Monday 18 November 2024


OpenBSD httpd with cgi on FreeBSD
=================================

A short description on how to setup an environment to run
cgi-scripts using the OpenBSD httpd on FreeBSD.

Install packages
----------------
pkg install obhttpd slowcgi

Edit /etc/rc.conf
-----------------
Add the following lines to /etc/rc.conf:

  obhttpd_enable="YES"
  slowcgi_enable="YES"
  slowcgi_flags="-p /var/www"

Slowcgi will create a chroot at the path mentioned in
/etc/rc.conf, in this case: /var/www

Create and populate directories
-------------------------------
Create the directory /var/www and in this directory make
-depending on your cgi-program- at least the directories:

  bin
  cgi-bin
  lib
  libexec
  run

Populate this directory tree with the needed elements, like
bin/sh, lib/libc.so.7, lib/libutil.so.9, libexec/ld-elf.so.1,
and so on.

Use `ldd' to check which libraries you need, f.e.:
ldd /var/www/bin/sh

Add your cgi-script to the /var/www/cgi-bin/ directory.

Test that everything works in the chroot:

  chroot /var/www /cgi-bin/my-super-script.cgi

Allow access to the user `www'
------------------------------
Make sure the permissions of /var/www and everything under
this directory are set in such a way, that the user `www' has
access to the file (reading access, and executing or writing
where needed).

Create the config file
----------------------
Create or edit /usr/local/etc/obhttpd.conf

A small working example:

   chroot "/var/www"
   ext_ip="192.168.1.23"

   server "default" {
      listen on $ext_ip port 80

           root "/htdocs/"

      location "/cgi-bin/*" {
         directory { index "index.cgi" }
         fastcgi socket "/run/slowcgi.sock"
         root "/"
      }
   }


Remember the chroot, the socket "/run/slowcgi.sock" is
relative to the chroot, so it is in fact
/var/www/run/slowcgi.sock (this is the default socket that
slowcgi creates).
Likewise the root for the static files is /var/www/htdocs.

The IP address in the config file is required when running
in jail. Otherwise perhaps just `listen on * port 80' might
be enough.

When convenient, a different port (other than 80) can be
used.

Log files
---------
It can be useful to let the httpd write some logs. Create
the directory /var/www/logs so obhttpd can write the
access.log and error.log.

When you prefer not to have logs, add a line
"no log"
to the server part in the obhttpd.conf file (just before
the closing curly brace).

Basic Auth
----------
Basic auth can be added by creating a htpasswd file and
adding a line to the config. In this example we add basic
auth to the cgi-bin diretory:

   location "/cgi-bin/*" {
      authenticate ThisRealm with "/path/to/htpasswd"
      directory { index "index.cgi" }
      fastcgi socket "/run/slowcgi.sock"
      root "/"
   }

Replace "ThisRealm" with any fancy name for your realm.

Start the services and test
---------------------------
  /usr/local/etc/rc.d/slowcgi start
  /usr/local/etc/rc.d/obhttpd start


Happy cgi-ing!


Last edited: $Date: 2024/11/18 09:16:06 $

You are viewing proxied material from box.matto.nl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.