| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <html> |
| <head> |
| <title>Apache Tutorial: Dynamic Content with CGI</title> |
| <link rev="made" href="mailto:rbowen@rcbowen.com"> |
| </head> |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" |
| alink="#FF0000"> |
| <!--#include virtual="header.html" --> |
| <h1 align="CENTER">Dynamic Content with CGI</h1> |
| |
| <a name="__index__"></a> <!-- INDEX BEGIN --> |
| |
| |
| <ul> |
| <li><a href="#dynamiccontentwithcgi">Dynamic Content with |
| CGI</a></li> |
| |
| <li><a href="#configuringapachetopermitcgi">Configuring Apache to |
| permit CGI</a> |
| |
| <ul> |
| <li><a href="#scriptalias">ScriptAlias</a></li> |
| |
| <li><a href="#cgioutsideofscriptaliasdirectories">CGI outside of |
| ScriptAlias directories</a> |
| |
| <ul> |
| <li><a href="#explicitlyusingoptionstopermitcgiexecution">Explicitly using |
| Options to permit CGI execution</a></li> |
| |
| <li><a href="#htaccessfiles">.htaccess files</a></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| |
| <li><a href="#writingacgiprogram">Writing a CGI program</a> |
| |
| <ul> |
| <li><a href="#yourfirstcgiprogram">Your first CGI program</a></li> |
| </ul> |
| </li> |
| |
| <li><a href="#butitsstillnotworking">But it's still not |
| working!</a> |
| |
| <ul> |
| <li><a href="#filepermissions">File permissions</a></li> |
| |
| <li><a href="#pathinformation">Path information</a></li> |
| |
| <li><a href="#syntaxerrors">Syntax errors</a></li> |
| |
| <li><a href="#errorlogs">Error logs</a></li> |
| </ul> |
| </li> |
| |
| <li><a href="#whatsgoingonbehindthescenes">What's going on behind |
| the scenes?</a> |
| |
| <ul> |
| <li><a href="#environmentvariables">Environment variables</a></li> |
| |
| <li><a href="#stdinandstdout">STDIN and STDOUT</a></li> |
| </ul> |
| </li> |
| |
| <li><a href="#cgimoduleslibraries">CGI modules/libraries</a></li> |
| |
| <li><a href="#formoreinformation">For more information</a></li> |
| </ul> |
| |
| <!-- INDEX END --> |
| <hr> |
| <h2><a name="dynamiccontentwithcgi">Dynamic Content with |
| CGI</a></h2> |
| |
| <table border="1"> |
| <tr><td valign="top"> |
| <strong>Related Modules</strong><br><br> |
| |
| <a href="../mod/mod_alias.html">mod_alias</a><br> |
| <a href="../mod/mod_cgi.html">mod_cgi</a><br> |
| |
| </td><td valign="top"> |
| <strong>Related Directives</strong><br><br> |
| |
| <a href="../mod/mod_mime.html#addhandler">AddHandler</a><br> |
| <A HREF="../mod/core.html#options">Options</a><br> |
| <a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a><br> |
| |
| </td></tr></table> |
| |
| <p>The CGI (Common Gateway Interface) defines a way for a web server |
| to interact with external content-generating programs, which are often |
| referred to as CGI programs or CGI scripts. It is the simplest, and |
| most common, way to put dynamic content on your web site. This |
| document will be an introduction to setting up CGI on your Apache web |
| server, and getting started writing CGI programs.</p> |
| |
| <hr> |
| <h2><a name="configuringapachetopermitcgi">Configuring Apache to |
| permit CGI</a></h2> |
| |
| <p>In order to get your CGI programs to work properly, you'll need to |
| have Apache configured to permit CGI execution. There are several ways |
| to do this.</p> |
| |
| <h3><a name="scriptalias">ScriptAlias</a></h3> |
| |
| <p>The <code>ScriptAlias</code> directive tells Apache that a |
| particular directory is set aside for CGI programs. Apache will assume |
| that every file in this directory is a CGI program, and will attempt to |
| execute it, when that particular resource is requested by a client.</p> |
| |
| <p>The <code>ScriptAlias</code> directive looks like:</p> |
| |
| <pre> |
| ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/ |
| </pre> |
| |
| <p>The example shown is from your default <code>httpd.conf</code> |
| configuration file, if you installed Apache in the default location. |
| The <code>ScriptAlias</code> directive is much like the |
| <code>Alias</code> directive, which defines a URL prefix that is to |
| mapped to a particular directory. <code>Alias</code> and |
| <code>ScriptAlias</code> are usually used for directories that are |
