Apache 2.4 mod_scgi how to install

Fedora 38 has apache 2.4 mod_scgi?
I’m not be able to find and install mod_scgi on F38 using standard repository. (no copr)
Is that module not present?

best regards,
Leonardo

P.S. I’m on F38 server on rpi4

It says the upstream codebase has been “dead” for 11 years: Overview - rpms/mod_scgi - src.fedoraproject.org

Thank you @glb
I use as workaround this
ProxyPass "/BackupPC_Admin" "scgi://127.0.0.1:10268/"
by previous:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so

and that conf is working.

Apache is running on user and group apache
but apache have to run BackupPC_Admin as backuppc user … so
ls -l BackupPC_Admin

-rwr-x—. 1 backuppc apache 200680 18 gen 2023 BackupPC_Admin

to execute BackupPC_Admin as backuppc user I use:
sudo chmod u+s BackupPC_Admin

And it work, but anyone know if there is security problem on my chmod or there is a better way to accomplish the same goal?

best regards,
Leonardo

If backuppc has a default group, it might be slightly more reliable to add apache to that group than relying on the sticky bit.

If you are going to use the sticky bit and if that BackupPC_Admin directory has subdirectories, then you might need to use sudo find BackupPC_Admin -type d -exec chmod u+s "{}" \; to apply that sticky ownership to the subdirectories as well.

Sharing your backup files over HTTP (or any protocol really) comes with risks. Be sure you have your firewall configured so that only the systems you want to be able to access those files can do so.

Thank you @glb,
(The backup is on lan not open to internet.)

BackupPC_Admin is an executable starting by apache using scgi.
This executable must run by user backupc to let BackupPC backup system work.

BackupPC_Admin is owned by backuppc so setting suid on it, when is start by apache user, make BackupPC_Admin go in execution by backuppc user.

At this moment this is the only solution I have fonund using apache 2.4
Change User and Group directive in apache change user for all apache applicathion …
(mpm_itk is gone I think)

DRTL:
I not understand if you means to use the group way as an alternative to suid so I have tray a test:

I put apache user on backuppc group then

$ sudo -u apache -s #bring me on user apache shell
$ id

give me

uid=48(apache) gid=48(apache) gruppi=48(apache),125(backuppc)

If I run BackupPC_Admin from prompt is quite normal that go in error but I can see the user execute it:

This command below execute BackupPC_Admin and pipe it to lsof that show all open file and BackupPC_Admin is not close because is pipong to it

$ /usr/libexec/BackupPC/BackupPC_Admin | lsof | grep BackupPC

This is the output:

BackupPC_ 2505 backuppc cwd unknown /proc/2505/cwd (readlink: Permission denied)
BackupPC_ 2505 backuppc rtd unknown /proc/2505/root (readlink: Permission denied)
BackupPC_ 2505 backuppc txt unknown /proc/2505/exe (readlink: Permission denied)
BackupPC_ 2505 backuppc NOFD /proc/2505/fd (opendir: Permission denied)

It show the ececution by backuppc.

then I do the same but after I remove suid on BackupPC_Admin:

$ /usr/libexec/BackupPC/BackupPC_Admin | lsof | grep BackupPC

BackupPC_ 2512 apache 3r REG 253,0 3971 10099825 /usr/share/BackupPC/sbin/BackupPC_Admin
BackupPC_ 2512 apache 4r REG 253,0 125830 649949 /usr/share/perl5/vendor_perl/CGI.pm

The errors is not important. Is usefull notice the process owner: setting suid is backuppc removing suid is apache so put user apache in backuppc group not is a solution.

So the suid is the only solution I have found using apache 2.4.

A alternative solution can be to switch away from apache an go to nginx

best regards,
Leonardo