* Re: Help with setting up man.cgi with nginx
2020-12-10 15:01 ` Ingo Schwarze
@ 2020-12-10 15:26 ` Aisha Tammy
2020-12-10 15:26 ` Aisha Tammy
2020-12-16 3:28 ` Stephen Gregoratto
2 siblings, 0 replies; 8+ messages in thread
From: Aisha Tammy @ 2020-12-10 15:26 UTC (permalink / raw)
To: discuss
On 12/10/20 10:01 AM, Ingo Schwarze wrote:
> Hi Aisha,
>
> Aisha Tammy wrote on Thu, Dec 10, 2020 at 09:26:36AM -0500:
>
>> I finally got it working *cries in lost sanity*...
>>
>> Turns out I (or nginx or whatever) was not passing the PATH_INFO
>> fastcgi parameter.
>
> Oh, that does indeed explain why you always got the start page and
> the two links on the start page only brought you back to the start
> page.
>
> So, are you saying that with your new configuration,
>
> http://localhost/ls.1
>
> and the like now work as expected?
>
> If so, does
>
> http://localhost/?query=ls
>
> work, too? If not, i suspect you may need to pass QUERY_STRING
> in the same way as you pass PATH_INFO, see
>
> https://man.openbsd.org/man.cgi.8#ENVIRONMENT
>
> for details. If it already works right now, then maybe nginx passes
> QUERY_STRING by default - though i don't quite see why it would
> pass QUERY_STRING by default but not PATH_INFO. That would feel
> like an odd choice of defaults to me.
The default 'fastcgi_params' file, used in 'include fastcgi_params;'
contains QUERY_STRING but no PATH_INFO :-\ ...
Which explains this behaviour (indeed odd choice of defaults).
>
>> Obscure chases through the internet led me to the final nginx.conf
>> configuration which finally made it work...
>> Please don't ask me on how this works, it's dangerous forbidden dark arts
>> of nginx magic.
>
> Don't worry, i won't ask. :-)
>
> (But do consider that running a webserver on the Internet with a
> configuration you don't understand is seriously dangerous.
> So you should ask yourself how your server works, until you
> understand it, or use something else that you do understand.)
>
Ah, now worries on that front, this is for my local benefit.
I don't like spending all my time in the terminal :)
>> This was my first ever use of nginx, all my other thingies
>> are on obsd httpd.
>>
>> Now to see how to work a chroot with nginx and fcgiwrap.
>> #nginx irc users told me that this is stupid
>
> What is stupid? Running man.cgi(8) at all? Or running it on Linux?
> or running it on nginx? Or ...?
That having nginx do chroot is stupid... Apparently it should
be done by the sysadmin, before running nginx.
>
>> and that this is an OS thing and not an application thing -.-
>
> Which aspect of all this is an OS thing, and what does "an application
> thing" mean? I don't think i understand what you are tryong to say
> with this sentence.
As above, in their opinion chroot should be an os thing, it is not
supposed to be done by nginx, which sounds very weird considering
that (i think) openbsd had patched nginx (at some point in history)
to support chroot. Not to mention that lighttpd, httpd, uwsgi (and
a lot of other web service things) support changing chroot....
Well, user opinions on IRC are not to be counted, no matter how popularly
held that belief is.
So my current plan is to shift to lighttpd + uwsgi (for fcgiwrap), as
both support chroot options (maybe useful for others who read this thread
in the future).
>
>> , so that was fun.
>
> In that case, enjoy! ;-/
> Ingo
> --
> To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
>
--
To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Help with setting up man.cgi with nginx
2020-12-10 15:01 ` Ingo Schwarze
2020-12-10 15:26 ` Aisha Tammy
@ 2020-12-10 15:26 ` Aisha Tammy
2020-12-16 3:28 ` Stephen Gregoratto
2 siblings, 0 replies; 8+ messages in thread
From: Aisha Tammy @ 2020-12-10 15:26 UTC (permalink / raw)
To: discuss
On 12/10/20 10:01 AM, Ingo Schwarze wrote:
> Hi Aisha,
>
> Aisha Tammy wrote on Thu, Dec 10, 2020 at 09:26:36AM -0500:
>
>> I finally got it working *cries in lost sanity*...
