CGI and Internal Server Errors

[scrusi]

Update: disabling suexec solves the problem. This doesn't feel like a good solution, however.

[jolson]

Well, since disabling suexec resolves the issue, we can begin to gear our troubleshooting toward suexec.

I found the following fix in a mailing list:

It was suexec after all. Once I moved nagios up two more directory levels to /var/www/vhosts/default/nagios and
got the owner of the sbin content to match the owner of the virtual host
directory it worked.

Please give the above a shot and let us know how it works out.

[scrusi]

Not sure how I would go about that. According to the httpd.conf (now nagios.conf), the document root for Nagios is in /usr/local/nagios/share (as per: Alias /nagios "/usr/local/nagios/share") while the scripts can be found in /usr/local/nagios/sbin (as per: ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin")

The actual document root for each vhost is in /var/www/vhosts/myserver/myvhost.

i just tried the following:

Code: Select all

$ cp /usr/local/nagios/sbin /usr/local/nagios/shared/cgi-bin
$ chown -R nagios:nagios /usr/local/nagios/shared/cgi-bin 

and changed the nagios.conf to read:

Code: Select all

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/cgi-bin"
<Directory "/usr/local/nagios/cgi-bin">

all that did was to change the 500 to a 403 forbidden. (Even though the dir and files had 755 permission)

Also tried moving the whole nagios folder into the docroot, modifying nagios.conf as follows:

Code: Select all

ScriptAlias /nagios/cgi-bin "/var/www/vhosts/myserver/httpdocs/nagios/cgi-bin"

<Directory "/var/www/vhosts/myserver/httpdocs/nagios/cgi-bin">
#  SSLRequireSSL
   SetHandler cgi-script
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/var/www/vhosts/myserver/httpdocs/nagios/share"

<Directory "/var/www/vhosts/myserver/httpdocs/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

and running chmod 750 on the cgi-bin directory. (at 755 suexec complained about the dir being writable by others). Now the error has changed to:

Code: Select all

[2015-06-16 17:42:53]: cannot get docroot information (10000)

Which, of course, still throws a 500.

[abrist]

Can run the following? I want to what modules are running and how apache is parsing the vhosts:

Code: Select all

httpd -M
httpd -S

[scrusi]

Sure!

Code: Select all

sudo apachectl -M
AH00548: NameVirtualHost has no effect and will be removed in the next release /                                                                                                                                                             etc/apache2/plesk.conf.d/server.conf:6
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fcgid_module (shared)
 filter_module (shared)
 headers_module (shared)
 include_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 perl_module (shared)
 php5_module (shared)
 python_module (shared)
 rewrite_module (shared)
 security2_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)
 suexec_module (shared)
 unique_id_module (shared)
 userdir_module (shared)

Code: Select all

$ sudo apachectl -S
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/plesk.conf.d/server.conf:6
VirtualHost configuration:
myip:443      is a NameVirtualHost
         default server myserver (/etc/apache2/plesk.conf.d/ip_default/myserver.conf:10)
         port 443 namevhost myserver (/etc/apache2/plesk.conf.d/ip_default/myserver.conf:10)
                 alias www.myserver
                 alias ipv4.myserver
         port 443 namevhost default-my_ip (/etc/apache2/plesk.conf.d/server.conf:97)
         port 443 namevhost lists (/etc/apache2/plesk.conf.d/server.conf:156)
                 wild alias lists.*
         port 443 namevhost horde.webmail (/etc/apache2/plesk.conf.d/horde.conf:40)
                 wild alias horde.webmail.*
         port 443 namevhost myfirstdomain (/etc/apache2/plesk.conf.d/vhosts/myfirstdomain.conf:10)
                 alias www.myfirstdomain
                 alias ipv4.myfirstdomain
         port 443 namevhost myseconddomain (/etc/apache2/plesk.conf.d/vhosts/myseconddomain.conf:10)
                 alias www.myseconddomain
                 alias ipv4.myseconddomain
myip:80       is a NameVirtualHost
         default server myserver (/etc/apache2/plesk.conf.d/ip_default/myserver.conf:130)
         port 80 namevhost myserver (/etc/apache2/plesk.conf.d/ip_default/myserver.conf:130)
                 alias www.myserver
                 alias ipv4.myserver
         port 80 namevhost default (/etc/apache2/plesk.conf.d/server.conf:64)
         port 80 namevhost lists (/etc/apache2/plesk.conf.d/server.conf:130)
                 wild alias lists.*
         port 80 namevhost horde.webmail (/etc/apache2/plesk.conf.d/horde.conf:6)
                 wild alias horde.webmail.*
         port 80 namevhost myfirstdomain (/etc/apache2/plesk.conf.d/vhosts/myfirstdomain.conf:134)
                 alias www.myfirstdomain
                 alias ipv4.myfirstdomain
         port 80 namevhost myseconddomain (/etc/apache2/plesk.conf.d/vhosts/myseconddomain.conf:130)
                 alias www.myseconddomain
                 alias ipv4.myseconddomain
*:80                   myserver (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/vhosts/default/htdocs"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODPERL2
Define: MODSEC_2.5
Define: MODSEC_2.8
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33

myserver, myip etc are of course anonymized in this log.

[scrusi]

Alright, I seem to have a solution, of sorts.

Did the following:

Code: Select all

$ cp -p /usr/local/nagios/sbin/* /var/www/vhosts/myserver/httpdocs/cgi-bin
$ chown [user that plesk set up]:psacln /var/www/vhosts/myserver/httpdocs/cgi-bin/*

Note: I had it set up as nagios:nagios first, but that caused suexec to throw a uid/gid mismatch
Note: The user is the owner of /var/www/vhosts/myserver
Then I modified my nagios.conf to

Code: Select all

ScriptAlias /nagios/cgi-bin "/var/www/vhosts/myserver/httpdocs/cgi-bin"
#ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
#<Directory "/usr/local/nagios/sbin">
<Directory "/var/www/vhosts/myserver/httpdocs/cgi-bin">

and voila!
So suexec seems to limit cgi location and ownership in a way that is not compatible with the standard nagios setup.

Thanks so much for your help and patience in figuring this out

[scrusi]

Did one additional modification now:

Moved the nagios .cgis into cgi-bin/nagios and modified the nagios.conf accordingly.
so it looks like this now:

Code: Select all

ScriptAlias /nagios/cgi-bin "/var/www/vhosts/myserver/httpdocs/cgi-bin/nagios"
#ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
#<Directory "/usr/local/nagios/sbin">
<Directory "/var/www/vhosts/myserver/httpdocs/cgi-bin/nagios">

Code: Select all

$ls -l /var/www/vhosts/myserver/httpdocs/cgi-bin/nagios
total 5140
-rwxr-xr-x 1 [username] psacln 320576 Jun 11 11:02 archivejson.cgi
-rwxr-xr-x 1 [username] psacln 301880 Jun 11 11:02 avail.cgi
-rwxr-xr-x 1 [username] psacln 300296 Jun 11 11:02 cmd.cgi
-rwxr-xr-x 1 [username] psacln 273136 Jun 11 11:02 config.cgi
-rwxr-xr-x 1 [username] psacln 314136 Jun 11 11:02 extinfo.cgi
-rwxr-xr-x 1 [username] psacln 265128 Jun 11 11:02 histogram.cgi
-rwxr-xr-x 1 [username] psacln 244504 Jun 11 11:02 history.cgi
-rwxr-xr-x 1 [username] psacln 244496 Jun 11 11:02 notifications.cgi
-rwxr-xr-x 1 [username] psacln 318272 Jun 11 11:02 objectjson.cgi
-rwxr-xr-x 1 [username] psacln 236264 Jun 11 11:02 outages.cgi
-rwxr-xr-x 1 [username] psacln 240376 Jun 11 11:02 showlog.cgi
-rwxr-xr-x 1 [username] psacln 314160 Jun 11 11:02 status.cgi
-rwxr-xr-x 1 [username] psacln 316416 Jun 11 11:02 statusjson.cgi
-rwxr-xr-x 1 [username] psacln 261088 Jun 11 11:02 statusmap.cgi
-rwxr-xr-x 1 [username] psacln 256816 Jun 11 11:02 statuswml.cgi
-rwxr-xr-x 1 [username] psacln 240400 Jun 11 11:02 statuswrl.cgi
-rwxr-xr-x 1 [username] psacln 265024 Jun 11 11:02 summary.cgi
-rwxr-xr-x 1 [username] psacln 252736 Jun 11 11:02 tac.cgi
-rwxr-xr-x 1 [username] psacln 269224 Jun 11 11:02 trends.cgi

[jolson]

Thank you for reporting back with your solution - I'm sure it will be useful for someone with a similar problem in the future. Do you have anything else to add before we lock this thread up?

[scrusi]

Nothing I can think of. Lock away

[sinkak]

Hi,
i have similar problem.
i checked your post.
i have this

in apache2.conf

Code: Select all

ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios| /usr/local/nagios/etc/stylesheets)>

Code: Select all

ubuntu@nagios-2015:/usr/lib/cgi-bin/nagios$ ls -l
total 3664
-rwxr-xr-x 1 root root 268360 Aug  4 18:26 avail.cgi
-rwxr-xr-x 1 root root 266920 Aug  4 18:26 cmd.cgi
-rwxr-xr-x 1 root root 235504 Aug  4 18:26 config.cgi
-rwxr-xr-x 1 root root 280608 Aug  4 18:26 extinfo.cgi
-rwxr-xr-x 1 root root 231496 Aug  4 18:26 histogram.cgi
-rwxr-xr-x 1 root root 206880 Aug  4 18:26 history.cgi
-rwxr-xr-x 1 root root 206880 Aug  4 18:26 notifications.cgi
-rwxr-xr-x 1 root root 198648 Aug  4 18:26 outages.cgi
-rwxr-xr-x 1 root root 202752 Aug  4 18:26 showlog.cgi
-rwxr-xr-x 1 root root 276512 Aug  4 18:26 status.cgi
-rwxr-xr-x 1 root root 227376 Aug  4 18:26 statusmap.cgi
-rwxr-xr-x 1 root root 219168 Aug  4 18:26 statuswml.cgi
-rwxr-xr-x 1 root root 206880 Aug  4 18:26 statuswrl.cgi
-rwxr-xr-x 1 root root 231504 Aug  4 18:26 summary.cgi
-rwxr-xr-x 1 root root 223304 Aug  4 18:26 tac.cgi
-rwxr-xr-x 1 root root 235600 Aug  4 18:26 trends.cgi

i tried all of these

Code: Select all

sudo chown nagios:nagios /usr/lib/cgi-bin/nagios/*
sudo chown www-data:www-data /usr/lib/cgi-bin/nagios/*
sudo chown ubuntu:ubuntu /usr/lib/cgi-bin/nagios/*

restarted nagios and apache2.
still no change.