Welcome! Log In Create A New Profile

Advanced

Why are my CGI scripts not executed like PHP ?

Posted by Ralph Seichter 
Ralph Seichter
Why are my CGI scripts not executed like PHP ?
April 06, 2018 06:10PM
Hello list,

I am fairly new to nginx and now have stumbled across an issue I can't
solve. I have successfully configured nginx on Gentoo Linux to run PHP
applications (e.g. phpBB and phpMyAdmin) with php-fpm.

As far as I understand, php-fpm should also be able to execute "regular
CGI" in the form of Shell-Scripts or Perl, as long as the files are
executable and use shebang-notation to indicate what interpreter they
want to be run with?

In my test installation CGI scripts are never executed by php-fpm. File
contents are simply piped to the web browser, and I can't figure out
why. I searched the Net and mailing list archives, but did not find a
solution, so I thought it best to ask here.

Output of nginx -V, configuration dump and test.cgi are attached. Your
help is appreciated.

-Ralph


nginx version: nginx/1.13.11
built with OpenSSL 1.0.2n 7 Dec 2017
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid
--lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include
--with-ld-opt=-L/usr/lib64 --http-log-path=/var/log/nginx/access_log
--http-client-body-temp-path=/var/lib/nginx/tmp/client
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-compat
--with-http_v2_module --with-pcre --with-pcre-jit
--with-http_addition_module
--with-http_dav_module --with-http_perl_module --with-http_realip_module
--add-module=external_module/headers-more-nginx-module-0.33
--add-module=external_module/ngx-fancyindex-0.4.2
--add-module=external_module/ngx_http_auth_pam_module-1.5.1
--add-module=external_module/nginx-dav-ext-module-0.1.0
--add-module=external_module/echo-nginx-module-0.61
--add-module=external_module/nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c
--add-module=external_module/nginx-module-vts-0.1.15-gentoo
--with-http_ssl_module --without-stream_access_module
--without-stream_geo_module --without-stream_limit_conn_module
--without-stream_map_module --without-stream_return_module
--without-stream_split_clients_module --without-stream_upstream_hash_module
--without-stream_upstream_least_conn_module
--without-stream_upstream_zone_module --without-mail_pop3_module --with-mail
--with-mail_ssl_module --user=nginx --group=nginx

# configuration file /etc/nginx/nginx.conf:

user nginx nginx;
worker_processes 1;

error_log /var/log/nginx/error_log info;

events {
worker_connections 1024;
use epoll;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';

client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;

connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;

gzip off;

output_buffers 1 32k;
postpone_output 1460;

sendfile on;
tcp_nopush on;
tcp_nodelay on;

keepalive_timeout 75 20;

ignore_invalid_headers on;

index index.html;

server {
listen *:8080 default_server;
access_log /var/log/nginx/access_log main;
error_log /var/log/nginx/error_log info;

server_name _;
root /var/www/localhost/htdocs;

# Alternative: temp redirect to HTTPS
#return 302 https://$host$request_uri;
}

include local/*.conf;
}

# configuration file /etc/nginx/local/20-test.conf:

server {
listen *:8443 ssl default_server;
server_name test.mydomain.tld;
access_log /var/log/nginx/ssl_access_log main;
error_log /var/log/nginx/ssl_error_log debug;

ssl on;
ssl_certificate /etc/ssl/mydomain/cert.pem;
ssl_certificate_key /etc/ssl/mydomain/key.pem;

root /var/www/localhost/test;
index test.cgi;

location ~ \.cgi$ {
# Test for non-existent scripts or throw a 404 error
try_files $uri =404;

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/run/php7-fpm.sock;
}
}

# configuration file /etc/nginx/mime.types:

types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;

text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;

image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;

application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;

application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;

application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;

audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;

video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

# configuration file /etc/nginx/fastcgi_params:

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

# httpoxy mitigation (https://httpoxy.org/
https://www.nginx.com/blog/?p=41962)
fastcgi_param HTTP_PROXY "";


$ cat /var/www/localhost/test/test.cgi
#!/bin/sh
echo '<html><body>Hello world.</body></html>'

$ ls -l /var/www/localhost/test/test.cgi
-rwxr-xr-x 1 root root 67 Apr 6 17:24 /var/www/localhost/test/test.cgi*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Richard Stanway via nginx
Re: Why are my CGI scripts not executed like PHP ?
April 06, 2018 07:10PM
PHP-FPM is only for PHP. You'll want something like fcgiwrap for regular
CGI files.

See https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/

On Fri, Apr 6, 2018 at 6:02 PM, Ralph Seichter <[email protected]>
wrote:

> Hello list,
>
> I am fairly new to nginx and now have stumbled across an issue I can't
> solve. I have successfully configured nginx on Gentoo Linux to run PHP
> applications (e.g. phpBB and phpMyAdmin) with php-fpm.
>
> As far as I understand, php-fpm should also be able to execute "regular
> CGI" in the form of Shell-Scripts or Perl, as long as the files are
> executable and use shebang-notation to indicate what interpreter they
> want to be run with?
>
> In my test installation CGI scripts are never executed by php-fpm. File
> contents are simply piped to the web browser, and I can't figure out
> why. I searched the Net and mailing list archives, but did not find a
> solution, so I thought it best to ask here.
>
> Output of nginx -V, configuration dump and test.cgi are attached. Your
> help is appreciated.
>
> -Ralph
>
>
> nginx version: nginx/1.13.11
> built with OpenSSL 1.0.2n 7 Dec 2017
> TLS SNI support enabled
> configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf
> --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid
> --lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include
> --with-ld-opt=-L/usr/lib64 --http-log-path=/var/log/nginx/access_log
> --http-client-body-temp-path=/var/lib/nginx/tmp/client
> --http-proxy-temp-path=/var/lib/nginx/tmp/proxy
> --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
> --http-scgi-temp-path=/var/lib/nginx/tmp/scgi
> --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-compat
> --with-http_v2_module --with-pcre --with-pcre-jit
> --with-http_addition_module
> --with-http_dav_module --with-http_perl_module --with-http_realip_module
> --add-module=external_module/headers-more-nginx-module-0.33
> --add-module=external_module/ngx-fancyindex-0.4.2
> --add-module=external_module/ngx_http_auth_pam_module-1.5.1
> --add-module=external_module/nginx-dav-ext-module-0.1.0
> --add-module=external_module/echo-nginx-module-0.61
> --add-module=external_module/nginx-auth-ldap-
> 42d195d7a7575ebab1c369ad3fc5d78dc2c2669c
> --add-module=external_module/nginx-module-vts-0.1.15-gentoo
> --with-http_ssl_module --without-stream_access_module
> --without-stream_geo_module --without-stream_limit_conn_module
> --without-stream_map_module --without-stream_return_module
> --without-stream_split_clients_module --without-stream_upstream_
> hash_module
> --without-stream_upstream_least_conn_module
> --without-stream_upstream_zone_module --without-mail_pop3_module
> --with-mail
> --with-mail_ssl_module --user=nginx --group=nginx
>
> # configuration file /etc/nginx/nginx.conf:
>
> user nginx nginx;
> worker_processes 1;
>
> error_log /var/log/nginx/error_log info;
>
> events {
> worker_connections 1024;
> use epoll;
> }
>
> http {
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> log_format main
> '$remote_addr - $remote_user [$time_local] '
> '"$request" $status $bytes_sent '
> '"$http_referer" "$http_user_agent" '
> '"$gzip_ratio"';
>
> client_header_timeout 10m;
> client_body_timeout 10m;
> send_timeout 10m;
>
> connection_pool_size 256;
> client_header_buffer_size 1k;
> large_client_header_buffers 4 2k;
> request_pool_size 4k;
>
> gzip off;
>
> output_buffers 1 32k;
> postpone_output 1460;
>
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
>
> keepalive_timeout 75 20;
>
> ignore_invalid_headers on;
>
> index index.html;
>
> server {
> listen *:8080 default_server;
> access_log /var/log/nginx/access_log main;
> error_log /var/log/nginx/error_log info;
>
> server_name _;
> root /var/www/localhost/htdocs;
>
> # Alternative: temp redirect to HTTPS
> #return 302 https://$host$request_uri;
> }
>
> include local/*.conf;
> }
>
> # configuration file /etc/nginx/local/20-test.conf:
>
> server {
> listen *:8443 ssl default_server;
> server_name test.mydomain.tld;
> access_log /var/log/nginx/ssl_access_log main;
> error_log /var/log/nginx/ssl_error_log debug;
>
> ssl on;
> ssl_certificate /etc/ssl/mydomain/cert.pem;
> ssl_certificate_key /etc/ssl/mydomain/key.pem;
>
> root /var/www/localhost/test;
> index test.cgi;
>
> location ~ \.cgi$ {
> # Test for non-existent scripts or throw a 404 error
> try_files $uri =404;
>
> include fastcgi_params;
> fastcgi_param SCRIPT_FILENAME $request_filename;
> fastcgi_pass unix:/run/php7-fpm.sock;
> }
> }
>
> # configuration file /etc/nginx/mime.types:
>
> types {
> text/html html htm shtml;
> text/css css;
> text/xml xml;
> image/gif gif;
> image/jpeg jpeg jpg;
> application/javascript js;
> application/atom+xml atom;
> application/rss+xml rss;
>
> text/mathml mml;
> text/plain txt;
> text/vnd.sun.j2me.app-descriptor jad;
> text/vnd.wap.wml wml;
> text/x-component htc;
>
> image/png png;
> image/svg+xml svg svgz;
> image/tiff tif tiff;
> image/vnd.wap.wbmp wbmp;
> image/webp webp;
> image/x-icon ico;
> image/x-jng jng;
> image/x-ms-bmp bmp;
>
> application/font-woff woff;
> application/java-archive jar war ear;
> application/json json;
> application/mac-binhex40 hqx;
> application/msword doc;
> application/pdf pdf;
> application/postscript ps eps ai;
> application/rtf rtf;
> application/vnd.apple.mpegurl m3u8;
> application/vnd.google-earth.kml+xml kml;
> application/vnd.google-earth.kmz kmz;
> application/vnd.ms-excel xls;
> application/vnd.ms-fontobject eot;
> application/vnd.ms-powerpoint ppt;
> application/vnd.oasis.opendocument.graphics odg;
> application/vnd.oasis.opendocument.presentation odp;
> application/vnd.oasis.opendocument.spreadsheet ods;
> application/vnd.oasis.opendocument.text odt;
>
> application/vnd.openxmlformats-officedocument.presentationml.presentation
> pptx;
> application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
> xlsx;
> application/vnd.openxmlformats-officedocument.
> wordprocessingml.document
> docx;
> application/vnd.wap.wmlc wmlc;
> application/x-7z-compressed 7z;
> application/x-cocoa cco;
> application/x-java-archive-diff jardiff;
> application/x-java-jnlp-file jnlp;
> application/x-makeself run;
> application/x-perl pl pm;
> application/x-pilot prc pdb;
> application/x-rar-compressed rar;
> application/x-redhat-package-manager rpm;
> application/x-sea sea;
> application/x-shockwave-flash swf;
> application/x-stuffit sit;
> application/x-tcl tcl tk;
> application/x-x509-ca-cert der pem crt;
> application/x-xpinstall xpi;
> application/xhtml+xml xhtml;
> application/xspf+xml xspf;
> application/zip zip;
>
> application/octet-stream bin exe dll;
> application/octet-stream deb;
> application/octet-stream dmg;
> application/octet-stream iso img;
> application/octet-stream msi msp msm;
>
> audio/midi mid midi kar;
> audio/mpeg mp3;
> audio/ogg ogg;
> audio/x-m4a m4a;
> audio/x-realaudio ra;
>
> video/3gpp 3gpp 3gp;
> video/mp2t ts;
> video/mp4 mp4;
> video/mpeg mpeg mpg;
> video/quicktime mov;
> video/webm webm;
> video/x-flv flv;
> video/x-m4v m4v;
> video/x-mng mng;
> video/x-ms-asf asx asf;
> video/x-ms-wmv wmv;
> video/x-msvideo avi;
> }
>
> # configuration file /etc/nginx/fastcgi_params:
>
> fastcgi_param QUERY_STRING $query_string;
> fastcgi_param REQUEST_METHOD $request_method;
> fastcgi_param CONTENT_TYPE $content_type;
> fastcgi_param CONTENT_LENGTH $content_length;
>
> fastcgi_param SCRIPT_NAME $fastcgi_script_name;
> fastcgi_param REQUEST_URI $request_uri;
> fastcgi_param DOCUMENT_URI $document_uri;
> fastcgi_param DOCUMENT_ROOT $document_root;
> fastcgi_param SERVER_PROTOCOL $server_protocol;
> fastcgi_param REQUEST_SCHEME $scheme;
> fastcgi_param HTTPS $https if_not_empty;
>
> fastcgi_param GATEWAY_INTERFACE CGI/1.1;
> fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
>
> fastcgi_param REMOTE_ADDR $remote_addr;
> fastcgi_param REMOTE_PORT $remote_port;
> fastcgi_param SERVER_ADDR $server_addr;
> fastcgi_param SERVER_PORT $server_port;
> fastcgi_param SERVER_NAME $server_name;
>
> # PHP only, required if PHP was built with --enable-force-cgi-redirect
> fastcgi_param REDIRECT_STATUS 200;
>
> # httpoxy mitigation (https://httpoxy.org/
> https://www.nginx.com/blog/?p=41962)
> fastcgi_param HTTP_PROXY "";
>
>
> $ cat /var/www/localhost/test/test.cgi
> #!/bin/sh
> echo '<html><body>Hello world.</body></html>'
>
> $ ls -l /var/www/localhost/test/test.cgi
> -rwxr-xr-x 1 root root 67 Apr 6 17:24 /var/www/localhost/test/test.cgi*
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Ralph Seichter
Why are my CGI scripts not executed like PHP ?
April 06, 2018 07:30PM
On 06.04.2018 19:04, Richard Stanway wrote:

> PHP-FPM is only for PHP. You'll want something like fcgiwrap for
> regular CGI files.

Seriously? But http://php.net/manual/en/intro.fpm.php states: "FPM
(FastCGI Process Manager) is an alternative PHP FastCGI implementation
with some additional features (mostly) useful for heavy-loaded sites."
I mistakenly assumed that the name FastCGI Process Manager implies this
piece of software is meant for CGI in general and used for PHP more as a
byproduct. Also, there are the nginx config file names fastcgi.conf and
fastcgi_params. Sigh. Silly me... :-P

Thanks for letting me know that I can stop wasting time with the wrong
tool for the job. I'll investigate FCGI Wrap, like you suggested.

-Ralph
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Ralph Seichter
Re: Why are my CGI scripts not executed like PHP ?
April 06, 2018 10:00PM
On 06.04.18 19:04, Richard Stanway wrote:

> https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/

I altered my setup to use fcgiwrap. Since then, I keep getting "502 Bad
Gateway" errors, with log entries like this:

2018/04/06 21:21:02 [error] 17838#0: *1 upstream prematurely closed
FastCGI stdout while reading response header from upstream, client:
123.234.123.234, server: test.mydomain.tld, request: "GET / HTTP/1.1",
upstream: "fastcgi://unix:/tmp/cgi.sock:", host: "test.mydomain.tld:8443"

I use fcgiwrap 1.1.0 from 2013, which appears to be the latest available
release according to https://github.com/gnosek/fcgiwrap . I tried both
the Perl script at the location you linked and spawn-fcgi 1.6.4 as an
alternative, but the 502 error pops up regardlesss. Permissions for the
socket are as follows:

$ ls -l /tmp/cgi.sock
srwx------ 1 nginx nginx 0 Apr 6 21:48 /tmp/cgi.sock=

Interestingly I found this old message of Richard's:

http://mailman.nginx.org/pipermail/nginx/2014-January/041963.html

Unfortunately no amount of meddling with SCRIPT_FILENAME, including
setting the absolute path to the CGI script, made any difference for me.

I don't know how to debug this further. Development of fcgiwrap seems to
have ended years ago and the project page is no longer connected. I'd be
grateful for more ideas how to solve this puzzle.

-Ralph

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Why are my CGI scripts not executed like PHP ?
April 07, 2018 04:20PM
On Fri, Apr 06, 2018 at 09:53:27PM +0200, Ralph Seichter wrote:

Hi there,

This mail is a bit long, but I try to cover the points raised in your
previous mails too.

"CGI" is an interface between the executable (that you write or find;
commonly referred to as a "CGI script", although it may not be a
script) and the thing that executes it (typically, traditionally, a web
server). The CGI script expects to be run in a particular environment,
with particular environment variables set. It is expected to produce
output in a particular format.

Nginx does not "do" CGI.

FastCGI is a separate protocol. It defines the communication between the
client (typically, a web server) and the fastcgi server. What the server
does next is up to it; all the client cares about is that the response
is correctly formatted.

Nginx does "do" FastCGI; it knows how to act as a client talking to a
FastCGI server.

One FastCGI server is php-fpm. It executes PHP scripts. Whether it
provides a CGI-like environment and only executes PHP CGI scripts;
or whether it does its own magic to execute any PHP script, is not
something that the FastCGI client has to care about.

One FastCGI server is fcgiwrap. It is intended as a generic wrapper
around any CGI script. Fcgiwrap is intended to receive a FastCGI-protocol
request, executes a particular CGI script using the correct interface
(environment, input, output), accept the output, and return it
appropriately modified to the FastCGI client.


While nginx does speak the FastCGI protocol, and does include the
"generic" parameters (key/value pairs, effectively) in the communication,
it cannot know the full set of parameters that *this* FastCGI server
expects, or the particular values that some parameters should have for
*this* request. That's where the person configuring nginx comes in --
it is their responsibility to ensure that the nginx-side configuration
is appropriate.

I said that fcgiwrap "executes a particular CGI script". How does
the FastCGI server know which script that is? That is entirely up
to the FastCGI server to decide. Typically, it will use the value of
the parameter SCRIPT_FILENAME that is given to it. But maybe your one
does something else. Only you can know, based on the documentation or
implementation of your FastCGI server.

What happens if the client sends more than one value for the parameter
SCRIPT_FILENAME? Again, that is entirely up to the FastCGI server to
decide. Perhaps it uses the first; perhaps it uses the last; perhaps it
uses any of them randomly; perhaps it uses none.

What should the client (in this case: nginx) do if it is configured
to send more than one value for the parameter SCRIPT_FILENAME (or:
for any parameter)? It could try to be clever, and only send the first
value it is configured to send. Or only the last. Or only one of them,
randomly. Or it could assume that the administrator knows what they are
doing, and send whatever it is configured to send. Nginx does the latter.


So, with all that out of the way: what is the problem that you are
reporting?

You have an executable CGI script, /tmp/script, with the contents

==
#!/bin/sh
echo Content-Type: text/plain
echo
echo The script is running.
echo The environment is:
env
==

You want nginx to tell fcgiwrap to execute that script for all incoming requests:

==
server {
listen 8008;
location / {
fastcgi_pass unix:/tmp/fcgi.sock;
fastcgi_param SCRIPT_FILENAME /tmp/script;
}
}
==

For this to work, you must have already configured a FastCGI-wrapper
to listen on /tmp/fcgi.sock and to use the parameter SCRIPT_FILENAME as
the name of the program to execute.

> I altered my setup to use fcgiwrap. Since then, I keep getting "502 Bad
> Gateway" errors, with log entries like this:
>
> 2018/04/06 21:21:02 [error] 17838#0: *1 upstream prematurely closed
> FastCGI stdout while reading response header from upstream, client:
> 123.234.123.234, server: test.mydomain.tld, request: "GET / HTTP/1.1",
> upstream: "fastcgi://unix:/tmp/cgi.sock:", host: "test.mydomain.tld:8443"

Without /tmp/fcgi.sock being correctly available:

curl -i http://127.0.0.1:8008/x?k=v

returns "HTTP/1.1 502 Bad Gateway" and the nginx error log says what
nginx saw the problem to be -- "no such file" or "permission denied"
indicate that the socket is not listening correctly; "upstream prematurely
closed" suggests that the problem is on the fcgiwrap side -- check its
logs, or investigate further.

Perhaps /tmp/script is not executable by the fcgiwrap user, or does
not provide correct CGI output when run in this limited environment. Or
perhaps something else on your system prevents this file in /tmp from
being executed -- it's your system, only you know how it is configured
and where the logs are that report failures. (Perhaps you have to move
/tmp/fcgi.sock to somewhere else; perhaps you have to move /tmp/script
to somewhere else.)

So, turn on fcgiwrap, ensure that the declared socket is readable and
writeable by the nginx user, and ensure that the declared script is
executable.

(In this case, I just do "env -i /usr/local/bin/fcgiwrap -s
unix:/tmp/fcgi.sock"; but you do whatever your system wants in order to
achieve the same thing.)

Now:

curl -i http://127.0.0.1:8008/x?k=v

returns "HTTP/1.1 200 OK" with some useful content (in my case: 10 lines
of output). It works, hurray.

That content includes the HTTP_ variables that were the client request
headers. It does not include things like QUERY_STRING and the like, which
are common CGI variables. That is because nginx was not configured to send
them to fcgiwrap, so fcgiwrap did not expose them to /tmp/script. Maybe
your "real" CGI script requires that some of those variables are set,
and will fail if they are not.

So change the nginx config to include "the usually sensible parameters"
-- although only you know what is sensible in your particular case,
so you may want to edit this to taste. In the nginx.conf, add one line
so that you have

==
server {
listen 8008;
location / {
fastcgi_pass unix:/tmp/fcgi.sock;
fastcgi_param SCRIPT_FILENAME /tmp/script;
include fastcgi_params;
}
}
==

Now "curl -i http://127.0.0.1:8008/x?k=v"; returns more output (in my
case: 27 lines) including things like DOCUMENT_ROOT and REQUEST_URI
and DOCUMENT_URI and all of the other things that you can see in the
fastcgi_params file.

> I use fcgiwrap 1.1.0 from 2013, which appears to be the latest available
> release according to https://github.com/gnosek/fcgiwrap .

> I don't know how to debug this further. Development of fcgiwrap seems to
> have ended years ago and the project page is no longer connected. I'd be
> grateful for more ideas how to solve this puzzle.

In this test case, I am using "fcgiwrap version 1.0.1" from Grzegorz
Nosek, because that one happens to be lying around on this system. It
does not need much in the way of active development, since it works,
and the interfaces it implements have not changed recently.

All the best,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Ralph Seichter
Re: Why are my CGI scripts not executed like PHP ?
April 07, 2018 08:20PM
On 07.04.18 16:18, Francis Daly wrote:

> This mail is a bit long, but I try to cover the points raised in your
> previous mails too.

I appreciate you taking the time. Like I said, I am new to nginx. Years
of using Apache caused me to expect certain things to happen in certain
ways, and even though I studied nginx documentation and already noted
substantial differences, I'm glad for your thorough description. One
sentence in particular got me thinking:

> Perhaps /tmp/script is not executable by the fcgiwrap user, or does
> not provide correct CGI output when run in this limited environment.

