diff options
-rw-r--r-- | doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn | 2 | ||||
-rw-r--r-- | doc/setup.mdwn | 3 | ||||
-rw-r--r-- | doc/tips/apache_cgi.mdwn | 25 | ||||
-rw-r--r-- | doc/tips/dot_cgi.mdwn | 50 | ||||
-rw-r--r-- | doc/tips/laptop_wiki_with_git.mdwn | 2 | ||||
-rw-r--r-- | doc/tips/lighttpd_cgi.mdwn | 15 |
6 files changed, 53 insertions, 44 deletions
diff --git a/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn b/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn index d42a5c704..fa8b5010e 100644 --- a/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn +++ b/doc/forum/multi-user_setup_of_ikiwiki__44___gitosis_and_apache2_in_Debian_Sid.mdwn @@ -43,7 +43,7 @@ In the end, I did the following. I created a directory /srv/ikiwiki/ which is ow ## cgi_wrapper -I do not understand those wrappers completely. The cgi is a script, which can be called by a webserver, e. g. [[Apache_2|/tips/apache_cgi]]. But www-data is normally not allowed to write to the source directory (which is owned by gitosis or push to the repository). Therefore it should be run as the user gitosis. And because cgi scripts can not be made suid, I wrapper (in this case a C program) is created (cgi\_wrapper) which can be made suid and therefore be run as the user gitosis. Is this correct? +I do not understand those wrappers completely. The cgi is a script, which can be called by a webserver, e. g. [[Apache_2|/tips/dot_cgi]]. But www-data is normally not allowed to write to the source directory (which is owned by gitosis or push to the repository). Therefore it should be run as the user gitosis. And because cgi scripts can not be made suid, I wrapper (in this case a C program) is created (cgi\_wrapper) which can be made suid and therefore be run as the user gitosis. Is this correct? > It seems to me like you understand the wrapper pretty well. It's main reson to exist is to safely be suid, yes. diff --git a/doc/setup.mdwn b/doc/setup.mdwn index 8d4d55cab..89444c9a8 100644 --- a/doc/setup.mdwn +++ b/doc/setup.mdwn @@ -47,8 +47,7 @@ Now you can go to the url it told you, and edit pages in your new wiki using the web interface. (If the web interface doesn't seem to allow editing or login, you may -need to configure [[apache|tips/apache_cgi]] or -[[lighttpd|tips/lighttpd_cgi]].) +need to configure [[configure_the_web_server|tips/dot_cgi]].) ## Checkout and edit wiki source diff --git a/doc/tips/apache_cgi.mdwn b/doc/tips/apache_cgi.mdwn deleted file mode 100644 index 3ceb0e182..000000000 --- a/doc/tips/apache_cgi.mdwn +++ /dev/null @@ -1,25 +0,0 @@ -It's common to name the [[cgi]] "ikiwiki.cgi", and put it somewhere -like `~/public_html/ikiwiki.cgi`, or `/var/www/wiki/ikiwiki.cgi`. - -If you do that, you may find that when trying to edit a page in your wiki, -you see the raw contents of the ikiwiki.cgi program. Or get a permission -denied problem. - -This is because apache is generally not configured to run cgi scripts -unless they're in `/usr/lib/cgi-bin/`. While you can put ikiwiki.cgi in -there if you like, here's how to configure apache (version 2) to run `.cgi` -programs from anywhere. - -These instructions are for Debian systems, but the basic apache -configuration should work anywhere. - -* Edit /etc/apache2/apache2.conf and add a line like this: - - AddHandler cgi-script .cgi - -* Find the "Options" line for the directory where you've put the - ikiwiki.cgi, and add "ExecCGI" to the list of options. For example, if - ikiwiki.cgi is in /var/www/, edit `/etc/apache2/sites-enabled/000-default` - and add it to the "Options" line in the "Directory /var/www/" stanza. - Or, if you've put it in a `~/public_html`, edit - `/etc/apache2/mods-available/userdir.conf`. diff --git a/doc/tips/dot_cgi.mdwn b/doc/tips/dot_cgi.mdwn new file mode 100644 index 000000000..fbc3d8bbc --- /dev/null +++ b/doc/tips/dot_cgi.mdwn @@ -0,0 +1,50 @@ +It's common to name the [[cgi]] "ikiwiki.cgi", and put it somewhere +like `~/public_html/ikiwiki.cgi`, or `/var/www/wiki/ikiwiki.cgi`. + +If you do that, you may find that when trying to edit a page in your wiki, +you see the raw contents of the ikiwiki.cgi program. Or get a permission +denied problem. + +This is because web servers are generally not configured to run cgi scripts +unless they're in `/usr/lib/cgi-bin/`. While you can put ikiwiki.cgi in +there if you like, it's better to configure your web server to +run `.cgi` programs from anywhere. + +These instructions are for Debian systems, but the basic +configuration changes should work anywhere. + +## apache 2 + +* Edit /etc/apache2/apache2.conf and add a line like this: + + AddHandler cgi-script .cgi + +* Find the "Options" line for the directory where you've put the + ikiwiki.cgi, and add "ExecCGI" to the list of options. For example, if + ikiwiki.cgi is in /var/www/, edit `/etc/apache2/sites-enabled/000-default` + and add it to the "Options" line in the "Directory /var/www/" stanza. + Or, if you've put it in a `~/public_html`, edit + `/etc/apache2/mods-available/userdir.conf`. + +## lighttpd + +Here is how to enable cgi on [lighttpd](http://www.lighttpd.net/) and +configure it in order to execute ikiwiki.cgi wherever it is located. + +* Activate cgi by linking `/etc/lighttpd/conf-available/10-cgi.conf` into `/etc/lighttpd/conf-enabled` ([doc](http://trac.lighttpd.net/trac/wiki/Docs%3AModCGI)). + +* Create `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` and add a line like this: + + cgi.assign = ( "ikiwiki.cgi" => "", ) + +* Activate ikiwiki-cgi by linking `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` into `/etc/lighttpd/conf-enabled`. + +* Restart lighttpd server with something like `/etc/init.d/lighttpd restart`. + +Note that the first part enables cgi server wide but depending on default +configuration, it may be not enough. The second part creates a specific +rule that allow `ikiwiki.cgi` to be executed. + +**Warning:** I only use this on my development server (offline). I am not +sure of how secure this approach is. If you have any thought about it, feel +free to let me know. diff --git a/doc/tips/laptop_wiki_with_git.mdwn b/doc/tips/laptop_wiki_with_git.mdwn index 998ac7443..9758beb80 100644 --- a/doc/tips/laptop_wiki_with_git.mdwn +++ b/doc/tips/laptop_wiki_with_git.mdwn @@ -15,7 +15,7 @@ for setting up ikiwiki with git. Next, `git clone` the source (`$REPOSITORY`, not `$SRCDIR`) from the server to the laptop. -Now, set up a [[web_server|apache_cgi]] on your laptop, if it doesn't +Now, set up a [[web_server|dot_cgi]] on your laptop, if it doesn't already have one. Now you need to write a setup file for ikiwiki on the laptop. Mostly this diff --git a/doc/tips/lighttpd_cgi.mdwn b/doc/tips/lighttpd_cgi.mdwn deleted file mode 100644 index 5504b0658..000000000 --- a/doc/tips/lighttpd_cgi.mdwn +++ /dev/null @@ -1,15 +0,0 @@ -Here is how to enable cgi on [lighttpd](http://www.lighttpd.net/) and configure it in order to execute ikiwiki.cgi wherever it is located. - -* Activate cgi by linking `/etc/lighttpd/conf-available/10-cgi.conf` into `/etc/lighttpd/conf-enabled` ([doc](http://trac.lighttpd.net/trac/wiki/Docs%3AModCGI)). - -* Create `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` and add a line like this: - - cgi.assign = ( "ikiwiki.cgi" => "", ) - -* Activate ikiwiki-cgi by linking `/etc/lighttpd/conf-available/90-ikiwiki-cgi.conf` into `/etc/lighttpd/conf-enabled`. - -* Restart lighttpd server with something like `/etc/init.d/lighttpd restart`. - -Note that the first part enables cgi server wide but depending on default configuration, it may be not enough. The second part creates a specific rule that allow `ikiwiki.cgi` to be executed. - -**Warning:** I only use this on my development server (offline). I am not sure of how secure this approach is. If you have any thought about it, feel free to let me know. |