Cgi app — различия между версиями
Andy (обсуждение | вклад) (→Конфигурирование ограничений) |
Andy (обсуждение | вклад) |
||
(не показано 6 промежуточных версий этого же участника) | |||
Строка 9: | Строка 9: | ||
== Конфигурирование CGI == | == Конфигурирование CGI == | ||
+ | Создадим директорию <code>/content/dynamic</code> и присвоим ей соответствующий контекст: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | [root@vm-01 ~]# mkdir /content/dynamic | ||
+ | [root@vm-01 ~]# semanage fcontext -at httpd_sys_script_exec_t "/content/dynamic(/.*)?" | ||
+ | [root@vm-01 ~]# restorecon -vR /content/dynamic/ | ||
+ | restorecon reset /content/dynamic context unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_sys_script_exec_t:s0 | ||
+ | [root@vm-01 ~]# ls -lahiZ /content/ | ||
+ | drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 . | ||
+ | dr-xr-xr-x. root root system_u:object_r:root_t:s0 .. | ||
+ | drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_script_exec_t:s0 dynamic | ||
+ | -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html | ||
+ | drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 private | ||
+ | [root@vm-01 ~]# | ||
+ | </syntaxhighlight> | ||
+ | Добавим директорию <code>/content/dynamic</code> в файле <code>/etc/httpd/conf.d/vm-01.conf</code> и укажем вебсерверу, что следует запускать файлы определенного расширения. | ||
+ | А при помощи директивы <code>ScriptAlias</code> укажем, что файлы в директории <code>/content/dynamic</code> следует запускать: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | # Virtual Hosts | ||
+ | # | ||
+ | # Required modules: mod_log_config | ||
+ | |||
+ | # If you want to maintain multiple domains/hostnames on your | ||
+ | # machine you can setup VirtualHost containers for them. Most configurations | ||
+ | # use only name-based virtual hosts so the server doesn't need to worry about | ||
+ | # IP addresses. This is indicated by the asterisks in the directives below. | ||
+ | # | ||
+ | # Please see the documentation at | ||
+ | # <URL:http://httpd.apache.org/docs/2.4/vhosts/> | ||
+ | # for further details before you try to setup virtual hosts. | ||
+ | # | ||
+ | # You may use the command line option '-S' to verify your virtual host | ||
+ | # configuration. | ||
+ | |||
+ | # | ||
+ | # VirtualHost example: | ||
+ | # Almost any Apache directive may go into a VirtualHost container. | ||
+ | # The first VirtualHost section is used for all requests that do not | ||
+ | # match a ServerName or ServerAlias in any <VirtualHost> block. | ||
+ | # | ||
+ | <VirtualHost *:80> | ||
+ | ServerAdmin webmaster@vm-01.example.com | ||
+ | DocumentRoot "/content" | ||
+ | ServerName vm-01.example.com | ||
+ | ServerAlias www.vm-01.example.com | ||
+ | ErrorLog "/var/log/httpd/vm-01.example.com-error_log" | ||
+ | CustomLog "/var/log/httpd/vm-01.example.com-access_log" common | ||
+ | ScriptAlias /cgi-bin/ "/content/dynamic" | ||
+ | <Directory "/content"> | ||
+ | AllowOverride None | ||
+ | # Allow open access: | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | <Directory "/content/private"> | ||
+ | AuthType basic | ||
+ | AuthName "Private area! Restricted access" | ||
+ | AuthUserFile "/etc/httpd/passwd" | ||
+ | Require valid-user | ||
+ | </Directory> | ||
+ | <Directory "/content/dynamic"> | ||
+ | Options ExecCGI | ||
+ | AddHandler cgi-script .cgi .pl | ||
+ | AllowOverride None | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | </syntaxhighlight> | ||
+ | Создадим файл <code>/content/dynamic/test.pl</code> следующего содержания: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | #!/usr/bin/perl | ||
+ | use warnings; | ||
+ | use strict; | ||
+ | |||
+ | my $loctime = localtime(); | ||
+ | |||
+ | print "Content-type:text/html\r\n\r\n"; | ||
+ | print "<html>"; | ||
+ | print "<head>"; | ||
+ | print "<title>Hello Word - First CGI Program</title>"; | ||
+ | print "</head>"; | ||
+ | print "<body>"; | ||
+ | print "<h2>Hello Word! This is my first CGI program. Page has been generated at: $loctime</h2>"; | ||
+ | print "</body>"; | ||
+ | print "</html>"; | ||
+ | </syntaxhighlight> | ||
+ | Присваиваем контекст <code>SELinux</code>: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | [root@vm-01 ~]# restorecon -vR /content/dynamic/ | ||
+ | [root@vm-01 ~]# ls -lahi /content/dynamic/test.pl | ||
+ | 529378 -rwxr-xr-x. 1 root root 362 Jan 29 10:06 /content/dynamic/test.pl | ||
+ | [root@vm-01 ~]# ls -lahiZ /content/dynamic/test.pl | ||
