Forum: NGINX Script to spawn php5-cgi to enable Nginx to serve PHP code/pages

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ff37ff41246d3dae1eea0cd63dfae180?d=identicon&s=25 Mark Alan (Guest)
on 2008-11-03 12:30
(Received via mailing list)
The php5-cgi (until 5.2.4) package does not include a script to
automatically start it in external FASTCGI Mode (Daemon mode).

  As there is some confusion on the Internet on how to properly set PHP
script execution in the Nginx Web server, I am attaching the script that
we reliably use at our servers.

  This is how we install it in Ubuntu/Debian(sudo enabled):
   sudo nano /etc/init.d/php-fastcgi # copy and paste the text between
the "--- cut here ---" to this file and save it (<CTRL>+x, Y, <ENTER>).
   sudo chmod u+x /etc/init.d/php-fastcgi
   sudo chown 0.0 /etc/init.d/php-fastcgi
   sudo update-rc.d php-fastcgi defaults 21 23


  I hope it may also help you at your setups.

M.



--- cut here ---
#! /bin/sh
#
### BEGIN INIT INFO
# Provides:    php-fastcgi
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start and stop php-cgi in external FASTCGI mode
# Description:       Start and stop php-cgi in external FASTCGI mode
### END INIT INFO
#
# Do NOT "set -e"
# Default values are enclosed in []

PATH=/usr/sbin:/usr/bin:/sbin:/bin

# Start php-fastcgi? [no]
START=yes

# Read configuration data
NAME=php-fastcgi
DESC="php-cgi runing in external FASTCGI mode"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Daemon pathname and args: IP=[127.0.0.1], port=[9000]
# /usr/bin/php-cgi links to -> /etc/alternatives/php-cgi ->
/usr/bin/php5-cgi
DAEMON=/usr/bin/php-cgi
DAEMON_ARGS="-q -b 127.0.0.1:9000"

  # Which user runs PHP? [www-data]
EXEC_AS_USER=www-data

# php-cgi env. variables: spawned children [5] , concurrent requests
[1000]
PHP_FCGI_CHILDREN=5
PHP_FCGI_MAX_REQUESTS=125
export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS

# Exit if php-cgi is not installed
[ -x "$DAEMON" ] || exit 0

# Load rcS variable settings and set (re)start/stop verbosity
[ -f /etc/default/rcS ] && . /etc/default/rcS
VERBOSE=yes

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# If $START not 'yes' AND we are not stopping the $DAEMON
if [ "$START" != "yes" -a "$1" != "stop" ]; then
  log_warning_msg "To enable $NAME, edit /etc/init.d/$NAME and set
START=yes"
  exit 0
fi

do_start()
{
  # Return values: 0=started ok,1=already running,2=unable to start
  start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
    --test > /dev/null || return 1
  start-stop-daemon --start --quiet --background \
    --chuid $EXEC_AS_USER --pidfile $PIDFILE --make-pidfile \
    --exec $DAEMON -- $DAEMON_ARGS \
    || return 2
}

do_stop()
{
  # Return values: 0=stopped ok,1=already stopped,2=unable to stop,
  #   other if a failure occurred
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
      --pidfile $PIDFILE > /dev/null # --name $DAEMON
  RETVAL="$?"
  [ "$RETVAL" = 2 ] && return 2
  # Wait for children to finish too.
  start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
    --exec $DAEMON
  [ "$?" = 2 ] && return 2
  # Many daemons don't delete their pidfiles when they exit.
  rm -f $PIDFILE
  return "$RETVAL"
}

case "$1" in
   start)
  [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC"
  do_start
  case "$?" in
    0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
  esac
  ;;
   stop)
  [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC"
  do_stop
  case "$?" in
    0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
  esac
  ;;
   restart|force-reload)
  log_daemon_msg "Restarting $DESC"
  do_stop
  case "$?" in
    0|1)
    do_start
    case "$?" in
      0) log_end_msg 0 ;;
      1) log_end_msg 1 ;; # Old process is still running
      *) log_end_msg 1 ;; # Failed to start
    esac
    ;;
    *)
    # Failed to stop
    log_end_msg 1
    ;;
  esac
  ;;
   *)
  echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
  exit 3
  ;;
esac
#
--- cut here ---
4eac1f7d1ff86ab17e7a9dbe6af0b44b?d=identicon&s=25 Phillip B Oldham (Guest)
on 2008-11-03 12:47
(Received via mailing list)
Attachment: phill.vcf (262 Bytes)
Mark Alan wrote:
> DAEMON_ARGS="-q -b 127.0.0.1:9000"
Isn't it better to use a unix socket for connection?

