I like the idea. Unfortunately the diff does not apply.
On Thu, Jan 09, 2020 at 06:10:24AM +0100, Nazar Zhuk wrote:
> httpd(8) expects FastCGI processes to have the same chroot as httpd. I
> propose a feature that allows multiple FastCGI processes chrooted in
> separate directories under /var/www (/var/www/site1, /var/www/site2, etc.)
> This would better isolate multiple applications.
>
> Configuration:
>
> fastcgi strip <number>
>
> strips <number> path components from the beginning of DOCUMENT_ROOT and
> SCRIPT_FILENAME. So the FastCGI server gets /script instead of
> /siteX/script.
>
> I tested this with php-fpm.
>
> Please consider including in httpd(8).
>
>
> Index: httpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.107
> diff -u -p -u -r1.107 httpd.conf.5
> --- httpd.conf.5 8 May 2019 21:46:56 -0000 1.107
> +++ httpd.conf.5 9 Jan 2020 05:01:57 -0000
> @@ -300,6 +300,10 @@ Alternatively if
> the FastCGI handler is listening on a TCP socket,
> .Ar socket
> starts with a colon followed by the TCP port number.
> +.It Ic strip Ar number
> +Strip
> +.Ar number
> +path components from the beginning of DOCUMENT_ROOT and SCRIPT_FILENAME
> before sending them to the FastCGI server. This allows FastCGI server chroot
> to be a directory under httpd chroot.
> .It Ic param Ar variable value
> Sets a variable that will be sent to the FastCGI server.
> Each statement defines one variable.
> Index: httpd.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
> retrieving revision 1.145
> diff -u -p -u -r1.145 httpd.h
> --- httpd.h 8 May 2019 19:57:45 -0000 1.145
> +++ httpd.h 9 Jan 2020 05:01:57 -0000
> @@ -547,6 +547,7 @@ struct server_config {
> uint8_t hsts_flags;
>
> struct server_fcgiparams fcgiparams;
> + int fcgistrip;
>
> TAILQ_ENTRY(server_config) entry;
> };
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/parse.y,v
> retrieving revision 1.113
> diff -u -p -u -r1.113 parse.y
> --- parse.y 28 Jun 2019 13:32:47 -0000 1.113
> +++ parse.y 9 Jan 2020 05:01:58 -0000
> @@ -689,6 +689,13 @@ fcgiflags : SOCKET STRING {
> param->name, param->value);
> TAILQ_INSERT_HEAD(&srv_conf->fcgiparams, param, entry);
> }
> + | STRIP NUMBER {
> + if ($2 < 0 || $2 > INT_MAX) {
> + yyerror("invalid fastcgi strip number");
> + YYERROR;
> + }
> + srv_conf->fcgistrip = $2;
> + }
> ;
>
> connection : CONNECTION '{' optnl conflags_l '}'
> Index: server_fcgi.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
> retrieving revision 1.80
> diff -u -p -u -r1.80 server_fcgi.c
> --- server_fcgi.c 8 May 2019 21:41:06 -0000 1.80
> +++ server_fcgi.c 9 Jan 2020 05:01:58 -0000
> @@ -241,7 +241,9 @@ server_fcgi(struct httpd *env, struct cl
> errstr = "failed to encode param";
> goto fail;
> }
> - if (fcgi_add_param(¶m, "SCRIPT_FILENAME", script, clt) == -1) {
> + if (fcgi_add_param(¶m, "SCRIPT_FILENAME",
> + server_root_strip(script, srv_conf->fcgistrip),
> + clt) == -1) {
> errstr = "failed to encode param";
> goto fail;
> }
> @@ -257,7 +259,8 @@ server_fcgi(struct httpd *env, struct cl
> goto fail;
> }
>
> - if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root,
> + if (fcgi_add_param(¶m, "DOCUMENT_ROOT",
> + server_root_strip(srv_conf->root, srv_conf->fcgistrip),
> clt) == -1) {
> errstr = "failed to encode param";
> goto fail;
>
--
I'm not entirely sure you are real.
