Nginx regular expression in location not working - nginx-config

The following RE matches "http://my.domain/video.mp4" successfully but cannot match "http://my.domain/abc/video.mp4".
location ~ "^.+(mp4|mkv|m4a)$" {
root /home/user/Videos;
}
The log of Nginx reads
[05/May/2021:12:29:25 +0800] "GET /video.mp4 HTTP/1.1" status: 206, body_bytes: 1729881
[05/May/2021:12:29:46 +0800] "GET /abc/video.mp4 HTTP/1.1" status: 404, body_bytes: 555
This is wired. Actually, I want URLs under "/service1/" to be mapped to user1's directory and URLs under "/service2" to be mapped to user2's. So I write
location ~ "^/service1/.+(mp4|mkv|m4a)$" {
root /home/user1/Videos;
}
location ~ "^/service2/.+(mp4|mkv|m4a)$" {
root /home/user2/Videos;
}
And as the first example, this config cannot match anything.
I searched a lot on google. No answer can explain this. I want to get it to work. Thanks!

I know where the problem is. In my second config, if I require "/service1/abcd.mp4", Nginx will try to locate it at "/home/user1/Videos/service1/abcd.mp4" but actually the file is at "/home/user1/Videos/abcd.mp4". Theoretically, I can bypass it by rewrite
location ~ "^/service1/.+(mp4|mkv|m4a)$" {
rewrite "^/service1/(.+(mp4|mkv|m4a))$" "$1";
root /home/user1/Videos;
}
location ~ "^/service2/.+(mp4|mkv|m4a)$" {
rewrite "^/service2/(.+(mp4|mkv|m4a))$" "$1";
root /home/user2/Videos;
}
But this is not working. I am getting crazy.

Related

How to do subdomain to subpath redirect / url rewrite in Next.js?

I have this rewrite in next.config.js:
async rewrites() {
return [
{
source: 'https://:postOrProgramId*.tikex-dev.com/',
destination: 'https://tikex-dev.com/:postOrProgramId*',
},
]
},
But it does not work.
I would do rewrite like this amazing-campaign-in-nyc.tikex-dev.com -> tikex-dev.com/amazing-campaign-in-nyc
Unfortunatelly when I run locally, I got this error, though I know it does not support localhost now.
`source` does not start with / for route {"source":"https://:postOrProgramId*.tikex-dev.com/","destination":"https://tikex-dev.com/:postOrProgramId*"}
Yes, source does not starts with / as I would expect first the protocol and then subdomain name comes. Is protocol + subdomain name not part of the source?
I am not sure, I need : before the variable and * after it? How can I express subdomain to subpath redirect?
I have an other reverseproxy rewrite. Do I have to worry about the two will interfere?
{
source: '/api/:path*',
destination: `${
true
? `https://api.tikex-${
process.env.NEXT_PUBLIC_ENVIRONMENT ?? 'dev'
}.com/`
: 'http://localhost:8080/'
}:path*`,
},

How can I get a "clean" list all currently banned IPs on fail2ban? One line per IP