| outside of the <code>DocumentRoot</code> directory. The difference |
| between <code>Alias</code> and <code>ScriptAlias</code> is that |
| <code>ScriptAlias</code> has the added meaning that everything under |
| that URL prefix will be considered a CGI program. So, the example above |
| tells Apache that any request for a resource beginning with |
| <code>/cgi-bin/</code> should be served from the directory |
| <code>/usr/local/apache/cgi-bin/</code>, and should be treated as a CGI |
| program.</p> |
| |
| <p>For example, if the URL |
| <code>http://dev.rcbowen.com/cgi-bin/test.pl</code> is requested, |
| Apache will attempt to execute the file |
| <code>/usr/local/apache/cgi-bin/test.pl</code> and return the output. |
| Of course, the file will have to exist, and be executable, and return |
| output in a particular way, or Apache will return an error message.</p> |
| |
| <h3><a name="cgioutsideofscriptaliasdirectories">CGI outside of |
| ScriptAlias directories</a></h3> |
| |
| <p>CGI programs are often restricted to <code>ScriptAlias</code>'ed |
| directories for security reasons. In this way, administrators can |
| tightly control who is allowed to use CGI programs. However, if the |
| proper security precautions are taken, there is no reason why |
| CGI programs cannot be run from arbitrary directories. For example, |
| you may wish to let users have web content in their home directories |
| with the <code>UserDir</code> directive. If they want to have their |
| own CGI programs, but don't have access to the main |
| <code>cgi-bin</code> directory, they will need to be able to run CGI |
| programs elsewhere.</p> |
| |
| <h3><a name="explicitlyusingoptionstopermitcgiexecution">Explicitly using |
| Options to permit CGI execution</a></h3> |
| |
| <p>You could explicitly use the <code>Options</code> directive, inside |
| your main server configuration file, to specify that CGI execution was |
| permitted in a particular directory:</p> |
| |
| <pre> |
| <Directory /usr/local/apache/htdocs/somedir> |
| Options +ExecCGI |
| </Directory> |
| </pre> |
| |
| <p>The above directive tells Apache to permit the execution of CGI |
| files. You will also need to tell the server what files are CGI files. |
| The following <code>AddHandler</code> directive tells the server |
| to treat all files with the <code>cgi</code> or <code>pl</code> |
| extension as CGI programs:</p> |
| |
| <pre> |
| AddHandler cgi-script cgi pl |
| </pre> |
| |
| <h3><a name="htaccessfiles">.htaccess files</a></h3> |
| |
| <p>A <code>.htaccess</code> file is a way to set configuration |
| directives on a per-directory basis. When Apache serves a resource, it |
| looks in the directory from which it is serving a file for a file |
| called <code>.htaccess</code>, and, if it finds it, it will apply |
| directives found therein. <code>.htaccess</code> files can be permitted |
| with the <code>AllowOverride</code> directive, which specifies what |
| types of directives can appear in these files, or if they are not |
| allowed at all. To permit the directive we will need for this purpose, |
| the following configuration will be needed in your main server |
| configuration:</p> |
| |
| <pre> |
| AllowOverride Options |
| </pre> |
| |
| <p>In the <code>.htaccess</code> file, you'll need the following |
| directive:</p> |
| |
| <pre> |
| Options +ExecCGI |
| </pre> |
| |
| <p>which tells Apache that execution of CGI programs is permitted in |
| this directory.</p> |
| |
| <hr> |
| <h2><a name="writingacgiprogram">Writing a CGI program</a></h2> |
| |
| <p>There are two main differences between ``regular'' programming, and |
| CGI programming.</p> |
| |
| <p>First, all output from your CGI program must be preceded by a |
| MIME-type header. This is HTTP header that tells the client what sort |
| of content it is receiving. Most of the time, this will look like:</p> |
| |
| <pre> |
| Content-type: text/html |
| </pre> |
| |
| <p>Secondly, your output needs to be in HTML, or some other format that |
| a browser will be able to display. Most of the time, this will be HTML, |
| but occasionally you might write a CGI program that outputs a gif |
| image, or other non-HTML content.</p> |
| |
