fastCGI
Rafnews
raf.news at gmail.com
Fri Jun 14 12:33:48 UTC 2013
On 14.06.2013 13:29, Reindl Harald wrote:
>
> Am 14.06.2013 13:21, schrieb Rafnews:
>> On 14.06.2013 13:18, Reindl Harald wrote:
>>> Am 14.06.2013 12:35, schrieb Rafnews:
>>>> however using my standard fedora user account, Ii still can not edit/remove/move
>>>> files/folders owned by apache user account. while searching on internet i discovered
>>>> that fastCGI should allow me (using my fedora user account) to do such thing, even
>>>> if files/folders are owned by apache user account
>>> this has *nothing* to with mod_php oder fastcgi
>>> the permissions are how they are
>>>
>>> * man setfacl
>>> * man chown
>>> * man chgrp
>>> * man chmod
>>>
>>> and by the way - the apache user should *not* own the files because
>>> typically a webserver should not be able to rewrite his content
>>> files in case of a security breach
>>>
>> 2 of our webserver hosting companies told us that if we want to have files own
>> by some other user account than apache, it is needed to have fastCGI..if not,
>> than we need suPHP or suExec.
> fire the company if they said this really in this way
>
> CGI is needed instead mod_php to have own processes which is
> the base for suPHP and suExec but that has *nothing* to do with
> your problem above on your local test-setup which would be solved
> with the right permissions / ACL's
>
>> However it has been told that FastCGI provide also a performance
>> increase so, we would like to reach it also :)
> ok, fire them really
>
> it is impossible that the webserver speaking via CGI/FCGI with a standalone PHP
> binary is faster than having PHP inside the httpd process and this sounds like
> a typical "webserver hosting company" knowing zero to nothing
>
>
>
>
>
So to clear the statement:
Goal:
i'm trying to create at home a webserver for testing purposes, having
the same behavior as webhosting companies offers.
the purpose behind that it's to have a representative environment when
testing to not have particular "surprises" with web application i
developed when migrating them to production servers.
Situation:
i installed on Fedora 18 a webserver where i need:
- FastCGI
- to use my standard fedora user account (let's say "rafnews") to
edit/move/delete files/folder in my webroot /var/www/html folders, where
files have 644 as permissions and folders : 705.
for now, all files/folders have correct permissions but owner is
apache:apache
1. FastCGI settings:
my webserver was running (on PHP 5.4, _not php-fpm_) correctly using the
standard Apache 2.4 handler, now i'm trying to make use of FastCGI bit
without success.
Here is my php.conf file setting from apache 2.4.4:
DirectoryIndex index.php
php_value session.save_handler "files"
php_value session.save_path "/var/lib/php/session"
i removed the addtype and handler as suggested on internet. I added in
myvhosts.conf the following thing (withing <VirtualHost *:80> tag):
<IfModule proxy_module>
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1/var/www/html/info/$1
</IfModule>
where info is 1 subdirectoy of my webroot.
Apache starts, however when i want to access to webpage i get the
following error (in vhost log dedicated to my website):
[Fri Jun 14 14:16:07.827425 2013] [proxy:error] [pid 24500]
(111)Connection refused: AH00957: FCGI: attempt to connect to
127.0.0.1:8000 (*) failed
[Fri Jun 14 14:16:07.827539 2013] [proxy_fcgi:error] [pid 24500] [client
127.0.0.1:40982] AH01079: failed to make connection to backend: 127.0.0.1
Q1: my webserver (even if it is a local webserver for testing) has a
fixe IP address. Should i use it in <ifModule proxy_module> tag instead
of 127.0.0.1 ?
Q2: port in error log is 8000, where can i set it ? is it possible to
tell fastCGI to use standard 80 and to not conflict with standard http ?
if yes how ?
2. suExec:
While checking httpd logs i discovered that:
[suexec:notice] [pid 24705] AH01232: suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
so it mean suExec is running on server.
if i change all files/folders owner to "rafnews:rafnews" (files/folders
in /var/www/html) apache do not work and no webpage is displayed.
so where is my mistake ?
thx.
Al.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130614/8dd4bfab/attachment.html>
More information about the users
mailing list