthermore you say the cron.php should be called by cron, but there is no explanation 1) how to protect that file (server config or permissions set...) and 2) how to setup a croon job for this (most user won't even know they have to do this, because it is only said in the PHP file itself).
You also don't say what interval you would recommend for this cron task...

Finally there should also be an explanation how to protect the data directory. This is mostly quite easy.
@jelhan
Copy link
Owner

jelhan commented May 23, 2016

I did not tested with nginx. Apache does not require any special configuration. /polls should go to PATH_INFO. I think you could achieve this by fastcgi_split_path_info. Example in nginx documentation should work:

location ~ ^(.+\.php)(.*)$ {
    fastcgi_split_path_info       ^(.+\.php)(.*)$;
    fastcgi_param SCRIPT_FILENAME /path/to/php$fastcgi_script_name;
    fastcgi_param PATH_INFO       $fastcgi_path_info;

Could you please test? Should be documented in README afterwards.

README is a little bit outdated...

Furthermore you say the cron.php should be called by cron, but there is no explanation 1) how to protect that file (server config or permissions set...)

cron.php should protect itself by checking php_sapi_name in https://github.com/jelhan/croodle/blob/master/api/cron.php#L8-L10. Of course you could add another security layer in your webserver configuration. But if I didn't missed something it could be only used for DOS attacks.

  1. how to setup a croon job for this (most user won't even know they have to do this, because it is only said in the PHP file itself)

Added some instructions to README by b7d7953. Basically it's not such important how often or even if cron.php is executed since api checks if poll has expired on every request.

@rugk
Copy link
Contributor Author

rugk commented May 28, 2016

Okay, actually it also nearly works with the default nginx config. At least one Debian the config files already have this included...

@rugk rugk closed this as completed May 28, 2016
@jelhan jelhan mentioned this issue Jul 13, 2017
Closed
@jelhan jelhan mentioned this issue Jan 17, 2020
Closed
@jelhan jelhan mentioned this issue Dec 1, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jelhan @rugk