Use suexec to run user CGi scripts
authorTom Hughes <tom@compton.nu>
Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
committerTom Hughes <tom@compton.nu>
Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
cookbooks/dev/recipes/default.rb
cookbooks/dev/templates/default/apache.user.erb

index 2e5e005..528bc17 100644 (file)
@@ -29,7 +29,6 @@ include_recipe "postgresql"
 
 package "php"
 package "php-cgi"
-# package "php-cgiwrap"
 package "php-cli"
 package "php-curl"
 package "php-db"
@@ -59,11 +58,15 @@ easy_install_package "geojson"
 
 apache_module "env"
 apache_module "expires"
+apache_module "headers"
 apache_module "proxy"
 apache_module "proxy_fcgi"
 apache_module "rewrite"
+apache_module "suexec"
+apache_module "userdir"
 apache_module "wsgi"
-apache_module "headers"
+
+package "apache2-suexec-pristine"
 
 gem_package "sqlite3"
 
index a63829a..39f1cd6 100644 (file)
@@ -22,13 +22,10 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
 
-#      RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#      RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L]
+       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+       RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
 
-#      RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#      RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L]
-
-        RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
        RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
 </VirtualHost>
 
@@ -38,6 +35,12 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
        Require all granted
 </Directory>
 
+<Directory <%= @directory %>/cgi-bin>
+       SetHandler cgi-script
+       Options ExecCGI SymLinksIfOwnerMatch
+       Require all granted
+</Directory>
+
 <Directory <%= @directory %>/wsgi-bin>
        SetHandler wsgi-script
        Options ExecCGI SymLinksIfOwnerMatch