add cgiwrap support
This commit is contained in:
parent
848fd67d87
commit
959ab99486
88
bin/vhost-cgi-wrap.sh
Executable file
88
bin/vhost-cgi-wrap.sh
Executable file
|
@ -0,0 +1,88 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# vhost-stack
|
||||||
|
# https://git.stack-source.com/msb/vhost-stack
|
||||||
|
# MIT License Copyright (c) 2022 Matthew Saunders Brown
|
||||||
|
|
||||||
|
# load include file
|
||||||
|
source $(dirname $0)/vhost.sh
|
||||||
|
|
||||||
|
help()
|
||||||
|
{
|
||||||
|
thisfilename=$(basename -- "$0")
|
||||||
|
echo "Create CGI Wrapper for virtualhost."
|
||||||
|
echo ""
|
||||||
|
echo "usage: $thisfilename --d <domain> [-h]"
|
||||||
|
echo ""
|
||||||
|
echo " -h Print this help."
|
||||||
|
echo " -d <domain> Domain name of VirtualHost to create cgi-wrapper for."
|
||||||
|
exit
|
||||||
|
}
|
||||||
|
|
||||||
|
vhost:getoptions "$@"
|
||||||
|
|
||||||
|
# check for domain (virtualhost)
|
||||||
|
if [[ -z $domain ]]; then
|
||||||
|
echo "domain is required"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -d "/srv/www/$domain" ]]; then
|
||||||
|
# get and set $username
|
||||||
|
username=$(stat -c '%U' /srv/www/$domain)
|
||||||
|
else
|
||||||
|
echo "VirtualHost dir for $domain does not exist."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -f /usr/local/lib/cgi-wrap/$domain/cgiwrap ]]; then
|
||||||
|
echo "cgi-wrapper for $domain already exists"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! grep -q ":/usr/jails/$username/./home/$username:" /etc/passwd; then
|
||||||
|
echo "$username must be jailed before creating cgi-wrapper."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -d /usr/jails/$username ]]; then
|
||||||
|
if [[ ! -d /usr/jails/$username/usr/jails/$username/ ]]; then
|
||||||
|
mkdir -p /usr/jails/$username/usr/jails/$username/
|
||||||
|
cd /usr/jails/$username/usr/jails/$username/
|
||||||
|
ln -s /home ./home
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Jail dir for $username does not exist."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -d /usr/local/lib/cgi-wrap/$domain ]]; then
|
||||||
|
mkdir -p /usr/local/lib/cgi-wrap/$domain
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd /usr/local/src
|
||||||
|
|
||||||
|
if [[ -d cgiwrap-4.1 ]]; then
|
||||||
|
rm -r cgiwrap-4.1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -f cgiwrap-4.1.tar.gz ]]; then
|
||||||
|
wget --quiet https://github.com/cgiwrap/cgiwrap/releases/download/cgiwrap-4.1/cgiwrap-4.1.tar.gz
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -f cgiwrap-4.1.tar.gz ]]; then
|
||||||
|
tar zxf cgiwrap-4.1.tar.gz
|
||||||
|
else
|
||||||
|
echo "cgiwrap-4.1.tar.gz does not exist and failed to download"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd cgiwrap-4.1
|
||||||
|
./configure --with-chroot=/usr/jails/$username --with-rlimit-core=0 --with-rlimit-cpu=60 --without-redirect-stderr --without-logging-file --with-httpd-user=www-data --with-cgi-dir=$domain/cgi-bin --with-install-dir=/usr/local/lib/cgi-wrap/$domain --with-wall --with-local-contact-email=webmaster@$domain
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
|
||||||
|
echo "Make sure the desired scripting languages are installed in the $username jail. e.g.:"
|
||||||
|
echo "jk_init -k -j /usr/jails/$username perl"
|
||||||
|
echo "jk_init -k -j /usr/jails/$username python3"
|
||||||
|
echo "jk_init -k -j /usr/jails/$username ruby"
|
|
@ -24,7 +24,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -36,7 +39,6 @@
|
||||||
ServerName $subdomain.$vhost
|
ServerName $subdomain.$vhost
|
||||||
ServerAlias $subdomain.$vhost.example.com
|
ServerAlias $subdomain.$vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/$subdomain
|
DocumentRoot /srv/www/$vhost/$subdomain
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -50,7 +52,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
## <Location "/">
|
## <Location "/">
|
||||||
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
||||||
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
||||||
|
@ -65,7 +70,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -108,7 +116,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -132,7 +143,6 @@
|
||||||
ServerName $subdomain.$vhost
|
ServerName $subdomain.$vhost
|
||||||
ServerAlias $subdomain.$vhost.example.com
|
ServerAlias $subdomain.$vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/$subdomain
|
DocumentRoot /srv/www/$vhost/$subdomain
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -211,7 +221,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$alias/html
|
DocumentRoot /srv/www/$alias/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -224,7 +237,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$alias/html
|
DocumentRoot /srv/www/$alias/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
## <Location "/">
|
## <Location "/">
|
||||||
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
||||||
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
||||||
|
@ -239,7 +255,10 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$alias/html
|
DocumentRoot /srv/www/$alias/html
|
||||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||||
|
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
|
|
@ -82,10 +82,10 @@ echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
|
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||||||
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||||||
echo '<Directory "/srv/www/*/cgi-bin">' >> /etc/apache2/conf-available/security.conf
|
echo '<Directory "/usr/local/lib/cgi-wrap/">' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf
|
echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' Options none' >> /etc/apache2/conf-available/security.conf
|
echo ' Options None' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||||||
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||||||
|
|
||||||
# configure php
|
# configure php
|
||||||
|
|
Loading…
Reference in New Issue
Block a user