add cgiwrap support
This commit is contained in:
parent
848fd67d87
commit
959ab99486
88
bin/vhost-cgi-wrap.sh
Executable file
88
bin/vhost-cgi-wrap.sh
Executable file
|
@ -0,0 +1,88 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# vhost-stack
|
||||
# https://git.stack-source.com/msb/vhost-stack
|
||||
# MIT License Copyright (c) 2022 Matthew Saunders Brown
|
||||
|
||||
# load include file
|
||||
source $(dirname $0)/vhost.sh
|
||||
|
||||
help()
|
||||
{
|
||||
thisfilename=$(basename -- "$0")
|
||||
echo "Create CGI Wrapper for virtualhost."
|
||||
echo ""
|
||||
echo "usage: $thisfilename --d <domain> [-h]"
|
||||
echo ""
|
||||
echo " -h Print this help."
|
||||
echo " -d <domain> Domain name of VirtualHost to create cgi-wrapper for."
|
||||
exit
|
||||
}
|
||||
|
||||
vhost:getoptions "$@"
|
||||
|
||||
# check for domain (virtualhost)
|
||||
if [[ -z $domain ]]; then
|
||||
echo "domain is required"
|
||||
exit
|
||||
fi
|
||||
|
||||
if [[ -d "/srv/www/$domain" ]]; then
|
||||
# get and set $username
|
||||
username=$(stat -c '%U' /srv/www/$domain)
|
||||
else
|
||||
echo "VirtualHost dir for $domain does not exist."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -f /usr/local/lib/cgi-wrap/$domain/cgiwrap ]]; then
|
||||
echo "cgi-wrapper for $domain already exists"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! grep -q ":/usr/jails/$username/./home/$username:" /etc/passwd; then
|
||||
echo "$username must be jailed before creating cgi-wrapper."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -d /usr/jails/$username ]]; then
|
||||
if [[ ! -d /usr/jails/$username/usr/jails/$username/ ]]; then
|
||||
mkdir -p /usr/jails/$username/usr/jails/$username/
|
||||
cd /usr/jails/$username/usr/jails/$username/
|
||||
ln -s /home ./home
|
||||
fi
|
||||
else
|
||||
echo "Jail dir for $username does not exist."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -d /usr/local/lib/cgi-wrap/$domain ]]; then
|
||||
mkdir -p /usr/local/lib/cgi-wrap/$domain
|
||||
fi
|
||||
|
||||
cd /usr/local/src
|
||||
|
||||
if [[ -d cgiwrap-4.1 ]]; then
|
||||
rm -r cgiwrap-4.1
|
||||
fi
|
||||
|
||||
if [[ ! -f cgiwrap-4.1.tar.gz ]]; then
|
||||
wget --quiet https://github.com/cgiwrap/cgiwrap/releases/download/cgiwrap-4.1/cgiwrap-4.1.tar.gz
|
||||
fi
|
||||
|
||||
if [[ -f cgiwrap-4.1.tar.gz ]]; then
|
||||
tar zxf cgiwrap-4.1.tar.gz
|
||||
else
|
||||
echo "cgiwrap-4.1.tar.gz does not exist and failed to download"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd cgiwrap-4.1
|
||||
./configure --with-chroot=/usr/jails/$username --with-rlimit-core=0 --with-rlimit-cpu=60 --without-redirect-stderr --without-logging-file --with-httpd-user=www-data --with-cgi-dir=$domain/cgi-bin --with-install-dir=/usr/local/lib/cgi-wrap/$domain --with-wall --with-local-contact-email=webmaster@$domain
|
||||
make
|
||||
make install
|
||||
|
||||
echo "Make sure the desired scripting languages are installed in the $username jail. e.g.:"
|
||||
echo "jk_init -k -j /usr/jails/$username perl"
|
||||
echo "jk_init -k -j /usr/jails/$username python3"
|
||||
echo "jk_init -k -j /usr/jails/$username ruby"
|
|
@ -24,7 +24,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$vhost/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
@ -36,7 +39,6 @@
|
|||
ServerName $subdomain.$vhost
|
||||
ServerAlias $subdomain.$vhost.example.com
|
||||
DocumentRoot /srv/www/$vhost/$subdomain
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
@ -50,7 +52,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$vhost/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
## <Location "/">
|
||||
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
||||
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
||||
|
@ -65,7 +70,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$vhost/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
@ -108,7 +116,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$vhost/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
@ -132,7 +143,6 @@
|
|||
ServerName $subdomain.$vhost
|
||||
ServerAlias $subdomain.$vhost.example.com
|
||||
DocumentRoot /srv/www/$vhost/$subdomain
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
@ -211,7 +221,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$alias/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
@ -224,7 +237,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$alias/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
## <Location "/">
|
||||
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
||||
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
||||
|
@ -239,7 +255,10 @@
|
|||
ServerAlias www.$vhost
|
||||
ServerAlias $vhost.example.com
|
||||
DocumentRoot /srv/www/$alias/html
|
||||
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
|
||||
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
|
||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
|
|
@ -82,9 +82,9 @@ echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf
|
|||
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
|
||||
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||||
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||||
echo '<Directory "/srv/www/*/cgi-bin">' >> /etc/apache2/conf-available/security.conf
|
||||
echo '<Directory "/usr/local/lib/cgi-wrap/">' >> /etc/apache2/conf-available/security.conf
|
||||
echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf
|
||||
echo ' Options none' >> /etc/apache2/conf-available/security.conf
|
||||
echo ' Options None' >> /etc/apache2/conf-available/security.conf
|
||||
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||||
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user