Apache 2.4 and Icinga CGI scripts download instead of executing.
Hi all.
I'm hoping someone can help me out as I've been looking for a while and not having much luck solving a problem I've encountered.
I recently upgraded Apache from 2.2 to 2.4 on a Debian system that runs Icinga and Munin.
After doing so I had to do the following:
- Move /etc/apache2/conf.d/* to /etc/apache2/conf-available/*.conf and use a2enconf to enable them.
- Re-enable a number of modules since the upgrade disables them.
- Replace the Order/All|Deny statements with the new Require statements.
I've done this upgrades a few times now on other Debian hosts and managed to get their web sites running okay.
After doing the above the Munin web site works okay and so does the Icinga-Web PHP based site.
But the Icinga Classic UI that uses CGI is not working.
When I go to any page there, my web browser wants to download the cgi script instead of the web server executing it.
As far as I can tell the configuration for Icinga looks okay.
The configuration that I have enabled is:
root@monitor:~# ls -l /etc/apache2/conf-enabled/*
lrwxrwxrwx 1 root root 30 Sep 9 08:53 /etc/apache2/conf-enabled/charset.conf -> ../conf-available/charset.conf
lrwxrwxrwx 1 root root 29 Sep 9 08:59 /etc/apache2/conf-enabled/icinga.conf -> ../conf-available/icinga.conf
lrwxrwxrwx 1 root root 33 Sep 9 08:59 /etc/apache2/conf-enabled/icinga-web.conf -> ../conf-available/icinga-web.conf
lrwxrwxrwx 1 root root 40 Sep 9 08:59 /etc/apache2/conf-enabled/javascript-common.conf -> ../conf-available/javascript-common.conf
lrwxrwxrwx 1 root root 44 Sep 9 08:53 /etc/apache2/conf-enabled/localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
lrwxrwxrwx 1 root root 28 Sep 9 08:59 /etc/apache2/conf-enabled/munin.conf -> ../conf-available/munin.conf
lrwxrwxrwx 1 root root 46 Sep 9 08:53 /etc/apache2/conf-enabled/other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
lrwxrwxrwx 1 root root 31 Sep 9 08:53 /etc/apache2/conf-enabled/security.conf -> ../conf-available/security.conf
lrwxrwxrwx 1 root root 36 Sep 9 08:53 /etc/apache2/conf-enabled/serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
The modules that I have enabled are:
root@monitor:~# ls -l /etc/apache2/mods-enabled/*
lrwxrwxrwx 1 root root 36 Sep 9 08:53 /etc/apache2/mods-enabled/access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx 1 root root 28 Sep 9 09:06 /etc/apache2/mods-enabled/alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 Sep 9 09:06 /etc/apache2/mods-enabled/alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 Sep 9 09:15 /etc/apache2/mods-enabled/auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 Sep 9 08:53 /etc/apache2/mods-enabled/authn_core.load -> ../mods-available/authn_core.load
lrwxrwxrwx 1 root root 33 Sep 9 09:08 /etc/apache2/mods-enabled/authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root 33 Sep 9 08:53 /etc/apache2/mods-enabled/authz_core.load -> ../mods-available/authz_core.load
lrwxrwxrwx 1 root root 33 Sep 9 09:50 /etc/apache2/mods-enabled/authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root 33 Sep 9 09:08 /etc/apache2/mods-enabled/authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root 26 Sep 9 09:36 /etc/apache2/mods-enabled/cgi.load -> ../mods-available/cgi.load
lrwxrwxrwx 1 root root 26 Sep 9 09:06 /etc/apache2/mods-enabled/dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 Sep 9 09:06 /etc/apache2/mods-enabled/dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root 30 Sep 9 08:54 /etc/apache2/mods-enabled/fastcgi.conf -> ../mods-available/fastcgi.conf
lrwxrwxrwx 1 root root 30 Sep 9 08:54 /etc/apache2/mods-enabled/fastcgi.load -> ../mods-available/fastcgi.load
lrwxrwxrwx 1 root root 29 Sep 9 08:53 /etc/apache2/mods-enabled/filter.load -> ../mods-available/filter.load
