Configuring apache with fastcgi in Haskell - apache

I am trying to run my Haskel fastcgi program with apache (Server version: Apache/2.2.15 (Cent OS 6)),
Following are the changes done in httpd.conf
<IfModule fastcgi_module>
AddHandle fastcgi-script .fcgi
</IfModule>
LoadModule fastcgi_module modules/mod_fastcgi.so
<VirtualHost *:80>
ServerAdmin webmaster#<hostname>
DocumentRoot /var/www
ServerName <hostname>
ErrorLog logs/<hostname>.com-error_log
CustomLog logs/<hostname>-access_log common
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/http">
Options -Indexes FollowSymLinks +ExecCGI
AllowOverride AuthConfig FileInfo
AddHandler fastcgi-script .fcgi
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I followed all the instructions as specified here
When I visit the link curl --include http:// hostname/cgi-bin/test.fcgi
I get error in apache server log as
[error] Premature end of script headers: test.fcgi
How can I debug this issue ?

Related

Site port 443 can be reached by itself, but 403 Forbidden from outside ( like WAN, public IP visit )

I'm stuck around this problem for days, anyone here can point me out?
I installed Phoenix CTMS on a clean aws CentOS9 instance, now it seems okay by check from terminal:
curl -k https://localhost/login.jsf
It returns the correct html of that page. and then I did these:
Allow 80 and https 443 in security list of this instance;
confirmed tomcat8 and apache2 service are running;
but, when try to visit site https://public_ip/login.jsf it goes 403 Forbidden.
There are 4 conf under /etc/apache2/:
000-default.conf
default-ssl.conf
00_ctsms_http.conf
00_ctsms_https.conf
The last one is like
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost *:443>
ServerName localhost:443
TransferLog /var/log/apache2/access.log
ErrorLog /var/log/apache2/error.log
Include /etc/apache2/blocklist.conf
#Alias /documents /ctsms/documents/
#<Directory "/ctsms/documents">
#Options Indexes Multiviews
#AllowOverride None
#Require all granted
#</Directory>
Alias /signup/css /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/css
Alias /signup/fonts /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/fonts
Alias /signup/images /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/images
Alias /signup/js /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/js
Alias /signup/themes /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/themes
ScriptAliasMatch ^/signup(.*) /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/dispatch.fcgi$1
#DocumentRoot /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public
<Directory "/ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#Order allow,deny
#Allow from all
Require all granted
AddHandler fcgid-script .fcgi
</Directory>
SetEnvIf Request_URI "/static/*" no-jk
SetEnvIf Request_URI "/signup/*" no-jk
Alias /resources /var/lib/tomcat8/webapps/ROOT/resources
<Directory "/var/lib/tomcat8/webapps/ROOT/resources">
#Options FollowSymLinks
#allow from all
AllowOverride None
Require all granted
</Directory>
Alias / /var/lib/tomcat8/webapps/ROOT/
<Directory "/var/lib/tomcat8/webapps/ROOT">
#Options FollowSymLinks
#allow from all
AllowOverride None
Require all granted
</Directory>
<Location "/WEB-INF/">
#AllowOverride None
deny from all
</Location>
DocumentRoot /var/lib/tomcat8/webapps/ROOT
JkMount /*.jsf ajp13
JkMount /rest/* ajp13
JkMount /inputfieldimage ajp13
JkMount /file ajp13
JkMount /beacon/* ajp13
JkMount /unsubscribe/* ajp13
SSLEngine on
#SSLProtocol -ALL +SSLv3 +TLSv1
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ComodoIntermediateCertificates.crt
</VirtualHost>
#</IfDefine>
#</IfDefine>
I tried uncomment the line allow from all then restart apache2, still got 403 error.

Redmine duplicate URL access / & /redmine

I managed to get my Redmine reachable at a example.org/redmine URL.
But actually, it's still reachable at example.org/
I can't manage to make it work only on the /redmine alias.
Here is my configuration
<VirtualHost *:80>
LoadModule passenger_module /usr/local/share/gems/gems/passenger-5.0.11/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/share/gems/gems/passenger-5.0.11
PassengerDefaultRuby /usr/bin/ruby
PassengerUser apache
</IfModule>
DocumentRoot /var/www
PassengerAppRoot /var/www/redmine
RailsBaseURI /redmine
Alias /redmine /var/www/redmine/public
TransferLog "logs/redmine_acess_log"
ErrorLog "logs/redmine_error_log"
</VirtualHost>
When I enter example.org/zriogjqoerqgj I'd like to have the default ErrorDocument, not something hooked up by Redmine.

