Set up a CGI executable environment in Nginx using FastCGI.
[root@www ~]# dnf --enablerepo=epel -y install fcgiwrap
Edit or create a new FastCGI configuration file:
[root@www ~]# vi /etc/nginx/fcgiwrap.conf
# Add the following configuration:
location /cgi-bin/ {
gzip off;
root /usr/share/nginx;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
Create the CGI bin directory and adjust permissions:
[root@www ~]# mkdir /usr/share/nginx/cgi-bin
[root@www ~]# chmod 755 /usr/share/nginx/cgi-bin
Include the FastCGI configuration in the server block:
[root@www ~]# vi /etc/nginx/conf.d/ssl.conf
# Add the following inside the server block:
server {
.....
.....
include fcgiwrap.conf;
}
Reload Nginx to apply the changes:
[root@www ~]# systemctl reload nginx
Create a new systemd service file:
[root@www ~]# vi /usr/lib/systemd/system/fcgiwrap.service
# Add the following configuration:
[Unit]
Description=Simple CGI Server
After=nss-user-lookup.target
Requires=fcgiwrap.socket
[Service]
EnvironmentFile=/etc/sysconfig/fcgiwrap
ExecStart=/usr/sbin/fcgiwrap ${DAEMON_OPTS} -c ${DAEMON_PROCS}
User=nginx
Group=nginx
[Install]
Also=fcgiwrap.socket
Create the socket file for the service:
[root@www ~]# vi /usr/lib/systemd/system/fcgiwrap.socket
# Add the following configuration:
[Unit]
Description=fcgiwrap Socket
[Socket]
ListenStream=/run/fcgiwrap.socket
[Install]
WantedBy=sockets.target
Enable and start the FastCGI Wrap service:
[root@www ~]# systemctl enable --now fcgiwrap
If SELinux is enabled, create and apply a new policy module:
[root@www ~]# vi nginx-server.te
# Add the following policy configuration:
module nginx-server 1.0;
require {
type unconfined_service_t;
type var_run_t;
type httpd_t;
class sock_file write;
class unix_stream_socket connectto;
}
# Policy rules:
allow httpd_t unconfined_service_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;
Compile and apply the SELinux module:
[root@www ~]# checkmodule -m -M -o nginx-server.mod nginx-server.te
[root@www ~]# semodule_package --outfile nginx-server.pp --module nginx-server.mod
[root@www ~]# semodule -i nginx-server.pp
Create and test a CGI script.
Example using Python3:
[root@www ~]# vi /usr/share/nginx/cgi-bin/index.cgi
# Add the following script:
#!/usr/bin/python3
print("Content-type: text/html\n")
print("<html>\n<body>")
print("<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">")
print("CGI Script Test Page")
print("</div>")
print("</body>\n</html>")
Set the correct permissions:
[root@www ~]# chmod 755 /usr/share/nginx/cgi-bin/index.cgi
After configuring the CGI script, you can verify its functionality by accessing it through a web browser.
Open a web browser and navigate to the following URL:
http://<IP_or_domain>/cgi-bin/index.cgi
Replace <IP_or_domain> with your server's IP address or domain name. If the setup is correct, you should see the "CGI Script Test Page" displayed in the browser, indicating that your CGI script is running successfully on the Nginx server.