CentOS 7.5 Can't open display via http GET - apache

I am trying to execute a bash script via a remote workstation via an apache server.
So I've installed Apache and I can execute test scripts just fine.
But what I'd like to do is to execute a script which is sending a key command (via xdotool) to the current X11 session that is running by the user "vfx".
Script "new.sh":
#!/usr/bin/env sh
export DISPLAY=:"0.0"
export XAUTHORITY=/home/vfx/.Xauthority
xdotool key s
When I try to run it on the remote workstation I always get the following: (from httpd error logs)
[Wed Nov 27 21:30:18.610990 2019] [cgi:error] [pid 2317] [client 192.168.0.194:36750] AH01215: Error: Can't open display: (null)
[Wed Nov 27 21:30:18.611051 2019] [cgi:error] [pid 2317] [client 192.168.0.194:36750] AH01215: Failed creating new xdo instance
[Wed Nov 27 21:30:18.611429 2019] [cgi:error] [pid 2317] [client 192.168.0.194:36750] End of script output before headers: new.sh
I am using Gnome classic.
Connecting via ssh using "export DISPLAY=:"0.0"" and "xdotool key s" is working.
I've already tried the following:
Edit visudo:
apache ALL=(vfx) NOPASSWD: /var/wwww/cgi-bin/new.sh
apache ALL=(vfx) NOPASSWD: /home/vfx/
xhost +
Firewall changes:
# firewall-cmd --zone=public --add-port=6000/tcp
# firewall-cmd --permanent --zone=public --add-port=6000/tcp
# firewall-cmd --zone=public --add-port=177/udp
Edited: /etc/gdm/custom.conf:
# GDM configuration storage
[daemon]
[security]
DisallowTCP=false
[xdmcp]
ServerArguments=-listen tcp
Enable=true
[chooser]
[debug]
# Uncomment the line below to turn on debugging
#Enable=true
Edited: /etc/ssh/sshd_config
x11 forwarding yes
Any help would be greatly appreciated

Related

`http.service` fail to start with `exit-code` or `protocol`

I'm configuring a new Apache web server on Oracle Linux 9 (comparable with RedHat/CentOS according to Oracle). The version of httpd is 2.4.51 and the version of php is 8.0.13. However, the service failed to start with the following error (with journalctl -xeu:
httpd.service: Failed with result 'exit-code'.
I look up and many of similar error appear related to config file. But apachectl configtest returned Syntax OK, httpd --help give no output.
So I tried to comment out some config in http.conf, after commenting out the mod-security related line, it throws out new error message:
httpd.service: Failed with result 'protocol'.
No other useful error message can be retrieved from journalctl.
Commenting out the php related lines also doesn't help. Besides, I found that to install mod_security2 I have several other "module" to install, but I download this mod_security2 from aap stream. To make sure the problem does not come from this module, I installed the required modules (except libapr and libapr-utilbecause error occurs on building, therpmbuildcannot finddoxygen` even though I installed it) that are required in its documentation.
—————Update————
error_log:
[core:notice] [pid 4944:tid 4944] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)AH00016: Configuration Failed
[core:notice] [pid 4963:tid 4963] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[suexec:notice] - - AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[-:notice] - - ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/) configured.
[:notice] [pid 4963:tid 4963] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"
[:notice] [pid 4963:tid 4963] ModSecurity: PCRE compiled version="8.44 "; loaded version="8.44 2020-02-12"
[:notice] [pid 4963:tid 4963] ModSecurity: LUA compiled version="Lua 5.4"
[:notice] [pid 4963:tid 4963] ModSecurity: YAJL compiled version="2.1.0"
[:notice] [pid 4963:tid 4963] ModSecurity: LIBXML compiled version="2.9.12"
[-:notice] - - ModSecurity: Original server signature: Apache
[:notice] [pid 4963:tid 4963] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[lbmethod_heartbeat:notice] - - AH02282: No slotmem from mod_heartmonitor
[-:error] - - SecServerSignature: original signature too short. Please set ServerTokens to Full.
[core:notice] - - AH00094: Command line: 'httpd'
AH00016 seem to be related with ssl cert, so I also attached the error log for ssl.
ssl_error_log:
[ssl:emerg] - - AH02562: Failed to configure certificate www.example.com:443:0 (with chain), check /etc/pki/tls/certs/example-wildcard.crt
[ssl:emerg] - - SSL Library Error: error:8000000D:system library::Permission denied (calling fopen(/etc/pki/tls/certs/example-wildcard.crt, r))
[ssl:emerg] - - SSL Library Error: error:10080002:BIO routines::system lib
[ssl:emerg] - - SSL Library Error: error:0A080002:SSL routines::system lib
I found a permission denied error to read my wildcard cert, and I noticed it was because I have the wrong ownership. I changed to what it should be, with a right of 644.
BTW, httpd -t also returns Syntax OK.
Now that I rerun httpd -t with no root right returns error to file permission (solved by changing the ownership to apache):
# sudo -u apache httpd -t
AH00526: Syntax error on line 39 of /etc/httpd/conf.d/mod_security.conf:
ModSecurity: Failed to open debug log file: /etc/httpd/logs/modsec_debug.log
Weird enough, when I check port listener I saw:
$ sudo netstat -punta | grep LISTEN
tcp6 0 0 :::443 :::* LISTEN 4964/httpd
tcp6 0 0 :::80 :::* LISTEN 4964/httpd
httpd is listening when it failed to start?
Maybe SELinux is denying access, probe this:
restorecon -vF /etc/pki/tls/certs/example-wildcard.crt

Anyone succeeded to Install Laravel on Apache2 with fcgi?

I have successfully installed Laravel on Apache2 with php as a module. The instructions are simple. However, when I try with fcgi it does not work. So it has to do with the server configuration. After I visited http://<mylaraveldomain> (domain not public), I looked at /var/log/apache2/error.log and got this error message
[Thu Mar 26 22:52:34.012794 2015] [fcgid:warn] [pid 30834] (104)Connection reset by peer: [client 65.92.253.153:7785] mod_fcgid: error reading data from FastCGI server
[Thu Mar 26 22:52:34.012862 2015] [core:error] [pid 30834] [client 65.92.253.153:7785] End of script output before headers: php-fcgi-wrapper
[Thu Mar 26 22:52:39.826939 2015] [fcgid:error] [pid 30830] mod_fcgid: process /var/www/default/cgi-bin/php5-default/php-fcgi-wrapper(31115) exit(communication error), get unexpected signal 11
I also looked at all other log files in /var/log recently modified after visiting the URL, but no additional useful info was found. Should I look elsewhere? It is not that fcgi is not working, because if I put a file test.php in laravel public folder I can read it fine at the URL http://<mylaraveldomain>/test.php. Is there some special configuration settings to make laravel works with fcgi ? It is possible that it is specific to my installation of fcgi. So, I would like to know if others have succeeded to install laravel with fcgi on apache2. I am on Ubuntu and I made a recent apt-get upgrade.
I checked syslog and there was additional info. I could see a segment fault. I guessed it could be cache management issue. I commented out the line zend_extension=opcache.so in the file /etc/php5/apache2/conf.d/05-opcache.ini and it worked. Of course, this is only a work around.

localhost/phpmyadmin 404 error

I have installed phpmyadmin, but doesn't seem to work.
I have apache2, php5, php-cgi, mysql-server, mysql-client installed too.
I've added the next line to the apache2.conf file:
#include phpmyadmin
Include /etc/phpmyadmin/*.conf
But when I restart the server, I have the next error:
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 2 of /etc/phpmyadmin/lighttpd.conf:
Invalid command 'alias.url', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
And the error log says:
[Tue Aug 13 12:36:25.690262 2013] [mpm_prefork:notice] [pid 13210] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.1-2+debphp.org~precise+2 configured -- resuming normal operations
[Tue Aug 13 12:36:25.690358 2013] [core:notice] [pid 13210] AH00094: Command line: '/usr/sbin/apache2'
[Tue Aug 13 12:39:21.635566 2013] [mpm_prefork:notice] [pid 13210] AH00169: caught SIGTERM, shutting down
What should I do to define alias.url, or what am I doing wrong? Thanks
Solved with #Jamie Taylor comment: try changing *.conf to apache.conf.
Then get 403 response forbidden, and solved it by adding:
Order allow,deny
Allow from all
to
<Directory "/usr/share/phpmyadmin"> </Directory>
in /etc/phpmyadmin/apache.conf
And don't forget to uncomment:
$cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
in /etc/phpmyadmin/config.inc.conf, if you want to use PHPMyAdmin without password (only localhost, of course).

Getting output from the subprocess.Popen command into a webpage? (maybe an apache issue)