How can I cleanly list all currently banned IPs on fail2ban? with one IP per line?
Below is the list I get when I execute :
fail2ban-client status sshd
on my Ubunutu 18.04 server. I know the bare minimum when it comes to linux and servers. I don't even know how to get the version of fail2ban I am using, and yes, I googled it a lot.
Is there a way to get one IP per line?
fail2ban-client status sshd Status for the jail: sshd |- Filter | |-
Currently failed: 3 | |- Total failed: 1266 | - File list: /var/log/auth.log <br>- Actions |- Currently banned: 118 |-
Total banned: 345 `- Banned IP list: 61.177.173.10 49.234.214.215
152.231.140.150 180.76.247.65 43.129.26.69 196.206.231.249 43.153.27.174 43.157.1.29 180.167.207.234 43.252.62.60 43.154.88.243 200.7.168.217 64.227.187.235 186.226.37.45 183.98.146.157 182.93.7.194 143.244.163.108 122.194.229.62 112.85.42.74 61.177.173.36 177.91.52.133 103.124.94.169 122.194.229.54 61.177.172.59 61.177.173.16 61.177.173.40 141.98.11.23 61.177.172.108 61.177.173.37 112.85.42.53 122.194.229.40 189.202.214.250 112.85.42.87 49.248.153.6 143.110.243.129 43.129.24.85 112.85.42.151 134.19.146.45 61.177.172.76 112.85.42.229 61.177.172.89 61.177.172.91 61.177.172.61 195.29.51.135 45.67.34.253 20.205.39.78 194.165.16.5 61.177.172.124 160.16.209.119 61.177.173.35 177.19.138.138 103.63.108.25 61.177.172.60 43.154.205.162 138.219.192.207 222.82.211.78 61.177.172.160 112.85.42.15 165.232.189.7 61.177.173.39 147.182.179.237 207.154.211.157 120.92.11.9 209.97.162.0 45.234.188.11 167.71.220.220 104.248.140.201 90.189.182.30 68.183.236.92 103.86.49.28 61.177.172.98 43.154.137.134 207.154.228.201 61.177.173.42 43.154.2.84 45.135.232.155 139.59.64.41 43.154.58.123 218.92.0.221 88.215.177.224 193.169.255.38 51.140.185.84 46.101.137.28 122.194.229.92 139.59.187.229 5.180.31.119 112.85.42.73 185.59.139.99 122.194.229.65 1.15.251.60 46.19.139.42 165.22.198.10 61.177.173.44 193.168.195.23 61.177.172.174 89.232.192.40 61.177.173.41 82.196.4.168 61.177.172.87 64.227.108.47 159.89.55.150 117.122.212.78 159.223.148.195 206.217.131.233 138.197.222.211 121.225.234.182 164.92.106.112 185.220.102.251 36.110.228.254 45.153.160.132 171.25.193.20 113.31.117.79 51.143.96.123 159.89.29.240 172.247.15.76 159.223.229.50 14.161.50.104 68.183.125.190
p.s. I don't really mind listing the IPs here. My server is not a public server, so anyone being banned is 99% a bot, or something else up to no good.
Use a regex:
fail2ban-client status sshd | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'

