部署 fcgiwrap 服务

创建日期: 2024-09-06 18:17 | 作者: 风波 | 浏览次数: 17 | 分类: Nginx

直接拌匀的文档,未进行验证:https://www.server-world.info/en/note?os=CentOS_Stream_9&p=nginx&f=6

1. Install FastCGI Wrap and Configure Nginx for it.

1.1 安装 fcgiwrap

dnf --enablerepo=epel -y install fcgiwrap

1.2 创建配置文件:/etc/nginx/fcgiwrap.conf

# create new
# for example, enable CGI under [/cgi-bin]
location /cgi-bin/ {
    gzip off;
    root  /usr/share/nginx;
    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
}

1.3 创建运行目录

mkdir /usr/share/nginx/cgi-bin
chmod 755 /usr/share/nginx/cgi-bin

1.4 创建 nginx 配置文件 /etc/nginx/conf.d/ssl.conf

server {
        .....
        .....
        include fcgiwrap.conf;
}

1.5 重启 nginx

systemctl reload nginx

2. Create Systemd file for FastCGI Wrap service and Start them.

2.1 创建 fcgiwrap 服务的 systemd 配置文件 /usr/lib/systemd/system/fcgiwrap.service

# create new
[Unit]
Description=Simple CGI Server
After=nss-user-lookup.target
Requires=fcgiwrap.socket

[Service]
EnvironmentFile=/etc/sysconfig/fcgiwrap
ExecStart=/usr/sbin/fcgiwrap ${DAEMON_OPTS} -c ${DAEMON_PROCS}
User=nginx
Group=nginx

[Install]
Also=fcgiwrap.socket

2.1 创建 fcgiwrap 的 socket 文件 /usr/lib/systemd/system/fcgiwrap.socket

# create new
[Unit]
Description=fcgiwrap Socket

[Socket]
ListenStream=/run/fcgiwrap.socket

[Install]
WantedBy=sockets.target

1.3 启动 fcgiwrap 服务

systemctl enable --now fcgiwrap

3. If SELinux is enabled, change policy. 修改 SELinux 策略

3.1 编辑文件 nginx-server.te

# create new
module nginx-server 1.0;

require {
        type unconfined_service_t;
        type var_run_t;
        type httpd_t;
        class sock_file write;
        class unix_stream_socket connectto;
}

#============= httpd_t ==============
allow httpd_t unconfined_service_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;

3.2 执行命令

checkmodule -m -M -o nginx-server.mod nginx-server.te
semodule_package --outfile nginx-server.pp --module nginx-server.mod
semodule -i nginx-server.pp

4. Create a test scripts with a language (example below is Python3) under the directory you set CGI executable ([/usr/share/nginx/cgi-bin] on this example) and Access to it to verify CGI works normally.

测试文件:/usr/share/nginx/cgi-bin/index.cgi

#!/usr/bin/python3

print("Content-type: text/html\n")
print("<html>\n<body>")
print("<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">")
print("CGI Script Test Page")
print("</div>")
print("</body>\n</html>")

修改文件权限

chmod 755 /usr/share/nginx/cgi-bin/index.cgi
17 浏览
0 评论