Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.
Required utilities
You can spawn FastCGI processes using a dispatcher script or using spawn-fcgi utility, which is used to spawn remote FastCGI processes. spawn-fcgi included with lighttpd web server. You can grab source code from lighttpd.net or simply install it using lighttpd as follows (you need EPEL repo enabled under RHEL / CentOS / Fedora Linux):
# yum install lighttpd-fastcgi
# cp /usr/bin/spawn-fcgi /tmp
# yum remove lighttpd-fastcgi
# mv /tmp/spawn-fcgi /usr/bin/spawn-fcgi
lighttpd-fastcgi is FastCGI module and spawning helper for lighttpd and PHP configuration.
How do spawning php as TCP/IP remote app?
Use /usr/bin/spawn-fcgi as follows, enter:
# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache
You can also jail php, using following syntax (make sure /var/run/ and /usr/bin/php-cgi exists inside jail directory):
# /usr/bin/spawn-fcgi -c /httpdjail -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache -- /usr/bin/php-cgi
Where,
- -f /usr/bin/php-cgi: Filename of the fcgi-application
- -a 192.168.1.10 : Bind to ip address
- -p 9000 : Bind to tcp-port
- -P /var/run/php-cgi.fastcgi.pid: Name of PID-file for spawed process
- -c /httpdjail : Chroot to directory (security feature)
- -u apache : Change to user-id (security feature - drop root user privileges to apache user)
- -g apache : Change to group-id (security feature - drop root group privileges to apache group)
Configure Apache 2 mod_fastcgi connect to external PHP fcgi application
Above command will run php fcgi on 192.168.1.10:9000. Here is our sample setup:
- 192.168.1.10 port 9000 : PHP FastCGI server
- 192.168.1.11 port 9000 : Python or Ruby on rails cgi process
- 202.54.1.20 port 80 : Apache 2 running mod_fastcgi (DocumentRoot set to /webroot/http)
Open your httpd.conf on 202.54.1.20, enter:
# vi /etc/httpd/conf/httpd.conf
Locate your domain VirtualHost configuration and append following two directives:
AddHandler php5-fastcgi .php FastCgiExternalServer /webroot/http -host 192.168.1.10:9000
Here is complete snippet from one my box:
<VirtualHost nixcraft.com:80> ServerAdmin webmaster@nixcraft.com DocumentRoot /webroot/http ServerName nixcraft.com ErrorLog logs/nixcraft.com-error_log CustomLog logs/nixcraft.com-access_log common AddHandler php5-fastcgi .php FastCgiExternalServer /webroot/http -host 192.168.1.10:9000 </VirtualHost>
Save and close the file. Restart httpd:
# service httpd restart
Make sure iptables is configured to allow communication between public and private fastcgi server.
How do I configure PHP FastCGI via UNIX sockets?
UNIX sockets are faster as compare to TCP/IP sockets. However, they do not support remote spawning. Create /tmp/php.socket as follows:
# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -s /tmp/php.socket -u apache -g apache
Add following configuration to your httpd.conf virtual host:
AddHandler php5-fastcgi .php FastCgiExternalServer /webroot/http -socket /tmp/php.socket
Save and close the file. Restart httpd, type:
# service httpd restart
mod_fastcgi has lots of other options. Please refer to Apache and mod_fastcgi documentation for further information.
A note about mod_fastcgi limitation
You can not load balance between multiple php backend. You need to use lighttpd or nginx or other reverse proxy software.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 8 comments… read them below or add one }
thank you
I tried this, and it worked perfectly for pages that exist. However, DirectoryIndex no longer functions, so type a url like http://example.com/foo/ no longer serves the page at http://example.com/foo/index.php !
Any idea why?
Do you have DirectoryIndex configured?
Yes; if I take out the FastCgiExternalServer line, I get my php (source) displayed automatically (i.e., I hit http://example.com and I get http://example.com/index.php's source)
Thanks, needed this!
This is possible also with mod_proxy ;D
Hello,
when i use fastcgi i have problems with the DirectoryIndex. For example, when i has activated fastcgi and go on my website i become 404, only when i give direct the index,php. When i delete the fastcgi Support in Apache then all running well. Has someone the same problem and find a way to fix it?
Regards
Silvio
i do too, wanted to know the answer for that as i’m also experiencing same issue.
also (if that helps) here is another weird part…
i don tknow when I go to foo.bar/php instead of index I get “No input file specified.” in my browser.
curl’s headers:
HTTP/1.1 404 Not Found
Date: Fri, 24 Feb 2012 23:04:00 GMT
Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 mod_python/3.3.1 Python/2.7.2 mod_fastcgi/2.4.6
X-Powered-By: PHP/5.3.8
Content-Type: text/html