Uploading file to GDrive by terminal/command line

I'm developing a program for a platform that does not have support libraries to upload or download files from Google Drive.
So I need to send the Socket commands in hand.
But I find it difficult to achieve.
My program will send files type .txt, jpg, .html and others.
I will have to send and download these files from the command line. I've tried but I was not successful ...
First to get a valid token I'm using this link that the user will open in a browser and copy the token inside my program to modify their files:
https://accounts.google.com/o/oauth2/v2/auth?scope=profile&response_type=code&state=security_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=165834794520-tit58jbii1u8itv8q8urjlda1tobsvf1.apps.googleusercontent.com
Apparently this part works correctly.
But when I use the token to send a file, it does not work.
I made this command as a test and it does not work!
I've changed the token several times thinking it might be it, but it's not.
Weird.
My files, I will send from the command line so I am not sure which method I should use, SIMPLE or MULTIPART ...
My files are small, but maybe some 5MB pass.
Look what I get in the terminal(raw socket):
S: POST /upload/drive/v3/files?uploadType=multipart HTTP/1.1
S: Host: www.googleapis.com
S: Authorization: Bearer 4/AABZB61gFY8NqyXxxxxxxxxxxr7CThy1BuDOOGL7aLiRab80
S: Content-Type: multipart/related; boundary=foo_bar_baz
S: Content-Length: 167
S:
S: --foo_bar_baz
S: Content-Type: application/json; charset=UTF-8
S:
S: {
S: "name": "myObject"
S: }
S:
S: --foo_bar_baz
S: Content-Type: image/jpeg
S:
S: [JPEG_TEST]
S: --foo_bar_baz--
Return:
HTTP/1.1 401 Unauthorized
X-GUploader-UploadID: AEnB2UoolTbsyS_gK21G07sUJrIggzH_ivy1a_KvzvnvhiyqIOYqej8JhNQ1tmZ0KiIlrYjOTejlxXYIoSiTNs3mLiLBWzCb-A
Vary: Origin
Vary: X-Origin
WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
Content-Type: application/json; charset=UTF-8
Content-Length: 249
Date: Wed, 11 Jul 2018 12:51:18 GMT
Server: UploadServer
Alt-Svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
The error seems to be wrong Token, but I always get new tokens and it always gives the same error!
Can someone help me???
You can use this
MAX_THREAD_NO=32
runningPids=()
canStartNewBatch=1
sequenceNo=0
# Create remote folder corresponding with the name of the local folder.
# $1: parentId: remote (gdrive) parent folder id
# $2: folderName: local folder name need to create in remote parent folder
# Usage:
# folderId=$( makeRemoteDir <parentId> <folderName> )
function makeRemoteDir () {
resultPrefix="Directory "
resultSuffix=" created"
folderId=`gdrive mkdir -p $1 $2`
folderId=${folderId%"$resultSuffix"}
folderId=${folderId#"$resultPrefix"}
echo "$folderId"
}
# Upload the files contained in the local folder to remote folder.
# $1: remoteFolderId: remote (gdrive) folder id
# $2: localFolderFullPath: the full path of local folder name need to upload
function uploadFolder () {
# Do with each item (folder or file) in the folder $2
for item in $2/*; do
while [[ ${#runningPids[#]} -ne 0 ]] && [[ canStartNewBatch -ne 1 ]]; do
removablePids=()
# Scan every PID in the running PIDs list to see if it finished or not
for pid in "${runningPids[#]}"; do
if ! ps -p $pid > /dev/null; then
removablePids+=($pid)
fi
done
if [[ ${#removablePids[#]} -ne 0 ]]; then
# Remove finished PID from the runningPids, and allow new PID put in
for removablePid in "${removablePids[#]}"; do
runningPids=( ${runningPids[#]/$removablePid} )
done
canStartNewBatch=1
else
# If no more PID finished yet, then scan again after few delay time
sleep 0.05
fi
done
canStartNewBatch=1
# If the item is a file, upload it to remote
if [[ -f "$item" ]]; then
#((sequenceNo++))
#echo "$sequenceNo $item"
gdrive upload -p $1 "$item" &
pid=$!
runningPids+=($pid)
if [ ${#runningPids[#]} -eq $MAX_THREAD_NO ]; then
#echo ${#runningPids[#]}
canStartNewBatch=0
fi
fi
# If the item is a folder, recursive call uploadFolder
if [[ -d "$item" ]]; then
# Create sub-folder (with the name equals local folder name) in the remote folder with id equals to parentId, store the
newFolderId=$( makeRemoteDir $1 $(basename ${item}) )
# Recursive call upload
uploadFolder $newFolderId "$item"
fi
done
}