Yesterday I had verified that the CGI test script was executable for
all, ran it with "su nginx -c /path/to/test.cgi", and then basically
forgot about the script, to focus all my attention on nginx, fcgiwrap,
and the other tools in my box.

Turns out that the CGI shell script I quickly typed in Vi lacks a small
but significant detail. https://tools.ietf.org/html/rfc3875 section 6.2
states "The response comprises a message-header and a message-body,
separated by a blank line", and unfortunately I omitted that blank line.

Seeing that, the error message I included in yesterday's email makes
more sense to me: "Upstream prematurely closed FastCGI stdout while
reading response header". With the blank line absent, all returned data
was considered message-header, and when the stream was closed, no
message-body had apparently been received.

As soon as I added the missing blank line to my test.cgi, all worked
smoothly. Here's the relevant section of my nginx configuration:

server {
listen *:443 ssl;
server_name test.mydomain.tld;
# ...logging and basic SSL stuff here...

root /var/www/localhost/test;
index test.cgi;
location ~ \.cgi$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/fcgi-nginx-1;
}
}

Doesn't look like much, and according to Git, that's actually what I
used on my very first attempt with spawn-fcgi. I sure wish I had spotted
the script problem earlier. Face, meet palm.

-Ralph
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Why are my CGI scripts not executed like PHP ?
April 09, 2018 10:50AM
On Sat, Apr 07, 2018 at 08:13:32PM +0200, Ralph Seichter wrote:
> On 07.04.18 16:18, Francis Daly wrote:

Hi there,

> Turns out that the CGI shell script I quickly typed in Vi lacks a small
> but significant detail. https://tools.ietf.org/html/rfc3875 section 6.2
> states "The response comprises a message-header and a message-body,
> separated by a blank line", and unfortunately I omitted that blank line.

Good that you found the problem, and got it all working.

And thanks for sharing the solution with the list -- that will probably
help the next person who has a similar problem, so that they now won't
need to send a mail :-)

Cheers,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Aleksandar Lazic
Re: Why are my CGI scripts not executed like PHP ?
April 10, 2018 11:00PM
Hi,

Am 06.04.2018 um 21:53 schrieb Ralph Seichter:
> On 06.04.18 19:04, Richard Stanway wrote:
>
>> https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
>
> I altered my setup to use fcgiwrap. Since then, I keep getting "502 Bad
> Gateway" errors, with log entries like this:
>
> 2018/04/06 21:21:02 [error] 17838#0: *1 upstream prematurely closed
> FastCGI stdout while reading response header from upstream, client:
> 123.234.123.234, server: test.mydomain.tld, request: "GET / HTTP/1.1",
> upstream: "fastcgi://unix:/tmp/cgi.sock:", host: "test.mydomain.tld:8443"
>
> I use fcgiwrap 1.1.0 from 2013, which appears to be the latest available
> release according to https://github.com/gnosek/fcgiwrap.

Even you have found a working solution you can take a look into uwsgi as
cgi daemon.

https://uwsgi-docs.readthedocs.io/en/latest/CGI.html

It's a quite powerful and robust peace of software any it's active
developed. Latest release is from 20180226

Regards
aleks

> I tried both
> the Perl script at the location you linked and spawn-fcgi 1.6.4 as an
> alternative, but the 502 error pops up regardlesss. Permissions for the
> socket are as follows:
>
> $ ls -l /tmp/cgi.sock
> srwx------ 1 nginx nginx 0 Apr 6 21:48 /tmp/cgi.sock=
>
> Interestingly I found this old message of Richard's:
>
> http://mailman.nginx.org/pipermail/nginx/2014-January/041963.html
>
> Unfortunately no amount of meddling with SCRIPT_FILENAME, including
> setting the absolute path to the CGI script, made any difference for me.
>
> I don't know how to debug this further. Development of fcgiwrap seems to
> have ended years ago and the project page is no longer connected. I'd be
> grateful for more ideas how to solve this puzzle.
>
> -Ralph
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login