Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.
You can spawn FastCGI processes using a dispatcher script or using spawn-fcgi utility, which is used to spawn remote FastCGI processes. spawn-fcgi included with lighttpd web server. You can grab source code from lighttpd.net or simply install it using lighttpd as follows (you need EPEL repo enabled under RHEL / CentOS / Fedora Linux):
# yum install lighttpd-fastcgi
# cp /usr/bin/spawn-fcgi /tmp
# yum remove lighttpd-fastcgi
# mv /tmp/spawn-fcgi /usr/bin/spawn-fcgi
lighttpd-fastcgi is FastCGI module and spawning helper for lighttpd and PHP configuration.
How do spawning php as TCP/IP remote app?
Use /usr/bin/spawn-fcgi as follows, enter:
# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache
You can also jail php, using following syntax (make sure /var/run/ and /usr/bin/php-cgi exists inside jail directory):
# /usr/bin/spawn-fcgi -c /httpdjail -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache -- /usr/bin/php-cgi
- -f /usr/bin/php-cgi: Filename of the fcgi-application
- -a 192.168.1.10 : Bind to ip address
- -p 9000 : Bind to tcp-port
- -P /var/run/php-cgi.fastcgi.pid: Name of PID-file for spawed process
- -c /httpdjail : Chroot to directory (security feature)
- -u apache : Change to user-id (security feature - drop root user privileges to apache user)
- -g apache : Change to group-id (security feature - drop root group privileges to apache group)
Configure Apache 2 mod_fastcgi connect to external PHP fcgi application
Above command will run php fcgi on 192.168.1.10:9000. Here is our sample setup:
- 192.168.1.10 port 9000 : PHP FastCGI server
- 192.168.1.11 port 9000 : Python or Ruby on rails cgi process
- 18.104.22.168 port 80 : Apache 2 running mod_fastcgi (DocumentRoot set to /webroot/http)
Open your httpd.conf on 22.214.171.124, enter:
# vi /etc/httpd/conf/httpd.conf
Locate your domain VirtualHost configuration and append following two directives:
AddHandler php5-fastcgi .php FastCgiExternalServer /webroot/http -host 192.168.1.10:9000
Here is complete snippet from one my box:
<VirtualHost nixcraft.com:80> ServerAdmin firstname.lastname@example.org DocumentRoot /webroot/http ServerName nixcraft.com ErrorLog logs/nixcraft.com-error_log CustomLog logs/nixcraft.com-access_log common AddHandler php5-fastcgi .php FastCgiExternalServer /webroot/http -host 192.168.1.10:9000 </VirtualHost>
Save and close the file. Restart httpd:
# service httpd restart
Make sure iptables is configured to allow communication between public and private fastcgi server.
How do I configure PHP FastCGI via UNIX sockets?
UNIX sockets are faster as compare to TCP/IP sockets. However, they do not support remote spawning. Create /tmp/php.socket as follows:
# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -s /tmp/php.socket -u apache -g apache
Add following configuration to your httpd.conf virtual host:
AddHandler php5-fastcgi .php FastCgiExternalServer /webroot/http -socket /tmp/php.socket
Save and close the file. Restart httpd, type:
# service httpd restart
mod_fastcgi has lots of other options. Please refer to Apache and mod_fastcgi documentation for further information.
A note about mod_fastcgi limitation
You can not load balance between multiple php backend. You need to use lighttpd or nginx or other reverse proxy software.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop