add cgiwrap support

This commit is contained in:
Matthew Saunders Brown 2022-04-26 15:58:13 -07:00
parent 848fd67d87
commit 959ab99486
3 changed files with 120 additions and 13 deletions

88
bin/vhost-cgi-wrap.sh Executable file
View File

@ -0,0 +1,88 @@
#!/bin/bash
#
# vhost-stack
# https://git.stack-source.com/msb/vhost-stack
# MIT License Copyright (c) 2022 Matthew Saunders Brown
# load include file
source $(dirname $0)/vhost.sh
help()
{
thisfilename=$(basename -- "$0")
echo "Create CGI Wrapper for virtualhost."
echo ""
echo "usage: $thisfilename --d <domain> [-h]"
echo ""
echo " -h Print this help."
echo " -d <domain> Domain name of VirtualHost to create cgi-wrapper for."
exit
}
vhost:getoptions "$@"
# check for domain (virtualhost)
if [[ -z $domain ]]; then
echo "domain is required"
exit
fi
if [[ -d "/srv/www/$domain" ]]; then
# get and set $username
username=$(stat -c '%U' /srv/www/$domain)
else
echo "VirtualHost dir for $domain does not exist."
exit 1
fi
if [[ -f /usr/local/lib/cgi-wrap/$domain/cgiwrap ]]; then
echo "cgi-wrapper for $domain already exists"
exit 1
fi
if ! grep -q ":/usr/jails/$username/./home/$username:" /etc/passwd; then
echo "$username must be jailed before creating cgi-wrapper."
exit 1
fi
if [[ -d /usr/jails/$username ]]; then
if [[ ! -d /usr/jails/$username/usr/jails/$username/ ]]; then
mkdir -p /usr/jails/$username/usr/jails/$username/
cd /usr/jails/$username/usr/jails/$username/
ln -s /home ./home
fi
else
echo "Jail dir for $username does not exist."
exit 1
fi
if [[ ! -d /usr/local/lib/cgi-wrap/$domain ]]; then
mkdir -p /usr/local/lib/cgi-wrap/$domain
fi
cd /usr/local/src
if [[ -d cgiwrap-4.1 ]]; then
rm -r cgiwrap-4.1
fi
if [[ ! -f cgiwrap-4.1.tar.gz ]]; then
wget --quiet https://github.com/cgiwrap/cgiwrap/releases/download/cgiwrap-4.1/cgiwrap-4.1.tar.gz
fi
if [[ -f cgiwrap-4.1.tar.gz ]]; then
tar zxf cgiwrap-4.1.tar.gz
else
echo "cgiwrap-4.1.tar.gz does not exist and failed to download"
exit 1
fi
cd cgiwrap-4.1
./configure --with-chroot=/usr/jails/$username --with-rlimit-core=0 --with-rlimit-cpu=60 --without-redirect-stderr --without-logging-file --with-httpd-user=www-data --with-cgi-dir=$domain/cgi-bin --with-install-dir=/usr/local/lib/cgi-wrap/$domain --with-wall --with-local-contact-email=webmaster@$domain
make
make install
echo "Make sure the desired scripting languages are installed in the $username jail. e.g.:"
echo "jk_init -k -j /usr/jails/$username perl"
echo "jk_init -k -j /usr/jails/$username python3"
echo "jk_init -k -j /usr/jails/$username ruby"

View File

@ -24,7 +24,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>
@ -36,7 +39,6 @@
ServerName $subdomain.$vhost
ServerAlias $subdomain.$vhost.example.com
DocumentRoot /srv/www/$vhost/$subdomain
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>
@ -50,7 +52,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
## <Location "/">
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
@ -65,7 +70,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>
@ -108,7 +116,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$vhost/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>
@ -132,7 +143,6 @@
ServerName $subdomain.$vhost
ServerAlias $subdomain.$vhost.example.com
DocumentRoot /srv/www/$vhost/$subdomain
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>
@ -211,7 +221,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$alias/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>
@ -224,7 +237,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$alias/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
## <Location "/">
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
@ -239,7 +255,10 @@
ServerAlias www.$vhost
ServerAlias $vhost.example.com
DocumentRoot /srv/www/$alias/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
ScriptAlias /cgi-wrap/ "/usr/local/lib/cgi-wrap/$alias/"
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*
RewriteRule ^/cgi-bin/(.*) /cgi-wrap/cgiwrap/$username/$1 [PT]
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch>

View File

@ -82,9 +82,9 @@ echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
echo '<Directory "/srv/www/*/cgi-bin">' >> /etc/apache2/conf-available/security.conf
echo '<Directory "/usr/local/lib/cgi-wrap/">' >> /etc/apache2/conf-available/security.conf
echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf
echo ' Options none' >> /etc/apache2/conf-available/security.conf
echo ' Options None' >> /etc/apache2/conf-available/security.conf
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
echo '</Directory>' >> /etc/apache2/conf-available/security.conf