
Show HN: Neh – Execute any script or program from Nginx location directives - oap_bram
https://bram.dingelstad.xyz/blog/introducing-neh/
======
cnorthwood
And we've come back round full circle from CGI scripts, although separating
out headers and body on different fds sounds neat

~~~
CodeWriter23
Many things we’ve dispensed with long ago seem to be forgotten and the younger
coders are learning for themselves the hard way. Aka the same way we did.

~~~
oap_bram
One of the things I'm wondering however: How popular is CGI if I don't find it
with the query "run script on nginx location directive".

~~~
westurner
Nginx probably somewhat-deliberately has FastCGI but not regular CGI for a
number of reasons.

CGI has process-per-request overhead.

CGI typically runs processes as the user the webserver is running as; said
processes can generally read and write to the unsandboxed address space of the
calling process (such as x.509 private certs).

Just about any app can be (D)DOS'd. That requires less resources with the
process-per-request overhead of CGI.

In order to prevent resource exhaustion due to e.g someone benignly hitting
reload a bunch of times and thus creating multiple GET requests, applications
should enqueue task messages which a limited number of workers retrieve from a
(durable) FIFO or priority queue and update the status of.

Websockets may or may not scale better than long-polling for streaming stdout
to a client.

~~~
oap_bram
Interesting and really informative! Thanks for sharing!

------
h43z
"When I searched the first time, most of the answers that I found revolved
around using things like “FastCGI with PHP” . I wasn’t gonna use PHP to call a
bash script, that would be overdoing it probably."

FYI. You don't have to use PHP to make use of FastCGI. You can simply use
something like fcgiwrap (apt-installable on debian) and use it in Nginx.

------
maallooc
I want to scream out: Why the f would you want to do that?

~~~
dillonmckay
Deploy script triggered from a third party webhook?

~~~
donatj
Blatant self promotion, I built a server in Go to do exactly this with GitHub
webhooks... I make very extensive use of it.

[https://github.com/donatj/hookah](https://github.com/donatj/hookah)

------
ficklepickle
This is awesome! Thanks for sharing it. I, too, have unintentionally recreated
existing technologies (a unix util, pass, in my case).

I recently built something similar with node + bash scripts. Node basically
just verifies the webhook, runs a bash script, on failure it rolls back and
emails me.

------
minhoryang
Why are you recreate CGI? over nginx?

~~~
minhoryang
STDIN/STDOUT and header at environment variables is definitely CGI.

------
VWWHFSfQ
this is just cgi right. you don't need lua

------
tinus_hn
What could possibly go wrong?

------
dylz
Another curl | bash installer that is not even tied to a commit :(

~~~
oap_bram
Good point, I'll also try to move it into a git tag like the comment down here
also suggests!

~~~
dylz
Thanks! I'm really not a fan of the trope of piping stuff directly into
running it as root for obvious reasons.

Have you seen zerotier (the software)'s idea too? They ask you to import a GPG
key and verify it before chaining it into a |sh or |bash.

