You are here: Home / Blog / An nginx location directive for Plomino

An nginx location directive for Plomino

Posted by Fulvio Casali at Mar 06, 2015 12:23 PM |
Filed under:

I have been using the Ansible playbook for Plone lately, but I ran into a problem because of its nginx role.  Currently, the nginx role is written to disallow access to any URL path that contains /manage_, which is a good idea to prevent direct access to the ZMI.  It forces you to use an SSH tunnel when you are making any TTW changes in the ZMI.  However, Plomino defines several methods that start with manage_, and they end up getting blocked by nginx with 403 errors.  I wanted to preserve the added safety, while not breaking my Plomino apps, so I defined a nested location directive to do that.

Here is the location directive created by the Ansible playbook nginx role:

 

location ~ /manage_ {
  deny all;
}

 

And here is my modified directive:

 

location ~ /manage_ {
  deny all;
  location ~ /manage_(deleteDocuments|specificrights|refreshDB|generateView|replications|importation|exportAsXML|importFromXML) {
    allow all;
    rewrite ^/(.*)$ /VirtualHostBase/http/$server_name:80/Plone/VirtualHostRoot/$1 break;
    proxy_pass http://localhost:_your varnish server port here_;
  }
}
Filed under: