Use suexec to run user CGi scripts

author Tom Hughes <tom@compton.nu>

Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)

committer Tom Hughes <tom@compton.nu>

Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
author Tom Hughes <tom@compton.nu>
Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
committer Tom Hughes <tom@compton.nu>
Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb

index 2e5e0058fbcd05e4778ad93614f4673ab9029257..528bc17d88f69d85e13f12a4f9f8a1dbe2dec3b6 100644 (file)
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -29,7 +29,6 @@ include_recipe "postgresql"
  
  package "php"
  package "php-cgi"
-# package "php-cgiwrap"
  package "php-cli"
  package "php-curl"
  package "php-db"
@@ -59,11 +58,15 @@ easy_install_package "geojson"
  
  apache_module "env"
  apache_module "expires"
+apache_module "headers"
  apache_module "proxy"
  apache_module "proxy_fcgi"
  apache_module "rewrite"
+apache_module "suexec"
+apache_module "userdir"
  apache_module "wsgi"
-apache_module "headers"
+
+package "apache2-suexec-pristine"
  
  gem_package "sqlite3"
  
diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb

index a63829afb156227f0a05dbf4076fe9f2d09b18dd..39f1cd60faa2f40b1c8db8f5e830de0fc8bc6c30 100644 (file)
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -22,13 +22,10 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
         CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
         ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
  
-#      RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#      RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L]
+       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+       RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
  
-#      RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#      RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L]
-
-        RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+       RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
         RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
  </VirtualHost>
  
@@ -38,6 +35,12 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
         Require all granted
  </Directory>
  
+<Directory <%= @directory %>/cgi-bin>
+       SetHandler cgi-script
+       Options ExecCGI SymLinksIfOwnerMatch
+       Require all granted
+</Directory>
+
  <Directory <%= @directory %>/wsgi-bin>
         SetHandler wsgi-script
         Options ExecCGI SymLinksIfOwnerMatch
author	Tom Hughes <tom@compton.nu>
	Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
committer	Tom Hughes <tom@compton.nu>
	Thu, 29 Sep 2016 19:33:09 +0000 (20:33 +0100)
cookbooks/dev/recipes/default.rb		patch \| blob \| history
cookbooks/dev/templates/default/apache.user.erb		patch \| blob \| history