Mautic + Caddy - from NGINX conf syntax


(Eduardo Perroud) #1

Before to test, I have some attempts to translate NGINX conf to Caddyfile syntax into Caddyfile. Below, the NGINX and Caddy syntax, respectively:

  1. path /app :bookmark:
location ~ /app/ {
	deny all;
}

Attempt 01

rewrite {
	if {path} starts_with app
	status 403
}

Attempt 02

# Is it better than rewrite above?
status 403 {
	/app
}

  1. path /Assets inside /app :bookmark:
location ~ /app/bundles/.*/Assets/ {
	allow all;
	access_log off;
}
rewrite {
	if {path} start_with app
	if {path} has Assets
	status 200
}

  1. All PHP files inside themes path :bookmark:
location ~* ^/themes/(.*)\.php {
	deny all;
}
rewrite {
	ext .php
	if {path} match /themes
	# match or has?
	status 403
}

  1. Prevent access the following files extensions :bookmark:
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
	deny all;
	access_log off;
	log_not_found off;
}
rewrite {
	ext .markdown .md .twig .yaml .yml .ht .htaccess .ini
	status 403
}


  1. Prevent access for some js/json specific files :bookmark:
location ~* (Gruntfile|package|composer)\.(js|json)$ {
	deny all;
	access_log off;
	log_not_found off;
}
rewrite {
	ext .js .json
	if {file} match (Gruntfile|package|composer)
	status 403
}

I am not sure about to handle with ~ and/or ~* from NGINX. Some considerations? Tips? Any appointment will be appreciated. The intention is really understand the better way. For now, I have many tabs from Caddy Docs opened. I really want to learn :open_book:

=> Note:
About Mautic rewrite, Iโ€™m using the following only:

rewrite {
	to {path} {path}/ /index.php/{query}
}

Works like a charm. The /index.php/ removed.

Thank you very much.


(Matthew Fay) #2

status is not a subdirective of rewrite. I believe {path} also always starts with /, too, so the if condition there might never actually be met. Your Attempt 02 should function like the nginx config in this case.

Like before, status is not a subdirective of rewrite, but also keep this in mind for the real status directive (emphasis mine):

status writes a status code to the response. It does not write a response body.

โ€”https://caddyserver.com/docs/status

So youโ€™ll be sending empty Status 200 responses for these paths - likely not desirable behaviour.

match is for regex. You could simply match /themes/(.*)\.php, or you could use starts_with /themes/ with ext .php, for example.

  • match = a matches b, where b is a regular expression

โ€”https://caddyserver.com/docs/rewrite

As explained above, this wonโ€™t work. rewrite operates before status does, though, so you can rewrite to some specific path unused by your app and then status 403 that path, e.g.

rewrite {
  if {foo} cond bar
  to /status_403_forbidden
}
status 403 /status_403_forbidden

Again, match is a regex, so you could just use match (Gruntfile|package|composer)\.(js|json)$ if youโ€™re going to use regex. Alternately, you can use if_op or to check (probably a smidge faster):

rewrite {
  if_op or
  if {file} has Gruntfile
  if {file} has package
  if {file} has composer
  ext .js .json
  to /status_403_forbidden
}