+ | -rwxr-xr-x. root root unconfined_u:object_r:httpd_sys_script_exec_t:s0 /content/dynamic/test.pl | ||
+ | [root@vm-01 ~]# | ||
+ | </syntaxhighlight> | ||
+ | Перезапускаем <code>Apache</code>: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | [root@vm-01 ~]# systemctl restart httpd | ||
+ | [root@vm-01 ~]# systemctl is-active httpd | ||
+ | active | ||
+ | [root@vm-01 ~]# | ||
+ | </syntaxhighlight> | ||
+ | ==== Проверка ==== | ||
+ | С виртуальной машины <code>vm-02</code> обратимся к странице при помощи утилиты <code>curl</code>: | ||
+ | <syntaxhighlight lang="bash"> | ||
+ | [root@vm-02 ~]# curl "http://192.168.1.1/dynamic/test.pl" | ||
+ | <html><head><title>Hello Word - First CGI Program</title></head><body><h2>Hello Word! This is my first CGI program. Page has been generated at: Mon Jan 29 10:48:27 2018</h2></body></html>[root@vm-02 ~]# | ||
+ | </syntaxhighlight> |
Текущая версия на 10:49, 29 января 2018
Содержание
Конфигурирование Apache. Развертывание приложений CGI
Предварительные требования
- Виртуальная машина с двумя сетевыми интерфейсами
- Установленные пакеты:
bash-completion
,policycoreutils
,policycoreutils-python
,policycoreutils-devel
,setroubleshoot-server
,httpd
,httpd-manual
,elinks
,curl
,perl
Общая информация и терминология
CGI (Common Gateway Interface) - общий интерфейс маршрутизации. Служит для взаимодействия внешних программ с вебсервером. Упрощенным языком - возможность вызова вебсервером сторонних программ и получения их результатов для дальнейшей обработки. Ранее использовался для создания динамическийх сайтов. RFC 3875
Конфигурирование CGI
Создадим директорию /content/dynamic
и присвоим ей соответствующий контекст:
[root@vm-01 ~]# mkdir /content/dynamic
[root@vm-01 ~]# semanage fcontext -at httpd_sys_script_exec_t "/content/dynamic(/.*)?"
[root@vm-01 ~]# restorecon -vR /content/dynamic/
restorecon reset /content/dynamic context unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_sys_script_exec_t:s0
[root@vm-01 ~]# ls -lahiZ /content/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 .
dr-xr-xr-x. root root system_u:object_r:root_t:s0 ..
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_script_exec_t:s0 dynamic
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 private
[root@vm-01 ~]#
Добавим директорию /content/dynamic
в файле /etc/httpd/conf.d/vm-01.conf
и укажем вебсерверу, что следует запускать файлы определенного расширения.
А при помощи директивы ScriptAlias
укажем, что файлы в директории /content/dynamic
следует запускать:
# Virtual Hosts
#
# Required modules: mod_log_config
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerAdmin webmaster@vm-01.example.com
DocumentRoot "/content"
ServerName vm-01.example.com
ServerAlias www.vm-01.example.com
ErrorLog "/var/log/httpd/vm-01.example.com-error_log"
CustomLog "/var/log/httpd/vm-01.example.com-access_log" common
ScriptAlias /cgi-bin/ "/content/dynamic"
<Directory "/content">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/content/private">
AuthType basic
AuthName "Private area! Restricted access"
AuthUserFile "/etc/httpd/passwd"
Require valid-user
</Directory>
<Directory "/content/dynamic">
Options ExecCGI
AddHandler cgi-script .cgi .pl
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Создадим файл /content/dynamic/test.pl
следующего содержания:
#!/usr/bin/perl
use warnings;
use strict;
my $loctime = localtime();
print "Content-type:text/html\r\n\r\n";
print "<html>";
print "<head>";
print "<title>Hello Word - First CGI Program</title>";
print "</head>";
print "<body>";
print "<h2>Hello Word! This is my first CGI program. Page has been generated at: $loctime</h2>";
print "</body>";
print "</html>";
Присваиваем контекст SELinux
:
[root@vm-01 ~]# restorecon -vR /content/dynamic/
[root@vm-01 ~]# ls -lahi /content/dynamic/test.pl
529378 -rwxr-xr-x. 1 root root 362 Jan 29 10:06 /content/dynamic/test.pl
[root@vm-01 ~]# ls -lahiZ /content/dynamic/test.pl
-rwxr-xr-x. root root unconfined_u:object_r:httpd_sys_script_exec_t:s0 /content/dynamic/test.pl
[root@vm-01 ~]#
Перезапускаем Apache
:
[root@vm-01 ~]# systemctl restart httpd
[root@vm-01 ~]# systemctl is-active httpd
active
[root@vm-01 ~]#
Проверка
С виртуальной машины vm-02
обратимся к странице при помощи утилиты curl
:
[root@vm-02 ~]# curl "http://192.168.1.1/dynamic/test.pl"
<html><head><title>Hello Word - First CGI Program</title></head><body><h2>Hello Word! This is my first CGI program. Page has been generated at: Mon Jan 29 10:48:27 2018</h2></body></html>[root@vm-02 ~]#