I like the idea. Unfortunately the diff does not apply. On Thu, Jan 09, 2020 at 06:10:24AM +0100, Nazar Zhuk wrote: > httpd(8) expects FastCGI processes to have the same chroot as httpd. I > propose a feature that allows multiple FastCGI processes chrooted in > separate directories under /var/www (/var/www/site1, /var/www/site2, etc.) > This would better isolate multiple applications. > > Configuration: > > fastcgi strip <number> > > strips <number> path components from the beginning of DOCUMENT_ROOT and > SCRIPT_FILENAME. So the FastCGI server gets /script instead of > /siteX/script. > > I tested this with php-fpm. > > Please consider including in httpd(8). > > > Index: httpd.conf.5 > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.107 > diff -u -p -u -r1.107 httpd.conf.5 > --- httpd.conf.5 8 May 2019 21:46:56 -0000 1.107 > +++ httpd.conf.5 9 Jan 2020 05:01:57 -0000 > @@ -300,6 +300,10 @@ Alternatively if > the FastCGI handler is listening on a TCP socket, > .Ar socket > starts with a colon followed by the TCP port number. > +.It Ic strip Ar number > +Strip > +.Ar number > +path components from the beginning of DOCUMENT_ROOT and SCRIPT_FILENAME > before sending them to the FastCGI server. This allows FastCGI server chroot > to be a directory under httpd chroot. > .It Ic param Ar variable value > Sets a variable that will be sent to the FastCGI server. > Each statement defines one variable. > Index: httpd.h > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v > retrieving revision 1.145 > diff -u -p -u -r1.145 httpd.h > --- httpd.h 8 May 2019 19:57:45 -0000 1.145 > +++ httpd.h 9 Jan 2020 05:01:57 -0000 > @@ -547,6 +547,7 @@ struct server_config { > uint8_t hsts_flags; > > struct server_fcgiparams fcgiparams; > + int fcgistrip; > > TAILQ_ENTRY(server_config) entry; > }; > Index: parse.y > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/parse.y,v > retrieving revision 1.113 > diff -u -p -u -r1.113 parse.y > --- parse.y 28 Jun 2019 13:32:47 -0000 1.113 > +++ parse.y 9 Jan 2020 05:01:58 -0000 > @@ -689,6 +689,13 @@ fcgiflags : SOCKET STRING { > param->name, param->value); > TAILQ_INSERT_HEAD(&srv_conf->fcgiparams, param, entry); > } > + | STRIP NUMBER { > + if ($2 < 0 || $2 > INT_MAX) { > + yyerror("invalid fastcgi strip number"); > + YYERROR; > + } > + srv_conf->fcgistrip = $2; > + } > ; > > connection : CONNECTION '{' optnl conflags_l '}' > Index: server_fcgi.c > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v > retrieving revision 1.80 > diff -u -p -u -r1.80 server_fcgi.c > --- server_fcgi.c 8 May 2019 21:41:06 -0000 1.80 > +++ server_fcgi.c 9 Jan 2020 05:01:58 -0000 > @@ -241,7 +241,9 @@ server_fcgi(struct httpd *env, struct cl > errstr = "failed to encode param"; > goto fail; > } > - if (fcgi_add_param(¶m, "SCRIPT_FILENAME", script, clt) == -1) { > + if (fcgi_add_param(¶m, "SCRIPT_FILENAME", > + server_root_strip(script, srv_conf->fcgistrip), > + clt) == -1) { > errstr = "failed to encode param"; > goto fail; > } > @@ -257,7 +259,8 @@ server_fcgi(struct httpd *env, struct cl > goto fail; > } > > - if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root, > + if (fcgi_add_param(¶m, "DOCUMENT_ROOT", > + server_root_strip(srv_conf->root, srv_conf->fcgistrip), > clt) == -1) { > errstr = "failed to encode param"; > goto fail; >
-- I'm not entirely sure you are real.