View Single Post
  #5   (View Single Post)  
Old 23rd June 2016
ed.n1n2 ed.n1n2 is offline
Port Guard
 
Join Date: Mar 2015
Posts: 30
Default

@TronDD

There is no way to load the password file from within the chroot.

Here's the part you're missing:

Code:
/etc/nginx/conf/auth_acs
I never added the '/etc/nginx/'. See the configuration lines above. It will always add that to whatever I create. So whatever paths I put in the configuration file, even to a file within the chroot, become mangled with that prefixed "crap".

If I put the password file in '/var/www/conf/', there is no way to fool the configuration line into loading it. Using '../../var/www' can't work to escape out of the '/etc/nginx' back to root and then back into the chroot directory '/var/www/'.

If nginx would stop prefixing the path this might have a chance at working.

If I put the file where you suggest, then the configuration line will be mangled into this non-working line:

Code:
/etc/nginx/var/www/etc/nginx/conf/auth_acs
The problem is that nginx put a non-working path in. How the heck could basic auth ever work without disabling chroot?
Reply With Quote