Git Product home page Git Product logo

nginxexecute's Introduction

NginxExecute

Introduction

The NginxExecute module executes the shell command through GET and POST to display the result.

Configuration example:

location ... {
            ......
            command on;
        }
    worker_processes  2;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
            location / {
                root   html;
                index  index.html index.htm;
                command on;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }

Usage: view-source:http://192.168.18.22/?system.run[command] or curl -g "http://192.168.18.22/?system.run[command]" The command can be any system command. The command you will want to use depends on the permissions that nginx runs with.

view-source:http://192.168.18.22/?system.run[ifconfig]

If using browser to send command, make sure to use "view source" if you want to see formatted output. Alternatively, you can also use some tools such as Postman, Fiddler.

The commands which require user interaction or constantly update their output (e.g. top) will not run properly, so do not file a bug for this.

Demo

Pump Demo Video

Installation

CentOS 7 and official Nginx stable

Simply install the official stable Nginx and extras YUM repository and you don't need to worry about compiling anything.

yum install http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install https://extras.getpagespeed.com/redhat/7/noarch/RPMS/getpagespeed-extras-7-0.el7.gps.noarch.rpm
yum install nginx nginx-module-execute

Add to your nginx.conf :

load_module modules/ngx_http_execute_module.so;

Other platforms. Option #1: Compile Nginx with module bundled

cd nginx-**version**
./configure --add-module=/path/to/this/NginxExecute
make
make install

Other platforms. Option #2: Compile dynamic module for Nginx

Starting from NGINX 1.9.11, you can also compile this module as a dynamic module, by using the --add-dynamic-module=PATH option instead of --add-module=PATH on the ./configure command line above. And then you can explicitly load the module in your nginx.conf via the load_module directive, for example,

    load_module /path/to/modules/ngx_http_execute_module.so;

This module is compatible with following nginx releases:

Author Gandalf [email protected]

nginxexecute's People

Contributors

dvershinin avatar limithit avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

zhangwin rekgrpth unsigned- leonluffy tigerjibo w796933 doytsujin mygit2014 kenser octaroot fdlucifer pei-jikui webstorage119 hackerderek ngx-archive wyzmgmdg a1vinsmith 5l1v3r1

nginxexecute's Issues

post to command stdin

How about to post to command stdin?
for example

curl -d "hello" "http://www.server.com/command?system.run[echo]"

yilds

hello

Testing issues

I've installed the dynamic module and my results have some issues.

Test 1: https://test.getpagespeed.com/?system.run[w]

Result (OK):

19:29:08 up 36 days,  5:13,  2 users,  load average: 0.01, 0.02, 0.02
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
builder  pts/0    93.124.93.22     17:18    1:54m  0.01s  0.01s -bash
danila   pts/1    93.124.93.22     18:55   26.00s  0.19s  0.00s sshd: danila [priv]

Test 2: https://test.getpagespeed.com/?system.run[ifconfig]

Result (Error - I get the site can't be reached error in browser, no HTTP status code). In error log (debug level) I get:

2017/04/17 19:50:01 [alert] 24208#24208: *1158 zero size buf in writer t:0 r:0 f:0 0000000000000000 0000558395F2A210-0000558395F2A210 0000000000000000 0-0, client: 93.124.93.22, server: test.getpagespeed.com, request: "GET /?system.run[ifconfig] HTTP/2.0", host: "test.getpagespeed.com"

Test 3: https://test.getpagespeed.com/?system.run[uptime]

Result (Error, same as above)

2017/04/17 19:51:50 [alert] 24208#24208: *1158 zero size buf in writer t:0 r:0 f:0 0000000000000000 0000558395F2BD70-0000558395F2BD70 0000000000000000 0-0, client: 93.124.93.22, server: test.getpagespeed.com, request: "GET /?system.run[uptime] HTTP/2.0", host: "test.getpagespeed.com"

Test 4: https://test.getpagespeed.com/?system.run[ls%20/] (same as ls -l, url-encoded)

Result (Error, same as above)

2017/04/17 19:39:49 [alert] 23010#23010: *519 zero size buf in writer t:0 r:0 f:0 0000000000000000 0000558395F1F180-0000558395F1F180 0000000000000000 0-0, client: 93.124.93.22, server: test.getpagespeed.com, request: "GET /?system.run[ls%20/] HTTP/2.0", host: "test.getpagespeed.com"

Test 5: https://test.getpagespeed.com/?system.run[ls]

Interestingly, that one works :)

bin
boot
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var

So ideally:

  • If there's an error, return HTTP 500 error
  • see why ls works, but ls / doesn't, as well as other commands (that zero size buf in writer error)

not found

Nothing actually works everything is "not found"

OS : Ubuntu 18.10 (cosmic)

root@dope:/nginx/live# nginx -V
nginx version: nginx/1.15.9
built by gcc 8.2.0 (Ubuntu 8.2.0-7ubuntu1) 
built with OpenSSL 1.0.2n  7 Dec 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --sbin-path=/usr/sbin/nginx --conf-path=/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/nginx/logs/error.log --http-log-path=/nginx/logs/access.log --with-pcre --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module --with-ld-opt=-Wl,-rpath,/usr/local/lib/

i don't have debug mode on but there are no errors on my logs 😕

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.