Unable to get CGI to work on NixOS #9

New Issue

Closed

opened 2022-09-11 13:44:58 +00:00 by aryak · 35 comments

aryak commented 2022-09-11 13:44:58 +00:00

Copy Link

I am unable to get CGI to work.

I am running vger on nixos with Xinetd and with https://github.com/tlsify/tlsify TLS Termination Proxy.

I added -c /var/gemini/aryak.vern.cc/cgi-bin/test.cgi to the ServerArgs along with -v -i

But, when I visit it, I just get the CGI file in return as octet-stream.

I am unable to get CGI to work. I am running vger on nixos with Xinetd and with https://github.com/tlsify/tlsify TLS Termination Proxy. I added `-c /var/gemini/aryak.vern.cc/cgi-bin/test.cgi` to the ServerArgs along with `-v -i` But, when I visit it, I just get the CGI file in return as octet-stream.

solene commented 2022-09-11 18:59:43 +00:00

Owner

Copy Link

Hi, could you share your NixOS configuration so I can try on my side?

Hi, could you share your NixOS configuration so I can try on my side?

prx commented 2022-09-12 07:27:25 +00:00

Collaborator

Copy Link

I think you need to specify the directory containing cgi scripts :
-c /var/gemini/aryak.vern.cc/cgi-bin/

I think you need to specify the directory containing cgi scripts : ``-c /var/gemini/aryak.vern.cc/cgi-bin/``

aryak commented 2022-09-12 10:48:55 +00:00

Author

Copy Link

in the man page its told explicitly not to have trailing / right

cgi_path must not end with '/'.

in the man page its told explicitly not to have trailing / right > cgi_path must not end with '/'.

aryak commented 2022-09-12 10:50:13 +00:00

Author

Copy Link

services.xinetd.enable = true;
#services.xinetd.services = [ vger
services.xinetd.services = [ {
  name = "vger";
  user = "gemini";
  server = "/var/gemini/vger/vger";
  serverArgs = "-v -i";
  protocol = "tcp";
  port = 11965;
  unlisted = true;
} ];

Instead of relayd, i used https://github.com/tlsify/tlsify

i installed vger with default opts, just nix-shell --run './configure && make'

``` services.xinetd.enable = true; #services.xinetd.services = [ vger services.xinetd.services = [ { name = "vger"; user = "gemini"; server = "/var/gemini/vger/vger"; serverArgs = "-v -i"; protocol = "tcp"; port = 11965; unlisted = true; } ]; ``` Instead of relayd, i used https://github.com/tlsify/tlsify i installed vger with default opts, just nix-shell --run './configure && make'

aryak commented 2022-09-12 10:52:47 +00:00

Author

Copy Link

Also, does the fact that aryak.vern.cc directory is a symlink to /home/aryak/public_gemini make a difference?

Also, does the fact that aryak.vern.cc directory is a symlink to /home/aryak/public_gemini make a difference?

solene commented 2022-09-12 21:13:42 +00:00

Owner

Copy Link

Could you share the logs of xinetd?

I wonder if you shouldn't have to add dependencies to the according systemd service to have it in PATH.

Could you share the logs of xinetd? I wonder if you shouldn't have to add dependencies to the according systemd service to have it in PATH.

aryak commented 2022-09-13 10:57:32 +00:00

Author

Copy Link

EXIT: vger signal=13 pid=133846 duration=0(sec)
START: vger pid=133849 from=192.168.122.1
EXIT: vger status=1 pid=133849 duration=0(sec)
START: vger pid=133926 from=192.168.122.1
EXIT: vger signal=13 pid=133926 duration=0(sec)
START: vger pid=133927 from=192.168.122.1
EXIT: vger status=0 pid=133927 duration=0(sec)

this is what i get on xinetd side when i go to aryak.vern.cc/cgi-bin/test.cgi with amfora.

``` EXIT: vger signal=13 pid=133846 duration=0(sec) START: vger pid=133849 from=192.168.122.1 EXIT: vger status=1 pid=133849 duration=0(sec) START: vger pid=133926 from=192.168.122.1 EXIT: vger signal=13 pid=133926 duration=0(sec) START: vger pid=133927 from=192.168.122.1 EXIT: vger status=0 pid=133927 duration=0(sec) ``` this is what i get on xinetd side when i go to aryak.vern.cc/cgi-bin/test.cgi with amfora.

aryak commented 2022-09-13 17:20:10 +00:00

Author

Copy Link

#!/run/current-system/sw/bin/bash
echo worked > /tmp/t

its a really basic script, it just isnt being executed.

dependency can't be an issue since i am using /run/current-system/sw/bin/bash which is global.

``` #!/run/current-system/sw/bin/bash echo worked > /tmp/t ``` its a really basic script, it just isnt being executed. dependency can't be an issue since i am using /run/current-system/sw/bin/bash which is global.

solene commented 2022-09-13 18:06:42 +00:00

Owner

Copy Link

Did you make the script executable by the xinetd user? Vger will fail otherwise.

Did you make the script executable by the xinetd user? Vger will fail otherwise.

aryak commented 2022-09-14 02:19:53 +00:00

Author

Copy Link

making it 777 did not help

making it 777 did not help

solene commented 2022-09-18 13:45:21 +00:00

Owner

Copy Link

I made an ugly setup to try it, it's working fine for me:

I created /var/gemini/ and cloned vger project in it, and compiled it.

  services.xinetd.enable = true;
  services.xinetd.services = [ {
    name = "vger";
    user = "solene";
    server = "/var/gemini/vger/vger";
    serverArgs = "-v -i -d /var/gemini/vger/tests/var/gemini/ -c /var/gemini/vger/tests/var/gemini/perso.pw/cgi-bin";
    protocol = "tcp";
    port = 11965;
    unlisted = true;
  } ];

When calling the CGI script locally (directly connecting to the xinetd service), I get the expected result: printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | nc 127.0.0.1 11965

I made an ugly setup to try it, it's working fine for me: I created `/var/gemini/` and cloned vger project in it, and compiled it. ``` services.xinetd.enable = true; services.xinetd.services = [ { name = "vger"; user = "solene"; server = "/var/gemini/vger/vger"; serverArgs = "-v -i -d /var/gemini/vger/tests/var/gemini/ -c /var/gemini/vger/tests/var/gemini/perso.pw/cgi-bin"; protocol = "tcp"; port = 11965; unlisted = true; } ]; ``` When calling the CGI script locally (directly connecting to the xinetd service), I get the expected result: `printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | nc 127.0.0.1 11965`

aryak commented 2022-09-18 13:48:05 +00:00

Author

Copy Link

Is it related to virtualhosts?

Nvm, didn't notice the -v in the beginning.

Is it related to virtualhosts? Nvm, didn't notice the -v in the beginning.

solene commented 2022-09-18 13:51:02 +00:00

Owner

Copy Link

can you try with -c /var/gemini/aryak.vern.cc/cgi-bin ? It seems putting the cgi filename into this argument doesn't work :/ I just tried and it failed.

can you try with `-c /var/gemini/aryak.vern.cc/cgi-bin` ? It seems putting the cgi filename into this argument doesn't work :/ I just tried and it failed.

aryak commented 2022-09-18 13:53:05 +00:00

Author

Copy Link

yes, that worked. Thank you. I got confused by the no trailing / thing in manpage. If i want to do this for all users, I just add each as a -c argument right

yes, that worked. Thank you. I got confused by the no trailing / thing in manpage. If i want to do this for all users, I just add each as a -c argument right

solene commented 2022-09-18 13:54:40 +00:00

Owner

Copy Link

thinking about it, I have no idea if it's possible to add multiple cgi-bin directories. I'd be interested to know if it works if you can try.

The man page example is wrong because it's listing a file :/ , and the trailing slash stuff should be fixed in the code so users don't have to care about it.

