Questions[error-handling](server)

I have a issue with my NGINX setting with redirecting to a custom error page on another location (incl. css, images, js) if a error page should be thrown.

At first I would like to block access to an folder (like .git). This can be easily done via (inside the server block)

location ~ /(.git) {
    deny all;
    return 404;
}

Then i created a custom error_page element (inside the server block) with a custom 404.html file on a different location than the root directory of the website.

error_page 404 /404.html;
location = /404.html {
    root /var/data/websites/error-page;
    internal;
}

After these changes, my custom 404 page will be shown - but without css, js and images.

If i inspect the website, the reason is simple: the path of the files are wrong - they are based on the location (in my example .git). https://it.dmetzler1988.io/.git/css/main.css net::ERR_ABORTED 404.

Here is the complete NGINX config file for this page (only removed the ssl certificate paths):

server {
    listen 443 ssl;
    listen [::]:443 ssl http2;

    ssl_certificate <path>;
    ssl_certificate_key <path>;

    server_name it.dmetzler1988.io;
    root /var/data/websites/dmetzler1988.io/it.dmetzler1988.io;
    index index.html index.php;

    error_page 404 /404.html;
    location = /404.html {
        root /var/data/websites/error-page;
        internal;
    }

    location ~ /(.git) {
        deny all;
        return 404;
    }
}

So my questions on this place:

1. How can i fix the issue with the wrong path (remove the .git from path)?
2. Is this the correct way for such an use case or is there a better solution?

A problem I keep running into in ansible is where one deployment step should run when any of a number of preparation step is changed, but the changed status is lost due to fatal errors.

When after one successfull preparation step, ansible cannot continue, I still want the machine to eventually reach the state the playbook was meant to achieve. But ansible forgets, e.g.:

- name: "(a) some task is changed"
  git:
    update: yes
    ...
  notify:
   # (b) ansible knows about having to call handler later!
   - apply

- name: "(c) connection lost here"
  command: ...
  notify:
   - apply

- name: apply
  # (d) handler never runs: on the next invocation git-fetch is a no-op
  command: /bin/never

Since the preparation step (a) is now a no-op, running again does not recover this information. For some tasks, just running ALL handlers is good enough. For others one can rewrite the handlers into tasks that know when: to run. But some tasks & checks are expensive and/or unreliable, so this is not always good enough.

Partial solutions:

1. Write out a file and check for its existence later instead of relying on the ansible handler. This feels like an antipattern. After all, ansible knows whats left to do - I just do not know how to get it to remember it across multiple attempts.
2. Stay in a loop until it works or manual fix is applied, however long that may be: This seems like a bad trade, because now I might not be able to use ansible against the same group of targets .. or I have to safeguard against undesirable side-effects of multiple concurrent runs
3. Just require a higher reliability of targets so its rare enough to justify always manually resolving these situations, using --start-at-task= and checking which handlers are still needed: Experience says, things do occasionally break, and right now I am adding more things that can.

Is there a pattern, feature or trick to properly handle such errors?

• Ansible Tips and Tricks: Dealing with Unreliable Connections and Services
• Ansible Docs: Error handling in playbooks
• Ansible issues #9323: Do not lose handler notifications on failure

There is so much static around this it's hard to find an answer that actually applies, so my apologies if there is an answer for this, I just haven't been able to find it.

My situation is that I want to display errors from our application on the page when they happen... in our DEVELOPMENT environment.... I don't need to be told to only send them to the logs, it's a giant waste of time during dev and not near as formatted to have to read them out of the logs. We of course turn this off in production.

My errors ARE being logged, this is not the problem, the issue is, they are not being DISPLAYED before Apache redirects them with a 503 response code, most likely because of PHP/FPM dying with a fatal error that we didn't catch properly.

Prior to moving to PHP-FPM, any kind of error was displayed no problem, we have the standard settings in place in /etc/php.ini...

error_reporting = E_ALL
error_display_errors = On
display_startup_errors = On
log_errors = On

And my exception/error handler was working great, I could access my stack trace details, extra meta, etc., however now that I've got PHP-FPM enabled, Apache seems to be capturing the returning http 503 status, and is redirecting to the generic apache error message. I've tried using...

errordocument 503 /error.php?...

... but this loses state so I don't get all the details I would normally have gotten in the shutdown handler I normally use. I've added the following to the FPM pool definition...

php_admin_flag[display_errors] = On
php_admin_flag[log_errors] = On

... but they had no effect. php_info() is showing both master and local values are working as expected, so it's not a misconfiguration, or errant include file somewhere.

What am I doing wrong, how can I stop apache from forwarding to it's own error handler and just display the output of PHP-FPM, and by extension my own error handler?

Apache:  2.4.37-21
PHP/FPM: 7.3.5-5

I am using Powershell's Invoke-WebRequest (this also applies to Invoke-RestMethod) to make a call to an ElasticSearch cluster. This specific command often returns an error result (409 conflict).

Powershell sees the error state, throws an error and does not pass anything useful through the pipeline, and it spews the body of the response onto the console:

However, a) even though it's got an error code, I don't really care that it's errored (only that it's returned), and b) I want to be able to access the body of that response so that I can actually inspect the data contained within.

Is there any way to have PowerShell suppress the error output (-ErrorAction does not work) and pass something useful along the pipeline?

As a note, I actually want to invoke this with Invoke-RestMethod but as it and Invoke-WebRequest are essentially the same command, I've generalised this question to Invoke-WebRequest

Do anyone knows if there is a Windows Batch-file equivalent to Unix Stop on Error "#!/bin/sh -e"?

(http://www.turnkeylinux.org/blog/shell-error-handling)