先日、CentOS 8にインストールしたNginxでCGIを動作させてみました。
Apacheと比べて何かと面倒なんですね。
理解力が足らなくてググればググるほど混乱して(^^;)
環境
・CentOS Linux release 8.2.2004 (Core)
・Kernel 4.18.0-193.6.3.el8_2.x86_64
・nginx version: nginx/1.14.1
NginxからCGIを呼び出すのにfcgiwrapを使うのが良さそうです(曖昧)。
gnosek/fcgiwrap
https://github.com/gnosek/fcgiwrap
- fcgiwrapのインストール
- fcgiwrapの起動
- CGI用ディレクトリを作成
- /etc/nginx/nginx.confの編集
- nginxの再起動
- CGIの実行
fcgiwrapはepel repositoryにありました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
[root@centos8 ~]# dnf info fcgiwrap Last metadata expiration check: 1:31:11 ago on Fri Jul 17 10:37:19 2020. Available Packages Name : fcgiwrap Version : 1.1.0 Release : 12.20181108git99c942c.el8 Architecture : x86_64 Size : 26 k Source : fcgiwrap-1.1.0-12.20181108git99c942c.el8.src.rpm Repository : epel Summary : Simple FastCGI wrapper for CGI scripts URL : https://github.com/gnosek/fcgiwrap License : MIT Description : This package provides a simple FastCGI wrapper for CGI scripts with/ : following features: : - very lightweight (84KB of private memory per instance) : - fixes broken CR/LF in headers : - handles environment in a sane way (CGI scripts get HTTP-related : environment vars from FastCGI parameters and inherit all the others : from environment of fcgiwrap ) : - no configuration, so you can run several sites off the same : fcgiwrap pool : - passes CGI std error output to std error stream of cgiwrap or FastCGI : - support systemd socket activation, launcher program like spawn-fcgi : is no longer required on systemd-enabled distributions [root@centos8 ~]# dnf -y install fcgiwrap Last metadata expiration check: 1:31:31 ago on Fri Jul 17 10:37:19 2020. Dependencies resolved. ======================================================================================== Package Architecture Version Repository Size ======================================================================================== Installing: fcgiwrap x86_64 1.1.0-12.20181108git99c942c.el8 epel 26 k Installing dependencies: fcgi x86_64 2.4.0-36.el8 epel 47 k Transaction Summary ======================================================================================== Install 2 Packages Total download size: 73 k Installed size: 131 k Downloading Packages: (1/2): fcgiwrap-1.1.0-12.20181108git99c942c.el8.x86_64. 265 kB/s | 26 kB 00:00 (2/2): fcgi-2.4.0-36.el8.x86_64.rpm 461 kB/s | 47 kB 00:00 ---------------------------------------------------------------------------------------- Total 35 kB/s | 73 kB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : fcgi-2.4.0-36.el8.x86_64 1/2 Installing : fcgiwrap-1.1.0-12.20181108git99c942c.el8.x86_64 2/2 Running scriptlet: fcgiwrap-1.1.0-12.20181108git99c942c.el8.x86_64 2/2 Verifying : fcgi-2.4.0-36.el8.x86_64 1/2 Verifying : fcgiwrap-1.1.0-12.20181108git99c942c.el8.x86_64 2/2 Installed: fcgi-2.4.0-36.el8.x86_64 fcgiwrap-1.1.0-12.20181108git99c942c.el8.x86_64 Complete! |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@centos8 ~]# repoquery --list fcgiwrap Last metadata expiration check: 1:31:52 ago on Fri Jul 17 10:37:19 2020. /etc/sysconfig/fcgiwrap /usr/lib/.build-id /usr/lib/.build-id/19 /usr/lib/.build-id/19/3659fdbdf8de77ac2484f53c35f734cdb9aabd /usr/lib/systemd/system/fcgiwrap@.service /usr/lib/systemd/system/fcgiwrap@.socket /usr/sbin/fcgiwrap /usr/share/doc/fcgiwrap /usr/share/doc/fcgiwrap/README.SELinux /usr/share/doc/fcgiwrap/README.rst /usr/share/doc/fcgiwrap/SETUP /usr/share/licenses/fcgiwrap /usr/share/licenses/fcgiwrap/COPYING /usr/share/man/man8/fcgiwrap.8.gz |