`/usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi`
--

*Phillip B Oldham*
The Activity People
phill@theactivitypeople.co.uk <mailto:phill@theactivitypeople.co.uk>

------------------------------------------------------------------------

*Policies*

This e-mail and its attachments are intended for the above named
recipient(s) only and may be confidential. If they have come to you in
error, please reply to this e-mail and highlight the error. No action
should be taken regarding content, nor must you copy or show them to
anyone.

This e-mail has been created in the knowledge that Internet e-mail is
not a 100% secure communications medium, and we have taken steps to
ensure that this e-mail and attachments are free from any virus. We must
advise that in keeping with good computing practice the recipient should
ensure they are completely virus free, and that you understand and
observe the lack of security when e-mailing us.
Ff37ff41246d3dae1eea0cd63dfae180?d=identicon&s=25 Mark Alan (Guest)
on 2008-11-03 14:21
(Received via mailing list)
Phillip B Oldham wrote:
>> DAEMON_ARGS="-q -b 127.0.0.1:9000"
> Isn't it better to use a unix socket for connection?
>
> `/usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi`

Why?

Unix sockets will need buffers in kernel memory instead of simply using
the file system. If that is better or worse is something that need
further testing. Have you tested it?


M.
1d0f015a959f3ad34941a5f58f72b932?d=identicon&s=25 Volodymyr Kostyrko (Guest)
on 2008-11-06 10:43
(Received via mailing list)
Mark Alan wrote:
> further testing. Have you tested it?
1. Works like a charm for me for 1 year.
2. Security can be added so only specified users can connect to this
socket. You can't do this to tcp port, so tcp can be locally compromised
   to get privileges of the user running php-cgi.
3. TCP _is_ slower then unix sockets. And it _is_ buffered too.
4eac1f7d1ff86ab17e7a9dbe6af0b44b?d=identicon&s=25 Phillip B Oldham (Guest)
on 2008-11-06 10:49
(Received via mailing list)
Attachment: phill.vcf (262 Bytes)
Volodymyr Kostyrko wrote:
> 2. Security can be added so only specified users can connect to this
> socket. You can't do this to tcp port, so tcp can be locally
> compromised   to get privileges of the user running php-cgi.
Didn't know about that, but that's very interesting.
> 3. TCP _is_ slower then unix sockets. And it _is_ buffered too.
I thought sockets were faster. There's also some good IBM articles on
how to squeeze even more performance out of them, for instance to
increase the buffer size.

--

*Phillip B Oldham*
The Activity People
phill@theactivitypeople.co.uk <mailto:phill@theactivitypeople.co.uk>

------------------------------------------------------------------------

*Policies*

This e-mail and its attachments are intended for the above named
recipient(s) only and may be confidential. If they have come to you in
error, please reply to this e-mail and highlight the error. No action
should be taken regarding content, nor must you copy or show them to
anyone.

This e-mail has been created in the knowledge that Internet e-mail is
not a 100% secure communications medium, and we have taken steps to
ensure that this e-mail and attachments are free from any virus. We must
advise that in keeping with good computing practice the recipient should
ensure they are completely virus free, and that you understand and
observe the lack of security when e-mailing us.
Ff37ff41246d3dae1eea0cd63dfae180?d=identicon&s=25 Mark Alan (Guest)
on 2008-11-06 11:38
(Received via mailing list)
Volodymyr Kostyrko wrote:
>
> 1. Works like a charm for me for 1 year.

That seems interesting. I am inclined to give it a try.

How do you set them up? Are you using Ubuntu or a Debian based Linux?
Could you post example scripts on how to set up the Unix domain sockets?


> 2. Security can be added so only specified users can connect to this
> socket. You can't do this to tcp port, so tcp can be locally compromised
>   to get privileges of the user running php-cgi.

That is interesting.

> 3. TCP _is_ slower then unix sockets. And it _is_ buffered too.
>

Do you have any pointers to papers or other work about comparative speed
testing?


Regards,
M.
4eac1f7d1ff86ab17e7a9dbe6af0b44b?d=identicon&s=25 Phillip B Oldham (Guest)
on 2008-11-06 11:46
(Received via mailing list)
Attachment: phill.vcf (262 Bytes)
Mark Alan wrote:
> That seems interesting. I am inclined to give it a try.
>
> How do you set them up? Are you using Ubuntu or a Debian based Linux?
> Could you post example scripts on how to set up the Unix domain sockets?
`/usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi`

That's all you need. Rather than speficy "ip:port", specify
"unix:socketpath"
> Do you have any pointers to papers or other work about comparative
> speed testing?
http://www.ibm.com/developerworks/linux/library/l-...

