Click here: PART 1, if you’ve came to this directly from a Google search or you need to compile the FastASS-CGI combo.
Alright, you should have a working FastASS-CGI Configuration! Yes, I’ve dubbed it FastASS-CGI (Fast, Apache, suexec, suhosin, Fastcgi+PHP-FPM and APC) Those last three all go to gether which is why I just dubbed it CGI at the end. If you have a problem with it, well… fsck you. :P Hahahaha, joking aside lets get into the deep and dirty portion of this configuration.
This whole part looks relatively easy but took me the longest of all to figure out. I plan on explaining how exactly everything works in detail, so for those that already know or those just looking for the answer, sorry you’re going to have to push through this and deal with it.
Lets recap and make sure we didn’t miss anything:
- Recompiled apache for suexec
- Recompiled PHP and patched it for suhosin and php-fpm
- Compiled FastCGI
- Compiled APC
- Made slight conf changes where needed to include all those items
- Started Apache and PHP-FPM daemon
- Checked logs for errors
Alright, so you probably tried to start the PHP-FPM daemon, and it threw out an error about needing some user/group information. Since we’re using suexec, we want the owner and group option to be whatever user/group is utilizing this. So for example you’ve created a user and group the same name as your website IE: learnix, that’s what those values would contain. Here’s a portion of my configuration:
<value name="listen_options"> Set listen(2) backlog <value name="backlog">-1</value> Set permissions for unix socket, if one used. In Linux read/write permissions must be set in order to allow connections from web server. Many BSD-derrived systems allow connections regardless of permissions. <value name="owner">learnix</value> <value name="group">learnix</value> <value name="mode">0666</value> </value>
And then just below that, you would do the same:
Unix user of processes <value name="user">learnix</value> Unix group of processes <value name="group">learnix</value>
So the first bit is setting the permisions if a socket is used. In my example, I don’t use one so they are not nessessary. However, I do recommend setting them in any case because it doesn’t hurt anything to plan for the future if you choose to use a socket over an ip connection. The second part sets the user for who will be running the php-cgi process, which is very important. This should be your user and not apache, www-data, nobody etc. etc.(all depending on your distro) if you are using userdir mode.
Configuring your virtual host is easy, but was a bit complicated for me to figure out. After I had figured it out, I went back to the fastcgi documentation and re-read it. I was misunderstanding it the whole time and I hope to provide a better explanation here.
What we only want our php scripts/files to be handled by the php-cgi process. Everything else needs to be handled by apache. So we must first make a new directory at the same level that our root directory, public_html, lives. In this example i created virtual_html. Inside of that directory we want to symlink our root, public_html, so that’s basically like our webroot with a symlink.
mkdir -p ~/virtual_html cd ~/virtual_html ln -s ~/public_html
From here, we just need to modify our virtual host configuration to use everything we’ve done. In my example below you will see some commented sections for a fastcgi wrapper script. I left those there in case anyone needed examples of those as well. Plus I always find it handy to be able to reference something I once did in case I need to use it in the future.
ServerName learnix.net ServerAlias www.learnix.net DocumentRoot /home/learnix/public_html SuexecUserGroup learnix learnix DirectoryIndex index.html index.htm index.php index.php4 index.php5 Options +ExecCGI +FollowSymLInks +SymLinksIfOwnerMatch # This is the wrapper script section. #ScriptAlias /fcgi-bin "/home/learnix/public_html/cgi-bin/php-fastcgi.fcgi" #AddHandler php-fastcgi .php #Action php-fastcgi /fcgi-bin # This is to forward all PHP to php-fpm. Only this or script alias should be active # at any time, not both FastCgiExternalServer /home/learnix/virtual_html/public_html -host 127.0.0.1:9000 -user learnix -group learnix AddHandler php-fastcgi .php Action php-fastcgi /virtualhtml Alias /virtualhtml /home/learnix/virtual_html/public_html/ # You must make a virtual directory so that you don't send everything web # related to php-cgi. This is only if you are using FastCgiExternalServer Options +ExecCGI +FollowSymLInks +SymLinksIfOwnerMatch AllowOverride all Order allow,deny Allow from all Options +ExecCGI +FollowSymLInks +SymLinksIfOwnerMatch Order allow,deny Allow from all AllowOverride all
First is the path of our “virtual” web root. We want this to be the full path. I am using the ipaddress/port scheme. You can also use the socket method which is supposed to be faster but I’m not covering that in this how to. You will need to change the user and group to whatever you andered in your php-fpm.conf.
First part of this can be anything you want as far as i know and understand. Naming it something that has some meaning to what you are doing and how you are going to use that handle makes the post sense. Next is the extension of files that this handler will take responsibility for.
This is where we define how the handler will be treated. In this case we are saying that all .php files are only going to come from /virtualhtml which is an alias to our “virtual_html” directory.
Now you have to treat that directory like you would your public_html directory. So we create a directive for it an specify our options. The most important part is the Symlink options. Without them, this whole thing wont work.
Okay, this should be it. Restart php-fpm and apache. Check your logs and try and view you website. Hopefully all went well and not only is your website viewable, it’s much faster at loading. Lets rerun that apache benchmark we did in Part 1 and compare the difference. Change “www.somevhost.com” to your websites domain name.
ab -n 50 -c 3 -k http://www.somevhost.com/
Hopefully there is a difference. There was for me.
This concludes the two part FastASS-CGI How-To.