/usr/share/doc/fcgiwrap/SETUPを読むと下記のコマンドで起動してUNIX Socketを作成すると。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@centos8 ~]# systemctl enable fcgiwrap@nginx.socket Created symlink /etc/systemd/system/sockets.target.wants/fcgiwrap@nginx.socket -> /usr/lib/systemd/system/fcgiwrap@.socket. [root@centos8 ~]# systemctl start fcgiwrap@nginx.socket [root@centos8 ~]# systemctl status fcgiwrap@nginx.socket * fcgiwrap@nginx.socket - fcgiwrap Socket Loaded: loaded (/usr/lib/systemd/system/fcgiwrap@.socket; enabled; vendor preset: di> Active: active (listening) since Fri 2020-07-17 12:16:33 JST; 7s ago Listen: /run/fcgiwrap/fcgiwrap-nginx.sock (Stream) Tasks: 0 (limit: 49603) Memory: 48.0K CGroup: /system.slice/system-fcgiwrap.slice/fcgiwrap@nginx.socket Jul 17 12:16:33 centos8.rootlinks.net systemd[1]: Starting fcgiwrap Socket. Jul 17 12:16:33 centos8.rootlinks.net systemd[1]: Listening on fcgiwrap Socket. |
CGI用ディレクトリを別に作成して、そこにCGIを作成してテストします。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@centos8 ~]# mkdir /usr/share/nginx/cgi [root@centos8 ~]# ls -dl /usr/share/nginx/cgi drwxr-xr-x. 2 root root 22 Jul 17 14:22 /usr/share/nginx/cgi [root@centos8 ~]# vi /usr/share/nginx/cgi/test.cgi [root@centos8 ~]# cat /usr/share/nginx/cgi/test.cgi #!/usr/bin/perl print "Content-Type: text/html\n\n"; print "<html>"; print "<head><title>Test</title></head>"; print "<body>"; print "<h1>This is Perl CGI Test with Nginx</h1>"; print "</body>"; print "</html>"; [root@centos8 ~]# chmod ugo+x /usr/share/nginx/cgi/test.cgi [root@centos8 ~]# ls -l /usr/share/nginx/cgi/test.cgi -rwxr-xr-x. 1 root root 211 Jul 17 14:04 /usr/share/nginx/cgi/test.cgi |
/usr/share/nginx/cgiにある拡張子.cgiを実行できるように追加しています。includeする方が管理の上ではいいのかも知れませんが、取り合えず初心者なので。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
[root@centos8 ~]# vi /etc/nginx/nginx.conf [root@centos8 ~]# cat /etc/nginx/nginx.conf (snip) server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } location ~ \.cgi$ { root /usr/share/nginx/cgi; include fastcgi_params; fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } (snip) |
設定ファイルのテストしてエラーが無ければ再起動します。
1 2 3 4 |
[root@centos8 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@centos8 ~]# systemctl restart nginx |
おまけ
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
[root@centos8 ~]# cat /usr/lib/systemd/system/fcgiwrap@.service [Unit] Description=Simple CGI Server After=nss-user-lookup.target [Service] EnvironmentFile=/etc/sysconfig/fcgiwrap ExecStart=/usr/sbin/fcgiwrap ${DAEMON_OPTS} -c ${DAEMON_PROCS} User=%i [Install] Also=fcgiwrap@%i.socket [root@centos8 ~]# cat /usr/lib/systemd/system/fcgiwrap@.socket [Unit] Description=fcgiwrap Socket [Socket] ListenStream=/run/fcgiwrap/fcgiwrap-%i.sock RuntimeDirectory=fcgiwrap SocketUser=%i SocketMode=0660 [Install] WantedBy=sockets.target [root@centos8 ~]# cat /etc/sysconfig/fcgiwrap # fcgiwrap configuration parameters # Specify the number of fcgiwrap processes to prefork DAEMON_PROCS=1 # Specify additional daemon options. See man fcgiwrap. DAEMON_OPTS=-f |