--

*Phillip B Oldham*
The Activity People
phill@theactivitypeople.co.uk <mailto:phill@theactivitypeople.co.uk>

------------------------------------------------------------------------

*Policies*

This e-mail and its attachments are intended for the above named
recipient(s) only and may be confidential. If they have come to you in
error, please reply to this e-mail and highlight the error. No action
should be taken regarding content, nor must you copy or show them to
anyone.

This e-mail has been created in the knowledge that Internet e-mail is
not a 100% secure communications medium, and we have taken steps to
ensure that this e-mail and attachments are free from any virus. We must
advise that in keeping with good computing practice the recipient should
ensure they are completely virus free, and that you understand and
observe the lack of security when e-mailing us.
1d0f015a959f3ad34941a5f58f72b932?d=identicon&s=25 Volodymyr Kostyrko (Guest)
on 2008-11-06 12:07
(Received via mailing list)
Mark Alan wrote:
>> 1. Works like a charm for me for 1 year.
>
> That seems interesting. I am inclined to give it a try.
>
> How do you set them up? Are you using Ubuntu or a Debian based Linux?
> Could you post example scripts on how to set up the Unix domain sockets?

I use FreeBSD at large, but have composed a tiny snippet for some old
CentOS server:

#!/bin/ash
#
# chkconfig: 234 25 75
# description: php FastCGI daemon

case $1 in
restart)
         /etc/init.d/phpFcgid stop
         /etc/init.d/phpFcgid start
         ;;
start)
         users="user1 user2"
         user1_childs='8'
         user2_childs='2'
         user3_childs='8'
         for user in ${users}; do
                 socketdir="/tmp/.php.fastcgi.${user}"
                 mkdir -p ${socketdir}
                 chown ${user}:nobody ${socketdir}
                 chmod 0750 ${socketdir}
                 eval export PHP_FCGI_CHILDREN=\${${user}_childs}
                 su -m ${user} -c "/opt/php5/bin/php-cgi -b
${socketdir}/socket&"
         done
         ;;
stop) /usr/bin/pkill php-cgi ;;
esac

This way only the user running php and group www gets access to the
socket.

>> 3. TCP _is_ slower then unix sockets. And it _is_ buffered too.
> Do you have any pointers to papers or other work about comparative speed
> testing?

http://oss.sgi.com/archives/netdev/2003-03/msg00024.html

That was long ago... But the numbers show UDP is 25% slower then AF_UNIX
at establishing connections and TCP can handle only 22% of AF_UNIX
throughoutput. And I don't think AF_INET will ever become faster then
AF_UNIX - it covers a lot more possibilities and as such require more
computational power.
5d195643b5c52f05ea404adef4346eb3?d=identicon&s=25 Artis Caune (Guest)
on 2008-11-06 12:22
(Received via mailing list)
2008/11/6 Volodymyr Kostyrko <c.kworr@gmail.com>:
> I use FreeBSD at large, but have composed a tiny snippet for some old CentOS
> server:

I like to spawn php processes like jail_* does:   :)

# /etc/rc.conf

phpfcgi_enable="YES"
phpfcgi_list="roundcube roundcube2"
#
phpfcgi_roundcube_pid="/home/www/roundcube/pid"
phpfcgi_roundcube_socket="/home/www/roundcube/fcgi"
phpfcgi_roundcube_children="64"
phpfcgi_roundcube_requests="1000
#
phpfcgi_roundcube2_pid="/home/www/roundcube2/pid"
phpfcgi_roundcube2_socket="127.0.0.1:8080"




# /usr/local/etc/rc.d/phpfcgi start
# /usr/local/etc/rc.d/phpfcgi restart roundcube
# /usr/local/etc/rc.d/phpfcgi stop roundcube2




# vim /usr/local/etc/rc.d/phpfcgi
#!/bin/sh

# PROVIDE: phpfcgi
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown

. /etc/rc.subr

name="phpfcgi"
rcvar=`set_rcvar`
start_cmd="phpfcgi_start"
stop_cmd="phpfcgi_stop"

init_variables()
{
    _f="$1"

    if [ -z "$_f" ]; then
        warn "init_variables: you must specify a phpfcgi"
        return
    fi

    eval _user=\"\$phpfcgi_${_f}_user\"
    eval _pid=\"\$phpfcgi_${_f}_pid\"
    eval _program=\"\$phpfcgi_${_f}_program\"
    eval _socket=\"\$phpfcgi_${_f}_socket\"
    eval _children=\"\$phpfcgi_${_f}_children\"
    eval _requests=\"\$phpfcgi_${_f}_requests\"

