Lighttpd run php from different host using mod_proxy / mod_fastcgi

Posted on in Categories High performance computing, Howto, lighttpd, Linux, UNIX last updated July 10, 2007

Lighttpd allows you to run php from different hosts. This is quite useful:

a] If you want to run php 4 locally and php 5 from remote host
b] Load balancing dynamic content
c] Added layer for security for chrooted jails etc

If you would like to run wikipedia / sf.net like site, you can use this technique. You can use mod_proxy or standard mod_fastcgi for this purpose.

How it works?

You need to use spawn-fcgi binary that spawns fastcgi processes. With spawn-fcgi you can bind php to particular port or unix-domain socket (little fast as compare to tcp port). It will take off some load from the webserver you have to control the FastCGI process by a external program like spawn-fcgi.

For example following command uses unix-domain to launch fastcgi process:
spawn-fcgi -s /tmp/php-fastcgi.sock -f /usr/bin/php-cgi -u lighttpd -g lighttpd -C 5 -P /var/run/spawn-fcgi.pid

This one bind itself to TCP port 8081
spawn-fcgi -p 8081 -a 192.168.1.10 -f /usr/bin/php-cgi -u lighttpd -g lighttpd -C 5 -P /var/run/spawn-fcgi-1.pid

Where,

  • -f {fcgiapp} filename of the fcgi-application, e.g php – /usr/bin/php-cgi
  • -a {addr} : bind to ip address
  • -p {port} : bind to tcp-port
  • -s {path} : bind to unix-domain socket
  • -C {childs} : (PHP only) numbers of childs to spawn (default 5)
  • -P {path} : name of PID-file for spawed process, so that we can kill process later on
  • -n : no fork (for daemontools)
  • -c {dir} : chroot to directory
  • -u {user} : change to user-id
  • -g {group} : change to group-id

Using mod_proxy / mod_fastcgi, we can process everything on 192.168.1.10 or cluster of php servers:

Web server <----> php-request <----> PHP listing on 192.168.1.10:8080 

A php / ruby / java app cluster server:

Web server <----> php-request <----> // PHP listing on 192.168.1.10:8080
                              // PHP listing on 192.168.1.11:8080
                             // PHP listing on 192.168.1.12:8080 

Task: Run php from 192.168.1.10 and 8081 port

Make sure you copy spawn-fcgi file to 192.168.1.10, now enter following command:
# spawn-fcgi -p 8081 -a 192.168.1.10 -f /usr/bin/php-cgi -u lighttpd -g lighttpd -C 10 -P /var/run/spawn-fcgi.pid
Make sure firewall is not blocking access to 192.168.1.10:8081

Now open ligttpd.conf on other host and enter mod_fastcgi as config as follows:

fastcgi.server = ( ".php" =>
   ((
       "host" => "192.168.1.10",
       "port" => 8081
   ))
)

Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart

You can use mod_proxy configuration as follows, if one of the hosts goes down the all requests for this one server are moved equally to the other servers.

$HTTP["host"] == "www.myweb2.0.com" {
  proxy.balance = "hash"
  proxy.server  = ( "" => ( ( "host" => "192.168.1.5","port" => 8080  ),
                            ( "host" => "192.168.1.6" ,"port" => 8080),
                            ( "host" => "192.168.1.7" ,"port" => 8080),
                            ( "host" => "192.168.1.8" ,"port" => 8080),
                            ( "host" => "192.168.1.9" ,"port" => 8080) ) )
}

This is just an introduction, feel free to explore mod_proxy documentation for more information.

Lighttpd restrict or deny access by IP address

Posted on in Categories Howto, lighttpd, Linux, News, Security, UNIX last updated December 12, 2006
Lighttpd logo

So how do you restrict or deny access by IP address using Lighttpd web server?

Lighttpd has mod_access module. The access module is used to deny access to files with given trailing path names. You need to combine this with remoteip conditional configuration. Syntax is as follows:

$HTTP[“remoteip”] == “IP” : Match on the remote IP
$HTTP[“remoteip”] !~ “IP1|IP2” : Do not match on the remote IP (perl style regular expression not match)
$HTTP[“remoteip”] =~ “IP1|IP2” : Match on the remote IP (perl style regular expression match)

Task: Match on the remote IP

For example block access to http://theos.in/stats/ url if IP address is NOT 192.168.1.5 and 192.168.1.10 (restrict access to these 2 IPs only):

Open /etc/lighttpd/lighttpd.conf file
# vi /etc/lighttpd/lighttpd.conf
Append following configuration directive:

$HTTP["remoteip"] !~ "200.19.1.5|210.45.2.7" {
    $HTTP["url"] =~ "^/stats/" {
      url.access-deny = ( "" )
    }
 }

Save and restart lighttpd:
# /etc/init.d/lighttpd restart

Task: Block single remote IP

Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] == "202.54.1.1" {
       url.access-deny = ( "" )
  }

Do not allow IP address 202.54.1.1,202.54.2.5 to access our site:
Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] =~ "202.54.1.1|202.54.2.5" {
       url.access-deny = ( "" )
  }

See also

=> Lighttpd deny access to certain files

Red Hat enterprise Linux Install lighttpd and Fastcgi PHP

Posted on in Categories Howto, lighttpd, RedHat/Fedora Linux last updated October 2, 2006
Lighttpd logo

I have received many queries regarding how to configure and install Lighttpd web server under Red Hat Enterprise Linux version 4.0. Mark asks:

RHEL 64 bit v4.0 does not support PHP as FastCGI. Lighttpd is not available from RHN (up2date command). How do I configure and install lighttpd with FastCGI?

Ok let me answer these questions and other queries systematically. I have installed Lighttpd under both RHEL v4.0 32/64 bit version couple of times. In all cases, you need to compile both PHP and Lightttpd. Do not worry steps are quite easy.

Install and configure Lighttpd under RHEL

RedHat Linux use RHN to provide stable version of all software(s) including PHP/Apache and for some weird reasons it does not come with lighttpd web server. However, I have tested RHEL v.5.0 (beta) which comes with lots of goodies such as caching software, fastcgi etc.

Step #1: Install and configure Lighttpd under RHEL 64 bit v4.0

First, you need to remove installed PHP version. Use rpm -qa | grep php command to find out list of all installed PHP rpm files:
# rpm -qa | grep phpRemove all PHP files:# rpm -e php php-devel php-imap php-ldap php-pear

Step #2: Download lighttpd source code

There is no official RPM file available from Red Hat itself for 64/32 bit version. You can download and compile Lighttpd as follows:
# wget http://lighttpd.net/download/lighttpd-1.4.16.tar.gz
# tar -zxvf lighttpd-1.4.16.tar.gz
# cd lighttpd-1.4.16

Step #3: Compile and install lighttpd:

Following commands will compile lighttpd with OpenSSL support. First, configure lighttpd:
# ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-openssl

Now compile lighttpd
# make

Install lighttpd:
# make install

Step #4: Build PHP RPM as FastCGI

Now recompile PHP and build PHP RPM as FastCGI. Download PHP SRPM from official Red Hat Site or use following command to download PHP source RPM (recommended):
# cd /opt
# up2date -d --src php

Now install downloaded source RPM file:
# rpm -ivh php-4.3.9-3.1.src.rpm

First, install all necessary development libraries:
# up2date aspell-devel libjpeg-devel libpng-devel libc-client-devel mysql-devel postgresql-devel unixODBC-devel net-snmp-devel elfutils-devel libxslt-devel freetype-devel

Open php rpm configuration file:
# cd /usr/src/redhat/SPECS/
Open php.spec file:
# vi php.spec
Find out line, which read as follows:
--enable-force-cgi-redirect

Before that line add:
--enable-fastcgi \
Save and close the file.

Compile and build RPM file:
# rpmbuild -bb php.spec

Now install all newly rebuild RPM files. Go to /usr/src/redhat/RPMS/x86_64 directory, where all newly build RPMs are stored:
# cd /usr/src/redhat/RPMS/x86_64
# rpm -ivh php-4.3.9-3.18.x86_64.rpm php-gd-4.3.9-3.18.x86_64.rpm php-imap-4.3.9-3.18.x86_64.rpm php-mysql-4.3.9-3.18.x86_64.rpm php-mbstring-4.3.9-3.18.x86_64.rpm php-pear-4.3.9-3.18.x86_64.rpm

Make sure php is installed with fastcgi:
# php -vOutput:

PHP 4.3.9 (cgi-fcgi) (built: Oct  2 2006 15:31:07)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

If you do not have development environment installed or if you are too lazy to compile download AMD x86_64 RPM files. Please note that these files are provided as it is.