>>
>> Turns out I (or nginx or whatever) was not passing the PATH_INFO
>> fastcgi parameter.
>
> Oh, that does indeed explain why you always got the start page and
> the two links on the start page only brought you back to the start
> page.
>
> So, are you saying that with your new configuration,
>
> http://localhost/ls.1
>
> and the like now work as expected?
>
> If so, does
>
> http://localhost/?query=ls
>
> work, too? If not, i suspect you may need to pass QUERY_STRING
> in the same way as you pass PATH_INFO, see
>
> https://man.openbsd.org/man.cgi.8#ENVIRONMENT
>
> for details. If it already works right now, then maybe nginx passes
> QUERY_STRING by default - though i don't quite see why it would
> pass QUERY_STRING by default but not PATH_INFO. That would feel
> like an odd choice of defaults to me.
The default 'fastcgi_params' file, used in 'include fastcgi_params;'
contains QUERY_STRING but no PATH_INFO :-\ ...
Which explains this behaviour (indeed odd choice of defaults).
>
>> Obscure chases through the internet led me to the final nginx.conf
>> configuration which finally made it work...
>> Please don't ask me on how this works, it's dangerous forbidden dark arts
>> of nginx magic.
>
> Don't worry, i won't ask. :-)
>
> (But do consider that running a webserver on the Internet with a
> configuration you don't understand is seriously dangerous.
> So you should ask yourself how your server works, until you
> understand it, or use something else that you do understand.)
>
Ah, now worries on that front, this is for my local benefit.
I don't like spending all my time in the terminal :)
>> This was my first ever use of nginx, all my other thingies
>> are on obsd httpd.
>>
>> Now to see how to work a chroot with nginx and fcgiwrap.
>> #nginx irc users told me that this is stupid
>
> What is stupid? Running man.cgi(8) at all? Or running it on Linux?
> or running it on nginx? Or ...?
That having nginx do chroot is stupid... Apparently it should
be done by the sysadmin, before running nginx.
>
>> and that this is an OS thing and not an application thing -.-
>
> Which aspect of all this is an OS thing, and what does "an application
> thing" mean? I don't think i understand what you are tryong to say
> with this sentence.
As above, in their opinion chroot should be an os thing, it is not
supposed to be done by nginx, which sounds very weird considering
that (i think) openbsd had patched nginx (at some point in history)
to support chroot. Not to mention that lighttpd, httpd, uwsgi (and
a lot of other web service things) support changing chroot....
Well, user opinions on IRC are not to be counted, no matter how popularly
held that belief is.
So my current plan is to shift to lighttpd + uwsgi (for fcgiwrap), as
both support chroot options (maybe useful for others who read this thread
in the future).
Cheers,
Aisha
>
>> , so that was fun.