Add the Directory directive, for example:
<Directory /var/www/redmine>
Order allow,deny
Allow from all
Require all granted
</Directory>
And another one
<Directory /var/www>
Order deny,allow
Deny from all
</Directory>

Your Virtual Host shoud looks like this:
<VirtualHost *:80>
ServerName example.org
DocumentRoot /var/www
ErrorLog logs/redmine_error_log
<Directory "/var/www/">
Allow from all
Options -MultiViews
</Directory>
Alias /redmine /var/www/redmine/public/
<Location /redmine>
PassengerBaseURI /redmine
PassengerAppRoot /var/www/redmine
</Location>
<Directory /var/www/redmine/public/ >
Options Indexes ExecCGI FollowSymLinks -MultiViews
Order allow,deny
Allow from all
AllowOverride all
</Directory>
</VirtualHost>
I did this solution following the Passenger documentation

Apache 2.4.6: client denied by server configuration (PHP FPM)

I found a similar question but it did not helped.
When I open a PHP file via https://site/test.php, the following error comes:
[Tue Oct 29 11:15:53.480855 2013] [authz_core:error] [pid 5424] [client xxx.xxx.xxx.xxx:xxxxx] AH01630: client denied by server configuration: /vhost_site_ssl
Virtualhost:
<VirtualHost *:443>
ServerName site:443
ServerAlias www.site:443
DocumentRoot /opt/web/site
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/privkey.pem
ErrorLog "/opt/log/apache/site_ssl-error.log"
CustomLog "/opt/log/apache/site_ssl-access.log" combined
CustomLog "/opt/log/apache/site_ssl-bandwidth.log" common
<Directory /opt/web/site>
AllowOverride All
Options +Indexes +FollowSymLinks +MultiViews
Order allow,deny
Allow from all
Require all granted
</Directory>
<Directory /vhost_site_ssl>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
Options +Indexes +FollowSymLinks +MultiViews
</Directory>
<Directory /php5-fpm-handler>
AllowOverride All
Order allow,deny
Allow from all
Require all granted
Options +Indexes +FollowSymLinks +MultiViews
</Directory>
<IfModule mod_fastcgi.c>
<FilesMatch \.php$>
SetHandler php-script
</FilesMatch>
Action php-script /php5-fpm-handler
Alias /php5-fpm-handler /vhost_site_ssl
FastCGIExternalServer /vhost_site_ssl -socket /var/run/sock_site_ssl.sock
</IfModule>
</VirtualHost>
I suppose this error is caused by upgrading apache 2.2 to 2.4. I also read this: http://httpd.apache.org/docs/2.4/upgrading.html but did not helped.
UPDATE
I forgot to attach te exact error page:
Forbidden
You don't have permission to access /php5-fpm-handler/phpinfo.php on this server.
Apache/2.4.6 (Ubuntu) Server at site Port 80

Apache Config for PHP and Web2Py

I'm setting up a server for home to run all sorts of things. I'll save you the whole story, but I'm trying to get it to run Web2Py through WSGI, but also need to serve PHP files for other web apps I have. I tried the install script for Web2Py, but that "hijacked" the entire Apache system to run the Web2Py system.
The setup currently works for PHP and SSL pages, but I cannot get it to also process requests for the Web2Py site. For the Web2Py url (http://jupiter/web2py), I get an Apache directory listing. Please help.
The directory structure is this:
/var/www --> Apache DocumentRoot
/var/www/scripts --> various PHP scripts
/var/www/web2py --> Web2Py
The /etc/apache2/sites-available/default file is setup as this:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin me#yahoo.com
ServerName jupiter.myhome.com
WSGIDaemonProcess web2py user=www-data group=www-data display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias /web2py /var/www/web2py/wsgihandler.py
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow, deny
allow from all
</Directory>
<Directory /var/www/web2py>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /var/www/web2py/applications/$1/static/$2
<Directory /var/www/web2py/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
#comment
#comment
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined

I successfully configured a Joomla (PHP) application + Web2py. Your apache config seems ok. Just make sure you configure your /web2py/routes.py with the correct path_prefix (as per your example it should be 'web2py'):
routers = dict(
BASE = dict(
default_application='<your_default_app>',
path_prefix='web2py',
)
)

