enable cgi-bin support

This commit is contained in:
Matthew Saunders Brown 2022-04-19 13:15:53 -07:00
parent 8d05a58698
commit 9f69f46a0b
2 changed files with 26 additions and 1 deletions

View File

@ -24,6 +24,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
@ -35,6 +36,7 @@
ServerName $subdomain.$vhost ServerName $subdomain.$vhost
ServerAlias $subdomain.$vhost.example.com ServerAlias $subdomain.$vhost.example.com
DocumentRoot /srv/www/$vhost/$subdomain DocumentRoot /srv/www/$vhost/$subdomain
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
@ -48,6 +50,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
## <Location "/"> ## <Location "/">
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> ## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" ## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
@ -62,6 +65,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
@ -104,6 +108,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$vhost/html DocumentRoot /srv/www/$vhost/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
@ -127,6 +132,7 @@
ServerName $subdomain.$vhost ServerName $subdomain.$vhost
ServerAlias $subdomain.$vhost.example.com ServerAlias $subdomain.$vhost.example.com
DocumentRoot /srv/www/$vhost/$subdomain DocumentRoot /srv/www/$vhost/$subdomain
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
@ -205,6 +211,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$alias/html DocumentRoot /srv/www/$alias/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
@ -217,6 +224,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$alias/html DocumentRoot /srv/www/$alias/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
## <Location "/"> ## <Location "/">
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#"> ## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}" ## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
@ -231,6 +239,7 @@
ServerAlias www.$vhost ServerAlias www.$vhost
ServerAlias $vhost.example.com ServerAlias $vhost.example.com
DocumentRoot /srv/www/$alias/html DocumentRoot /srv/www/$alias/html
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
<FilesMatch ".+\.ph(ar|p|tml)$"> <FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>

View File

@ -67,7 +67,7 @@ chown root:root /etc/apache2/mods-available/*.conf
vhostdomain=`hostname -d` vhostdomain=`hostname -d`
sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf
# a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro # a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro
a2enmod proxy_fcgi proxy_http rewrite headers expires ssl http2 macro a2enmod cgid proxy_fcgi proxy_http rewrite headers expires ssl http2 macro
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf # # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf
sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/000-default.conf sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/000-default.conf
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/default-ssl.conf # # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/default-ssl.conf
@ -82,6 +82,12 @@ echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
echo '</Directory>' >> /etc/apache2/conf-available/security.conf echo '</Directory>' >> /etc/apache2/conf-available/security.conf
echo '<Directory "/srv/www/*/cgi-bin">' >> /etc/apache2/conf-available/security.conf
echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf
echo ' Options none' >> /etc/apache2/conf-available/security.conf
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
# configure php # configure php
sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini
sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini
@ -131,6 +137,7 @@ apt -y install jailkit
# bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated # bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update
sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini
sed -i "s|paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5|paths = /usr/bin/perl, /usr/lib/x86_64-linux-gnu/perl, /usr/lib/x86_64-linux-gnu/perl-base, /usr/share/perl, /usr/share/perl5|g" /etc/jailkit/jk_init.ini
echo "" >> /etc/jailkit/jk_init.ini echo "" >> /etc/jailkit/jk_init.ini
echo "[shellstack]" >> /etc/jailkit/jk_init.ini echo "[shellstack]" >> /etc/jailkit/jk_init.ini
echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini
@ -140,6 +147,15 @@ echo "" >> /etc/jailkit/jk_init.ini
echo "[php]" >> /etc/jailkit/jk_init.ini echo "[php]" >> /etc/jailkit/jk_init.ini
echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini
echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini
echo "" >> /etc/jailkit/jk_init.ini
echo "[python3]" >> /etc/jailkit/jk_init.ini
echo "comment = the python3 interpreter and libraries" >> /etc/jailkit/jk_init.ini
echo "paths = /usr/bin/python3, /usr/lib/python3, /usr/lib/python3.8, /usr/share/doc/python3, /usr/share/doc/python3-minimal, /usr/share/python3, /usr/share/man/man1/python3.1.gz" >> /etc/jailkit/jk_init.ini
echo "" >> /etc/jailkit/jk_init.ini
echo "[ruby]" >> /etc/jailkit/jk_init.ini
echo "comment = the ruby interpreter and libraries" >> /etc/jailkit/jk_init.ini
echo "paths = /usr/bin/erb. /usr/bin/gem, /usr/bin/irb, /usr/bin/rdoc, /usr/bin/ri, /usr/bin/ruby, /usr/share/doc/ruby, /usr/share/man/man1/ruby.1.gz, /usr/lib/ruby/, /usr/lib/x86_64-linux-gnu/ruby/" >> /etc/jailkit/jk_init.ini
mkdir /usr/jails mkdir /usr/jails
if ! [ -d "/usr/local/libexec" ]; then if ! [ -d "/usr/local/libexec" ]; then
install --owner=root --group=root --mode=755 --directory /usr/local/libexec install --owner=root --group=root --mode=755 --directory /usr/local/libexec