man
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
FCGIWRAP(8) System Manager's Manual FCGIWRAP(8) NAME fcgiwrap - serve CGI applications over FastCGI SYNOPSIS fcgiwrap [OPTIONS] DESCRIPTION fcgiwrap is a simple server for running CGI applications over FastCGI. It hopes to provide clean CGI support to Nginx (and other web servers that may need it). OPTIONS -c number Number of fcgiwrap processes to prefork. -f Redirect STDERR output from executed CGI through FastCGI so it shows in the web server error log. Otherwise it would be returned on fcgiwrap's STDERR, which could be redirected. If running through spawn-fcgi, fcgiwrap's STDERR is sent to /dev/null, so this option provides a way to get that output back. -s socket_url A URL for the listen socket to bind to. By default fcgiwrap expects a listen socket to be passed on file descriptor 0, matching the FastCGI convention. The recommended way to deploy fcgiwrap is to run it under a process manager that takes care of opening the socket. However, for simple configurations and one- off tests this option may be used. Valid socket_urls include unix:/path/to/unix/socket, tcp:dot.ted.qu.ad:port and tcp6:[ipv6_addr]:port. -h Show a help message and exit. ENVIRONMENT When running, fcgiwrap evaluates these environment variables set by the web server calling an fcgi-script. The variables DOCUMENT_ROOT and SCRIPT_NAME will be concatenated and the resulting executable run as CGI script wrapped as FastCGI, with the remainder after the script name available as PATH_INFO. To disable PATH_INFO mangling, set up your web server to pass SCRIPT_FILENAME, which should contain the complete path to the script. Then PATH_INFO will not be modified. DOCUMENT_ROOT directory which the script resides in SCRIPT_NAME actual executable SCRIPT_FILENAME complete path to CGI script. When set, overrides DOCUMENT_ROOT and SCRIPT_NAME FCGI_CHDIR By default fcgiwrap changes to the directory containing the CGI script before executing it (per CGI spec). You may override this behaviour by passing FCGI_CHDIR containing the script's expected working directory or - to skip the directory change completely. EXAMPLE The fastest way to see fcgiwrap do something is to launch it at the command line like this: fcgiwrap -s unix:/var/run/fcgiwrap.sock Apart from potential permission problems etc., it should be ready to accept FastCGI requests and run CGI scripts. Most probably you will want to launch fcgiwrap by spawn-fcgi using a configuration like this: FCGI_SOCKET=/var/run/fcgiwrap.sock FCGI_PROGRAM=/usr/sbin/fcgiwrap FCGI_USER=nginx FCGI_GROUP=www FCGI_EXTRA_OPTIONS="-M 0700" ALLOWED_ENV="PATH" Nginx can be configured to have the arbitrary CGI cgit run as FastCGI as follows: location / { fastcgi_param DOCUMENT_ROOT /var/www/localhost/htdocs/cgit/; fastcgi_param SCRIPT_NAME cgit; fastcgi_pass unix:/var/run/fastcgi.sock; } AUTHOR fcgiwrap was written by Grzegorz Nosek <root@localdomain.pl> with con- tributions by W-Mark Kubacki <wmark@hurrikane.de>. This manual page was written by Jordi Mallach <jordi@debian.org> (with contributions by Grzegorz Nosek) for the Debian project (and may be used by others). Jun 3, 2010 FCGIWRAP(8) |