将PHP数据传递给Nginx

I am trying to add some additional logging information when accessing phpMyAdmin through Nginx but I am having some issues trying to figure out a way to pass the information to Nginx without making it publicly viewable. The main thing is that I am trying to include the username/status that is "logged" inside of the libraries/logging.lib.php file during the PMA_logUser function. If you are not sure what this function is then I will include it here.

function PMA_logUser($user, $status = 'ok')
{
    if (function_exists('apache_note')) {
        apache_note('userID', $user);
        apache_note('userStatus', $status);
    }
}

This allows you to take the userID and userStatus and pass information between modules. Mostly people use this to add addition information for logging so that can check to see if someone is bruteforcing the password or something similar. I have tried to do some searching and can't find a good alternative for Nginx. I made some changes and did the following to add the information to the headers.

function PMA_logUser($user, $status = 'ok')
{
    if (function_exists('apache_note')) {
        apache_note('userID', $user);
        apache_note('userStatus', $status);
    } else {
        header("userID: $user");
        header("userStatus: $status");
    }
}

This does allow me to add $sent_http_userID and $sent_http_userStatus to a custom log_format to include it in my logs. But this will make it publicly visible. I tried compiling Nginx with the Headers More module and adding the following to the end of my server configuration

more_clear_headers 'userID';
more_clear_headers 'userStatus';

This will prevent it from being sent to the person trying to login, but with these changes it will prevent me from logging the information that I am looking for. Is there any suggestions?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doutangtan6386 2016-01-22 22:50
关注
There is no designed in way of achieving this. However if you simply want to log something like the current user then one option is to use the auth_request module.

Make sure to understand it as it would double the number of requests to PHP and may cause issues.

The auth_request module is designed to allow incoming requests to be authenticated against a remote system before continuing with normal handling. This module happens to allow values from the authentication request to be used within nginx and not be visible to the client.

Supposing you had a fast PHP script which returned the values you wanted Nginx to log such as the current signed in user. This script could be at /var/www/auth/state.php and returns the loggable value via header 'CurrentUser' along with a http 200 response.

The rest of the existing application could be in /var/www/html/. This example assumes you use php-fpm but it will work on other nginx proxy modules.

server { .. server name, listen, etc root /var/www/html; # get state for any php requests location ~ \.php$ { # Send all php requests here first # any response other than http 200 will block the request auth_request /getstate; auth_request_set $currentuser $upstream_http_currentuser; # after the auth_request returns http 200, the request will then go here # replace this with your own upstream configuration fastcgi_pass localhost:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # auth_requests go this route location /getstate { internal; fastcgi_pass localhost:9000; # state.php must return http 200 response and ideally should be very fast # state.php also needs to return values for logging as headers e.g. 'CurrentUser' fastcgi_param SCRIPT_NAME /state.php; fastcgi_param DOCUMENT_ROOT /var/www/auth fastcgi_param SCRIPT_FILENAME /var/www/auth/state.php; # don't send the request body unless it's needed by state.php fastcgi_pass_request_body off; } }

When it all works, it will be possible to log the data from state.php by converting the response headers to variables using auth_request_set. These variables can then be appended to access logs using the log_format directive:

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $currentuser';

The rest of the application continues to exist in it's current form as is not affected by the additional state.php lookup.

You will need to build nginx with the --with-http_auth_request_module option to use the auth_request module.

If you need a more specific example, please include what nginx config you have so far in the question.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

nginx配置文件支持php环境 linux nginx php
2023-03-09 08:33

回答 5 已采纳该回答引用ChatGPT可以使用fastcgi_pass指令将PHP请求传递给PHP处理器来配置nginx来提供PHP文件的服务。以下是一个用于从目录中提供PHP文件的示例配置块：配置如下： p
Nginx配置 - 在非常自定义的设置上将路由传递给index.php nginx php
2018-08-25 15:19

回答 1 已采纳 Sounds like what you are trying to do is try_files Serve the file if it exists, try the next if it
require（）不工作 - NGINX PHP配置问题 nginx php
2019-07-19 14:22