| <p>Apart from those two things, writing a CGI program will look a lot |
| like any other program that you might write.</p> |
| |
| <h3><a name="yourfirstcgiprogram">Your first CGI program</a></h3> |
| |
| <p>The following is an example CGI program that prints one line to your |
| browser. Type in the following, save it to a file called |
| <code>first.pl</code>, and put it in your <code>cgi-bin</code> |
| directory.</p> |
| |
| <pre> |
| #!/usr/bin/perl |
| print "Content-type: text/html\r\n\r\n"; |
| print "Hello, World."; |
| </pre> |
| |
| <p>Even if you are not familiar with Perl, you should be able to see |
| what is happening here. The first line tells Apache (or whatever shell |
| you happen to be running under) that this program can be executed by |
| feeding the file to the interpreter found at the location |
| <code>/usr/bin/perl</code>. The second line prints the content-type |
| declaration we talked about, followed by two carriage-return newline |
| pairs. This puts a blank line after the header, to indicate the end of |
| the HTTP headers, and the beginning of the body. The third line prints |
| the string ``Hello, World.'' And that's the end of it.</p> |
| |
| <p>If you open your favorite browser and tell it to get the address</p> |
| |
| <pre> |
| http://www.example.com/cgi-bin/first.pl |
| </pre> |
| |
| <p>or wherever you put your file, you will see the one line |
| <code>Hello, World.</code> appear in your browser window. It's not very |
| exciting, but once you get that working, you'll have a good chance of |
| getting just about anything working.</p> |
| |
| <hr> |
| <h2><a name="butitsstillnotworking">But it's still not |
| working!</a></h2> |
| |
| <p>There are four basic things that you may see in your browser when |
| you try to access your CGI program from the web:</p> |
| |
| <dl> |
| <dt>The output of your CGI program</dt> |
| <dd>Great! That means everything worked fine.<br><br></dd> |
| |
| <dt>The source code of your CGI program or a "POST Method Not Allowed" |
| message</dt> |
| <dd>That means that you have not properly configured |
| Apache to process your CGI program. Reread the section on <a |
| href="#configuringapachetopermitcgi">configuring Apache</a> and try to |
| find what you missed.<br><br></dd> |
| |
| <dt>A message starting with "Forbidden"</dt> <dd>That means that there |
| is a permissions problem. Check the <a href="#errorlogs">Apache |
| error log</a> and the section below on <a |
| href="#filepermissions">file permissions</a>.<br><br></dd> |
| |
| <dt>A message saying "Internal Server Error"</dt> <dd>If you check the |
| <a href="#errorlogs">Apache error log</a>, you will probably find |
| that it says "Premature end of script headers", possibly along with an |
| error message generated by your CGI program. In this case, you will |
| want to check each of the below sections to see what might be preventing |
| your CGI program from emitting the proper HTTP headers.</dd> |
| </dl> |
| |
| |
| <h3><a name="filepermissions">File permissions</a></h3> |
| |
| <p>Remember that the server does not run as you. That is, when the |
| server starts up, it is running with the permissions of an unprivileged |
| user - usually ``nobody'', or ``www'' - and so it will need extra |
| permissions to execute files that are owned by you. Usually, the way to |
| give a file sufficient permissions to be executed by ``nobody'' is to |
| give everyone execute permission on the file:</p> |
| |
| <pre> |
| chmod a+x first.pl |
| </pre> |
| |
| <p>Also, if your program reads from, or writes to, any other files, |
| those files will need to have the correct permissions to permit |
| this.</p> |
| |
| <p>The exception to this is when the server is configured to use <a |
| href="../suexec.html">suexec</a>. This program allows CGI programs to |
| be run under different user permissions, depending on which virtual |
| host or user home directory they are located in. Suexec has very |
| strict permission checking, and any failure in that checking will |
| result in your CGI programs failing with an "Internal Server Error". |
| In this case, you will need to check the suexec log file to see what |
| specific security check is failing.</p> |