lrwxrwxrwx 1 root root 27 Sep 9 09:06 /etc/apache2/mods-enabled/mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx 1 root root 27 Sep 9 09:06 /etc/apache2/mods-enabled/mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root 34 Sep 9 08:53 /etc/apache2/mods-enabled/mpm_prefork.conf -> ../mods-available/mpm_prefork.conf
lrwxrwxrwx 1 root root 34 Sep 9 08:53 /etc/apache2/mods-enabled/mpm_prefork.load -> ../mods-available/mpm_prefork.load
lrwxrwxrwx 1 root root 27 Sep 9 08:54 /etc/apache2/mods-enabled/php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root 27 Sep 9 08:54 /etc/apache2/mods-enabled/php5.load -> ../mods-available/php5.load
lrwxrwxrwx 1 root root 30 Sep 9 09:06 /etc/apache2/mods-enabled/rewrite.load -> ../mods-available/rewrite.load
The contents of the Icinga configuration file for Apache is:
root@monitor:~# cat /etc/apache2/conf-enabled/icinga.conf
# apache configuration for icinga
ScriptAlias /cgi-bin/icinga /usr/lib/cgi-bin/icinga
# Where the stylesheets (config files) reside
Alias /icinga/stylesheets /etc/icinga/stylesheets
# Where the HTML pages live
Alias /icinga /usr/share/icinga/htdocs
<DirectoryMatch "^(?:/usr/share/icinga/htdocs|/usr/lib/cgi-bin/icinga|/etc/icinga/stylesheets)/">
Options FollowSymLinks
DirectoryIndex index.html
AllowOverride AuthConfig
Require all granted
# Order Allow,Deny
# Allow From All
AuthName "Icinga Access"
AuthType Basic
AuthUserFile /etc/icinga/htpasswd.users
Require valid-user
</DirectoryMatch>
You can see where I've commented out the "Order Allow,Deny" & "Allow From All" lines and replaced them with the "Require all granted" line above.
As far as I can tell the "ScriptAlias" line that is in this file should be all that is needed for CGI to work (along with the cgi module that is enabled).
I have also tried adding "ExecCGI" to the "Options" value in the file above but it made no difference.
I made sure that I have restarted apache2 after any change I made.
The configuration syntax checks out:
root@monitor:~# apache2ctl configtest
Syntax OK
The Apache logs shows no errors when I start Apache, nor when I access the Icinga web page.
The log line that shows the CGI file being fetched is:
monitor.ddihealth.com:80 10.128.1.1 - - [09/Sep/2013:14:42:58 +0800] "GET /cgi-bin/icinga/tac.cgi?tac_header&scroll=0 HTTP/1.1" 200 9792 "http://monitor.ddihealth.com/cgi-bin/icinga/tac.cgi?tac_header&scroll=0"; "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
The Apache and Icinga packages that are installed are as follows:
root@monitor:~# dpkg --list | egrep 'apache|icinga'
ii apache2 2.4.6-3 amd64 Apache HTTP Server
ii apache2-bin 2.4.6-3 amd64 Apache HTTP Server (binary files and modules)
ii apache2-data 2.4.6-3 all Apache HTTP Server (common files)
ii apache2-utils 2.4.6-3 amd64 Apache HTTP Server (utility programs for web servers)
ii icinga 1.9.3-2+b1 amd64 host and network monitoring system - metapackage
ii icinga-cgi 1.9.3-2+b1 amd64 host and network monitoring system - CGI scripts
ii icinga-common 1.9.3-2 all host and network monitoring system - support files
ii icinga-core 1.9.3-2+b1 amd64 host and network monitoring system - core files
ii icinga-doc 1.9.3-2 all host and network monitoring system - documentation
ii icinga-idoutils 1.9.3-2+b1 amd64 host and network monitoring system - icinga-dataobjects sup
ii icinga-web 1.9.0+dfsg1-3 all host and network monitoring system - modern web interface
ii libapache2-mod-fastcgi 2.4.7~0910052141-1 amd64 Apache 2 FastCGI module for long-running CGI scripts
ii libapache2-mod-php5 5.5.3+dfsg-1 amd64 server-side, HTML-embedded scripting language (Apache 2 mod
I've been googling for a while and all the suggestions I've seen for similar problems are already satisfied by my configuration as far as I can see.
I also checked bugs.debian.org and didn't see anything that matched CGI problems on Apache, nor any Icinga / Apache 2.4 bugs logs.
Does anyone know why this isn't working?
Any help is apprecriated.
Regards,
--
Jim Barber
Reply to: