Unable to get CGI to work on NixOS #9
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I am unable to get CGI to work.
I am running vger on nixos with Xinetd and with https://github.com/tlsify/tlsify TLS Termination Proxy.
I added
-c /var/gemini/aryak.vern.cc/cgi-bin/test.cgi
to the ServerArgs along with-v -i
But, when I visit it, I just get the CGI file in return as octet-stream.
Hi, could you share your NixOS configuration so I can try on my side?
I think you need to specify the directory containing cgi scripts :
-c /var/gemini/aryak.vern.cc/cgi-bin/
in the man page its told explicitly not to have trailing / right
Instead of relayd, i used https://github.com/tlsify/tlsify
i installed vger with default opts, just nix-shell --run './configure && make'
Also, does the fact that aryak.vern.cc directory is a symlink to /home/aryak/public_gemini make a difference?
Could you share the logs of xinetd?
I wonder if you shouldn't have to add dependencies to the according systemd service to have it in PATH.
this is what i get on xinetd side when i go to aryak.vern.cc/cgi-bin/test.cgi with amfora.
its a really basic script, it just isnt being executed.
dependency can't be an issue since i am using /run/current-system/sw/bin/bash which is global.
Did you make the script executable by the xinetd user? Vger will fail otherwise.
making it 777 did not help
I made an ugly setup to try it, it's working fine for me:
I created
/var/gemini/
and cloned vger project in it, and compiled it.When calling the CGI script locally (directly connecting to the xinetd service), I get the expected result:
printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | nc 127.0.0.1 11965
Is it related to virtualhosts?
Nvm, didn't notice the -v in the beginning.
can you try with
-c /var/gemini/aryak.vern.cc/cgi-bin
? It seems putting the cgi filename into this argument doesn't work :/ I just tried and it failed.yes, that worked. Thank you. I got confused by the no trailing / thing in manpage. If i want to do this for all users, I just add each as a -c argument right
thinking about it, I have no idea if it's possible to add multiple cgi-bin directories. I'd be interested to know if it works if you can try.
The man page example is wrong because it's listing a file :/ , and the trailing slash stuff should be fixed in the code so users don't have to care about it.
I don't think this is going to work, vger supports only one cgi directory at the moment. I think it should be easy to change the code to make it work by giving a path that would be relative to the vhost directories and commong, like
-c cgi-bin
and then it would lookup for this into each vhost directory. But someone has to write the code.Could you share your tlsify code? :)
tlsify tcp4 :11965 tcp4 :1965 /path/to/cert.pem /path/to/privkey.pem
Its a one-liner, but i also did write a blog post about setting up vger which you might be interested in :), https://vern.cc/blog/vger.html
now i get this error on amfora
It works perfectly fine with astro (posix shell client) tho.
oh, tlsify is a service, I was imagining it like an inetd service spawning on demand. That's neat.
Vger could be run as a systemd socket service, this may be cleaner and more efficient than xinetd. I should write about it, but as it's not in nixpkgs... I should just write a flake for it :D
Is your amfora error specific on the CGI page or on all pages?
With netcat, I get virtually the same output for both index.gmi and test.cgi
only on cgi pages
just checked on lagrange, i get an incomplete header error.
@solene is it possible to TLS_CLIENT_HASH btw? seems its needed for a lot of gemini cgi applications
I don't really know, maybe it's a tlsify problem?
could you try latest vger version? The cgi path can be relative to the base directories / vhosts directories.
Using
-c cgi-bin
will allowcgi-bin
directory in each vhostsee #10 for more information
is there any relayd alternative i can use on GNU/Linux?
Nginx with its stream module, or haproxy :)
I used haproxy to add TLS to gopher, that will work exactly the same with gemini except the ports number ;) https://dataswamp.org/~solene/2019-03-07-haproxy-tls.html
i am still getting invalid headers error on lagrange and amfora even after switching to haproxy
cgi-bin fix does work though
This is surprising because I never heard of such issues before. Maybe your CGI program is behaving incorrectly? 🤔
can you share a sample CGI script that i can try on my side?
I manged to get it working, the issue was that i didn't add \r in 20 text/gemini part
so instead of
printf "20 text/gemini \n"
it would beprintf "20 text/gemini \r\n"
thanks for the work on this issue @solene and @prx!
I'm glad it worked for you :) indeed, gemini is strict for the
\r\n
^^'