はじめまして、かげろうと申します。
環境は、FC1・Apache2.0.50です。
早速ですが、CGI配下で画像を表示させたく、検索しまくっていたところおやじ様のHPに辿りつきました。
その中で、”/cgi-bin/ディレクトリ配下においたCGI関連の画像やHTMLが表示できない。”項目を参考にhttpd.confを編集させて頂きこれで表示できるかと思ったら、500Internal Server Errorとなってしまいました。
以下が設定した内容です。
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
AddHandler image/gif .gif
AddHandler image/jpeg .jpeg .jpg .jpe
AddHandler image/png .png
AddHandler text/html .html .htm
</Directory>
ちなみに、Options ExecCGIをOptions NoneにするとApacheのエラーログにOptions ExecCGI is off in this directoryと表示されます。
それと、.htaccessの内容は
Options +ExecCGI +Includes
AddType application/x-httpd-cgi .cgi .pl
AddType text/x-server-parsed-html .shtml .html .htm
です。
いったいどこが悪いのか見当がつかず悩んでいます。
どうか、よきアドバイスお願いします。
私も同様の問題で悩んでいます。
CGI-bin以下のディレクトリのHTMLやら画像やらがパーミッションエラーとなってしまいます。でもCGIの実行は出来ているようです。
DocumentRootは"/home/httpd/html"となっており
ScriptAliasは /cgi-bin/ "/home/httpd/html/cgi-bin" となっています。
このScriptAliasを外すと、HTML等は表示可能であるため、パーミッションに間違いはないと思われます(755)。
どなたかアドバイスを頂けると助かります。
お二人ともFedora Core1/2との前提です。
原因は、SuEXECで間違いないと思います。
cgi-bin配下のディレクトリ/ファイルのuser:groupをapache:apacheに変更してください。それで、うまくいくはずです。
SuEXECについては、下記を参考にしてください。自信が無ければ、SuEXECを止めればいいでしょう。
http://www.aconus.com/~oyaji/www/apache_linux_suexec.htm
> 環境は、FC1・Apache2.0.50です。
>
> 早速ですが、CGI配下で画像を表示させたく、検索しまくっていたところおやじ様のHPに辿りつきました。
> その中で、”/cgi-bin/ディレクトリ配下においたCGI関連の画像やHTMLが表示できない。”項目を参考にhttpd.confを編集させて頂きこれで表示できるかと思ったら、500Internal Server Errorとなってしまいました。
> 以下が設定した内容です。
>
> # ScriptAlias: This controls which directories contain server scripts.
> # ScriptAliases are essentially the same as Aliases, except that
> # documents in the realname directory are treated as applications and
> # run by the server when requested rather than as documents sent to the client.
> # The same rules about trailing "/" apply to ScriptAlias directives as to
> # Alias.
> #
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>
> #
> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
> # CGI directory exists, if you have that configured.
> #
> <Directory "/var/www/cgi-bin">
> AllowOverride None
> Options ExecCGI
> Order allow,deny
> Allow from all
> AddHandler image/gif .gif
> AddHandler image/jpeg .jpeg .jpg .jpe
> AddHandler image/png .png
> AddHandler text/html .html .htm
> </Directory>
>
> ちなみに、Options ExecCGIをOptions NoneにするとApacheのエラーログにOptions ExecCGI is off in this directoryと表示されます。
> それと、.htaccessの内容は
> Options +ExecCGI +Includes
> AddType application/x-httpd-cgi .cgi .pl
> AddType text/x-server-parsed-html .shtml .html .htm
> です。
.htaccessをどこで使われているのか知りませんが、cgi-bin配下でしたらAllowOverride Noneでは有効にはなりませんよ。これだけなら、AllowOverride Options FileInfo で動くはずですが・・・。
おやじ様、早速のご回答ありがとうございます。
しかしながら、ご指摘のuser:groupをapache:apacheに変更するとのことですが、既に設定を行っておりました。以下に長くなってしまいますが再度設定内容を掲載させて頂きます。
また、.htaccessについてですが、/var/www/htmlの配下にセットしています。
それから、SuEXECをやめる場合は、ロードモジュールで読み込まないように設定すれば良いのでしょうか?
