http://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-fedora-17
This tutorial shows how you can serve CGI scripts (Perl scripts) with nginx on Fedora 17. While nginx itself does not serve CGI, there are several ways to work around this. I will outline two solutions: the first is to proxy requests for CGI scripts to Thttpd, a small web server that has CGI support, while the second solution uses a CGI wrapper to serve CGI scripts.
I do not issue any guarantee that this will work for you!
First we install Thttpd. There is a Thttpd package for Fedora 17, but the nginx ThttpdCGI page says that Thttpd should be patched - therefore we download the src.rpm package for Fedora 17, patch it and build a new rpm package from it.
We need to install the tools that are required to build a new rpm package:
Now we build our Thttpd rpm package as follows:
Install the Thttpd package as follows:
This will make Thttpd listen on port 8000 on 127.0.0.1; its document root is /var/www.
Create the system startup links for Thttpd...
Now open your vhost configuration file...
Reload nginx:
Create the directory...
Fcgiwrap is a CGI wrapper that can be used for shared hosting environments because it allows each vhost to use its own cgi-bin directory.
As there's no fcgiwrap package for Fedora, we must build it ourselves. First we install some prerequisites:
Next we install the spawn-fcgi package which allows us to run fcgiwrap as a daemon:
Create the system startup links for spawn-fcgi...
Now open your vhost configuration file...
Reload nginx:
This tutorial shows how you can serve CGI scripts (Perl scripts) with nginx on Fedora 17. While nginx itself does not serve CGI, there are several ways to work around this. I will outline two solutions: the first is to proxy requests for CGI scripts to Thttpd, a small web server that has CGI support, while the second solution uses a CGI wrapper to serve CGI scripts.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I'm using the website www.example.com here with the document root /var/www/www.example.com/web/; the vhost configuration is located in /etc/nginx/conf.d/www.example.com.vhost.2 Using Thttpd
In this chapter I am going to describe how to configure nginx to proxy requests for CGI scripts (extensions .cgi or .pl) to Thttpd. I will configure Thttpd to run on port 8000.First we install Thttpd. There is a Thttpd package for Fedora 17, but the nginx ThttpdCGI page says that Thttpd should be patched - therefore we download the src.rpm package for Fedora 17, patch it and build a new rpm package from it.
We need to install the tools that are required to build a new rpm package:
yum groupinstall 'Development Tools'
Install yum-utils (the package contains the yumdownloader tool which allows us to download a src.rpm):
yum install yum-utils
Next we download the Thttpd src.rpm package for Fedora 17:
cd /usr/src
yumdownloader --source thttpd
yumdownloader --source thttpd
ls -l
[root@server1 src]# ls -l
total 164
drwxr-xr-x. 2 root root 4096 Feb 3 2012 debug
drwxr-xr-x. 3 root root 4096 Jun 4 18:21 kernels
-rw-r--r-- 1 root root 155690 Mar 28 03:21 thttpd-2.25b-27.fc17.src.rpm
[root@server1 src]#
total 164
drwxr-xr-x. 2 root root 4096 Feb 3 2012 debug
drwxr-xr-x. 3 root root 4096 Jun 4 18:21 kernels
-rw-r--r-- 1 root root 155690 Mar 28 03:21 thttpd-2.25b-27.fc17.src.rpm
[root@server1 src]#
rpm -ivh thttpd-2.25b-27.fc17.src.rpm
You can ignore the following warnings:
[root@server1 src]# rpm -ivh thttpd-2.25b-27.fc17.src.rpm
1:thttpd warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
########################################### [100%]
[root@server1 src]#
Now we download the patch to the /root/rpmbuild/SOURCES/ directory and modify the /root/rpmbuild/SPECS/thttpd.spec file accordingly:1:thttpd warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
########################################### [100%]
[root@server1 src]#
cd /root/rpmbuild/SOURCES/
wget -O thttpd-2.25b-ipreal.patch http://www.danielclemente.com/amarok/ip_real.txt
cd /root/rpmbuild/SPECS/
vi thttpd.spec
Add the lines Patch3: thttpd-2.25b-ipreal.patch and %patch3 -p1 -b .ipreal:wget -O thttpd-2.25b-ipreal.patch http://www.danielclemente.com/amarok/ip_real.txt
cd /root/rpmbuild/SPECS/
vi thttpd.spec
[...] Patch0: thttpd-2.25b-CVE-2005-3124.patch Patch1: thttpd-2.25b-fixes.patch Patch2: thttpd-2.25b-getline.patch Patch3: thttpd-2.25b-ipreal.patch [...] %prep %setup -q %patch0 -p1 -b .CVE-2005-3124 %patch1 -p1 -b .fixes %patch2 -p1 -b .getline %patch3 -p1 -b .ipreal [...] |
rpmbuild -ba thttpd.spec
Our Thttpd rpm package is created in /root/rpmbuild/RPMS/x86_64 (/root/rpmbuild/RPMS/i386 if you are on an i386 system), so we go there:
cd /root/rpmbuild/RPMS/x86_64
ls -l
ls -l
[root@server1 x86_64]# ls -l
total 224
-rw-r--r-- 1 root root 69881 Sep 3 23:17 thttpd-2.25b-27.fc17.x86_64.rpm
-rw-r--r-- 1 root root 151685 Sep 3 23:17 thttpd-debuginfo-2.25b-27.fc17.x86_64.rpm
[root@server1 x86_64]#
total 224
-rw-r--r-- 1 root root 69881 Sep 3 23:17 thttpd-2.25b-27.fc17.x86_64.rpm
-rw-r--r-- 1 root root 151685 Sep 3 23:17 thttpd-debuginfo-2.25b-27.fc17.x86_64.rpm
[root@server1 x86_64]#
rpm -ivh thttpd-2.25b-27.fc17.x86_64.rpm
Then we make a backup of the original /etc/thttpd.conf file and create a new one as follows:
mv /etc/thttpd.conf /etc/thttpd.conf_orig
vi /etc/thttpd.conf
vi /etc/thttpd.conf
# BEWARE : No empty lines are allowed! # This section overrides defaults # This section _documents_ defaults in effect # port=80 # nosymlink # default = !chroot # novhost # nocgipat # nothrottles # host=0.0.0.0 # charset=iso-8859-1 host=127.0.0.1 port=8000 user=thttpd logfile=/var/log/thttpd.log pidfile=/var/run/thttpd.pid dir=/var/www cgipat=**.cgi|**.pl |
Create the system startup links for Thttpd...
