You can’t run CGI scripts on CentOS 8, because suexec doesn’t work with /home.
There are workarounds. You can bind mount /var/www to home, and set the cgi-bin path to /var/www/domain/cgi-bin (instead of /home/domain/cgi-bin).
Or, just don’t use CGI scripts. There are wrappers for most languages to convert CGIs to run under an app server model, which you then proxy to with the web server (because nginx has never supported CGI scripts, it’s very common to need to “port” CGI scripts to run without a CGI interface).
For the foreseeable future, we’ll keep supporting CGI on systems that have suexec-custom packages (Debian/Ubuntu), but it’s not a great way to run applications.
You’re not missing anything. It really isn’t supported anymore on CentOS 8, because we no longer ship a custom Apache build with suexec docroot set to /home (this was a source of ongoing maintenance troubles and also a lot of users didn’t like that the Apache was not provided by CentOS/RHEL, due to trust/auditing/etc. issues, which is a valid concern).
Suggestions were provided above: Bind mount /home over /var/www and update cgi-bin path in the configuration (can do it in Server Templates if you want it to be for every new site) so suexec will be happy, or run the apps with a wrapper in an app server, e.g. Plack::App::WrapCGI and proxy to them with ProxyPass rules.
e.g. to bind mount:
# mount --bind /home /var/www
Note that if you choose this option, you definitely can’t have any websites living in /var/www, because they’ll be hidden by the mount. You shouldn’t, anyway, as it’s confusing to mix and match like that. And, then update your ScriptAlias to point to the right place.
It’s an oversight, I guess, that the cgi-bin directories are still created.
The solution is definitely not using mod_perl. The solution is never mod_perl.
Oh, wait. I just noticed this. Did you add an AddHandler for .sh? Because, by default, that isn’t gonna be executed no matter what. .cgi is the only default executable file extension for cgi-bin, I think.
i feel as if i owe you a big steak dinner for your assistance and your extraordinary patience.
THANK YOU Joe Cooper!
(…seven days until Rocky-Linux is released)
EDIT: kudos to Joe for saying: mount --bind
rather than assuming the world knows what -B stand for. i say if you are going to document a command and you dont use it every hour, use the LONG form. it makes life so much simpler.
Yeah, I tend to encourage long form when checking shell scripts into git, as well, unless it’s a super common flag (e.g. -q, -y, etc.) as it helps people reading the code later understand what’s going on.
I don’t eat steak, as I’ve been vegetarian for 27 years. But, I appreciate the sentiment.