thinking about it, I have no idea if it's possible to add multiple cgi-bin directories. I'd be interested to know if it works if you can try. The man page example is wrong because it's listing a file :/ , and the trailing slash stuff should be fixed in the code so users don't have to care about it.

👍 1

solene commented 2022-09-18 13:58:11 +00:00

Owner

Copy Link

I don't think this is going to work, vger supports only one cgi directory at the moment. I think it should be easy to change the code to make it work by giving a path that would be relative to the vhost directories and commong, like -c cgi-bin and then it would lookup for this into each vhost directory. But someone has to write the code.

Could you share your tlsify code? :)

I don't think this is going to work, vger supports only one cgi directory at the moment. I think it should be easy to change the code to make it work by giving a path that would be relative to the vhost directories and commong, like `-c cgi-bin` and then it would lookup for this into each vhost directory. But someone has to write the code. Could you share your tlsify code? :)

aryak commented 2022-09-18 14:02:53 +00:00

Author

Copy Link

tlsify tcp4 :11965 tcp4 :1965 /path/to/cert.pem /path/to/privkey.pem
Its a one-liner, but i also did write a blog post about setting up vger which you might be interested in :), https://vern.cc/blog/vger.html

`tlsify tcp4 :11965 tcp4 :1965 /path/to/cert.pem /path/to/privkey.pem` Its a one-liner, but i also did write a blog post about setting up vger which you might be interested in :), https://vern.cc/blog/vger.html

aryak commented 2022-09-18 14:16:30 +00:00

Author

Copy Link

now i get this error on amfora

 Failed to get header: failed to read
             header: EOF.            

It works perfectly fine with astro (posix shell client) tho.

now i get this error on amfora ``` Failed to get header: failed to read header: EOF. ``` It works perfectly fine with astro (posix shell client) tho.

solene commented 2022-09-18 14:17:26 +00:00

Owner

Copy Link

oh, tlsify is a service, I was imagining it like an inetd service spawning on demand. That's neat.

Vger could be run as a systemd socket service, this may be cleaner and more efficient than xinetd. I should write about it, but as it's not in nixpkgs... I should just write a flake for it :D

oh, tlsify is a service, I was imagining it like an inetd service spawning on demand. That's neat. Vger could be run as a systemd socket service, this may be cleaner and more efficient than xinetd. I should write about it, but as it's not in nixpkgs... I should just write a flake for it :D

solene commented 2022-09-18 14:18:06 +00:00

Owner

Copy Link

Is your amfora error specific on the CGI page or on all pages?

Is your amfora error specific on the CGI page or on all pages?

aryak commented 2022-09-18 14:19:14 +00:00

Author

Copy Link

With netcat, I get virtually the same output for both index.gmi and test.cgi

• test.cgi

20 text/gemini;
# Welcome  to something idk

• index.gmi

20 text/gemini; 
# Welcome  to something idk

With netcat, I get virtually the same output for both index.gmi and test.cgi - test.cgi ``` 20 text/gemini; # Welcome to something idk ``` - index.gmi ``` 20 text/gemini; # Welcome to something idk ```

aryak commented 2022-09-18 14:23:02 +00:00

Author

Copy Link

Is your amfora error specific on the CGI page or on all pages?

only on cgi pages

> Is your amfora error specific on the CGI page or on all pages? only on cgi pages

aryak commented 2022-09-18 14:24:41 +00:00

Author

Copy Link

just checked on lagrange, i get an incomplete header error.

just checked on lagrange, i get an incomplete header error.

aryak commented 2022-09-18 14:57:33 +00:00

Author

Copy Link

@solene is it possible to TLS_CLIENT_HASH btw? seems its needed for a lot of gemini cgi applications

@solene is it possible to TLS_CLIENT_HASH btw? seems its needed for a lot of gemini cgi applications

solene commented 2022-09-20 12:05:26 +00:00

Owner

Copy Link

I don't really know, maybe it's a tlsify problem?

could you try latest vger version? The cgi path can be relative to the base directories / vhosts directories.

Using -c cgi-bin will allow cgi-bin directory in each vhost

see #10 for more information

I don't really know, maybe it's a tlsify problem? could you try latest vger version? The cgi path can be relative to the base directories / vhosts directories. Using `-c cgi-bin` will allow `cgi-bin` directory in each vhost see https://tildegit.org/solene/vger/pulls/10 for more information

👍 1

aryak commented 2022-09-20 12:10:35 +00:00

Author

Copy Link

is there any relayd alternative i can use on GNU/Linux?

is there any relayd alternative i can use on GNU/Linux?

solene commented 2022-09-20 12:12:24 +00:00

Owner

Copy Link

Nginx with its stream module, or haproxy :)

Nginx with its stream module, or haproxy :)

👍 1

solene commented 2022-09-20 12:13:15 +00:00

Owner

Copy Link

I used haproxy to add TLS to gopher, that will work exactly the same with gemini except the ports number ;) https://dataswamp.org/~solene/2019-03-07-haproxy-tls.html

I used haproxy to add TLS to gopher, that will work exactly the same with gemini except the ports number ;) https://dataswamp.org/~solene/2019-03-07-haproxy-tls.html

👍 1

aryak commented 2022-09-20 12:28:15 +00:00

Author

Copy Link

i am still getting invalid headers error on lagrange and amfora even after switching to haproxy

i am still getting invalid headers error on lagrange and amfora even after switching to haproxy

😕 1

aryak commented 2022-09-20 12:29:34 +00:00

Author

Copy Link

I don't really know, maybe it's a tlsify problem?

could you try latest vger version? The cgi path can be relative to the base directories / vhosts directories.

Using -c cgi-bin will allow cgi-bin directory in each vhost

see #10 for more information

cgi-bin fix does work though

> I don't really know, maybe it's a tlsify problem? > > could you try latest vger version? The cgi path can be relative to the base directories / vhosts directories. > > Using `-c cgi-bin` will allow `cgi-bin` directory in each vhost > > see https://tildegit.org/solene/vger/pulls/10 for more information cgi-bin fix does work though

👍 1 🎉 1 🚀 1

solene commented 2022-09-20 12:34:16 +00:00

Owner

Copy Link

i am still getting invalid headers error on lagrange and amfora even after switching to haproxy

This is surprising because I never heard of such issues before. Maybe your CGI program is behaving incorrectly? 🤔

> i am still getting invalid headers error on lagrange and amfora even after switching to haproxy This is surprising because I never heard of such issues before. Maybe your CGI program is behaving incorrectly? 🤔

aryak commented 2022-09-20 12:37:46 +00:00

Author

Copy Link

can you share a sample CGI script that i can try on my side?

can you share a sample CGI script that i can try on my side?

aryak commented 2022-09-20 15:32:27 +00:00

Author

Copy Link

I manged to get it working, the issue was that i didn't add \r in 20 text/gemini part

so instead of printf "20 text/gemini \n" it would be printf "20 text/gemini \r\n"

I manged to get it working, the issue was that i didn't add \r in 20 text/gemini part so instead of `printf "20 text/gemini \n"` it would be `printf "20 text/gemini \r\n"`

aryak closed this issue 2022-09-20 15:59:05 +00:00

aryak commented 2022-09-20 15:59:29 +00:00

Author

Copy Link

thanks for the work on this issue @solene and @prx!

thanks for the work on this issue @solene and @prx!

solene commented 2022-09-20 16:15:15 +00:00

Owner

Copy Link

I'm glad it worked for you :) indeed, gemini is strict for the \r\n ^^'

I'm glad it worked for you :) indeed, gemini is strict for the `\r\n` ^^'

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

relative_cgi

haskell

enable_ci

bazel_build

2.0.1

2.0.0

1.11

1.10

1.09

1.08

1.07

1.06

1.05

1.04

1.03

1.02

1.01

1.00

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

3 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: solene/vger#9

No description provided.