nginx + spawn-fcgi正在提供原始cgi(二进制)文件内容(不执行它们)

时间:2015-04-01 02:17:49

标签: nginx cgi nagios spawn-fcgi

我努力想弄清楚为什么我的nginx + spawn-fastcgi正在提供原始二进制内容而不是执行它们并提供结果。

目标是使用NginX配置Nagios Core 4.x.有很多很棒的博客;但没有人能解释我的问题。

我目前正在使用CentOS 6.6 NginX v1.0.15,spawn-fcgi v1.6.3和php(php-fpm)v5.4.30。

PHP文件托管效果很好(php-fpm),**它只是spawn-fcgi内容我有一个问题,我负责服务/ cgi-bin / * .cgi文件。这是我的spwn-fcgi环境:

cat << _EOF > /etc/sysconfig/spawn-fcgi
OPTIONS="-u apache -g apache -a 127.0.0.1 -p 9001 -C 32 -F 1 -P /var/run/spawn-fcgi.pid -- /usr/bin/php-cgi"
_EOF

我的NginX配置:

server {
   listen 80;
   server_name monitor.mydomain.com;
   return 301 https://$server_name$request_uri;
}

server {
   listen 443;

   # Satisfy allows us to bypass authentication
   # for allowed ip addresses
   satisfy any;
   # Local Traffic only
   allow   192.168.0.0/24;
   allow   127.0.0.0/8;
   # drop rest of the world
   deny    all;

   server_name monitor.mydomain.com;
   root /usr/share/nagios;

   ssl_session_timeout  5m;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
   ssl_prefer_server_ciphers on;
   ssl_session_cache  builtin:1000  shared:SSL:10m;

   ssl on;
   ssl_certificate      /etc/pki/tls/certs/mydomain.com.crt;
   ssl_certificate_key  /etc/pki/tls/private/mydomain.com.key;

   index  index.php index.html index.htm;

   access_log  /var/log/nginx/nagios.access.log;
   error_log /var/log/nginx/nagios.error.log;

   # Security
   auth_basic            "Restricted Area";
   auth_basic_user_file  mynagios.htpasswd;

   location ~ \.htaccess {
      deny all;
   }

   location / { 
      if ($uri ~* "\.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$") {
         expires max;
         break;
      }
   }

   error_page  404              /404.html;
   location = /404.html {
      root   /usr/share/nginx/html;
   }

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
      root   /usr/share/nginx/html;
   }

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   location ~ \.php$ {
      try_files $uri = 404;

      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass   127.0.0.1:9000;
      fastcgi_index  index.php;
      fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
      include        fastcgi_params;
   }

   #location ~ \.cgi$ {
   location /nagios/cgi-bin/ {
      root   /usr/lib64/nagios/cgi;
      rewrite ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break;

      fastcgi_param  AUTH_USER $remote_user;
      fastcgi_param  REMOTE_USER $remote_user;
      fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
      #fastcgi_pass unix:/var/run/php-fcgi.sock;
      fastcgi_pass   127.0.0.1:9001;
      include      fastcgi_params;
   }
}

有问题的工具正在运行:

[root@fserver conf.d]# netstat -pnat | egrep '900(0|1)'
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      9054/php-fpm        
tcp        0      0 127.0.0.1:9001              0.0.0.0:*                   LISTEN      28888/php-cgi

再次,简而言之;这个配置几乎是&#39;工作得很好,但像https://monitor.mydomain.com/nagios/cgi-bin/status.cgi这样的请求服务于内容:

ELF>... <raw ugly content>

还值得注意的是 使用SELinux(为Nagios编写了我自己的模块),但已经禁用它(所有SELinux),直到我能解决这个cgi问题。

你们可以提供的任何建议都太棒了! TIA

1 个答案:

答案 0 :(得分:0)

我认为问题出来了;如果有人遇到与我相同的问题,那是因为没有使用fcgiwrap。我只是按照说明编写了它。

使用fcgiwrap允许我执行返回的代码spawn-fcgi而不是显示原始数据(我的问题):

cat << _EOF > /etc/sysconfig/spawn-fcgi
OPTIONS="-u apache -g apache -a 127.0.0.1 -p 9001 -f /usr/sbin/fcgiwrap -P /var/run/spawn-fcgi.pid"
_EOF

# Now restart spawn-fcgi
service spawn-fcgi restart