Handling attributes in InSpec

I was trying to create some basic inspec tests to validate a set of HTTP URLs. The way I started is like this -
control 'http-url-checks' do
impact 1.0
title 'http-url-checks'
desc '
Specify the URLs which need to be up and working.
'
tag 'http-url-checks'
describe http('http://example.com') do
its('status') { should eq 200 }
its('body') { should match /abc/ }
its('headers.name') { should eq 'header' }
end
describe http('http://example.net') do
its('status') { should eq 200 }
its('body') { should match /abc/ }
its('headers.name') { should eq 'header' }
end
end
We notice that the URLs are hard-coded in the controls and isn't a lot of fun. I'd like to move them to some 'attributes' file of some sort and loop through them in the control file.
My attempt was to use the 'files' folder structure inside the profile.I created a file - httpurls.yml and had the following content in it -
- url: http://example.com
- url: http://example.net
..and in my control file, I had the construct -
my_urls = yaml(content: inspec.profile.file('httpurls.yml')).params
my_urls.each do |s|
describe http(s['url']) do
its('status') { should eq 200 }
end
end
However, when I execute the compliance profile, I get an error - 'httpurls.yml not found' (not sure about the exact error message though though). The following is the folder structure I had for my compliance profile.
What I am doing wrong?
Is there a better way to achieve what I am trying to do?
The secret is to use profile attributes, as defined near the bottom of this page:
https://www.inspec.io/docs/reference/profiles/
First, create a profile attributes YML file. I name mine profile-attribute.yml.
Second, put your array of values in the YML file, like so:
urls:
- http://example.com
- http://example.net
Third, create an attribute at the top of your InSpec tests:
my_urls = attribute('urls', description: 'The URLs that I am validating.')
Fourth, use your attribute in your InSpec test:
my_urls.each do |s|
describe http(s['url']) do
its('status') { should eq 200 }
end
end
Finally, when you call your InSpec test, point to your YML file using --attrs:
inspec exec mytest.rb --reporter=cli --attrs profile-attribute.yml
There is another way to do this using files (instead of the profile attributes and the --attrs flag). You can use JSON or YAML.
First, create the JSON and/or YAML file and put them in the files directory. A simple example of the JSON file might look like this:
{
"urls": ["https://www.google.com", "https://www.apple.com"]
}
And a simple example of the YAML file might look like this:
urls:
- https://www.google.com
- https://www.apple.com
Second, include code at the top of your InSpec file to read and parse the JSON and/or YAML, like so:
jsoncontent = inspec.profile.file("tmp.json")
jsonparams = JSON.parse(jsoncontent)
jsonurls = jsonparams['urls']
yamlcontent = inspec.profile.file("tmp.yaml")
yamlparams = YAML.load(yamlcontent)
yamlurls = yamlparams['urls']
Third, use the variables in your InSpec tests, like so:
jsonurls.each do |jsonurl|
describe http(jsonurl) do
puts "json url is " + jsonurl
its('status') { should eq 200 }
end
end
yamlurls.each do |yamlurl|
describe http(yamlurl) do
puts "yaml url is " + yamlurl
its('status') { should eq 200 }
end
end
(NOTE: the puts line is for debugging.)
The result is what you would expect:
json url is https://www.google.com
json url is https://www.apple.com
yaml url is https://www.google.com
yaml url is https://www.apple.com
Profile: InSpec Profile (inspec-file-test)
Version: 0.1.0
Target: local://
http GET on https://www.google.com
✔ status should eq 200
http GET on https://www.apple.com
✔ status should eq 200
http GET on https://www.google.com
✔ status should eq 200
http GET on https://www.apple.com
✔ status should eq 200

Passenger partially failing to serve site

A rails3 application with Passenger4.0.53/nginx (installed via passenger) and postgresql 9.3.5 database is running... partially!
Calling the home URL is rendering the page as per the rails application controller=> home, action => index.
but hitting the login link, the proper URL is being generated, but the result is a 404 error. Restarting passenger, then ngingx has failed to change behaviour...
/etc/nginx/sites-enabled/default is set as follows:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name ranz2.iwant2go2.com;
passenger_enabled on;
rails_env development;
root /home/deploy/ranz/current/public;
# location / {
# try_files $uri $uri/ =404;
# passenger_enabled on;
# }
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
nginx error log
[ 2014-10-14 07:42:57.7851 24433/7f42e3109780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.53', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.53', 'web_server_pid' => '24432', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-10-14 07:42:57.8090 24436/7f55db281780 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.24432/generation-0/request
[ 2014-10-14 07:42:57.8705 24441/7fbfd457b7c0 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.24432/generation-0/logging
[ 2014-10-14 07:42:57.8715 24433/7f42e3109780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[ 2014-10-14 07:42:57.8865 24441/7fbfd457b7c0 agents/LoggingAgent/Main.cpp:289 ]: Caught signal, exiting...
Update seeing other similar questions, I disabled the 'passenger_enabled on;' instruction within the first location block. Restarted nginx and the application. No change in behaviour. Subsequently I disable the first location block... Restarted nginx and the application. No change in behaviour.
What am I missing?
The issue was in nginx.conf. My understanding was that passenger_ruby should point to the result of which ruby, which is what I toggled to:
passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
# passenger_ruby /usr/bin/ruby;
passenger_ruby /home/deploy/.rvm/rubies/ruby-1.9.3-p547/bin/ruby;
However, RTFM, that returns a passenger error. Whose contents point one in the proper direction (good on 'ya Phusion!). The manual, section "8.3.1. passenger_ruby " is explicit.
which passenger-config
paste that result in the subsequent commands
rvm use <desired_version>
<result_of_which passenger_config> --ruby-command
then from the output string you have the string to define passenger_ruby in nginx.conf, which should ressemble something like
/home/deploy/.rvm/gems/ruby-1.9.3-p547/wrappers/ruby