≡ Menu

mod proxy

Lighttpd allows you to run php from different hosts. This is quite useful:

a] If you want to run php 4 locally and php 5 from remote host
b] Load balancing dynamic content
c] Added layer for security for chrooted jails etc

If you would like to run wikipedia / sf.net like site, you can use this technique. You can use mod_proxy or standard mod_fastcgi for this purpose.

How it works?

You need to use spawn-fcgi binary that spawns fastcgi processes. With spawn-fcgi you can bind php to particular port or unix-domain socket (little fast as compare to tcp port). It will take off some load from the webserver you have to control the FastCGI process by a external program like spawn-fcgi.

For example following command uses unix-domain to launch fastcgi process:
spawn-fcgi -s /tmp/php-fastcgi.sock -f /usr/bin/php-cgi -u lighttpd -g lighttpd -C 5 -P /var/run/spawn-fcgi.pid

This one bind itself to TCP port 8081
spawn-fcgi -p 8081 -a -f /usr/bin/php-cgi -u lighttpd -g lighttpd -C 5 -P /var/run/spawn-fcgi-1.pid


  • -f {fcgiapp} filename of the fcgi-application, e.g php - /usr/bin/php-cgi
  • -a {addr} : bind to ip address
  • -p {port} : bind to tcp-port
  • -s {path} : bind to unix-domain socket
  • -C {childs} : (PHP only) numbers of childs to spawn (default 5)
  • -P {path} : name of PID-file for spawed process, so that we can kill process later on
  • -n : no fork (for daemontools)
  • -c {dir} : chroot to directory
  • -u {user} : change to user-id
  • -g {group} : change to group-id

Using mod_proxy / mod_fastcgi, we can process everything on or cluster of php servers:

Web server <----> php-request <----> PHP listing on 

A php / ruby / java app cluster server:

Web server <----> php-request <----> // PHP listing on
                              // PHP listing on
                             // PHP listing on 

Task: Run php from and 8081 port

Make sure you copy spawn-fcgi file to, now enter following command:
# spawn-fcgi -p 8081 -a -f /usr/bin/php-cgi -u lighttpd -g lighttpd -C 10 -P /var/run/spawn-fcgi.pid
Make sure firewall is not blocking access to

Now open ligttpd.conf on other host and enter mod_fastcgi as config as follows:

fastcgi.server = ( ".php" =>
       "host" => "",
       "port" => 8081

Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart

You can use mod_proxy configuration as follows, if one of the hosts goes down the all requests for this one server are moved equally to the other servers.

$HTTP["host"] == "www.myweb2.0.com" {
  proxy.balance = "hash"
  proxy.server  = ( "" => ( ( "host" => "","port" => 8080  ),
                            ( "host" => "" ,"port" => 8080),
                            ( "host" => "" ,"port" => 8080),
                            ( "host" => "" ,"port" => 8080),
                            ( "host" => "" ,"port" => 8080) ) )

This is just an introduction, feel free to explore mod_proxy documentation for more information.

Adarsh asks:

Can someone steal my PHP code or program without hacking my Linux box? Can someone snoop script over plain HTTP session?

Short answer is no. PHP is server side thingy.

However a misconfigured webserver can easily give out php file to all end users. You need to make sure that mod_php / mod_fastcgi loaded and correct MIME type is setup. To avoid such problem always test your server before moving to production environment. Most Linux distro configures both Apache and PHP out of box.

How do I stop downloading php source code?

The first step should be stopping a webserver.
# /etc/init.d/httpd stop
# /etc/init.d/lighttpd stop

If you are using Lighttpd...

Next bind webserver to for testing purpose. Open lighttpd websever config file and bind server address to
# vi /etc/lighttpd/lighttpd.conf
Bind to localhost/
server.bind = ""
Start lighttpd:
# /etc/init.d/lighttpd start
Now follow these instructions to configure php as fastcgi module. Now test your configuration using url PHP should work on server. If not working, refer to server log file.

If you are using Apache...

Open httpd.conf file and bind apache to
# vi httpd.conf
The Listen directive instructs Apache to listen to more than one IP address or port; by default it responds to requests on all IP interfaces, but only on the port given by the Port directive.
Start apache:
# /etc/init.d/httpd start
Now make sure php is installed use apt-get or rpm command to verify the same:
# rpm -qa | grep -i php
# dpkg --list | grep -i php
If PHP is not installed just follow these instructions to install PHP. Next make sure httpd.conf or php.conf has following directives:
LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php

Note: the path may differ in your setup. Now restart httpd:
# /etc/init.d/httpd restart
A sample php code:

<?php   phpinfo(); ?>

Finally when php started to work properly, make sure you bind back a server IP address from to public IP address.

Another option is keep your source code out of webroot and server all php requests from php application server using mod_proxy and multiple back-end servers.