Here is my program
import subprocess
print "Content-type:text/html\r\n\r\n"
print "File starting to execute"
print "<br>"
proc = subprocess.Popen(["sudo", "python", "test3.py"], stdout=subprocess.PIPE)
output = proc.stdout.read()
print "output is %s" %output
print "<br>"
print "File Executed Awesomely"
So when I run it from the command line it works great, like follows->
[root#localhost html]# python test2.py
Content-type:text/html
File starting to execute
<br>
output is .
Sent 1 packets.
<br>
File Executed Awesomely
[root#localhost html]#
that is perfect the ". Sent 1 packets." is what I want. But when I run it from the webpage, the webpage just has
File starting to execute
output is
File Executed Awesomely
so I originally thought this was because I was doing something wrong grabbing the output but I listened on the port with wireshark (my other program it calls send a packet) and it looks like no packets shows up via the webpage call, but it does when I call it on the command line (the same way). Looking at my apache error_log->
[Wed Jan 18 18:15:11 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 18 18:15:11 2012] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 18 18:15:11 2012] [notice] Digest: done
[Wed Jan 18 18:15:11 2012] [warn] ./mod_dnssd.c: No services found to register
[Wed Jan 18 18:15:11 2012] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- resuming normal operations
any suggestions on how I can fix it so my apache cgi-bin script runs the same way as the command line?
EDIT: looking at the log after a few calls it does this repeatedly
[Wed Jan 18 18:22:37 2012] [error] [client 10.117.153.89] :
[Wed Jan 18 18:22:37 2012] [error] [client 10.117.153.89] sorry, you must have a tty to run sudo
The message sorry, you must have a tty to run sudo is the key. First of all, letting your apache run sudo is dangerous to say the least, but if you really really want to do it... there's a way, edit /etc/sudoers (visudo) and locate the Defaults requiretty part (man sudoers).
NB: Never let apache run anything using sudo, specify exactly what it needs to do and nothing more!
BTW: It may still not work if you have SELinux enabled or other LSM module.

Premature End of Script Headers from git-http-backend

I am attempting to install git and Apache on Windows. I have installed MSYSGit 1.7.3 on my Windows 2008 server (x64). I selected that the git commands should work from a Windows command prompt when I installed msysgit.
I have added these lines to my http.conf file:
SetEnv GIT_PROJECT_ROOT C:/Repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ "C:/Progra~2/git/libexec/git-core/git-http-backend.exe/"
<Directory />
Options +ExecCGI
Allow from all
</Directory>
I created a repository (MKE_Playground.git). I added a file test.txt.
When I attempt to access the URL http://localhost/git/MKE_Playground.git I get this error in the Apache log:
[Tue Feb 01 15:56:09 2011] [notice] Child 1164: Child process is running
[Tue Feb 01 15:56:09 2011] [notice] Child 1164: Acquired the start mutex.
[Tue Feb 01 15:56:09 2011] [notice] Child 1164: Starting 64 worker threads.
[Tue Feb 01 15:56:09 2011] [notice] Child 1164: Starting thread to listen on port 80.
127.0.0.1 - - [01/Feb/2011:15:56:14 -0600] "GET /git/MKE_Playground.git HTTP/1.1" 500 539
[Tue Feb 01 15:56:14 2011] [error] [client 127.0.0.1] Premature end of script headers: git-http-backend.exe
I know that this means that the headers from the script were malformed. If I were writing the script I would check there, but I assume that the git backend typically provides correct headers. My take on this is that the git http backend failed for some reason. Where can I go to determine why it failed? Is there a Git log someplace?
Pat O
I dealt with a similar problem earlier.
Running "git-http-backend.exe" in a Cygwin shell revealed that the dll, "libiconv2.dll" could not be found. The file is located in the git/bin directory for my Git install (mostly defaults). I added the bin and libexec directories of the git install to my Path, and was able to clone the git repository locally through Apache.
Note: My Apache error logs looked like this - git-http-backend.exe was failing on the missing dll, but not reporting that in the httpd logs:
[Mon Feb 14 15:26:02 2011] [notice] Child 3308: Starting 64 worker threads.
[Mon Feb 14 15:26:02 2011] [notice] Child 3308: Starting thread to listen on port 80.
[Mon Feb 14 15:26:20 2011] [error] [client 127.0.0.1] Premature end of script headers: git-http-backend.exe
[Mon Feb 14 15:26:20 2011] [error] [client 127.0.0.1] Premature end of script headers: git-http-backend.exe
This worked for my 1.7.6.msysgit.0 setup:
In http://www.jeremyskinner.co.uk/2010/07/31/hosting-a-git-server-under-apache-on-windows/, Jeremy Skinner suggests that it must be possible to run Git\libexec\git-http-backend.exe in a Windows cmd shell. When this fails, copy Git\bin\libiconv-2.dll and Git\bin\libiconv2.dll to Git\libexec\git-core and try again. If you can call git-http-backend.exe and it gives you a "500 Internal Server Error", try your clone or fetch again.
I was fighting the same issue. In my case it was a user permission problem. You can check the "log on" information for the Apache Windows Service and test with your domain user for instance (Control Panel->Administrative Tools->Services->Apache->Log On Tab).
After a reboot, browsing to your http://localhost/git/MKE_Playground.git should then give you a Request not supported error in your error.log. That's fine.
git clone http://localhost/git/MKE_Playground.git should work then.
I have abandonded the idea of running Git on Windows. As such this is no longer an issue for me.
Thanks for your help.