[dancer-users] Apache environment in FCGI app

Matt Mallard mqm at Q-Technologies.com.au
Thu Dec 5 20:45:10 GMT 2013


Hi Keith,

Have you tried 'PerlSetupEnv On' in the apache conf.  I couldn't get 
%ENV using Dancer2 in mod_perl until I set this.

I couldn't get CGI/FCGI to work properly with Dancer2 (they set up their 
own service on port 3000 instead of staying inside the CGI).

Regards,
Matt
On 6/12/2013 5:22 am, Keith Lawson wrote:
> I didn't get any responses here or on IRC so I'm posting the solution I went with to get it archived.
>
>>>>> Keith Lawson 11/29/13 10:22 AM >>>
>> Hello,
>>
>>     I'm working on my first Dancer application and want to deploy it in our standard server environment here.
>>
>>     For authentication/authz we have custom mod_perl auth handlers that set Apache environment variables with user ID, group membership etc. >I'm trying to write an implementation of Dancer::Plugin::Auth::Extensible::Provider that does auth/authz by reading those environment variables however %ENV isn't populated in my Dancer app. Looking at the source of public/dispatch.fcgi I noticed the following:
>>
>> # For some reason Apache SetEnv directives dont propagate
>> # correctly to the dispatchers, so forcing PSGI and env here
>> # is safer.
>>     set apphandler => 'PSGI';
>>     set environment => 'production';
>>
>>     Can anyone tell me if it's possible to get %ENV through to my Dancer app or perhaps a different approach for auth/authz that uses $ENV{REMOTE_USER} and our custom Apache environment variables?
>>
> I never did get FCGI to work so I tried regular CGI, here's my apache config for my app:
>
>     SetEnv DANCER_ENVIRONMENT "development"
>
>     <Directory "/var/dancerdev/filesafe">
>        AllowOverride None
>        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>        Order allow,deny
>        Allow from all
>        AddHandler cgi-script .cgi
>     </Directory>
>
>     ScriptAlias /filesafe /var/dancerdev/filesafe/public/dispatch.cgi
>
> This works but I had to comment out where %ENV keys were explicitly set in dispatch.cgi so that the Apache conf directives for dev/prod environment worked properly:
>
> --- dispatch.cgi.dist    2013-12-05 09:21:35.917592251 -0500
> +++ dispatch.cgi    2013-12-05 09:20:06.912736198 -0500
> @@ -6,8 +6,8 @@
>   # For some reason Apache SetEnv directives dont propagate
>   # correctly to the dispatchers, so forcing PSGI and env here
>   # is safer.
> -set apphandler => 'PSGI';
> -set environment => 'production';
> +# set apphandler => 'PSGI';
> +# set environment => 'production';
>   
>   my $psgi = path($RealBin, '..', 'bin', 'app.pl');
>   die "Unable to read startup script: $psgi" unless -r $psgi;
>
> My first crack at doing Dancer auth/authz was to write a provider for Dancer::Plugin::Auth::Extensible with subs that rely on %ENV like this:
>
> sub authenticate_user
> {
>      my ($self, $username, $password) = @_;
>      return $ENV{REMOTE_USER};
> }
>
> However I couldn't figure out why $ENV{REMOTE_USER} wasn't getting to the plugin so I gave up.
>
> I just ended up protecting portions of my new app with a <Location> stanza using our Apache2::AuthCookie auth handlers:
>
>     <Location /filesafe/priv>
>       order allow,deny
>       allow from all
>       AuthType Site::LDAPCookieHandler2
>       AuthName dancerdev
>       PerlAuthenHandler  Site::LDAPCookieHandler2->authenticate
>       PerlAuthzHandler   Site::LDAPCookieHandler2->authorize
>       require valid-user
>       satisfy all
>     </Location>
>
> Then in my dancer app I protect portions like this:
>
> get '/priv/hello' => sub
> {
>      die unless $ENV{REMOTE_USER};
>      return "Hi there ".$ENV{REMOTE_USER};
> };
>
>
> This won't solve authorization for me but I won't have a need for this in this app.
>
>
>>     Thanks,
>>     Keith.
>>
>>
>>    
>
>   --------------------------------------------------------------------------------
> This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.
> _______________________________________________
> dancer-users mailing list
> dancer-users at dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users



More information about the dancer-users mailing list