Basic Lighttpd configuration

a) Add a lighttpd user
# adduser -s /sbin/nologin lighttpd

b) Create a lighttpd.conf file
# mkdir /etc/lighttpd
# cd /etc/lighttpd
# vi lighttpd.conf
Add following config code:
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_auth",
"mod_status",
"mod_fastcgi",
"mod_cgi",
"mod_compress",
"mod_accesslog" )
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
mimetype.assign = (
".rpm" => "application/x-rpm",
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar"
)
########## BASE CONFIG - EDIT BELOW #########################
server.tag = "lighttpd (RedHat)"
accesslog.filename = "/var/log/lighttpd/access_log"
server.errorlog = "/var/log/lighttpd/error_log"
server.document-root = "/var/www/html/"
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.port = 80
server.bind = "202.54.xxx.xxx"
server.error-handler-404 = "/errorr404.php"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
compress.cache-dir = "/tmp/lighttpd/cache/compress/"
compress.filetype = ("text/plain", "text/html")
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/bin/php",
"max-procs" => 2,
)
)
)

c) Create a lighttpd sysconfig file:
# vi /etc/sysconfig/lighttpd
Add following line:
LIGHTTPD_CONF_PATH=/etc/lighttpd/lighttpd.conf
Save and close the file.

d) Create a lighttpd startup file (init.d script)
# vi /etc/init.d/lighttpd
Append following line:
#!/bin/sh
#
# lighttpd Startup script for the lighttpd server
#
# chkconfig: - 85 15
# description: Lighttpd web server
#
# processname: lighttpd
# config: /etc/lighttpd/lighttpd.conf
# config: /etc/sysconfig/lighttpd
# pidfile: /var/run/lighttpd.pid
#
# Source function library
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/lighttpd ]; then
. /etc/sysconfig/lighttpd
fi
if [ -z "$LIGHTTPD_CONF_PATH" ]; then
LIGHTTPD_CONF_PATH="/etc/lighttpd/lighttpd.conf"
fi
prog="lighttpd"
lighttpd="/usr/sbin/lighttpd"
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon $lighttpd -f $LIGHTTPD_CONF_PATH
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $lighttpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
reload() {
echo -n $"Reloading $prog: "
killproc $lighttpd -HUP
RETVAL=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
reload)
reload;;
status)
status $lighttpd
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
RETVAL=1
esac
exit $RETVAL

Save and close the file.

e) Create necessary directories and set correct permissions:
# mkdir -p /var/log/lighttpd
# mkdir -p /tmp/lighttpd/cache/compress/
# chown lighttpd:lighttpd /var/log/lighttpd
# chown lighttpd:lighttpd /tmp/lighttpd/cache/compress/

f) Start the lighttpd, but first stop Apache if running:
# chkconfig httpd off
# /etc/init.d/httpd stop
# chkconfig --add lighttpd
# chkconfig lighttpd on
# /etc/init.d/lighttpd start

Verify that Lighttpd is running:
# netstat -tulpn | grep :80

Update: See how to use lighttpd and FastCGI configuration under RHEL 5.0 / CentOS 5.0.

Howto: Performance Benchmarks a Webserver

Posted on in Categories Apache, FreeBSD, Howto, lighttpd, Linux, Networking, Troubleshooting, UNIX, Windows server last updated June 9, 2006

You can benchmark Apache, IIS and other web server with apache benchmarking tool called ab. Recently I was asked to performance benchmarks for different web servers.

It is true that benchmarking a web server is not an easy task. From how to benchmark a web server:

First, benchmarking a web server is not an easy thing. To benchmark a web server the time it will take to give a page is not important: you don’t care if a user can have his page in 0.1 ms or in 0.05 ms as nobody can have such delays on the Internet.

What is important is the average time it will take when you have a maximum number of users on your site simultaneously. Another important thing is how much more time it will take when there are 2 times more users: a server that take 2 times more for 2 times more users is better than another that take 4 times more for the same amount of users.”

Here are few tips to carry out procedure along with an example:
Continue reading “Howto: Performance Benchmarks a Webserver”