>
> In that case, enjoy! ;-/
> Ingo
> --
> To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
>
--
To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Help with setting up man.cgi with nginx
2020-12-10 15:01 ` Ingo Schwarze
2020-12-10 15:26 ` Aisha Tammy
2020-12-10 15:26 ` Aisha Tammy
@ 2020-12-16 3:28 ` Stephen Gregoratto
2020-12-16 4:51 ` Aisha Tammy
2 siblings, 1 reply; 8+ messages in thread
From: Stephen Gregoratto @ 2020-12-16 3:28 UTC (permalink / raw)
To: discuss; +Cc: Aisha Tammy
Hi Aisha,
Here is what I use for man.sgregoratto.me, which I cribbed from the Void
Linux Project:
server {
listen 80;
listen [::]:80;
server_name man.sgregoratto.me;
include /etc/nginx/templates/acme-client.tmpl;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name man.sgregoratto.me;
location = /mandoc.css {
root /var/www/htdocs;
}
location / {
gzip off;
fastcgi_split_path_info ^(/)(.*)$;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME /cgi-bin/man.cgi;
fastcgi_pass unix:/run/slowcgi.sock;
}
ssl_certificate /etc/ssl/man.sgregoratto.me.pem;
ssl_certificate_key /etc/ssl/private/man.sgregoratto.me.key;
ssl_stapling_file /etc/ssl/man.sgregoratto.me.der;
include /etc/nginx/templates/*.tmpl;
}
The templates are things like setting headers, OCSP stapling and ACME
challenge stuff. This setup allows all requests to go to the root of the
domain, similar to man.openbsd.org. Speaking of, here's a similar config
for httpd that I got from Ingo a while back:
server "man.sgregoratto.me" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$SERVER_NAME$REQUEST_URI"
}
}
server "man.sgregoratto.me" {
listen on * tls port 443
hsts max-age 31536000
root "/htdocs"
tls {
certificate "/etc/ssl/man.sgregoratto.me.pem"
key "/etc/ssl/private/man.sgregoratto.me.key"
ocsp "/etc/ssl/man.sgregoratto.me.der"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
pass
}
location "/mandoc.css" {
root "/htdocs"
}
location "*" {
fastcgi
root "/cgi-bin/man.cgi"
}
}
--
Stephen Gregoratto
--
To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Help with setting up man.cgi with nginx
2020-12-16 3:28 ` Stephen Gregoratto
@ 2020-12-16 4:51 ` Aisha Tammy
0 siblings, 0 replies; 8+ messages in thread
From: Aisha Tammy @ 2020-12-16 4:51 UTC (permalink / raw)
To: discuss
On 12/15/20 10:28 PM, Stephen Gregoratto wrote:
> Hi Aisha,
>
> Here is what I use for man.sgregoratto.me, which I cribbed from the Void
> Linux Project:
>
> server {
> listen 80;
> listen [::]:80;
> server_name man.sgregoratto.me;
> include /etc/nginx/templates/acme-client.tmpl;
> return 302 https://$host$request_uri;
> }
>
> server {
> listen 443 ssl http2;
> listen [::]:443 ssl http2;
> server_name man.sgregoratto.me;
>
> location = /mandoc.css {
> root /var/www/htdocs;
> }
> location / {
> gzip off;
> fastcgi_split_path_info ^(/)(.*)$;
>
> fastcgi_param QUERY_STRING $query_string;
> fastcgi_param REQUEST_METHOD $request_method;
> fastcgi_param PATH_INFO $fastcgi_path_info;
> fastcgi_param SCRIPT_FILENAME /cgi-bin/man.cgi;
> fastcgi_pass unix:/run/slowcgi.sock;
> }
>
> ssl_certificate /etc/ssl/man.sgregoratto.me.pem;
> ssl_certificate_key /etc/ssl/private/man.sgregoratto.me.key;
> ssl_stapling_file /etc/ssl/man.sgregoratto.me.der;
> include /etc/nginx/templates/*.tmpl;
> }
>
> The templates are things like setting headers, OCSP stapling and ACME
> challenge stuff. This setup allows all requests to go to the root of the
> domain, similar to man.openbsd.org. Speaking of, here's a similar config
> for httpd that I got from Ingo a while back:
>
> server "man.sgregoratto.me" {
> listen on * port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> }
> location * {
> block return 302 "https://$SERVER_NAME$REQUEST_URI"
> }
> }
> server "man.sgregoratto.me" {
> listen on * tls port 443
> hsts max-age 31536000
> root "/htdocs"
>
> tls {
> certificate "/etc/ssl/man.sgregoratto.me.pem"
> key "/etc/ssl/private/man.sgregoratto.me.key"
> ocsp "/etc/ssl/man.sgregoratto.me.der"
> }
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> pass
> }
> location "/mandoc.css" {
> root "/htdocs"
> }
> location "*" {
> fastcgi
> root "/cgi-bin/man.cgi"
> }
> }
>
!!!! Thanks a lot, I really appreciate it :D
Cheers,
Aisha
--
To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 8+ messages in thread