Назад | Перейти на главную страницу

mod_fcgid: ошибка чтения данных с сервера FastCGI / 500 Internal Server Error

Я пытаюсь настроить сервер IIPImage, но изображения не отображаются: https://oooledge.de/wisski_views/b719fd1ac3844863103c508912965b883443

Сначала логи, конфиги, модули и разрешения:

suexec.log

[2019-08-16 07:34:11]: uid: (10000/rnsrk) gid: (1003/1003) cmd: cgi_wrapper
[2019-08-16 13:22:11]: uid: (10000/rnsrk) gid: (1003/1003) cmd: iipsrv.fcgi
[2019-08-16 13:22:11]: command iipsrv.fcgi not in docroot (10000)

apache2 error.log

[Fri Aug 16 14:02:13.594904 2019] [fcgid:warn] [pid 18488:tid 139942348928768] (104)Connection reset by peer: [client 85.239.100.129:34372] mod_fcgid: error reading data from FastCGI server
[Fri Aug 16 14:02:13.594973 2019] [core:error] [pid 18488:tid 139942348928768] [client 85.239.100.129:34372] End of script output before headers: iipsrv.fcgi

это мой http.conf

<IfModule mod_ssl.c>

    <VirtualHost 91.250.115.48:443 >
        ServerName "oooledge.de:443"
        ServerAlias "www.oooledge.de"
        ServerAlias "ipv4.oooledge.de"
        UseCanonicalName Off

        DocumentRoot "/var/www/vhosts/oooledge.de/httpdocs"
        CustomLog /var/www/vhosts/system/oooledge.de/logs/access_ssl_log plesklog
        ErrorLog "/var/www/vhosts/system/oooledge.de/logs/error_log"

        <IfModule mod_suexec.c>
            SuexecUserGroup "rnsrk" "psacln"
        </IfModule>

        <IfModule mod_userdir.c>

            UserDir "/var/www/vhosts/oooledge.de/web_users/*"
        </IfModule>


        Alias "/plesk-stat" "/var/www/vhosts/system/oooledge.de/statistics"
        <Location  /plesk-stat/>
            Options +Indexes
        </Location>
        <Location  /plesk-stat/logs/>
            Require valid-user
        </Location>
        Alias /webstat /var/www/vhosts/system/oooledge.de/statistics/webstat
        Alias /webstat-ssl /var/www/vhosts/system/oooledge.de/statistics/webstat-ssl
        Alias /ftpstat /var/www/vhosts/system/oooledge.de/statistics/ftpstat
        Alias /anon_ftpstat /var/www/vhosts/system/oooledge.de/statistics/anon_ftpstat
        Alias /awstats-icon /usr/share/awstats/icon

        <IfModule mod_fcgid.c>
            FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/oooledge.de/etc/php.ini
            FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
            FcgidMaxRequestLen 134217728
            FcgidIOTimeout 240
        </IfModule>

        TimeOut 240
        <Directory /var/www/vhosts/oooledge.de/httpdocs>

            <IfModule mod_fcgid.c>
                <Files ~ (\.fcgi$)>
                    SetHandler fcgid-script
                    Options +ExecCGI
                </Files>
            </IfModule>
            <IfModule mod_fcgid.c>
                <Files ~ (\.php$)>
                    SetHandler fcgid-script
                    FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
                    Options +ExecCGI
                </Files>
            </IfModule>

            SSLRequireSSL

            Options -Includes -ExecCGI

        </Directory>

        <Directory "/var/www/vhosts/system/oooledge.de/statistics">
            AuthType Basic
            AuthName "Domainstatistiken"
            AuthUserFile "/var/www/vhosts/system/oooledge.de/pd/d..httpdocs@plesk-stat"
            require valid-user
        </Directory>

        Alias /error_docs /var/www/vhosts/oooledge.de/error_docs
        ErrorDocument 400 /error_docs/bad_request.html
        ErrorDocument 401 /error_docs/unauthorized.html
        ErrorDocument 403 /error_docs/forbidden.html
        ErrorDocument 404 /error_docs/not_found.html
        ErrorDocument 500 /error_docs/internal_server_error.html
        ErrorDocument 405 /error_docs/method_not_allowed.html
        ErrorDocument 406 /error_docs/not_acceptable.html
        ErrorDocument 407 /error_docs/proxy_authentication_required.html
        ErrorDocument 412 /error_docs/precondition_failed.html
        ErrorDocument 414 /error_docs/request_uri_too_long.html
        ErrorDocument 415 /error_docs/unsupported_media_type.html
        ErrorDocument 501 /error_docs/not_implemented.html
        ErrorDocument 502 /error_docs/bad_gateway.html
        ErrorDocument 503 /error_docs/maintenance.html

        IncludeOptional "/opt/psa/admin/conf/file_sharing.conf*"

        IncludeOptional "/var/www/vhosts/system/oooledge.de/conf/siteapp.d/*.conf"

        DirectoryIndex "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml"

        Include "/var/www/vhosts/system/oooledge.de/conf/vhost_ssl.conf"

        <Directory /var/www/vhosts/oooledge.de>
            AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,SymLinksIfOwnerMatch,MultiViews,FollowSymLinks,ExecCGI,Includes,IncludesNOEXEC
        </Directory>

        <IfModule mod_headers.c>
        </IfModule>

        #extension letsencrypt begin
        Alias /.well-known/acme-challenge "/var/www/vhosts/default/htdocs/.well-known/acme-challenge"