回答 1 已采纳 SOLVED: File was not correctly named (header.php instead of layout.php) As treyBake discovered th
nginx传递变量给php
2019-04-24 18:58

或非与的博客开发中测试环境和线上环境配置文件不一样，可以通过nginx传递变量给php来区分是开发环境还是线上环境，只需要在nginx的server段增加如下内容就可以让php读取到nginx传递过来的变量了。 location ~ .php(.*)$ { ...
NGINX下载PHP文件而不是显示 linux nginx php
2018-01-18 22:03

回答 1 已采纳 Please try this smaller example. location ~ \.php$ { fastcgi_pass unix:/run/php/php7.1-fp
nginx和index.php下载 nginx php
2017-08-19 16:08

回答 1 已采纳 Sometimes it can be as simple as clearing the browser cache. If there was some misconfiguration an
NGINX将路径作为变量发送给PHP，除非路径是文件路径 nginx php
2018-04-12 05:00

回答 4 已采纳 You need to use below location ~ /(.*)$ { try_files $uri $uri/ /index.php?page=$1; } This wil
nginx-php-fpm：用于dockerhub构建的Nginx和php-fpm
2021-02-02 08:23

该容器还可以使用传递给docker的变量来更新模板文件，以更新您的代码和设置。支持让我们加密SSL配置，自定义nginx配置，用于运行首选项的核心nginx / PHP变量替代，用于本地卷支持的X-Forwarded-For标头和UID映射...
nginx怎么实现访问index.php的时候301跳转 nginx php
2021-11-23 15:12

回答 1 已采纳在location中添加默认文件“ index index.php”类似修改成如下样式： location / { root /usr/share/nginx/html;
使用NGINX删除.php扩展名 nginx php
2016-07-01 07:11

回答 2 已采纳 I already tried this one, thanks btw, but it doesn't rewrite all the urls. For example : <nav
Nginx + PHP-FPM重定向到静态PHP文件 nginx php
2018-05-20 11:48

回答 1 已采纳 The simplest solution would be to hardwire SCRIPT_FILENAME with a value of /app/webroot/index.php
nginx-phpfpm-mysql-postgresql:Nginx PHP-FPM和MySQL安装和配置
2021-05-16 11:51

然后它将打印nginx Web服务器已准备就绪，如果要使用php-fpm安装/配置MySQL或PostgreSQL，请从菜单中选择。否则，只需按Enter键即可退出。如果选择1 ，则将安装并配置带有扩展名MySQL和PHP-FPM（MySQL根密码为： ...
Nginx 405不允许 - PHPMAILER nginx php
2016-08-10 01:54

回答 1 已采纳 I found my answer. The problem is in the web server provider. It seems like there are some web ser
nginx到php-fpm到php框架的数据传递过程
2022-04-02 11:56

__万波__的博客 CGI, FastCGI, PHP-FPM, 从浏览器到PHP框架执行的整个过程.
docker部署nginx+php环境（步骤＋注解）
2024-04-04 20:21

地衣君的博客 docker部署nginx和php
没有解决我的问题, 去提问

悬赏问题

¥15 R语言Rstudio突然无法启动
¥15 关于#matlab#的问题：提取2个图像的变量作为另外一个图像像元的移动量，计算新的位置创建新的图像并提取第二个图像的变量到新的图像
¥15 改算法，照着压缩包里边，参考其他代码封装的格式写到main函数里
¥15 用windows做服务的同志有吗
¥60 求一个简单的网页(标签-安全|关键词-上传)
¥35 lstm时间序列共享单车预测，loss值优化，参数优化算法
¥15 Python中的request，如何使用ssr节点，通过代理requests网页。本人在泰国，需要用大陆ip才能玩网页游戏，合法合规。
¥100 为什么这个恒流源电路不能恒流？
¥15 有偿求跨组件数据流路径图
¥15 写一个方法checkPerson，入参实体类Person，出参布尔值

将PHP数据传递给Nginx

1条回答 默认 最新

悬赏问题

1条回答默认最新