Ubuntu - Apache - Rails - Passenger - Spawning error

I've got the error where passenger complains that:
*** Passenger ERROR (ext/common/ApplicationPool/../SpawnManager.h:220):
Could not start the spawn server: /usr/local/rvm/gems/ruby-1.9.3-head/ruby: No such file or directory (2)
[ pid=8970 thr=139698295748416 file=ext/apache2/Hooks.cpp:865 time=2012-11-07 17:17:32.422 ]: Unexpected error in mod_passenger: Cannot spawn application '/www/lensfinder.se/ruby/lensfinder': Could not read from the spawn server: Connection reset by peer (104)
Backtrace:
in 'virtual Passenger::SessionPtr Passenger::ApplicationPool::Client::get(const Passenger::PoolOptions&)' (Client.h:750)
in 'Passenger::SessionPtr Hooks::getSession(const Passenger::PoolOptions&)' (Hooks.cpp:297)
in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:566)
From what I can read is that it cant access /www/lensfinder.se/ruby/lensfinder though it exist.
And I found this FAQ on Phusion Passengers site
The problem is that, when I try to use that command,
passenger-config --root
I get this:
-bash: /usr/bin/passenger-config: ruby: bad interpreter: No such file or directory
apache config:
LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-3.0.12/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-3.0.12
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.3-head/ruby
<VirtualHost 10.0.0.37:80>
ServerAdmin webmaster#compartment.se
DocumentRoot /www/lensfinder.se/htdocs
ServerName lensfinder.se
Redirect 301 / http://www.lensfinder.se/
ErrorLog /var/log/apache2/lensfinder.se-error.log
CustomLog /var/log/apache2/lensfinder.se-access.log combined
</VirtualHost>
<VirtualHost 10.0.0.37:80>
ServerAdmin hostmaster#compartment.se
ServerName lensfinder.se
ServerAlias www.lensfinder.se
ServerAlias *.lensfinder.se
# DocumentRoot /www/lensfinder.se/htdocs
DocumentRoot /www/lensfinder.se/ruby/lensfinder/script
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /www/lensfinder.se/htdocs>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /www/lensfinder.se/cgi-bin/
<Directory "/www/lensfinder.se/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
AllowOverride AuthConfig
#Options Includes
#Options FollowSymLinks
#Options +Indexes +Multiviews +FollowSymLinks
</Directory>
<Directory "/www/lensfinder.se/htdocs/usage">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
AllowOverride AuthConfig
#Options Includes
#Options FollowSymLinks
#Options +Indexes +Multiviews +FollowSymLinks
</Directory>
ErrorLog /var/log/apache2/lensfinder.se-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/lensfinder.se-access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
Alias /ruby/ /www/lensfinder.se/ruby/lensfinder/script
<Directory /www/lensfinder.se/ruby/lensfinder/script>
# Options ExecCGI
# AddHandler cgi-script .cgi
# Addhandler fastcgi-script .fcgi .fcg .fpl
AllowOVerride all
Order allow,deny
Allow from all
</Directory>
<IfModule passenger_module>
PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-3.0.12
PassengerRuby /usr/local/rvm/gems/ruby-1.9.3-head/ruby
</IfModule>
RailsEnv production
RailsBaseURI /script
#
<Location />
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
</Location>
</VirtualHost>

Ok my guess is that you point Passenger to the wrong directory. You should point it to the public directory of your Rails app.
Here's a minimalist configuration for your project that goes in /etc/apache2/sites-available/lensfinder.se:
<VirtualHost 10.0.0.37:80>
ServerAdmin hostmaster#compartment.se
ServerName lensfinder.se
ServerAlias *.lensfinder.se
DocumentRoot /www/lensfinder.se/ruby/lensfinder/public
RailsEnv production
<Directory "/www/lensfinder.se/ruby/lensfinder/public">
Options FollowSymLinks
AllowOverride All
Options -MultiViews
</Directory>
</VirtualHost>
Then edit /etc/apache2/apache2.conf and at the end of the file, add :
LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-3.0.12/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-head/gems/passenger-3.0.12
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.3-head/ruby
then simlink your virtualhost config to enable it:
ln -s /etc/apache2/sites-available/lensfinder.se /etc/apache2/sites-enabled/lensfinder.se
And of course restart apache2

In addition to the previous answer, In my case even after editing configuration files I still had issues loading up Apache as the module was still configured to load the previous (global) .so file.
I found there were source files and scripts in the /usr/local/rvm/gems/[YOUR-RUBY-VER]/gems/passenger-[YOUR-PASSENGER-VER]/ext/apache2/ directory, but no binaries. There were however scripts provided to build those. Simply run sudo /usr/local/rvm/gems/ruby-[YOUR-RUBY-VER]/gems/passenger-[YOUR-PASSENGER-VER]/bin/passenger-install-apache2-module.