大変お手数ですが御指導宜しくお願いします。
> お二人ともFedora Core1/2との前提です。
> 原因は、SuEXECで間違いないと思います。
> cgi-bin配下のディレクトリ/ファイルのuser:groupをapache:apacheに変更してください。それで、うまくいくはずです。
> SuEXECについては、下記を参考にしてください。自信が無ければ、SuEXECを止めればいいでしょう。
> > > > 早速ですが、CGI配下で画像を表示させたく、検索しまくっていたところおやじ様のHPに辿りつきました。
> > その中で、”/cgi-bin/ディレクトリ配下においたCGI関連の画像やHTMLが表示できない。”項目を参考にhttpd.confを編集させて頂きこれで表示できるかと思ったら、500Internal Server Errorとなってしまいました。
> > 以下が設定した内容です。
ServerRoot "/etc/httpd"
LoadModule suexec_module modules/mod_suexec.so
#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options IncludesNoExec ExecCGI FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride All
# AllowOverride None
# Options None
Options ExecCGI
Order allow,deny
Allow from all
AddHandler image/gif .gif
AddHandler image/jpeg .jpeg .jpg .jpe
AddHandler image/png .png
AddHandler text/html .html .htm
</Directory>
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
AddHandler cgi-script .cgi .pl
> > それと、.htaccessの内容は
> > Options +ExecCGI +Includes
> > AddType application/x-httpd-cgi .cgi .pl
> > AddType text/x-server-parsed-html .shtml .html .htm
> > です。
> > .htaccessをどこで使われているのか知りませんが、cgi-bin配下でしたらAllowOverride Noneでは有効にはなりませんよ。
AllowOverride All に修正しました。
> しかしながら、ご指摘のuser:groupをapache:apacheに変更するとのことですが、既に設定を行っておりました。以下に長くなってしまいますが再度設定内容を掲載させて頂きます。
これは、cgi-bin配下においたcgiそのもののことと書いたつもりですが、本当に大丈夫ですか? というより、一応確認のため、FC2で通常のディレクトリで動作するCGI(パーミッションは問題ないという前提)をcgi-binに移動して動作確認しましたが、オーナ以外は、何も触らなくても動作しましたし、触る理由もないのですが・・・。
/cgi-bin/index.html等、cgiに付属しているcgi以外のコンテンツにアクセスすれば、表示されませんか?
一応確認までですが、今の設定なら、/var/www/html 配下にcgiを持って行けば動作するはずなので、やってみればそのほかにミスはないか確認できます。(perlのパスや、改行コード等のFAQの内容は問題ないか?)
> また、.htaccessについてですが、/var/www/htmlの配下にセットしています。
> それから、SuEXECをやめる場合は、ロードモジュールで読み込まないように設定すれば良いのでしょうか?
紹介したコンテンツは読まれたのでしょうか? でも、本件は良く考えるまでもなくSuEXECはあまり関係ないですね。因みにSuEXECやめるには、/usr/sbin/suexecをrenameして再起動すればおしまいです。
> # ScriptAlias: This controls which directories contain server scripts.
> # ScriptAliases are essentially the same as Aliases, except that
> # documents in the realname directory are treated as applications and
> # run by the server when requested rather than as documents sent to the client.
> # The same rules about trailing "/" apply to ScriptAlias directives as to
> # Alias.
> #
> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>
> #
> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
> # CGI directory exists, if you have that configured.
> #
> <Directory "/var/www/cgi-bin">
> AllowOverride All
> # AllowOverride None
> # Options None
> Options ExecCGI
これは 上のScriptAliasでcgiディレクトリと宣言している(だから、htmi等があるとerorr 500になる)ので、None のままで動きます。
> Order allow,deny
> Allow from all
> AddHandler image/gif .gif
> AddHandler image/jpeg .jpeg .jpg .jpe
> AddHandler image/png .png
> AddHandler text/html .html .htm
> </Directory>
おやじ様
約1週間の間設定の見直し、そして何回行ったか覚えていませんが、再インストールを実施しましたが、CGIディレクトリ内での画像表示は結局出来ませんでした。
そこで、方針を変更してルートディレクトリ内にCGIディレクトリを作成し、画像を呼び出すCGIを設置し、その配下に画像用のディレクトリを設置することにしました。
この方法は、おやじ様のCGIディレクトリ内で画像が表示出来ない場合の対処方法”1”ですよね。
しかしながら、設定が上手くいかなかった余韻のせいか、これまた、画像が表示されません。設定方法は以下の通りです。
申し訳ありませんが、画像が表示出来ない事についてアドバイス是非よろしくお願いします。
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://httpd.apache.org/docs-2.0/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/httpd"
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile run/httpd.pid
#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
# Options FollowSymLinks
Options ExecCGI FollowSymLinks
AllowOverride None
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
## Options Indexes FollowSymLinks
Options ExecCGI FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
AddHandler cgi-script .cgi .pl
</Directory>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
TypesConfig /etc/mime.types
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options ExecCGI
# Options None
Order allow,deny
Allow from all
</Directory>
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi .pl
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For server-parsed imagemap files:
#
AddHandler imap-file map
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
まず、Windowsとは違いますから再インストールはほとんどのケースで不要です。それよりも、いつでもインストール時の状態に戻れるように、何もしないうちにconfigをバックアップしておくだけでいいと思います。うまくいかなければ、元に戻すだけですぐにインストール直後の状態に戻ります。
デフォルトから、ほとんど何もしなければ動くはずですが・・。
どんな、CGIを動かしているんでしょうか?ポイントだけ挙げます。
1. 基本的なこととして、CGIはFTPでサーバにアップしてますよね。その時、ASCモードで転送してますか?
2. パーミッションは大丈夫ですか? cgi:755 or 701, 画像等、644ですか?
3. オーナは、Userdirではないようなので、apache:apacheですよね。
4. そもそも、トラブル時の基本としてログはどうなっているんですか?