I am running Nginx which is configured to allow me to access several resources on another server which is available as a reverse proxy. For example
main server:http://example.com
slave: http://example.com/slave
adminer on slave: http://example.com/slave/admin/adminer.php
Everything is all right so far. I enter my DB user name and password in Adminer and the trouble begins. Examining the headers returned by Adminer post-login I have noticed that it sends back this header:
Location: /admin/adminer.php?username=user
This is the root of the trouble. On my browser this, naturally, gets interpreted as meaning relative to the current server rather than the reverse proxy. I tried hacking the adminer code after locating the one place where it has a Location header but that just stopped it dead in its tracks.
How can I prevent this from happening? I have considered running a Lua script on Nginx that examines the header and replaces it but it strikes me that even if I get that to work I will be getting my server to do a great deal of unnecessary work.
After exploring the issue a bit more I am starting to think that adminer may not being doing much wrong. It actually uses the $_SERVER['REQUEST_URI'] value to construct the location header and that happens to have little part from /admin/adminer.php. I have noted that the referer, $_SERVER['HTTP_REFERRER'] has the full original request path http://example.com/slave/admin/adminer.php. So the solution would be to send back the location /slave/admin/adminer.php?username=user.
Easy? Well, the issue is that in my setup /slave/ is going to be variable so I need to resolve it in code. I can probably do that reasonably easily with a spot of PHP but I wonder... surely there is an easier alternative provided by Nginx?
I should perhaps mention:
I hit the same problem and the most simple fix I could come up with is to patch the adminer PHP script. I simply hardcoded $_SERVER["REQUEST_URI"] at the start of adminer.php like this:
--- adminer.php 2015-10-22 12:31:18.549068888 +0300
+++ adminer.php 2015-10-22 12:31:40.097069554 +0300
@@ -1,4 +1,5 @@
<?php
+$_SERVER["REQUEST_URI"] = "/slave/admin/adminer.php";
/** Adminer - Compact database management
* @link http://www.adminer.org/
* @author Jakub Vrana, http://www.vrana.cz/
If you put the above in a file called fix you can simply run
patch < /path/to/fix in the directory containing adminer.php you should get the correctly working version. Running patch -R < /path/to/fix will restore the original behavior if needed.
To understand the structure of a patch file read this SO thread.