27 comments

[ 1.7 ms ] story [ 70.3 ms ] thread
Another curl | bash installer that is not even tied to a commit :(
Updating the blogpost each time they commit would be inconvenient no?
Good point, I'll also try to move it into a git tag like the comment down here also suggests!
Thanks! I'm really not a fan of the trope of piping stuff directly into running it as root for obvious reasons.

Have you seen zerotier (the software)'s idea too? They ask you to import a GPG key and verify it before chaining it into a |sh or |bash.

"When I searched the first time, most of the answers that I found revolved around using things like “FastCGI with PHP” . I wasn’t gonna use PHP to call a bash script, that would be overdoing it probably."

FYI. You don't have to use PHP to make use of FastCGI. You can simply use something like fcgiwrap (apt-installable on debian) and use it in Nginx.

I want to scream out: Why the f would you want to do that?
And we've come back round full circle from CGI scripts, although separating out headers and body on different fds sounds neat
Yeah, this seems nice for small scripts and all, but I wonder how long until scope creep makes them end up writing or replacing this with an API gateway?
(comment deleted)
Many things we’ve dispensed with long ago seem to be forgotten and the younger coders are learning for themselves the hard way. Aka the same way we did.
Except with a lot of learned lessons applied.
One of the things I'm wondering however: How popular is CGI if I don't find it with the query "run script on nginx location directive".
Nginx probably somewhat-deliberately has FastCGI but not regular CGI for a number of reasons.

CGI has process-per-request overhead.

CGI typically runs processes as the user the webserver is running as; said processes can generally read and write to the unsandboxed address space of the calling process (such as x.509 private certs).

Just about any app can be (D)DOS'd. That requires less resources with the process-per-request overhead of CGI.

In order to prevent resource exhaustion due to e.g someone benignly hitting reload a bunch of times and thus creating multiple GET requests, applications should enqueue task messages which a limited number of workers retrieve from a (durable) FIFO or priority queue and update the status of.

Websockets may or may not scale better than long-polling for streaming stdout to a client.

Interesting and really informative! Thanks for sharing!
nginx is not for CGI that's why no result showed. CGI was popular at 1990-early 2000. Even apm(apache php mysql) relied on CGI between apache and php.
When using Apache, PHP was mostly commonly deployed as an Apache module (mod_php.) Almost nobody ran it as CGI unless they had no other choice. mod_php felt very, very fast compared to alternatives.

I remember doing "custom compiles" for a number of local early web host / Internet providers because their admins didn't want to build C code.

Thank you for the kind words! The general consensus on the article is "why don't you just use CGI", and suppose you guys are right. I just didn't find CGI to be in an option in the searching that I did. I'm surprised too, looking back now tbh.
Recreate same thing without knowing cgi is awesome.
this is just cgi right. you don't need lua
Why are you recreate CGI? over nginx?
STDIN/STDOUT and header at environment variables is definitely CGI.
What could possibly go wrong?
This is awesome! Thanks for sharing it. I, too, have unintentionally recreated existing technologies (a unix util, pass, in my case).

I recently built something similar with node + bash scripts. Node basically just verifies the webhook, runs a bash script, on failure it rolls back and emails me.