use cgi dir for better security

[iankelling.org] / setup.sh

diff --git a/setup.sh b/setup.sh
index 3230bba9fca6b75796a7bc5337473f3a42218965..66953c5b38da72a0605117976f1456b3eb0be21b 100755 (executable)
--- a/setup.sh
+++ b/setup.sh
@@ -20,7 +20,8 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-cd "${BASH_SOURCE%/*}"
+script_dir=$(readlink -f "${BASH_SOURCE%/*}")
+cd "$script_dir"
 
 domain=${1:-iankelling.org} # use argument for testing site
 gitroot=/a/bin/githtml
@@ -91,6 +92,11 @@ apache-site - $domain <<EOF
   AddHandler cgi-script .py
 </Directory>
 
+<Directory "/var/www/$domain/html/cgi">
+  Options +ExecCGI
+  SetHandler cgi-script
+</Directory>
+
 # redirect some old paths when I was using jekyll.
 Redirect permanent /10-14-2014/On2-vote-results.html /blog/on2-vote-results.html
 Redirect permanent /09-29-2014/say-On2.html /blog/say-on2.html
@@ -178,4 +184,5 @@ gitweb_descriptions() {
 
 gitweb_descriptions
 
-./build.rb
+$script_dir/build.rb
+s lnf -T $script_dir/_site /var/www/$domain/html