fastCGI

Rafnews raf.news at gmail.com
Fri Jun 14 12:33:48 UTC 2013 

On 14.06.2013 13:29, Reindl Harald wrote:
>
> Am 14.06.2013 13:21, schrieb Rafnews:
>> On 14.06.2013 13:18, Reindl Harald wrote:
>>> Am 14.06.2013 12:35, schrieb Rafnews:
>>>> however using my standard fedora user account, Ii still can not edit/remove/move
>>>> files/folders owned by apache user account. while searching on internet i discovered
>>>> that fastCGI should allow me (using my fedora user account) to do such thing, even
>>>> if files/folders are owned by apache user account
>>> this has *nothing* to with mod_php oder fastcgi
>>> the permissions are how they are
>>>
>>> * man setfacl
>>> * man chown
>>> * man chgrp
>>> * man chmod
>>>
>>> and by the way - the apache user should *not* own the files because
>>> typically a webserver should not be able to rewrite his content
>>> files in case of a security breach
>>>
>> 2 of our webserver hosting companies told us that if we want to have files own
>> by some other user account than apache, it is needed to have fastCGI..if not,
>> than we need suPHP or suExec.
> fire the company if they said this really in this way
>
> CGI is needed instead mod_php to have own processes which is
> the base for suPHP and suExec but that has *nothing* to do with
> your problem above on your local test-setup which would be solved
> with the right permissions / ACL's
>
>> However it has been told that FastCGI provide also a performance
>> increase so, we would like to reach it also :)
> ok, fire them really
>
> it is impossible that the webserver speaking via CGI/FCGI with a standalone PHP
> binary is faster than having PHP inside the httpd process and this sounds like
> a typical "webserver hosting company" knowing zero to nothing
>
>
>
>
>
So to clear the statement:

Goal:
i'm trying to create at home a webserver for testing purposes, having 
the same behavior as webhosting companies offers.
the purpose behind that it's to have a representative environment when 
testing to not have particular "surprises" with web application i 
developed when migrating them to production servers.

Situation:
i installed on Fedora 18 a webserver where i need:
- FastCGI
- to use my standard fedora user account (let's say "rafnews") to 
edit/move/delete files/folder in my webroot /var/www/html folders, where 
files have 644 as permissions and folders : 705.

for now, all files/folders have correct permissions but owner is 
apache:apache

1. FastCGI settings:
my webserver was running (on PHP 5.4, _not php-fpm_) correctly using the 
standard Apache 2.4 handler, now i'm trying to make use of FastCGI bit 
without success.
Here is my php.conf file setting from apache 2.4.4:

    DirectoryIndex index.php

    php_value session.save_handler "files"
    php_value session.save_path    "/var/lib/php/session"


i removed the addtype and handler as suggested on internet. I added in 
myvhosts.conf the following thing (withing <VirtualHost *:80> tag):
<IfModule proxy_module>
    ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1/var/www/html/info/$1
   </IfModule>

where info is 1 subdirectoy of my webroot.

Apache starts, however when i want to access to webpage i get the 
following error (in vhost log dedicated to my website):
[Fri Jun 14 14:16:07.827425 2013] [proxy:error] [pid 24500] 
(111)Connection refused: AH00957: FCGI: attempt to connect to 
127.0.0.1:8000 (*) failed
[Fri Jun 14 14:16:07.827539 2013] [proxy_fcgi:error] [pid 24500] [client 
127.0.0.1:40982] AH01079: failed to make connection to backend: 127.0.0.1

Q1: my webserver (even if it is a local webserver for testing) has a 
fixe IP address. Should i use it in <ifModule proxy_module> tag instead 
of 127.0.0.1 ?
Q2: port in error log is 8000, where can i set it ? is it possible to 
tell fastCGI to use standard 80 and to not conflict with standard http ? 
if yes how ?

2. suExec:
While checking httpd logs i discovered that:
[suexec:notice] [pid 24705] AH01232: suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)

so it mean suExec is running on server.
if i change all files/folders owner to "rafnews:rafnews" (files/folders 
in /var/www/html) apache do not work and no webpage is displayed.

so where is my mistake ?

thx.

Al.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130614/8dd4bfab/attachment.html>

More information about the users mailing list