Testing issues about nginxexecute HOT 18 CLOSED

You can not use HTTPS first try with http @dvershinin

from nginxexecute.

Default relative path /usr/bin below if you want to use the command other than /usr/bin/ need to use the absolute path, you can first use whereis [commmand] e.g. whereis ifconfig query path @dvershinin

from nginxexecute.

@limithit I understand, but please check here:

https://test.getpagespeed.com/?system.run[/usr/sbin/ifconfig]

gives:

sh: $'\340qq\371\367U': command not found

Even though whereis ifconfig gives /usr/sbin/ifconfig

from nginxexecute.

Did you want to just clear up the tickets? :) The plugin should work over HTTPs of course (most of the websites run with HTTPS) and that needs a fix.

from nginxexecute.

I did a test on the local HTTPS did not appear to your problem, debian7 & centos7 are normal, "nginx -V" parameter output to me @dvershinin

from nginxexecute.

@limithit here it is:

nginx version: nginx/1.12.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.2k  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-openssl=openssl-1.0.2k --with-openssl-opt=-fPIC --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Dynamic modules that I have loaded:

load_module modules/ngx_pagespeed.so;
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
load_module modules/ngx_http_fancyindex_module.so;
load_module modules/ngx_http_execute_module.so;

from nginxexecute.

root@debian:~#

/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.11.13
built by gcc 4.7.2 (Debian 4.7.2-5)
built with OpenSSL 1.0.1t 3 May 2016
TLS SNI support enabled
configure arguments: --add-dynamic-module=../NginxExecute --with-pcre=../pcre-8.39 --with-openssl=../openssl-1.0.1t --with-http_ssl_module
root@debian:~# lynx https://trade.imtry.com/?system.run[ifconfig]
eth0 Link encap:Ethernet HWaddr 74:d4:35:4d:bf:58 inet
addr:192.168.18.22 Bcast:192.168.18.255 Mask:255.255.255.0 inet6 addr:
fe80::76d4:35ff:fe4d:bf58/64 Scope:Link UP BROADCAST RUNNING MULTICAST
MTU:1500 Metric:1 RX packets:246723 errors:0 dropped:0 overruns:0
frame:0 TX packets:55648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 RX bytes:79535875 (75.8 MiB) TX
bytes:10876246 (10.3 MiB) Interrupt:40 Base address:0x8000 lo Link
encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr:
::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX
packets:137 errors:0 dropped:0 overruns:0 frame:0 TX packets:137
errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX
bytes:45390 (44.3 KiB) TX bytes:45390 (44.3 KiB) vmnet1 Link
encap:Ethernet HWaddr 00:50:56:c0:00:01 inet addr:172.16.194.1
Bcast:172.16.194.255 Mask:255.255.255.0 inet6 addr:
fe80::250:56ff:fec0:1/64 Scope:Link UP BROADCAST RUNNING MULTICAST
MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX
packets:95 errors:0 dropped:0 overruns:0 carrier:0 collisions:0
txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vmnet8 Link
encap:Ethernet HWaddr 00:50:56:c0:00:08 inet addr:192.168.93.1
Bcast:192.168.93.255 Mask:255.255.255.0 inet6 addr:
fe80::250:56ff:fec0:8/64 Scope:Link UP BROADCAST RUNNING MULTICAST
MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX
packets:91 errors:0 dropped:0 overruns:0 carrier:0 collisions:0
txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Press to finish:

You refer to my compiler, the first no additional modules, you can see above is my HTTPS output normal

from nginxexecute.

Could it be related to the fact that you use --with-pcre=../pcre-8.39?

I have setup the module on another server. Standard CentOS 7 and stable Nginx RPM 1.12.0.
No other modules but load_module modules/ngx_http_execute_module.so; (dynamic module built from 1.6 release)

1. http://45.33.111.217/?system.run[/usr/sbin/ifconfig] works.
2. http://45.33.111.217/?system.run[ls%20/] works
3. http://45.33.111.217 doesn't work. (Fails with 2017/04/19 17:59:29 [alert] 4792#4792: worker process 4819 exited on signal 11 in error.log)

So it looks like:

1. there's incompatibility with 3rd party modules.
2. the standard HTML breaks.

I suggest to get rid of brackets /?system.run[...] syntax and assume that all requests to location where command on; is set to be commands.

Example:

location /commands {
    command on;
}

http://1.2.3.4/commands/ifconfig

from nginxexecute.

example http://1.2.3.4/commands/?system.run[ifconfig]
location /123456 {
command on;
}
example http://1.2.3.4/123456/?system.run[ifconfig]

If you do not need regular words can not use PCRE, Do not rely on this

from nginxexecute.

My time zone is not the same as you, so you ask questions, I can not reply to you in time, you can give me a test machine SSH login right? I help you debug, you are ready to CA certificate and domain name I use hosts binding, any domain name will do

from nginxexecute.

I'm only saying that it would be much better to change plugin syntax from:

http://45.33.111.217/commands/?system.run[w]

to:

http://45.33.111.217/commands/w

Understand? :)

Let me know your public SSH key here and I will add it to 45.33.111.217.
You will be able to login with ssh [email protected]

from nginxexecute.

@limithit I've added your keys now from https://github.com/limithit.keys
You can login to ssh [email protected]

So the current most obvious issue is that

http://45.33.111.217/?system.run[w] works but http://45.33.111.217 does not work.

from nginxexecute.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmny8gsq3CvNeewh7OTqfDpCcAKDBxeULxMLgQFtFhWR9LApzH4B1MRATQJMSammNxxOSM0oLi1AOFJmITK3BNoNOeayqnFSraTmkg6Yd1+ykRXbnunO6gdFh7EJyk67vun8fjEIHOC40w8DO9Efu3T7kD3dHPs+5uBBfgsOIU7wDNEMzRN1EhdstvxYbwOcLsw7KboDiJTozq12Ln7mRswR7J2yMmWXo+8Xp/3Zu0MFE2UAHW6qS7BY2dDUNZFyLoI7uspUJCnQsGgvfO/b2vVoCOfu+fwDDQLe6Tyv/GMmAzoq1ViayR/9zWsdDqcYF9fdU7SXwcBtTI+9eVqTjN [email protected]

from nginxexecute.

Syntax can not be changed, because if it is a complex command, can not get the value, such as "netstat -tupln|grep ssh"

from nginxexecute.

Why not? The command should be url-encoded.

So to run netstat -tupln|grep ssh the URL will be http://1.2.3.4/commands/netstat%20-tupln%7Cgrep%20ssh

Done adding your SSH key.

from nginxexecute.

Where is your CA certificate？

from nginxexecute.

Not needed. The site is HTTP only. The main issue now is that with command on; the whole http://45.33.111.217 doesn't work.

from nginxexecute.

This module only supports system.run[] syntax, I can't help you change http://45.33.111.217
Please use http://45.33.111.217/? system.run[w] ,I thought you wanted to use HTTPS, since you don't need, I'll stop here

from nginxexecute.