Apache with FastCgi
Here I am going to describe how you can compile FastCgi with apache. I am using Centos6.2 in this tutorial. Using FastCgi we can run multiple php versions. FastCgi is comparatively Faster than normal Cgi mode it maintains a persistent copy of php interpreter in the memory. You can also enable SuExec facility with FastCgi so that Php Script can be run as a different user other than the user running apache.
CGI vs FastCGI
Normal CGI scripts are initialized, run, and destroyed for every single browser request. The advantage of this model is that it is very simple, and thus robust. If performance or latency becomes an issue, you can enable FastCGI. FastCGI is a web server module that speeds up your applications by keeping one interpreter running for multiple requests, instead of launching a separate interpreter for each request made while loading your page.
Installing Apache in SUEXEC support
Installing Dependencies
[root@freedom] # yum install gcc -y
Downloading the Source Code And Compilation
[root@freedom] # mkdir /usr/local/src/lamp/
[root@freedom] # cd /usr/local/src/lamp/
[root@freedom] # wget http://apache.techartifact.com/mirror/httpd/httpd-2.2.22.tar.bz2
[root@freedom] # tar -xvf httpd-2.2.22.tar.bz2
[root@freedom] # cd httpd-2.2.22
[root@freedom] # ./configure --prefix=/webserver --enable-so --enable-mods-shared="most" --enable-suexec \
--with-suexec-caller="nobody"
[root@freedom] # make
[root@freedom] # make install
[root@freedom] # /webserver/bin/suexec -V
-D AP_DOC_ROOT="/webserver/htdocs"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="nobody"
-D AP_LOG_EXEC="/webserver/logs/suexec_log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
Restarting newly installed Apache
[root@freedom] # pkill httpd
[root@freedom] # /webserver/bin/apachectl restart
[root@freedom] # netstat -ntlp | grep :80
tcp 0 0 :::80 :::* LISTEN 31097/httpd
Checking whether apache is working properly.
"Now open up a browser and type http://127.0.0.1 or http://yourip you will get test page containing "It works!" "
Compiling PHP and installing php in CGI mode
Installing Dependencies
[root@freedom] # yum install libxml2-devel -y
Downloading the Source Code And Compilation
[root@freedom] # cd /usr/local/src/lamp/
[root@freedom] # wget wget http://in3.php.net/get/php-5.4.8.tar.gz/from/this/mirror
[root@freedom] # tar -xvf php-5.4.8.tar.gz
[root@freedom] # cd php-5.4.8
[root@freedom] # ./configure --prefix=/webserver/php
[root@freedom] # make install
[root@freedom] # cp /usr/local/src/lamp/php-5.4.8/php.ini-production /webserver/php/lib/php.ini
Compiling Mod_fcgid
[root@freedom] # cd /usr/local/src/lamp/
[root@freedom] # wget http://apache.techartifact.com/mirror/httpd/mod_fcgid/mod_fcgid-2.3.6.tar.gz
[root@freedom] # tar -xvf mod_fcgid-2.3.6.tar.gz
[root@freedom] # cd mod_fcgid-2.3.6
[root@freedom] # export APXS=/webserver/bin/apxs
[root@freedom] # ./configure.apxs
[root@freedom] # make
[root@freedom] # make install
Lets check whether the module has been loaded or not.?
[root@freedom] # grep fcgid_module /webserver/conf/httpd.conf
LoadModule fcgid_module modules/mod_fcgid.so
if you get a result like above it means that the module has been loaded successfully
Change the default User and Group to nobody .
By default apache runs under the privilege of daemon, so we should change it to "nobody" otherwise apache will not call SuExec.
[root@freedom] # vim /webserver/conf/httpd.conf
Installing Dependencies
[root@freedom] # yum install libxml2-devel -y
Downloading the Source Code And Compilation
[root@freedom] # cd /usr/local/src/lamp/
[root@freedom] # wget wget http://in3.php.net/get/php-5.4.8.tar.gz/from/this/mirror
[root@freedom] # tar -xvf php-5.4.8.tar.gz
[root@freedom] # cd php-5.4.8
[root@freedom] # ./configure --prefix=/webserver/php
[root@freedom] # make install
[root@freedom] # cp /usr/local/src/lamp/php-5.4.8/php.ini-production /webserver/php/lib/php.ini
Compiling Mod_fcgid
[root@freedom] # cd /usr/local/src/lamp/
[root@freedom] # wget http://apache.techartifact.com/mirror/httpd/mod_fcgid/mod_fcgid-2.3.6.tar.gz
[root@freedom] # tar -xvf mod_fcgid-2.3.6.tar.gz
[root@freedom] # cd mod_fcgid-2.3.6
[root@freedom] # export APXS=/webserver/bin/apxs
[root@freedom] # ./configure.apxs
[root@freedom] # make
[root@freedom] # make install
Lets check whether the module has been loaded or not.?
[root@freedom] # grep fcgid_module /webserver/conf/httpd.conf
LoadModule fcgid_module modules/mod_fcgid.so
if you get a result like above it means that the module has been loaded successfully
Change the default User and Group to nobody .
By default apache runs under the privilege of daemon, so we should change it to "nobody" otherwise apache will not call SuExec.
[root@freedom] # vim /webserver/conf/httpd.conf
Change this to the following
Now restart the apache and check it whether the apache is running under the new user.
[root@freedom] # /webserver/bin/apachectl restart
[root@freedom] # ps aux | grep nobody If you get something like this then its running
nobody 4899 0.0 0.0 134084 1756 ? S 00:04 0:00 /apache/bin/httpd -k restart
nobody 4900 0.0 0.1 134156 1976 ? S 00:04 0:00 /apache/bin/httpd -k restart
nobody 4901 0.0 0.1 134156 1976 ? S 00:04 0:00 /apache/bin/httpd -k restart
............... .............. .................. ................. ................................
Creating a new VirtualHost called www.freedom.com
Defining New VirtualHost
my IP address is 192.168.1.2 . Open the httpd.conf file and add the following lines for the new virtualhost at the bottom.
[root@freedom] # vim /webserver/conf/httpd.conf
<VirtualHost 192.168.1.2:80>
servername www.freedom.com
documentroot /webserver/htdocs/www.freedom.com/htdocs/
scriptalias "/cgi-bin/" "/webserver/htdocs/www.freedom.com/cgi-bin/"
</VirtualHost>
:wq
[root@freedom] # /webserver/bin/apachectl restart
[root@freedom] # ps aux | grep nobody If you get something like this then its running
nobody 4899 0.0 0.0 134084 1756 ? S 00:04 0:00 /apache/bin/httpd -k restart
nobody 4900 0.0 0.1 134156 1976 ? S 00:04 0:00 /apache/bin/httpd -k restart
nobody 4901 0.0 0.1 134156 1976 ? S 00:04 0:00 /apache/bin/httpd -k restart
............... .............. .................. ................. ................................
Creating a new VirtualHost called www.freedom.com
Defining New VirtualHost
my IP address is 192.168.1.2 . Open the httpd.conf file and add the following lines for the new virtualhost at the bottom.
[root@freedom] # vim /webserver/conf/httpd.conf
<VirtualHost 192.168.1.2:80>
servername www.freedom.com
documentroot /webserver/htdocs/www.freedom.com/htdocs/
scriptalias "/cgi-bin/" "/webserver/htdocs/www.freedom.com/cgi-bin/"
</VirtualHost>
:wq
Creating DocumentRoot for the New Virtualhost
[root@freedom] # mkdir -p /webserver/htdocs/www.freedom.com/{htdocs,cgi-bin}
Adding the www.freedom.com to /etc/hosts for proper name resolution
[root@freedom] # echo "192.168.1.2 www.freedom.com" >> /etc/hosts
Testing the new Virtualhost using a sample bash cgi script
[root@freedom] # vim /webserver/htdocs/www.freedom.com/cgi-bin/test.cgi
#!/bin/sh
echo "content-type: text/plain"
echo
whoami
:wq
[root@freedom] # chmod +x /webserver/htdocs/www.freedom.com/cgi-bin/test.cgi
Restarting the apache and access the test.cgi page
[root@freedom] # /webserver/bin/apachectl restart
Open up the web browser and type "http://www.freedom.com/cgi-bin/test.cgi"
Then you can see the user name "nobody" . It means that the script is running by the user "nobody", the user who runs the apache. Now we are going to change the privilege of the virtual host to a user called freedom.
[root@freedom] # mkdir -p /webserver/htdocs/www.freedom.com/{htdocs,cgi-bin}
Adding the www.freedom.com to /etc/hosts for proper name resolution
[root@freedom] # echo "192.168.1.2 www.freedom.com" >> /etc/hosts
Testing the new Virtualhost using a sample bash cgi script
[root@freedom] # vim /webserver/htdocs/www.freedom.com/cgi-bin/test.cgi
#!/bin/sh
echo "content-type: text/plain"
echo
whoami
:wq
[root@freedom] # chmod +x /webserver/htdocs/www.freedom.com/cgi-bin/test.cgi
Restarting the apache and access the test.cgi page
[root@freedom] # /webserver/bin/apachectl restart
Open up the web browser and type "http://www.freedom.com/cgi-bin/test.cgi"
Then you can see the user name "nobody" . It means that the script is running by the user "nobody", the user who runs the apache. Now we are going to change the privilege of the virtual host to a user called freedom.
Enable Suexec.
Creating the new UserAccount and setting the permission of the virtualhost
[root@freedom] # useradd -d /webserver/htdocs/www.freedom.com/ -s /sbin/nologin freedom
[root@freedom] # chmod 750 /webserver/htdocs/www.freedom.com/
[root@freedom] # chown -R freedom:nobody /webserver/htdocs/www.freedom.com/
[root@freedom] # chown -R freedom:freedom /webserver/htdocs/www.freedom.com/cgi-bin/
Enable Suexec in the www.freedom.com virtualhost
Add this line "suexecusergroup freedom freedom" in the freedom.com virtualhost block
[root@freedom] # vim /webserver/conf/httpd.conf
Creating the new UserAccount and setting the permission of the virtualhost
[root@freedom] # useradd -d /webserver/htdocs/www.freedom.com/ -s /sbin/nologin freedom
[root@freedom] # chmod 750 /webserver/htdocs/www.freedom.com/
[root@freedom] # chown -R freedom:nobody /webserver/htdocs/www.freedom.com/
[root@freedom] # chown -R freedom:freedom /webserver/htdocs/www.freedom.com/cgi-bin/
Enable Suexec in the www.freedom.com virtualhost
Add this line "suexecusergroup freedom freedom" in the freedom.com virtualhost block
[root@freedom] # vim /webserver/conf/httpd.conf
Restart apache and again open the "http://www.freedom.com/cgi-bin/test.cgi"
[root@freedom] # /webserver/bin/apachectl restart
[root@freedom] # /webserver/bin/apachectl restart
you can see that now the script is working under the privilege of a normal user.
Creating The Calling(Wrapper) Script for the php
[root@freedom] # vim /webserver/htdocs/www.freedom.com/cgi-bin/php548.fcgi
#!/bin/sh
PHPRC=/webserver/php/lib/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=500
export PHP_FCGI_CHILDREN=2
exec /webserver/php/bin/php-cgi
:wq
[root@freedom] # chmod +x /webserver/htdocs/www.freedom.com/cgi-bin/php548.fcgi
[root@freedom] # chown -R freedom:freedom /webserver/htdocs/www.freedom.com/cgi-bin/
Change the virtual Host as follows.
Add the following lines in the /webserver/conf/httpd.conf
DirectoryIndex index.php index.html
AddHandler fcgid-script .php
FCGIWrapper /webserver/htdocs/www.freedom.com/cgi-bin/php548.fcgi .php
<Directory /webserver/htdocs/www.freedom.com/>
options +ExecCgi
</Directory>
[root@freedom] # vim /webserver/conf/httpd.conf
Creating The Calling(Wrapper) Script for the php
[root@freedom] # vim /webserver/htdocs/www.freedom.com/cgi-bin/php548.fcgi
#!/bin/sh
PHPRC=/webserver/php/lib/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=500
export PHP_FCGI_CHILDREN=2
exec /webserver/php/bin/php-cgi
:wq
[root@freedom] # chmod +x /webserver/htdocs/www.freedom.com/cgi-bin/php548.fcgi
[root@freedom] # chown -R freedom:freedom /webserver/htdocs/www.freedom.com/cgi-bin/
Change the virtual Host as follows.
Add the following lines in the /webserver/conf/httpd.conf
DirectoryIndex index.php index.html
AddHandler fcgid-script .php
FCGIWrapper /webserver/htdocs/www.freedom.com/cgi-bin/php548.fcgi .php
<Directory /webserver/htdocs/www.freedom.com/>
options +ExecCgi
</Directory>
[root@freedom] # vim /webserver/conf/httpd.conf
Check whether php requests are handled by mod_fcgid
creating a sample php script
[root@freedom]# vim /webserver/htdocs/www.freedom.com/htdocs/index.php
<?php
phpinfo();
?>
:wq
Restart apache and access http://www.freedom.com then you can see phpinfo page
[root@freedom] # /webserver/bin/apachectl restart
Check mod_fcgid process are running
we configured 2 process so you can see one mater process and two children
[root@freedom] # ps auxf | grep php