How to use Ruby CGI scripts on Uberspace

Question

I want to use Ruby CGI scripts on an Uberspace 7, but ran into several issues with permissions and security settings, in particular when using gems. How do I install CGI scripts with custom gems?

Answer 1

First, note that Uberspace 7 runs on SELinux. This means that CGI script files in ~/html/ not only have to be executable but also need the correct SELinux context. In this case, the type must be httpd_sys_content_t.

You can view the SELinux context with ls -lZ:

$ ls -Z file1
-rw-rw-r--  user1 group1 unconfined_u:object_r:user_home_t:s0 file1

If some files have the wrong context, the context can be restored with the restorecon command, e.g. restorecon -R ~/html/.

The user installation directory for Ruby gems is ~/.gem/. On Uberspace, gem install installs into that directory by default:

$ cat /etc/gemrc
gem: --no-document --user-install

As the home directory cannot be accessed by the apache process, gems installed there cannot be executed from CGI scripts. You can install gems in /var/www/virtual/$USER/gem instead, create the directory with

$ mkdir /var/www/virtual/$USER/gem

You cannot use the --install-dir parameter for gem install directly as this conflicts with the default parameters mentioned above:

$ gem install mygem --install-dir /var/www/virtual/$USER/gem
ERROR:  Use --install-dir or --user-install but not both

Instead, create ~/.gemrc with the following content to override the default parameters (replace <USERNAME> with your actual user name):

gem: --install-dir /var/www/virtual/<USERNAME>/gem

Now the installation of gems should work:

$ gem install mygem

To use the gems in CGI scripts, set the Gem.paths variable before requiring gems:

#!/usr/bin/ruby

Gem.paths = { 'GEM_PATH' => '/var/www/virtual/<USERNAME>/gem' }

require 'mygem'

(... rest of the script)

This is needed as we cannot modify the environment variables (i.e. set GEM_PATH) for the apache process.