From 9f69f46a0b14acffe23d52224b426275348e7ca8 Mon Sep 17 00:00:00 2001 From: Matthew Saunders Brown Date: Tue, 19 Apr 2022 13:15:53 -0700 Subject: [PATCH] enable cgi-bin support --- etc/apache2/mods-available/macro.conf | 9 +++++++++ install.sh | 18 +++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/etc/apache2/mods-available/macro.conf b/etc/apache2/mods-available/macro.conf index da48346..fd0af94 100644 --- a/etc/apache2/mods-available/macro.conf +++ b/etc/apache2/mods-available/macro.conf @@ -24,6 +24,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$vhost/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" @@ -35,6 +36,7 @@ ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.example.com DocumentRoot /srv/www/$vhost/$subdomain + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" @@ -48,6 +50,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$vhost/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ ## ## ## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" @@ -62,6 +65,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$vhost/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" @@ -104,6 +108,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$vhost/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" @@ -127,6 +132,7 @@ ServerName $subdomain.$vhost ServerAlias $subdomain.$vhost.example.com DocumentRoot /srv/www/$vhost/$subdomain + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" @@ -205,6 +211,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$alias/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" @@ -217,6 +224,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$alias/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ ## ## ## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" @@ -231,6 +239,7 @@ ServerAlias www.$vhost ServerAlias $vhost.example.com DocumentRoot /srv/www/$alias/html + ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/ SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" diff --git a/install.sh b/install.sh index 037e708..a972050 100755 --- a/install.sh +++ b/install.sh @@ -67,7 +67,7 @@ chown root:root /etc/apache2/mods-available/*.conf vhostdomain=`hostname -d` sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf # a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro -a2enmod proxy_fcgi proxy_http rewrite headers expires ssl http2 macro +a2enmod cgid proxy_fcgi proxy_http rewrite headers expires ssl http2 macro # # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/000-default.conf # # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/default-ssl.conf @@ -82,6 +82,12 @@ echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf echo ' Require all granted' >> /etc/apache2/conf-available/security.conf echo '' >> /etc/apache2/conf-available/security.conf +echo '' >> /etc/apache2/conf-available/security.conf +echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf +echo ' Options none' >> /etc/apache2/conf-available/security.conf +echo ' Require all granted' >> /etc/apache2/conf-available/security.conf +echo '' >> /etc/apache2/conf-available/security.conf + # configure php sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini @@ -131,6 +137,7 @@ apt -y install jailkit # bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini +sed -i "s|paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5|paths = /usr/bin/perl, /usr/lib/x86_64-linux-gnu/perl, /usr/lib/x86_64-linux-gnu/perl-base, /usr/share/perl, /usr/share/perl5|g" /etc/jailkit/jk_init.ini echo "" >> /etc/jailkit/jk_init.ini echo "[shellstack]" >> /etc/jailkit/jk_init.ini echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini @@ -140,6 +147,15 @@ echo "" >> /etc/jailkit/jk_init.ini echo "[php]" >> /etc/jailkit/jk_init.ini echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini +echo "" >> /etc/jailkit/jk_init.ini +echo "[python3]" >> /etc/jailkit/jk_init.ini +echo "comment = the python3 interpreter and libraries" >> /etc/jailkit/jk_init.ini +echo "paths = /usr/bin/python3, /usr/lib/python3, /usr/lib/python3.8, /usr/share/doc/python3, /usr/share/doc/python3-minimal, /usr/share/python3, /usr/share/man/man1/python3.1.gz" >> /etc/jailkit/jk_init.ini +echo "" >> /etc/jailkit/jk_init.ini +echo "[ruby]" >> /etc/jailkit/jk_init.ini +echo "comment = the ruby interpreter and libraries" >> /etc/jailkit/jk_init.ini +echo "paths = /usr/bin/erb. /usr/bin/gem, /usr/bin/irb, /usr/bin/rdoc, /usr/bin/ri, /usr/bin/ruby, /usr/share/doc/ruby, /usr/share/man/man1/ruby.1.gz, /usr/lib/ruby/, /usr/lib/x86_64-linux-gnu/ruby/" >> /etc/jailkit/jk_init.ini + mkdir /usr/jails if ! [ -d "/usr/local/libexec" ]; then install --owner=root --group=root --mode=755 --directory /usr/local/libexec