diff --git a/etc/apache2/mods-available/macro.conf b/etc/apache2/mods-available/macro.conf
index da48346..fd0af94 100644
--- a/etc/apache2/mods-available/macro.conf
+++ b/etc/apache2/mods-available/macro.conf
@@ -24,6 +24,7 @@
     ServerAlias www.$vhost
     ServerAlias $vhost.example.com
     DocumentRoot  /srv/www/$vhost/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
@@ -35,6 +36,7 @@
     ServerName  $subdomain.$vhost
     ServerAlias $subdomain.$vhost.example.com
     DocumentRoot  /srv/www/$vhost/$subdomain
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
@@ -48,6 +50,7 @@
     ServerAlias www.$vhost
     ServerAlias $vhost.example.com
     DocumentRoot  /srv/www/$vhost/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
 ##    <Location "/">
 ##      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
 ##        Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
@@ -62,6 +65,7 @@
     ServerAlias   www.$vhost
     ServerAlias   $vhost.example.com
     DocumentRoot  /srv/www/$vhost/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
@@ -104,6 +108,7 @@
     ServerAlias www.$vhost
     ServerAlias $vhost.example.com
     DocumentRoot  /srv/www/$vhost/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
@@ -127,6 +132,7 @@
     ServerName  $subdomain.$vhost
     ServerAlias $subdomain.$vhost.example.com
     DocumentRoot  /srv/www/$vhost/$subdomain
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
@@ -205,6 +211,7 @@
     ServerAlias www.$vhost
     ServerAlias $vhost.example.com
     DocumentRoot  /srv/www/$alias/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
@@ -217,6 +224,7 @@
     ServerAlias www.$vhost
     ServerAlias $vhost.example.com
     DocumentRoot  /srv/www/$alias/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
 ##    <Location "/">
 ##      <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
 ##        Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
@@ -231,6 +239,7 @@
     ServerAlias   www.$vhost
     ServerAlias   $vhost.example.com
     DocumentRoot  /srv/www/$alias/html
+    ScriptAlias   /cgi-bin/ /srv/www/$vhost/cgi-bin/
     <FilesMatch ".+\.ph(ar|p|tml)$">
       SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
     </FilesMatch>
diff --git a/install.sh b/install.sh
index 037e708..a972050 100755
--- a/install.sh
+++ b/install.sh
@@ -67,7 +67,7 @@ chown root:root /etc/apache2/mods-available/*.conf
 vhostdomain=`hostname -d`
 sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf
 # a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro
-a2enmod proxy_fcgi proxy_http rewrite headers expires ssl http2 macro
+a2enmod cgid proxy_fcgi proxy_http rewrite headers expires ssl http2 macro
 # # sed -i "s|CustomLog|#CustomLog|g"  /etc/apache2/sites-available/000-default.conf
 sed -i "s|/var/www/html|/srv/www/html|g"  /etc/apache2/sites-available/000-default.conf
 # # sed -i "s|CustomLog|#CustomLog|g"  /etc/apache2/sites-available/default-ssl.conf
@@ -82,6 +82,12 @@ echo '  AllowOverride All' >> /etc/apache2/conf-available/security.conf
 echo '  Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
 echo '  Require all granted' >> /etc/apache2/conf-available/security.conf
 echo '</Directory>' >> /etc/apache2/conf-available/security.conf
+echo '<Directory "/srv/www/*/cgi-bin">' >> /etc/apache2/conf-available/security.conf
+echo '  AllowOverride None' >> /etc/apache2/conf-available/security.conf
+echo '  Options none' >> /etc/apache2/conf-available/security.conf
+echo '  Require all granted' >> /etc/apache2/conf-available/security.conf
+echo '</Directory>' >> /etc/apache2/conf-available/security.conf
+
 # configure php
 sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini
 sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini
@@ -131,6 +137,7 @@ apt -y install jailkit
 # bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
 sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update
 sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini
+sed -i "s|paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5|paths = /usr/bin/perl, /usr/lib/x86_64-linux-gnu/perl, /usr/lib/x86_64-linux-gnu/perl-base, /usr/share/perl, /usr/share/perl5|g" /etc/jailkit/jk_init.ini
 echo "" >> /etc/jailkit/jk_init.ini
 echo "[shellstack]" >> /etc/jailkit/jk_init.ini
 echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini
@@ -140,6 +147,15 @@ echo "" >> /etc/jailkit/jk_init.ini
 echo "[php]" >> /etc/jailkit/jk_init.ini
 echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini
 echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini
+echo "" >> /etc/jailkit/jk_init.ini
+echo "[python3]" >> /etc/jailkit/jk_init.ini
+echo "comment = the python3 interpreter and libraries" >> /etc/jailkit/jk_init.ini
+echo "paths = /usr/bin/python3, /usr/lib/python3, /usr/lib/python3.8, /usr/share/doc/python3, /usr/share/doc/python3-minimal, /usr/share/python3, /usr/share/man/man1/python3.1.gz" >> /etc/jailkit/jk_init.ini
+echo "" >> /etc/jailkit/jk_init.ini
+echo "[ruby]" >> /etc/jailkit/jk_init.ini
+echo "comment = the ruby interpreter and libraries" >> /etc/jailkit/jk_init.ini
+echo "paths = /usr/bin/erb. /usr/bin/gem, /usr/bin/irb, /usr/bin/rdoc, /usr/bin/ri, /usr/bin/ruby, /usr/share/doc/ruby, /usr/share/man/man1/ruby.1.gz, /usr/lib/ruby/, /usr/lib/x86_64-linux-gnu/ruby/" >> /etc/jailkit/jk_init.ini
+
 mkdir /usr/jails
 if ! [ -d "/usr/local/libexec" ]; then
   install --owner=root --group=root --mode=755 --directory /usr/local/libexec