AlmaLinux 9
Sponsored Link

Nginx : Use CGI Scripts2023/03/03

 
Configure CGI executable Environment on Nginx.
[1] Install FastCGI Wrap and Configure Nginx for it.
# install from EPEL

[root@www ~]#
dnf --enablerepo=epel -y install fcgiwrap
[root@www ~]#
vi /etc/nginx/fcgiwrap.conf
# create new
# for example, enable CGI under [/cgi-bin]

location /cgi-bin/ {
    gzip off;
    root  /usr/share/nginx;
    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
}

[root@www ~]#
mkdir /usr/share/nginx/cgi-bin

[root@www ~]#
chmod 755 /usr/share/nginx/cgi-bin
[root@www ~]#
vi /etc/nginx/conf.d/ssl.conf
# add settings into [server] section of a site definition

server {
        .....
        .....
        include fcgiwrap.conf;
}

[root@www ~]#
systemctl reload nginx

[2] Create Systemd file for FastCGI Wrap service and Start them.
[root@www ~]#
vi /usr/lib/systemd/system/fcgiwrap.service
# create new

[Unit]
Description=Simple CGI Server
After=nss-user-lookup.target
Requires=fcgiwrap.socket

[Service]
EnvironmentFile=/etc/sysconfig/fcgiwrap
ExecStart=/usr/sbin/fcgiwrap ${DAEMON_OPTS} -c ${DAEMON_PROCS}
User=nginx
Group=nginx

[Install]
Also=fcgiwrap.socket

[root@www ~]#
vi /usr/lib/systemd/system/fcgiwrap.socket
# create new

[Unit]
Description=fcgiwrap Socket

[Socket]
ListenStream=/run/fcgiwrap.socket

[Install]
WantedBy=sockets.target

[root@www ~]#
systemctl enable --now fcgiwrap
[3] If SELinux is enabled, change policy.
[root@www ~]#
vi nginx-server.te
# create new

module nginx-server 1.0;

require {
        type unconfined_service_t;
        type var_run_t;
        type httpd_t;
        class sock_file write;
        class unix_stream_socket connectto;
}

#============= httpd_t ==============
allow httpd_t unconfined_service_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;

[root@www ~]#
checkmodule -m -M -o nginx-server.mod nginx-server.te

checkmodule: loading policy configuration from nginx-server.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to nginx-server.mod
[root@www ~]#
semodule_package --outfile nginx-server.pp --module nginx-server.mod

[root@www ~]#
semodule -i nginx-server.pp

[4] Create a test scripts with a language (example below is Python3) under the directory you set CGI executable ([/usr/share/nginx/cgi-bin] on this example) and Access to it to verify CGI works normally.
[root@www ~]#
vi /usr/share/nginx/cgi-bin/index.cgi
#!/usr/bin/python3

print("Content-type: text/html\n")
print("<html>\n<body>")
print("<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">")
print("CGI Script Test Page")
print("</div>")
print("</body>\n</html>")

[root@www ~]#
chmod 755 /usr/share/nginx/cgi-bin/index.cgi

Matched Content