| |
| <h3><a name="pathinformation">Path information</a></h3> |
| |
| <p>When you run a program from your command line, you have certain |
| information that is passed to the shell without you thinking about it. |
| For example, you have a path, which tells the shell where it can look |
| for files that you reference.</p> |
| |
| <p>When a program runs through the web server as a CGI program, it does |
| not have that path. Any programs that you invoke in your CGI program |
| (like 'sendmail', for example) will need to be specified by a full |
| path, so that the shell can find them when it attempts to execute your |
| CGI program.</p> |
| |
| <p>A common manifestation of this is the path to the script interpreter |
| (often <code>perl</code>) indicated in the first line of your CGI |
| program, which will look something like:</p> |
| |
| <pre> |
| #!/usr/bin/perl |
| </pre> |
| |
| <p>Make sure that this is in fact the path to the interpreter.</p> |
| |
| <h3><a name="syntaxerrors">Syntax errors</a></h3> |
| |
| <p>Most of the time when a CGI program fails, it's because of a problem |
| with the program itself. This is particularly true once you get the |
| hang of this CGI stuff, and no longer make the above two mistakes. |
| Always attempt to run your program from the command line before you |
| test if via a browser. This will eliminate most of your problems.</p> |
| |
| <h3><a name="errorlogs">Error logs</a></h3> |
| |
| <p>The error logs are your friend. Anything that goes wrong generates |
| message in the error log. You should always look there first. If the |
| place where you are hosting your web site does not permit you access to |
| the error log, you should probably host your site somewhere else. Learn |
| to read the error logs, and you'll find that almost all of your |
| problems are quickly identified, and quickly solved.</p> |
| |
| <hr> |
| <h2><a name="whatsgoingonbehindthescenes">What's going on behind |
| the scenes?</a></h2> |
| |
| <p>As you become more advanced in CGI programming, it will become |
| useful to understand more about what's happening behind the scenes. |
| Specifically, how the browser and server communicate with one another. |
| Because although it's all very well to write a program that prints |
| ``Hello, World.'', it's not particularly useful.</p> |
| |
| <h3><a name="environmentvariables">Environment variables</a></h3> |
| |
| <p>Environment variables are values that float around you as you use |
| your computer. They are useful things like your path (where the |
| computer searches for a the actual file implementing a command when you |
| type it), your username, your terminal type, and so on. For a full list |
| of your normal, every day environment variables, type <code>env</code> |
| at a command prompt.</p> |
| |
| <p>During the CGI transaction, the server and the browser also set |
| environment variables, so that they can communicate with one another. |
| These are things like the browser type (Netscape, IE, Lynx), the server |
| type (Apache, IIS, WebSite), the name of the CGI program that is being |
| run, and so on.</p> |
| |
| <p>These variables are available to the CGI programmer, and are half of |
| the story of the client-server communication. The complete list of |
| required variables is at <a href= |
| "http://hoohoo.ncsa.uiuc.edu/cgi/env.html">http://hoohoo.ncsa.uiuc.edu/cgi/env.html</a></p> |
| |
| <p>This simple Perl CGI program will display all of the environment |
| variables that are being passed around. Two similar programs are |
| included in the <code>cgi-bin</code> directory of the Apache |
| distribution. Note that some variables are required, while others are |
| optional, so you may see some variables listed that were not in the |
| official list. In addition, Apache provides many different ways for |
| you to <a href="../env.html">add your own environment variables</a> to |
| the basic ones provided by default.</p> |
| |
| <pre> |
| #!/usr/bin/perl |
| print "Content-type: text/html\n\n"; |
| foreach $key (keys %ENV) { |
| print "$key --> $ENV{$key}<br>"; |
| } |
| </pre> |
| |
| <h3><a name="stdinandstdout">STDIN and STDOUT</a></h3> |
| |
