Forum
Virtual directories and fastCGI
Peter
23 September 2009, 16:04
Greetings,
I am impressed with the Hiawatha web server feature set and would like to replace my lighttpd implementations with it. But I am having difficulty to connect php fast-cgi server with the Hiawatha. I have read the HOWTO's, and forums and googled around, but I am still unable to solve this issue.
My fast-cgi server processes are respawned by php-fcgi at 127.0.0.1:9000 [verified with ps -ef]
I have Hiawatha configured at a proprietary port 9929 with following binding:
The fastCGI server has been configured to run on the same hardware:
I have special protected directory with digest authentication:
The default website has been configured with:
A virtual host has been configured as:
PROBLEMS:
When accessing website with ip url: https://10.0.0.12:9929 the /var/www/index.php gets processed perfectly using the FastCGI server. When accessing the website using the url: my.domain.com:9929, the same file at /var/www/index.php gets processed -> PROBLEM: the index.php at /var/www/mine/index.php should have been processed instead.
[DNS records point to 10.0.0.12 for my.domain.com..]
Further, when accessing the url: https://my.domain.com:9929/protected/ the directory listing is shown correctly from /var/www/mine/protected after the browser password prompt, but when trying to access the index.php visible on the directory listing -> PROBLEM: the server response is 404 Not Found. (index.php is available in that directory with very liberal 0777 access).
I did place index.htm at the same /protected directory and accessing that works fine. So I have tried to narrow down the problem to fastCGI settings, but can't figure out what is causing this.
Hiawatha version: Latest with php-fcgi
Operating System: Ubuntu 8.04
I am impressed with the Hiawatha web server feature set and would like to replace my lighttpd implementations with it. But I am having difficulty to connect php fast-cgi server with the Hiawatha. I have read the HOWTO's, and forums and googled around, but I am still unable to solve this issue.
My fast-cgi server processes are respawned by php-fcgi at 127.0.0.1:9000 [verified with ps -ef]
Server = /opt/php5/bin/php-cgi ; 127.0.0.1:9000 ; www-data ; /etc/php5/php.ini
I have Hiawatha configured at a proprietary port 9929 with following binding:
Binding {
Port = 9929
MaxKeepAlive = 30
TimeForRequest = 3,20
SSLcertFile = hiawatha.pem
}
Port = 9929
MaxKeepAlive = 30
TimeForRequest = 3,20
SSLcertFile = hiawatha.pem
}
The fastCGI server has been configured to run on the same hardware:
FastCGIserver {
FastCGIid = PHP01
ConnectTo = 127.0.0.1:9000
Extension = php
}
FastCGIid = PHP01
ConnectTo = 127.0.0.1:9000
Extension = php
}
I have special protected directory with digest authentication:
Directory {
Path = /var/www/mine/protected
PasswordFile = digest:/etc/hiawatha/.passwds
}
Path = /var/www/mine/protected
PasswordFile = digest:/etc/hiawatha/.passwds
}
The default website has been configured with:
Hostname = 10.0.0.12
WebsiteRoot = /var/www
StartFile = index.php
...
UseFastCGI = PHP01
WebsiteRoot = /var/www
StartFile = index.php
...
UseFastCGI = PHP01
A virtual host has been configured as:
VirtualHost {
WebsiteRoot = /var/www/mine
Hostname = my.domain.com
StartFile = index.php
...
RequireSSL = yes
UseFastCGI = PHP01
ShowIndex = yes [for testing purposes ]
}
WebsiteRoot = /var/www/mine
Hostname = my.domain.com
StartFile = index.php
...
RequireSSL = yes
UseFastCGI = PHP01
ShowIndex = yes [for testing purposes ]
}
PROBLEMS:
When accessing website with ip url: https://10.0.0.12:9929 the /var/www/index.php gets processed perfectly using the FastCGI server. When accessing the website using the url: my.domain.com:9929, the same file at /var/www/index.php gets processed -> PROBLEM: the index.php at /var/www/mine/index.php should have been processed instead.
[DNS records point to 10.0.0.12 for my.domain.com..]
Further, when accessing the url: https://my.domain.com:9929/protected/ the directory listing is shown correctly from /var/www/mine/protected after the browser password prompt, but when trying to access the index.php visible on the directory listing -> PROBLEM: the server response is 404 Not Found. (index.php is available in that directory with very liberal 0777 access).
I did place index.htm at the same /protected directory and accessing that works fine. So I have tried to narrow down the problem to fastCGI settings, but can't figure out what is causing this.
Hiawatha version: Latest with php-fcgi
Operating System: Ubuntu 8.04
Hugo Leisink
23 September 2009, 18:06
Sure it's not a browser caching problem?
Peter
23 September 2009, 18:25
Hi Hugo,
Thank you for your prompt response
Nope it is definitely not a cache problem, I tested with Opera, Safari and Firefox.
If you see nothing wrong with the Hiawatha configs above, I need to debug my php config then
Thanks,
Peter
Thank you for your prompt response
Nope it is definitely not a cache problem, I tested with Opera, Safari and Firefox.
If you see nothing wrong with the Hiawatha configs above, I need to debug my php config then
Thanks,
Peter
Hugo Leisink
23 September 2009, 19:23
The order of virtual hosts is important in the hostname matching process. Can you post your complete hiawatha.conf in one piece, please?
Peter
23 September 2009, 20:59
Hi Hugo,
The order for the virtual hosts with that config [changed since then several times ] was very simple: first the definition of the default website and then directory restrictions followed by one virtual host. I basically copied your example config from the howto's section.
I have further narrowed down the problem to php paths and php.ini. The php I am using currently has been configured with --enable-force-cgi-redirect --enable-discard-path flags and additionally the php.ini is using cgi.force_redirect = 1, cgi.fix_pathinfo=1
I understand this is not Hiawatha specific problem, but for some reason the path info is not being translated to fastCGI process correctly in my setup.
Thanks for your time,
Peter
The order for the virtual hosts with that config [changed since then several times ] was very simple: first the definition of the default website and then directory restrictions followed by one virtual host. I basically copied your example config from the howto's section.
I have further narrowed down the problem to php paths and php.ini. The php I am using currently has been configured with --enable-force-cgi-redirect --enable-discard-path flags and additionally the php.ini is using cgi.force_redirect = 1, cgi.fix_pathinfo=1
I understand this is not Hiawatha specific problem, but for some reason the path info is not being translated to fastCGI process correctly in my setup.
Thanks for your time,
Peter
Peter
24 September 2009, 09:21
Hi,
I have progressed with this problem issue; the php requires to be compiled with
Additionally I needed to create another FastCGI server instance for the Virtual Directory, before the virtual directory configuration started working correctly
and setting that as the default for the virtual host
But now I am facing another issue; for each php session_start(), the server creates a new session and does not respect the already created one ie. PROBLEM -> sessions do not work
I think I am going to give up
Hugo, if you have any idea why the sessions would not work, pls let me know..
Thanks,
Peter
I have progressed with this problem issue; the php requires to be compiled with
--enable-force-cgi-redirect --enable-discard-path --disable-path-info-check
Additionally I needed to create another FastCGI server instance for the Virtual Directory, before the virtual directory configuration started working correctly
FastCGIserver {
FastCGIid = PHP02
ConnectTo = 127.0.0.1:9001
Extension = php
SessionTimeout = 20
}
FastCGIid = PHP02
ConnectTo = 127.0.0.1:9001
Extension = php
SessionTimeout = 20
}
and setting that as the default for the virtual host
VirtualHost {
WebsiteRoot = /var/www/mine
Hostname = my.domain.com
StartFile = index.php
AccessLogfile = /var/log/mine_access.log
ErrorLogfile = /var/log/mine_error.log
UseFastCGI = PHP02
ShowIndex = yes
}
WebsiteRoot = /var/www/mine
Hostname = my.domain.com
StartFile = index.php
AccessLogfile = /var/log/mine_access.log
ErrorLogfile = /var/log/mine_error.log
UseFastCGI = PHP02
ShowIndex = yes
}
But now I am facing another issue; for each php session_start(), the server creates a new session and does not respect the already created one ie. PROBLEM -> sessions do not work
I think I am going to give up
Hugo, if you have any idea why the sessions would not work, pls let me know..
Thanks,
Peter
Hugo Leisink
24 September 2009, 09:25
This is not a Hiawatha issue, but a PHP issue. PHP creates the sessions, not Hiawatha. The PHP forum is a better place for this problem.
Why do you want to compile PHP yourself? The PHP packages provided by Ubuntu should work perfectly. Me and many others are using it for years.
Why do you want to compile PHP yourself? The PHP packages provided by Ubuntu should work perfectly. Me and many others are using it for years.
Peter
24 September 2009, 09:38
Hello Hugo,
When creating fast-cgi php application, I believe one can create more efficient static library with only the needed modules, rather than taking generic php from the distribution. There are many opinions on this surely.
Referring to your own manual
I thought Hiawatha had something to do with the sessions as well, but maybe I am mistaken.
But if you consider this PHP problem only, fine and dandy;
Thanks,
Peter
When creating fast-cgi php application, I believe one can create more efficient static library with only the needed modules, rather than taking generic php from the distribution. There are many opinions on this surely.
Referring to your own manual
If you specify more then one ConnectTo parameter, Hiawatha will switch between these FastCGI servers for every connection. You can use this load-balancing feature for heavy websites. To prevent CGI sessions from getting disrupted, Hiawatha must know the timeout (in minutes) of such session.
I thought Hiawatha had something to do with the sessions as well, but maybe I am mistaken.
But if you consider this PHP problem only, fine and dandy;
Thanks,
Peter
Peter
24 September 2009, 09:56
PS. I am also using your php-fcgi to spawn the php-fcgi processes and this being distributed with Hiawatha made me to assume that you had some knowledge of Hiawatha's interaction with php.
Hugo Leisink
24 September 2009, 09:56
When using load-balanced FastCGI, Hiawatha must know the timeout of a PHP session. It uses it to redirect users to the same PHP FastCGI server, because the PHP FastCGI servers don't know about each others sessions. It's the only thing Hiawatha according to sessions: redirecting users to the same PHP FastCGI server. The handling of the actual session is done by PHP and by PHP only.
Of course I have knowledge of Hiawatha's interaction with PHP. After all, I wrote Hiawatha But that doesn't mean I know every detail of PHP. It's not that I don't want to help you with this problem. It's just that the PHP guys have more experience with PHP issues that I do. They can help you with PHP issues a lot faster and better than I can.
Of course I have knowledge of Hiawatha's interaction with PHP. After all, I wrote Hiawatha
But that doesn't mean I know every detail of PHP. It's not that I don't want to help you with this problem. It's just that the PHP guys have more experience with PHP issues that I do. They can help you with PHP issues a lot faster and better than I can.Peter
24 September 2009, 11:08
Hi Hugo,
I do not think this is a PHP problem after all. Having some breakfast helps
The server works very nicely with the default website ip-address browser url ie. 10.0.0.12, the sessions are created and maintained and it's speed is comparable with lighttpd and nginx with the php apps I have created.
But what I am trying to accomplish is this;
Ok, so my very basic configuration file looks like this currently:
mine.zz has been directed locally to 10.0.0.12.
Why do I need the second FastCGI server? I would assume one server instance would work for both the default website and the virtual directory. But if I change both to use PHP01 the virtual directory definition gets partially overlooked and files processed from the default directory instead.
Any ideas? PHP is working fine now - using the default website.
Thanks again,
Peter
I do not think this is a PHP problem after all. Having some breakfast helps
The server works very nicely with the default website ip-address browser url ie. 10.0.0.12, the sessions are created and maintained and it's speed is comparable with lighttpd and nginx with the php apps I have created.
But what I am trying to accomplish is this;
It is wise to use your IP address as the hostname of the default website
and give it a blank webpage. By doing so, automated webscanners won't find
your possible vulnerable website.
and give it a blank webpage. By doing so, automated webscanners won't find
your possible vulnerable website.
Ok, so my very basic configuration file looks like this currently:
# Hiawatha main configuration file
#
# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 10
PIDfile = /var/run/hiawatha.pid
SystemLogfile = /var/log/hiawa_system.log
GarbageLogfile = /var/log/hiawa_garbage.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
MaxKeepAlive = 30
TimeForRequest = 3,20
}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
# BanOnGarbage = 300
# BanOnMaxPerIP = 60
# BanOnMaxReqSize = 300
# KickOnBan = yes
# RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
# CGIextension = cgi
# CGIhandler = /usr/bin/perl:pl
# CGIhandler = /usr/bin/php-cgi:php
# CGIhandler = /usr/bin/python:py
# CGIhandler = /usr/bin/ruby:rb
# CGIhandler = /usr/bin/ssi-cgi:shtml
FastCGIserver {
FastCGIid = PHP01
ConnectTo = 127.0.0.1:9000
Extension = php
}
FastCGIserver {
FastCGIid = PHP02
ConnectTo = 127.0.0.1:9001
Extension = php
SessionTimeout = 20
}
# URL TOOLKIT
# These URL toolkit rules are made for the Banshee PHP framework,
# which can be downloaded from: http://banshee.leisink.org/
#
# UrlToolkit {
# ToolkitID = banshee
# RequestURI isfile Return
# Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
