Interesting NGINX issue on pi

For PC type software that runs under some PC opsys.

Interesting NGINX issue on pi

Postby Doug Coulter » Tue Sep 29, 2015 9:48 pm

And probably any other linux.
As people following along know, I'm doing a "lan of things" and using raspberry pi's for most of the ethernet interfaces (which have arduinos as slaves to do real data aq, since they do that far better). I put this in a mysql database local to that pi (on a big-fast USB stick mounted over /var), and then use perl and fastcgi to do things with it.

I'm using /var/www as my document root in nginx, as this particular one started out using apache, along with the pi cam streaming software, and why not use the same one to make the camera stuff easier (it's pretty hard to change the default directories in Silvan Melchoir's code, at least for me)? FWIW, and this is kind of interesting, streaming from the pi cam is MUCH faster than using say, VLC and a webcam from an i5 NUC in terms of latency...weird but true. And the best setup with nucs is to use VLC to emit a stream, and mplayer to watch it - FWIW - for lowest latency. But the pi is .2 second delay, and the nucs are like .75 delay... a big difference considering the nucs are faster, and faster ethernet speeds (gigabit vs 10 mbit)!

I have a perl CGI making plots, and if a browser elsewhere is looking at the plot page, having it auto-refresh once a minute, which is the default sample rate into the database anyway, so I get more or less real time updates. Sweet.
But - the CGI was making the plot .pngs in a subdir of this /var/www/plots - which is on the USB stick (I only use the pi's SD card for code and don't write there - this wants to be a high 9's system, and is). This is bad, as I'm writing it once a minute (at least if a browser is looking at it, and I sometimes forget and leave one on overnight), and that's hard on flash memory. So, I thought, hey, move the plots to someplace I have a tmpfs (ramdisk) like /var/tmp...I mounted a tmpfs over that one as things like locate use it, and the package manager - I'm paranoid, I suppose, about things that do heavy writing to SD or USB flash.

And it all broke. Yes, the perl had no trouble writing .png files to there - it didn't care as long as it had permissions, and the pi is notoriously lax about them even if you don't hand them out freely - and I did anyway. I feel fairly safe behind the firewall in my LAN.

But NGINX would refuse to serve them to the browser...they were "outside" (above) its root which was /var/www. As if it was chrooted in part (though it must not really be, since there are no end of articles on how to do that for NGINX for security purposes). I understand the need for that in some situations - I don't have that need here, I think. I don't expose anything to the internet at large.

My quick fix was to revert to the original CGI and simply make another tmpfs and mount it over /var/www/plots. This works (and it's faster even than a USB3 super speed stick anyway - even for relatively tiny 6kb plot files as .png's).

But does anyone know why I ran into that? The perl CGI wrote the plot files no sweat (and I made the permissions for /var/tmp really open) and I could display them from the pi and so on, just not a browser, where they show up as "broken" images (and yes, I changed the html from the CGI to point correctly at the new spot). The Pi, even a model 2, doesn't have ram to burn, and it kinda irks to have to have setup another tmpfs...but it works that way, just not if you try to go "above" the NGINX root for anything you want it to serve - even a static image file, or so it seems. I really checked for typos, this isn't that type of problem. I can't seem to find anything googling about this one. I mean, it's nice in a way that someone might have coded that, but hey, dox don't say diddly about it.
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
Posts: 2943
Joined: Wed Jul 14, 2010 8:05 pm
Location: Floyd county, VA, USA

Return to PC

Who is online

Users browsing this forum: No registered users and 1 guest