apache: only generate suphp directives when it will be used

[hcoop/domtool2.git] / src / plugins / apache.sml

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index b959219..c97b9a3 100644 (file)
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -533,10 +533,14 @@ fun vhostBody (env, makeFullHost) =
                                           TextIO.output (file, user);
                                           TextIO.output (file, " ");
                                           TextIO.output (file, group);
-                                          TextIO.output (file, "\n\tsuPHP_UserGroup ");
-                                          TextIO.output (file, user);
-                                          TextIO.output (file, " ");
-                                          TextIO.output (file, group))
+                                          (* suPHP is no longer used for fastcgi php and php 7.x *)
+                                          (if php < 6 then
+                                              (TextIO.output (file, "\n\tsuPHP_UserGroup ");
+                                               TextIO.output (file, user);
+                                               TextIO.output (file, " ");
+                                               TextIO.output (file, group))
+                                           else
+                                               ()))
                                  else
                                      ();
 
@@ -790,23 +794,37 @@ val () = Env.action_two "scriptAlias"
 val () = Env.action_two "fastScriptAlias"
         ("from", Env.string, "to", Env.string)
         (fn (from, to) =>
-            (write "\tAlias\t";
-             write from;
-             write " ";
-             write to;
-             write "\n";
+            let
+                (* mod_fcgid + kerberos limit this to working with
+                individual fcgi programs. assume the target path is a
+                file and any trailing `/' is just aliasing
+                syntax. Directory+File on the script is used to
+                activate fcgid instead of Location on the alias to
+                limit effects (alias+location also match in inverse
+                order causing pernicious side-effects *)
+                val fcgi_path = if String.sub (to, size to - 1) = #"/"
+                                then
+                                    String.substring (to, 0, size to - 1)
+                                else
+                                    to
+                val fcgi_dir = OS.Path.dir fcgi_path
+                val fcgi_file = OS.Path.file fcgi_path
+            in
+                write "\tAlias\t"; write from; write " "; write to;  write "\n";
 
-             write "\t<Location ";
-             write from;
-             write ">\n";
-             write "\t\tSetHandler fcgid-script\n";
-             (* FIXME: only set kerberos wrapper of waklog is on *)
-             write "\t\tFcgidWrapper \"";
-             write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
-             write " ";
-             write to;
-             write "\"\n";
-             write "\t</Location>\n"))
+                write "\t<Directory "; write fcgi_dir;  write ">\n";
+                write "\t<Files "; write fcgi_file;  write ">\n";
+                write "\tSetHandler fcgid-script\n";
+
+                (* FIXME: only set kerberos wrapper of waklog is on *)
+                write "\tFcgidWrapper \"";
+                write (Config.Apache.fastCgiWrapperOf (Domain.getUser ()));
+                write " ";
+                write fcgi_path;
+                write "\"\n";
+
+                write "\t</Files>\n\t</Directory>\n"
+            end)
 
 val () = Env.action_two "errorDocument"
         ("code", Env.string, "handler", Env.string)