        <Location /.well-known/acme-challenge/>
            # Require all granted
            Order Deny,Allow
            Allow from all
            Satisfy any
        </Location>

        <LocationMatch "^/.well-known/acme-challenge/(.*/|)\.">
            # Require all denied
            Order Allow,Deny
            Deny from all
        </LocationMatch>
        #extension letsencrypt end
    </VirtualHost>

</IfModule>

<VirtualHost 91.250.115.48:80 >
    ServerName "oooledge.de:80"
    ServerAlias "www.oooledge.de"
    ServerAlias "ipv4.oooledge.de"
    UseCanonicalName Off

    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
    </IfModule>
</VirtualHost>

и мой iipsrv.conf (включен вместе с httpd.conf)

<IfModule mod_headers.c>
#Header set BASE_URL "https://oooledge.de/"
</IfModule>

# Create a directory for the iipsrv binary
ScriptAlias /fcgi-bin/ "/var/www/fcgi-bin/"

# Set the options on that directory
<Directory "/var/www/vhosts/fcgi-bin">
   AllowOverride None
   Options None
  # Syntax for access is different in Apache 2.4 - uncomment appropriate version
  # Apache 2.2
  #   Order allow,deny
  #   Allow from all

  # Apache 2.4
  Require all granted

  # Set the module handler
  AddHandler fcgid-script .fcgi
</Directory>

# Set our environment variables for the IIP server
FcgidInitialEnv VERBOSITY "5"
FcgidInitialEnv LOGFILE "/var/www/vhosts/oooledge.de/logs/iipsrv.log"
FcgidInitialEnv MAX_IMAGE_CACHE_SIZE "10"
FcgidInitialEnv JPEG_QUALITY "50"
FcgidInitialEnv MAX_CVT "3000"
#FcgidInitialEnv BASE_URL "/var/www/vhosts/oooledge.de/httpdocs"

# Define the idle timeout as unlimited and the number of # processes we want
FcgidIdleTimeout 0
FcgidMaxProcessesPerClass 1
#FcgidBusyTimeout 600
#FcgidIOTimeout 600
#FcgidConnectTimeout 600

разрешение на /var/www/fcgi-bin/iipsrv.fcgi

-rwxr-xr-x 1 root root 6238368 Aug 15 12:52 iipsrv.fcgi

модули apache

 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 core_module (static)
 dav_fs_module (shared)
 dav_lock_module (shared)
 dav_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fcgid_module (shared)
 filter_module (shared)
 headers_module (shared)
 http_module (static)
 include_module (shared)
Loaded Modules:
 log_config_module (static)
 logio_module (static)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 perl_module (shared)
 proxy_fcgi_module (shared)
 proxy_module (shared)
 python_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 so_module (static)
 ssl_module (shared)
 status_module (shared)
 suexec_module (shared)
 unixd_module (static)
 userdir_module (shared)
 version_module (static)
 watchdog_module (static)

Консольный вывод при доступе к стороне с использованием сервера IIPImage говорит:

Request to access cookie or storage on “https://cdnjs.cloudflare.com/ajax/libs/fontfaceobserver/2.0.8/fontfaceobserver.js” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.  
Request to access cookie or storage on “https://91.250.115.48/fcgi-bin/iipsrv.fcgi?IIIF=/var/www/vho…/6fc3a3383f93b67653e39d938f661ccf.jpg/full/55,/0/default.jpg” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.  
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://91.250.115.48/fcgi-bin/iipsrv.fcgi?IIIF=/var/www/vho…sski_original/f1ec174f5a432be36edba208076f03a8.jpg/info.json. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).  
Source-Map-Fehler: request failed with status 404
Ressourcen-Adresse: https://oooledge.de/libraries/mirador/build/mirador/mirador.js?pwa674
Source-Map-Adresse: openseadragon.js.map

Я могу представить, почему это не работает по нескольким причинам:

1) Я могу связаться с сервером по IP-адресу: https://91.250.115.48/fcgi-bin/iipsrv.fcgi , но получите внутреннюю ошибку 500, попробовав путь к домену: https://oooledge.de/fcgi-bin/iipsrv.fcgi

Возможно, это должно что-то делать с base_urls или с разрешением IP в домен.

2) docroot и suexec
Поскольку в suexec.log упоминается docroot, я попытался найти свой docroot для suexec, но

suexec -V 

не сработало (suexec: команда не найдена)

Я установил пакет suexec-custom (suexec -V по-прежнему не работает), и у меня есть файл / etc / apache2 / suexec / www-data с таким содержимым:

/var/www/cgi-bin
/var/www
/var/www/fcgi-bin

# The first two lines contain the suexec document root and the suexec userdir
# suffix. If one of them is disabled by prepending a # character, suexec will
# refuse the corresponding type of request.
# This config file is only used by the apache2-suexec-custom package. See the
# suexec man page included in the package for more details.

3) Access-Control-Allow-Origin
Поскольку консольный вывод https://oooledge.de/wisski_views/b719fd1ac3844863103c508912965b883443 говорит что-то о

Я пробовал использовать тайм-аут и так далее, упомянутые в других сообщениях, но не думаю, что это проблема с задержкой.
Спасибо за помощь!

Ответ заключается в использовании среды Plesk. Plesk 17.8.11 имеет собственные конфигурации для suexec, и изменить настройки невозможно, поэтому решение состоит в том, чтобы не использовать Plesk, если вам нужны собственные конфигурации suexec, docroot и т. Д.