# Match .*\?(.*) Rewrite /index.php?$1
# Match .* Rewrite /index.php
#}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
WebsiteRoot = /var/www
Hostname = 10.0.0.12
StartFile = index.php
AccessLogfile = /var/log/hiawa_access.log
ErrorLogfile = /var/log/hiawa_error.log
UseFastCGI = PHP01
# VIRTUAL HOST
VirtualHost {
WebsiteRoot = /var/www/mine
Hostname = mine.zz
StartFile = index.php
AccessLogfile = /var/log/mine_access.log
ErrorLogfile = /var/log/mine_error.log
UseFastCGI = PHP02
ShowIndex = yes
}
#
# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 10
PIDfile = /var/run/hiawatha.pid
SystemLogfile = /var/log/hiawa_system.log
GarbageLogfile = /var/log/hiawa_garbage.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
MaxKeepAlive = 30
TimeForRequest = 3,20
}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
# BanOnGarbage = 300
# BanOnMaxPerIP = 60
# BanOnMaxReqSize = 300
# KickOnBan = yes
# RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
# CGIextension = cgi
# CGIhandler = /usr/bin/perl:pl
# CGIhandler = /usr/bin/php-cgi:php
# CGIhandler = /usr/bin/python:py
# CGIhandler = /usr/bin/ruby:rb
# CGIhandler = /usr/bin/ssi-cgi:shtml
FastCGIserver {
FastCGIid = PHP01
ConnectTo = 127.0.0.1:9000
Extension = php
}
FastCGIserver {
FastCGIid = PHP02
ConnectTo = 127.0.0.1:9001
Extension = php
SessionTimeout = 20
}
# URL TOOLKIT
# These URL toolkit rules are made for the Banshee PHP framework,
# which can be downloaded from: http://banshee.leisink.org/
#
# UrlToolkit {
# ToolkitID = banshee
# RequestURI isfile Return
# Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
# Match .*\?(.*) Rewrite /index.php?$1
# Match .* Rewrite /index.php
#}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
WebsiteRoot = /var/www
Hostname = 10.0.0.12
StartFile = index.php
AccessLogfile = /var/log/hiawa_access.log
ErrorLogfile = /var/log/hiawa_error.log
UseFastCGI = PHP01
# VIRTUAL HOST
VirtualHost {
WebsiteRoot = /var/www/mine
Hostname = mine.zz
StartFile = index.php
AccessLogfile = /var/log/mine_access.log
ErrorLogfile = /var/log/mine_error.log
UseFastCGI = PHP02
ShowIndex = yes
}
mine.zz has been directed locally to 10.0.0.12.
Why do I need the second FastCGI server? I would assume one server instance would work for both the default website and the virtual directory. But if I change both to use PHP01 the virtual directory definition gets partially overlooked and files processed from the default directory instead.
Any ideas? PHP is working fine now - using the default website.
Thanks again,
Peter
Hugo Leisink
24 September 2009, 12:51
You should need multiple PHP instances. I use only one PHP FastCGI instance for all my websites (more than 60 on one server). How did you start those PHP FastCGI instances. Via the Hiawatha php-fcgi tool?
How about non-CGI files. Are they loaded correctly from the right directory?
How about non-CGI files. Are they loaded correctly from the right directory?
Peter
24 September 2009, 13:38
Hi Hugo,
Problem solved
, Hiawatha running real nice and smooth. Speed comparable with lighttpd if not improved with my php apps. Really glad to get this working.
The above double FastCGI configuration is wrongly assumed. The problem was in the PHP configuration. When running with Hiawatha php-fcgi tool the following php.ini settings are rerquired in my setup:
This works fine with one FastCGI server instance with both the default and virtual host. The configuration file is clean and simple, but the errors caused by the misconfigured php.ini settings can create hard to find errors.
Thanks Hugo, for your time.
Regards,
Peter
Problem solved
, Hiawatha running real nice and smooth. Speed comparable with lighttpd if not improved with my php apps. Really glad to get this working. The above double FastCGI configuration is wrongly assumed. The problem was in the PHP configuration. When running with Hiawatha php-fcgi tool the following php.ini settings are rerquired in my setup:
doc_root = [empty]
cgi.force_redirect = 1
cgi.fix_pathinfo = 1
session.use_cookies = 1
session.use_only_cookies = 1
cgi.force_redirect = 1
cgi.fix_pathinfo = 1
session.use_cookies = 1
session.use_only_cookies = 1
This works fine with one FastCGI server instance with both the default and virtual host. The configuration file is clean and simple, but the errors caused by the misconfigured php.ini settings can create hard to find errors.
Thanks Hugo, for your time.
Regards,
Peter
Hugo Leisink
24 September 2009, 13:49
No idea what this force_redirect does, but it's good to hear your problem is solved.
Please let me know what you think of Hiawatha, also compared to your previous webserver.
Please let me know what you think of Hiawatha, also compared to your previous webserver.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