| <p>Other communication between the server and the client happens over |
| standard input (<code>STDIN</code>) and standard output |
| (<code>STDOUT</code>). In normal everyday context, <code>STDIN</code> |
| means the keyboard, or a file that a program is given to act on, and |
| <code>STDOUT</code> usually means the console or screen.</p> |
| |
| <p>When you <code>POST</code> a web form to a CGI program, the data in |
| that form is bundled up into a special format and gets delivered to |
| your CGI program over <code>STDIN</code>. The program then can process |
| that data as though it was coming in from the keyboard, or from a |
| file</p> |
| |
| <p>The ``special format'' is very simple. A field name and its value |
| are joined together with an equals (=) sign, and pairs of values are |
| joined together with an ampersand (&). Inconvenient characters like |
| spaces, ampersands, and equals signs, are converted into their hex |
| equivalent so that they don't gum up the works. The whole data string |
| might look something like:</p> |
| |
| <pre> |
| name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey |
| </pre> |
| |
| <p>You'll sometimes also see this type of string appended to the a URL. |
| When that is done, the server puts that string into the environment |
| variable called <code>QUERY_STRING</code>. That's called a |
| <code>GET</code> request. Your HTML form specifies whether a |
| <code>GET</code> or a <code>POST</code> is used to deliver the data, by |
| setting the <code>METHOD</code> attribute in the <code>FORM</code> |
| tag.</p> |
| |
| <p>Your program is then responsible for splitting that string up into |
| useful information. Fortunately, there are libraries and modules |
| available to help you process this data, as well as handle other of the |
| aspects of your CGI program.</p> |
| |
| <hr> |
| <h2><a name="cgimoduleslibraries">CGI modules/libraries</a></h2> |
| |
| <p>When you write CGI programs, you should consider using a code |
| library, or module, to do most of the grunt work for you. This leads to |
| fewer errors, and faster development.</p> |
| |
| <p>If you're writing CGI programs in Perl, modules are available on <a |
| href="http://www.cpan.org/">CPAN</a>. The most popular module for this |
| purpose is CGI.pm. You might also consider CGI::Lite, which implements |
| a minimal set of functionality, which is all you need in most |
| programs.</p> |
| |
| <p>If you're writing CGI programs in C, there are a variety of options. |
| One of these is the CGIC library, from <a href= |
| "http://www.boutell.com/cgic/">http://www.boutell.com/cgic/</a></p> |
| |
| <hr> |
| <h2><a name="formoreinformation">For more information</a></h2> |
| |
| <p>There are a large number of CGI resources on the web. You can |
| discuss CGI problems with other users on the Usenet group |
| comp.infosystems.www.authoring.cgi. And the -servers mailing list from |
| the HTML Writers Guild is a great source of answers to your questions. |
| You can find out more at <a href= |
| "http://www.hwg.org/lists/hwg-servers/">http://www.hwg.org/lists/hwg-servers/</a></p> |
| |
| <p>And, of course, you should probably read the CGI specification, |
| which has all the details on the operation of CGI programs. You can |
| find the original version at the <a href= |
| "http://hoohoo.ncsa.uiuc.edu/cgi/interface.html">NCSA</a> and there is |
| an updated draft at the <a |
| href="http://web.golux.com/coar/cgi/">Common Gateway Interface RFC |
| project</a>.</p> |
| |
| <p>When you post a question about a CGI problem that you're having, |
| whether to a mailing list, or to a newsgroup, make sure you provide |
| enough information about what happened, what you expected to happen, |
| and how what actually happened was different, what server you're |
| running, what language your CGI program was in, and, if possible, the |
| offending code. This will make finding your problem much simpler.</p> |
| |
| <p>Note that questions about CGI problems should <strong>never</strong> |
| be posted to the Apache bug database unless you are sure you have found |
| a problem in the Apache source code.</p> |
| |
| <!--#include virtual="footer.html" --> |
| |
| </body> |
| </html> |
| |