tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: CGIServlet - php
Date Sat, 03 Sep 2011 22:53:42 GMT
----- Original Message -----

> From: throwsCode <donmillhofer@yahoo.com>
> To: users@tomcat.apache.org
> Cc: 
> Sent: Saturday, September 3, 2011 11:44 AM
> Subject: Re: CGIServlet - php
> 
> 
> Wow thanks Konstantin a lot of good questions and suggestions.  Please give
> me some time to put together a cogent reply.  I have looked at hundreds of
> documents and thousands of Internet pages so it will take me some time to
> filter the ones that I thought applied and actually tried.
> 
> With regard to Tomcat 7 the main document is CGI How To (very small) this I
> believe I implemented, no joy.  The second document that had some value was
> the CGIServlet Class document.  I did go through FAQ and copied some stuff
> but its not at my finger tips, I'll include the references in my reply.  
> 
> With regard to your comments on php.ini it is exactly this lack of clarity
> that frustrates me.  You start moving each of these pieces of the puzzle to
> different places in the system based on well meaning comments from the
> Internet or any other source and you are sure to become lost.  Basically its
> a hope I get the right combination approach.  
> 
> Don't get me wrong I am most thankful for the suggestions but it is not the
> kind of direction I hope to get from an Apache project.  I know the
> CGIServlet document defines itself as a beta effort - which apparently it
> has been for four or five years.  I think its time for Tomcat to decide
> emough already our core target market does not need this capability, drop
> it; or maybe it is important to a significant portion of our market, support
> it.  Living in the land of in between is serving no one well.
> 
> My desire is to make this capability available in my development environment
> (Eclipse / Tomcat).  Essentially I want to test as much of the php
> component/application as I can before deploying them to a client's
> production environment which I doubt will be Tomcat.
> 
> Much thanks, please expect a reply to your questions by Monday.
> 
> TC
> -- 

OK, this is unbelievably ugly, insecure (according to the PHP web site), and all around unpleasant.

I would certainly run an Apache HTTPD server with the PHP module added.

I would also use NetBeans. NetBeans 6.9.1 and 7.0.1 both have pretty good support for PHP,
including code completion, various frameworks (Zend, Symfony, Smarty), and documentation help.

That being said, here's how to get it running under the following environment. You're on your
own for Eclipse.

Environment:

OS:       Fedora 15
JDK/JRE:  1.6.0_26
Tomcat:   7.0.19
PHP:      5.3.6
NetBeans: 7.0.1


A. Getting php-cgi set insecurely

First of all, you'll need to use php-cgi in order to deal with all of the HTML header information.
With most modern PHP installations this presents a problem under anything other than Apache
HTTPD. Due to security constraints, cgi.force_redirect is compiled in to prevent people from
calling php scripts directly. See:


http://php.net/manual/en/security.cgi-bin.php

http://php.net/manual/en/security.cgi-bin.force-redirect.php


Initially I thought you could get around this by editing php.ini, but this did not appear
to work (note - this may be due to me leaving rw permissions on php.ini). Also, you would
have to either alter the system-wide php.ini (not recommended) or add another init-param in
web.xml to point php-cgi to the altered php.ini. However, what does work is setting an environment
variable and making php-cgi aware of this. To do this:

1. Create a file called setenv.sh in $CATALINA_HOME/bin if you don't already have one.
2. Add the following:

REDIRECT_STATUS=0

export REDIRECT_STATUS

You'll need to start Tomcat with the startup and shutdown scripts unless Eclipse does the
right thing with setenv.sh

B. Configure context.xml

From the Tomcat documentation at:

http://tomcat.apache.org/tomcat-7.0-doc/cgi-howto.html


you'll need to set priviledged="true" in context.xml.

1. Create a context.xml file in META-INF of your web application project
2. Put the following minimal content in the file

<?xml version="1.0" encoding="UTF-8"?>
<Context privileged="true"/>

C. Configure web.xml

I put everything into my web application's web.xml since I didn't want this capability across
all of my applications. I basically copied the section from $CATALINA_HOME/conf/web.xml and
made some changes. Here's what I came up with.

    <servlet>
        <servlet-name>cgi</servlet-name>
        <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>cgiPathPrefix</param-name>
            <param-value>/</param-value>
        </init-param>
        <init-param>
            <param-name>executable</param-name>
            <param-value>/usr/bin/php-cgi</param-value>
        </init-param>
        <init-param>
            <param-name>passShellEnvironment</param-name>
            <param-value>true</param-value>
        </init-param>
        <load-on-startup>5</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>cgi</servlet-name>
        <url-pattern>*.php</url-pattern>
    </servlet-mapping>

A few notes are in order.

1. In order to not mangle paths, I set the cgiPathPrefix to /

This means that the search path will be /<WebApp>/ and I can place PHP files in whatever
directory makes sense for the application.

2. The executable by default is perl. This has to be changed to php-cgi.

Do not use plain PHP. Plain PHP will only generate text files. While it will work, you won't
get any styling.

3. passShellEnvironment must be set to true

This is the key. It allows the environment variable set in $CATALINA_HOME/bin/setenv.sh to
be seen by php-cgi. Without this, the redirect won't work, and you'll get a nice, long, html-formated
error message in $CATALINA_HOME/logs/localhost-[date].log explaining the security issue.

4. Servlet mapping

I've only mapped files ending in .php to the cgi servlet. If you're using includes, Smarty,
or other PHP-related files add them as comma-delimited entries here.

With all of the above set, this allows me to execute both of these simple pages:

<?php phpinfo(); ?>

And something like this:

This is <?php echo "Hello"; ?> from PHP.

I haven't tried anything more complex.

Now pretend I didn't write this and run PHP from Apache HTTPD. I can certainly tell you how
to get that running using NetBeans (off mailing list - or check the NetBeans forums). You're
on your own for Eclipse.

. . . . just my two cents.
/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message