systemctl enable thttpd.service
... and start it:
systemctl start thttpd.service
Next create /etc/nginx/proxy.conf:
vi /etc/nginx/proxy.conf
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; |
vi /etc/nginx/conf.d/www.example.com.vhost
... and add a location /cgi-bin {} section to the server {} container:
server { [...] location /cgi-bin { include proxy.conf; proxy_pass http://127.0.0.1:8000; } [...] } |
systemctl reload nginx.service
Because Thttpd's document root is /var/www, location /cgi-bin translates to the directory /var/www/cgi-bin (this is true for all your vhosts, which means each vhost must place its CGI scripts in /var/www/cgi-bin;
this is a drawback for shared hosting environments; the solution is to
use a CGI wrapper as described in chapter 3 instead of Thttpd). Create the directory...
mkdir /var/www/cgi-bin
... and then place your CGI scripts in it and make them executable. For testing purposes I will create a small Hello World Perl script (instead of hello_world.cgi you can also use the extension .pl -> hello_world.pl):
vi /var/www/cgi-bin/hello_world.cgi
#!/usr/bin/perl -w # Tell perl to send a html header. # So your browser gets the output # rather then |
chmod 755 /var/www/cgi-bin/hello_world.cgi
Open a browser and test the script:
http://www.example.com/cgi-bin/hello_world.cgi
If all goes well, you should get the following output:3 Using Fcgiwrap
As there's no fcgiwrap package for Fedora, we must build it ourselves. First we install some prerequisites:
yum groupinstall 'Development Tools'
yum install fcgi-devel
Now we can build fcgiwrap as follows:
cd /usr/local/src/
git clone git://github.com/gnosek/fcgiwrap.git
cd fcgiwrap
autoreconf -i
./configure
make
make install
This installs fcgiwrap to /usr/local/sbin/fcgiwrap.git clone git://github.com/gnosek/fcgiwrap.git
cd fcgiwrap
autoreconf -i
./configure
make
make install
Next we install the spawn-fcgi package which allows us to run fcgiwrap as a daemon:
yum install spawn-fcgi
Open /etc/sysconfig/spawn-fcgi...
vi /etc/sysconfig/spawn-fcgi
... and modify the file as follows:
# You must set some working options before the "spawn-fcgi" service will work. # If SOCKET points to a file, then this file is cleaned up by the init script. # # See spawn-fcgi(1) for all possible options. # # Example : #SOCKET=/var/run/php-fcgi.sock #OPTIONS="-u apache -g apache -s $SOCKET -S -M 0600 -C 32 -F 1 -P /var/run/spawn-fcgi.pid -- /usr/bin/php-cgi" FCGI_SOCKET=/var/run/fcgiwrap.socket FCGI_PROGRAM=/usr/local/sbin/fcgiwrap FCGI_USER=nginx FCGI_GROUP=nginx FCGI_EXTRA_OPTIONS="-M 0700" OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P /var/run/spawn-fcgi.pid -- $FCGI_PROGRAM" |
systemctl enable spawn-fcgi.service
... and start it as follows:
systemctl start spawn-fcgi.service
You should now find the fcgiwrap socket in/var/run/fcgiwrap.socket, owned by the user and group nginx. Now open your vhost configuration file...
vi /etc/nginx/conf.d/www.example.com.vhost
... and add a location /cgi-bin {} section to the server {} container:
server { [...] location /cgi-bin/ { # Disable gzip (it makes scripts feel slower since they have to complete # before getting gzipped) gzip off; # Set the root to /usr/lib (inside this location this means that we are # giving access to the files under /usr/lib/cgi-bin) root /var/www/www.example.com; # Fastcgi socket fastcgi_pass unix:/var/run/fcgiwrap.socket; # Fastcgi parameters, include the standard ones include /etc/nginx/fastcgi_params; # Adjust non standard parameters (SCRIPT_FILENAME) fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } [...] } |
systemctl reload nginx.service
Next we create our cgi-bin directory - /var/www/www.example.com/cgi-bin because we defined root /var/www/www.example.com; in the location /cgi-bin {} container:
mkdir /var/www/www.example.com/cgi-bin
Now we place our CGI scripts in it and make them executable. For testing purposes I will create a small Hello World Perl script (instead of hello_world.cgi you can also use the extension .pl -> hello_world.pl):
vi /var/www/www.example.com/cgi-bin/hello_world.cgi
#!/usr/bin/perl -w # Tell perl to send a html header. # So your browser gets the output # rather then |
chmod 755 /var/www/www.example.com/cgi-bin/hello_world.cgi
Open a browser and test the script:
http://www.example.com/cgi-bin/hello_world.cgi
If all goes well, you should get the following output:4 Links
- Nginx: http://nginx.org/
- Nginx Wiki: http://wiki.nginx.org/
- Thttpd: http://acme.com/software/thttpd/
- nginx ThttpdCGI: http://wiki.nginx.org/ThttpdCGI
- nginx Fcgiwrap: http://wiki.nginx.org/Fcgiwrap
No comments:
Post a Comment