enable cgi-bin support
This commit is contained in:
parent
8d05a58698
commit
9f69f46a0b
|
@ -24,6 +24,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -35,6 +36,7 @@
|
||||||
ServerName $subdomain.$vhost
|
ServerName $subdomain.$vhost
|
||||||
ServerAlias $subdomain.$vhost.example.com
|
ServerAlias $subdomain.$vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/$subdomain
|
DocumentRoot /srv/www/$vhost/$subdomain
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -48,6 +50,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
## <Location "/">
|
## <Location "/">
|
||||||
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
||||||
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
||||||
|
@ -62,6 +65,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -104,6 +108,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/html
|
DocumentRoot /srv/www/$vhost/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -127,6 +132,7 @@
|
||||||
ServerName $subdomain.$vhost
|
ServerName $subdomain.$vhost
|
||||||
ServerAlias $subdomain.$vhost.example.com
|
ServerAlias $subdomain.$vhost.example.com
|
||||||
DocumentRoot /srv/www/$vhost/$subdomain
|
DocumentRoot /srv/www/$vhost/$subdomain
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -205,6 +211,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$alias/html
|
DocumentRoot /srv/www/$alias/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
@ -217,6 +224,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$alias/html
|
DocumentRoot /srv/www/$alias/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
## <Location "/">
|
## <Location "/">
|
||||||
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
## <If "%{REQUEST_URI} !~ m#^/.well-known/acme-challenge/#">
|
||||||
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
## Redirect 301 "https://%{HTTP_HOST}%{REQUEST_URI}"
|
||||||
|
@ -231,6 +239,7 @@
|
||||||
ServerAlias www.$vhost
|
ServerAlias www.$vhost
|
||||||
ServerAlias $vhost.example.com
|
ServerAlias $vhost.example.com
|
||||||
DocumentRoot /srv/www/$alias/html
|
DocumentRoot /srv/www/$alias/html
|
||||||
|
ScriptAlias /cgi-bin/ /srv/www/$vhost/cgi-bin/
|
||||||
<FilesMatch ".+\.ph(ar|p|tml)$">
|
<FilesMatch ".+\.ph(ar|p|tml)$">
|
||||||
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
SetHandler "proxy:unix:/run/php/php7.4-fpm-$username.sock|fcgi://localhost"
|
||||||
</FilesMatch>
|
</FilesMatch>
|
||||||
|
|
18
install.sh
18
install.sh
|
@ -67,7 +67,7 @@ chown root:root /etc/apache2/mods-available/*.conf
|
||||||
vhostdomain=`hostname -d`
|
vhostdomain=`hostname -d`
|
||||||
sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf
|
sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf
|
||||||
# a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro
|
# a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro
|
||||||
a2enmod proxy_fcgi proxy_http rewrite headers expires ssl http2 macro
|
a2enmod cgid proxy_fcgi proxy_http rewrite headers expires ssl http2 macro
|
||||||
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf
|
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf
|
||||||
sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/000-default.conf
|
sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/000-default.conf
|
||||||
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/default-ssl.conf
|
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/default-ssl.conf
|
||||||
|
@ -82,6 +82,12 @@ echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
|
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
|
||||||
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||||||
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||||||
|
echo '<Directory "/srv/www/*/cgi-bin">' >> /etc/apache2/conf-available/security.conf
|
||||||
|
echo ' AllowOverride None' >> /etc/apache2/conf-available/security.conf
|
||||||
|
echo ' Options none' >> /etc/apache2/conf-available/security.conf
|
||||||
|
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||||||
|
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||||||
|
|
||||||
# configure php
|
# configure php
|
||||||
sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini
|
sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini
|
||||||
sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini
|
sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini
|
||||||
|
@ -131,6 +137,7 @@ apt -y install jailkit
|
||||||
# bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
|
# bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
|
||||||
sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update
|
sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update
|
||||||
sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini
|
sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini
|
||||||
|
sed -i "s|paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5|paths = /usr/bin/perl, /usr/lib/x86_64-linux-gnu/perl, /usr/lib/x86_64-linux-gnu/perl-base, /usr/share/perl, /usr/share/perl5|g" /etc/jailkit/jk_init.ini
|
||||||
echo "" >> /etc/jailkit/jk_init.ini
|
echo "" >> /etc/jailkit/jk_init.ini
|
||||||
echo "[shellstack]" >> /etc/jailkit/jk_init.ini
|
echo "[shellstack]" >> /etc/jailkit/jk_init.ini
|
||||||
echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini
|
echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini
|
||||||
|
@ -140,6 +147,15 @@ echo "" >> /etc/jailkit/jk_init.ini
|
||||||
echo "[php]" >> /etc/jailkit/jk_init.ini
|
echo "[php]" >> /etc/jailkit/jk_init.ini
|
||||||
echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini
|
echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini
|
||||||
echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini
|
echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "[python3]" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "comment = the python3 interpreter and libraries" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "paths = /usr/bin/python3, /usr/lib/python3, /usr/lib/python3.8, /usr/share/doc/python3, /usr/share/doc/python3-minimal, /usr/share/python3, /usr/share/man/man1/python3.1.gz" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "[ruby]" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "comment = the ruby interpreter and libraries" >> /etc/jailkit/jk_init.ini
|
||||||
|
echo "paths = /usr/bin/erb. /usr/bin/gem, /usr/bin/irb, /usr/bin/rdoc, /usr/bin/ri, /usr/bin/ruby, /usr/share/doc/ruby, /usr/share/man/man1/ruby.1.gz, /usr/lib/ruby/, /usr/lib/x86_64-linux-gnu/ruby/" >> /etc/jailkit/jk_init.ini
|
||||||
|
|
||||||
mkdir /usr/jails
|
mkdir /usr/jails
|
||||||
if ! [ -d "/usr/local/libexec" ]; then
|
if ! [ -d "/usr/local/libexec" ]; then
|
||||||
install --owner=root --group=root --mode=755 --directory /usr/local/libexec
|
install --owner=root --group=root --mode=755 --directory /usr/local/libexec
|
||||||
|
|
Loading…
Reference in New Issue
Block a user