617 瀏覽數

Apache – CGI

測試環境為 CentOS 7 x86_64 (IP:172.16.15.129) 虛擬機

http (Apache) , CGI (Common Gateway Interface)-perl 所需套件.

[root@localhost ~]$ yum -y install httpd perl perl-CGI
[root@localhost ~]$ systemctl enable httpd
[root@localhost ~]$ systemctl restart httpd
[root@localhost ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 四 2018-01-25 10:09:02 CST; 5s ago

可以利用 curl 來檢視 Http 是否正常運作,或是直接透過 網頁瀏覽器 來查看.

[root@localhost ~]$ curl http://172.16.15.129

Apache 安裝好之後要支援 CGI (Common Gateway Interface)-perl 網頁程式語言還需要經過下面的設定.

CGI 預設目錄

預設會新增一個資料夾 /var/www/cgi-bin ,預設網頁資料夾為 /var/www/html ,編輯簡單的 perl 程式來試試看.

[root@localhost ~]$ vi /var/www/cgi-bin/hello.pl
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World!";

perl 程式需要有執行的權限.

[root@localhost ~]$ chmod a+x /var/www/cgi-bin/hello.pl
[root@localhost ~]$ ll /var/www/cgi-bin/hello.pl
-rwxr-xr-x 1 root root 76  1月 25 14:17 /var/www/cgi-bin/hello.pl

可過 elinks 來檢視 perl 程式是否正常運作,或是直接透過 網頁瀏覽器 來查看.

[root@localhost ~]$ yum install -y elinks
[root@localhost ~]$ elinks http://172.16.15.129/cgi-bin/hello.pl


自訂 CGI 目錄

如果我需要把 /var/www/perl/ 設定為新的 CGI 執行目錄.

[root@localhost ~]$ mkdir /var/www/perl
[root@localhost ~]$ vi /var/www/perl/hello.pl
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World!";
[root@localhost ~]$ chmod a+x /var/www/perl/hello.pl 
[root@localhost ~]$ ll /var/www/perl/hello.pl 
-rwxr-xr-x. 1 root root 76  1月 25 10:35 /var/www/perl/hello.pl

需要新增 httpd.conf 設定檔.

[root@localhost ~]$ vi /etc/httpd/conf/httpd.conf
ScriptAlias /perl/ "/var/www/perl/"
<Directory "/var/www/perl">
    AllowOverride None
    Options None
    Require all granted
    Options +ExecCGI
    AddHandler cgi-script .pl
</Directory>
  • ScriptAlias
    如果 CGI 程式目錄不在 DocumentRoot 下 (/var/www/html/),需要使用 ScriptAlias 來指示 CGI 目錄的實際路徑. /perl/ “/var/www/perl/” 代表 http 路徑為 http://172.16.15.129/perl
  • Directory
    需定義 “/var/www/perl” 的權限.
  • Options
    +ExecCGI 表示該目錄下可以允許 CGI 程式的執行.
  • AddHandler
    cgi-script .pl 指定哪一類型 CGI 程式副檔案可以執行 (通常有 .cgi 或 .pl)
[root@localhost ~]$ systemctl restart httpd
[root@localhost ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 四 2018-01-25 11:02:35 CST; 7s ago
[root@localhost ~]$ elinks http://172.16.15.129/perl/hello.pl

常見錯誤

最常見的錯誤是檔案無法執行

[root@localhost ~]$ elinks http://172.16.15.129/perl/hello.pl
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.
[root@localhost ~]$ cat /var/log/httpd/error_log
[cgi:error] [pid 19383] [client ::1:54928] AH01215: (13)Permission denied: exec of '/var/www/perl/hello.pl' failed

[hph]
[root@localhost ~]$ elinks http://172.16.15.129/perl/hello.pl
Forbidden

You don’t have permission to access /perl/ on this server.
[/php]

  • CGI 沒有設定執行權限 (x)
    需使用指令 chmod a+x hello.pl 來設定.
  • 該程式儲存在非 執行 cgi 目錄
    須在 httpd.conf 設定檔定義 ScriptAlias 與 Directory.
  • 有設定 selinux ,可以先 disable 試試看.
    設定 selinux 後必須重新開關機.
    [root@localhost ~]# vi /etc/sysconfig/selinux 
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    #SELINUX=enforcing
    # SELINUXTYPE= can take one of three two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected.
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
    [root@localhost ~]# reboot
    
    [root@localhost ~]# sestatus 
    SELinux status:                 disabled
    

發表迴響