    [ -z "${_user}" ] && _user="www"
    [ -z "${_program}" ] && _program="/usr/local/bin/php-cgi"
    [ -z "${_children}" ] && _children="8"
    [ -z "${_requests}" ] && _requests="1000"

    if [ -z "${_pid}" ]; then
        err 3 "$name: No pid has been defined for ${_f}"
    fi
    if [ -z "${_socket}" ]; then
        err 3 "$name: No socket has been defined for ${_f}"
    fi
}

phpfcgi_start() {
    echo -n 'Starting phpfcgis: '
    for _phpfcgi in ${phpfcgi_list}; do
        init_variables $_phpfcgi
        echo -n "${_phpfcgi} "

        PHP_FCGI_CHILDREN=${_children} \
        PHP_FCGI_MAX_REQUESTS=${_requests} \
        /usr/sbin/daemon -u ${_user} -p ${_pid} ${_program} -b
${_socket}
    done
    echo '.'
}

phpfcgi_stop() {
    echo -n 'Stopping phpfcgis: '
    for _phpfcgi in ${phpfcgi_list}; do
        init_variables $_phpfcgi

        if [ -f ${_pid} ]; then
            echo -n "${_phpfcgi} "
            kill -TERM $(cat ${_pid}) && rm -f ${_pid}
        fi
    done
    echo '.'
}

load_rc_config $name
cmd="$1"
if [ $# -gt 0 ]; then
        shift
fi
if [ -n "$*" ]; then
        phpfcgi_list="$*"
fi
run_rc_command "${cmd}"






--
regards,
Artis Caune

<----. CCNA | BSDA
<----|====================
<----' didii FreeBSD
Ff37ff41246d3dae1eea0cd63dfae180?d=identicon&s=25 Mark Alan (Guest)
on 2008-11-06 12:29
(Received via mailing list)
Phillip B Oldham wrote:
>> How do you set them up? Are you using Ubuntu or a Debian based Linux?
>> Could you post example scripts on how to set up the Unix domain sockets?
> `/usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi`
>
> That's all you need. Rather than speficy "ip:port", specify

 From an Ubuntu 8.04 LTS server (Debian based):

# /usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi
Cannot bind/listen socket - [2] No such file or directory.
Couldn't create FastCGI listen socket on port unix:/tmp/php-fastcgi


Doing a touch /tmp/php-fastcgi before issuing the command has no effect
either.

> "unix:socketpath"
>> Do you have any pointers to papers or other work about comparative
>> speed testing?
> http://www.ibm.com/developerworks/linux/library/l-...

This starts looking good. That page has several links to interesting
reference material. Thank you.


Regards,
M.
B06eeb3c664683b78f1bd62a80cd8ca4?d=identicon&s=25 Roxis (Guest)
on 2008-11-06 12:33
(Received via mailing list)
On Thursday 06 November 2008, Mark Alan wrote:
> # /usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi

php-cgi -b /tmp/php-fastcgi
4eac1f7d1ff86ab17e7a9dbe6af0b44b?d=identicon&s=25 Phillip B Oldham (Guest)
on 2008-11-06 12:33
(Received via mailing list)
Attachment: phill.vcf (262 Bytes)
Mark Alan wrote:
> # /usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi
> Cannot bind/listen socket - [2] No such file or directory.
> Couldn't create FastCGI listen socket on port unix:/tmp/php-fastcgi
sudo?
--

*Phillip B Oldham*
The Activity People
phill@theactivitypeople.co.uk <mailto:phill@theactivitypeople.co.uk>

------------------------------------------------------------------------

*Policies*

This e-mail and its attachments are intended for the above named
recipient(s) only and may be confidential. If they have come to you in
error, please reply to this e-mail and highlight the error. No action
should be taken regarding content, nor must you copy or show them to
anyone.

This e-mail has been created in the knowledge that Internet e-mail is
not a 100% secure communications medium, and we have taken steps to
ensure that this e-mail and attachments are free from any virus. We must
advise that in keeping with good computing practice the recipient should
ensure they are completely virus free, and that you understand and
observe the lack of security when e-mailing us.
Ff37ff41246d3dae1eea0cd63dfae180?d=identicon&s=25 Mark Alan (Guest)
on 2008-11-06 13:47
(Received via mailing list)
Roxis wrote:
> On Thursday 06 November 2008, Mark Alan wrote:
>> # /usr/bin/php-cgi -q -b unix:/tmp/php-fastcgi
>
> php-cgi -b /tmp/php-fastcgi

You are right. Thank you

I have posted the changed HowTo "20081106 - Script to spawn php5-cgi
enabling Nginx to serve PHP code/pages"


M.
This topic is locked and can not be replied to.