Konfigurasi Shared Hosting PHP FastCGI + Nginx

Posted on 12 January 2011 by

Nginx logoSetelah server mendapat “suntikan komponen” baru, kami pada LUG STIKOM berencana untuk membuat shared hosting yang akan dihost pada repo.stikom.edu. Setiap user akan diberikan quota tertentu untuk menghost file mereka sendiri. Server yang kami gunakan adalah Intel Pentium D dual core, RAM 512MB, HD 1,16TB, dan OS Ubuntu 10.04 LTS.

Masalah

Setiap script PHP yang dieksekusi dibawah PHP FastCGI adalah “www-data” sehingga proses pemberian quota tidak dapat dilakukan.

Tujuan

Setiap script PHP yang dieksekusi dibawah PHP FastCGI harus sesuai dengan pemilik script itu sendiri (masing-masing user).

Solusi

Setiap user memiliki PHP FastCGI proses sendiri-sendiri, bind menggunakan UNIX Socket bukan TCP/IP untuk mengurangi overhead (karena minus TCP/IP header).

PHP FastCGI socket script untuk individual user

# nano /usr/local/bin/fcgi-socket
#!/bin/bash
# ---------
# Author: Rio Astamal (astamal.rio@gmail.com)
#

# check parameter 2 (should be username)
if [ ! $2 ]; then
	echo "Second parameter MUST BE username: FAIL.";
	exit 1;
fi

grep -q $2 /etc/passwd
if [ $? -ne 0 ]; then
	echo "Second parameter MUST BE valid user account: FAIL.";
	exit 1
fi

USER=$2
SOCKDIR=/var/run/fcgi-socket/$USER
BIND=$SOCKDIR/fcgi.sock
PHP_FCGI_CHILDREN=1
PHP_FCGI_MAX_REQUESTS=1000
INI_FILE=""

if [ $3 ]; then
	echo "Using additional ini file $3..."
	INI_FILE="-c $3"
fi

PHP_CGI=/usr/bin/php-cgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND ${INI_FILE}"
#PHP_CGI_ARGS="export USER=$USER; export PATH=/usr/bin; export PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN; export PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS;";
RETVAL=0

start() {
 echo -n "Starting PHP FastCGI Socket: "
 mkdir -p $SOCKDIR
 chown $USER:www-data $SOCKDIR
 rm $BIND 2>/dev/null
 # su -m $USER -c "${PHP_CGI_ARGS} ${PHP_CGI} -b ${BIND} ${INI_FILE}"&
 start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
 RETVAL=$?
 echo "$PHP_CGI_NAME."
}
stop() {
 echo -n "Stopping PHP FastCGI Socket: "
 killall -q -u $USER $PHP_CGI
 RETVAL=$?
 echo "$PHP_CGI_NAME."
}

case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 start
 ;;
 *)
 echo "Usage: $0 {start|stop|restart}"
 exit 1
 ;;
esac
exit $RETVAL
# chmod x /usr/local/bin/fcgi-socket

PHP FastCGI socket script untuk semua user

# nano /usr/local/bin/fcgi-socket-all
#!/bin/bash
# ---------
# Author: Rio Astamal (astamal.rio@gmail.com)

# List all user but exlclude some user i.e: stikom and lug
ALL_SOCKET=`cat /etc/passwd |grep "/bin/bash" | grep "/home" | cut -d: -f1 | grep -v stikom | grep -v lug`

# default user for non virtual host and per user dir
DEF_USER="www-data"

FCGI_SOCK_BIN=/usr/local/bin/fcgi-socket
start() {
 echo "Starting All Einige nennen es Chemin De Fer, andere nennen es Punto Banco, aber hier bei 777 nenne wir es Live Bakkarat und es ist hei?!Es gibt zwei Kategorien von Live Dealer casino spiele n: Geschicklichkeits und Glucksspiele. PHP FastCGI: "
 for USER in $ALL_SOCKET $DEF_USER
 do
 echo -n "* starting socket for ${USER}..."
 $FCGI_SOCK_BIN start $USER > /dev/null 2>&1
 echo "done."
	 sleep 0.125
 done
 RETVAL=$?
 echo "Done starting all socket."
}
stop() {
 echo "Stopping All PHP FastCGI: "
 for USER in $ALL_SOCKET $DEF_USER
 do
 echo -n "* stoping socket for ${USER}..."
 $FCGI_SOCK_BIN stop $USER > /dev/null 2>&1
 echo "done."
 sleep 0.125
 done
 RETVAL=$?
 echo "Done stopping all socket."
}

case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 start
 ;;
 *)
 echo "Usage: $0 {start|stop|restart}"
 exit 1
 ;;
esac
exit $RETVAL
# chmod x /usr/local/bin/fcgi-socket-all

Untuk startup socket all user kita tambahkan pada init script, agar otomatis start setiap boot.

# ln -s casino online  /usr/local/bin/fcgi-socket-all /etc/init.d/fcgi-socket-all
# update-rc.d fcgi-socket-all defaults

Konfigurasi Nginx untuk per user dir
Setiap alamat http://repo.stikom.edu/~username/ akan dimapping ke /home/username/www. Ini adalah konfigurasi yang saya gunakan pada server LUG, ganti sesuai dengan keperluan.

# nano /etc/nginx/site-available/default
server {
	client_max_body_size 10M;
	listen 80 default;
	server_name repo.stikom.edu;

	access_log /var/log/nginx/repo.stikom.edu.access.log;
	error_log /var/log/nginx/repo.stikom.edu.log error;

	location / {
		root /var/www/nginx-default;
		autoindex on;
		index index.html index.htm index.php index.pl;
	}

	include /etc/nginx/homedir.conf;

	root /var/www/nginx-default;
	error_page 404 /404.html;
	error_page 401 /401.html;
	error_page 403 /403.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
		root /var/www/nginx-default;
	}

	# Default socket
	location ~ \.php($|/) {
		fastcgi_split_path_info ^(. \.php)(/. )$;
		fastcgi_pass unix:/var/run/fcgi-socket/www-data/fcgi.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		include fastcgi_params;

	}
}
# nano /etc/nginx/homedir.conf
location ~ ^/~([a-zA-Z0-9]*)/?(.*)\.php($|/) {
	root /home/$1/www;
 fastcgi_split_path_info ^(. \.php)(/. )$;
	fastcgi_pass	unix:/var/run/fcgi-socket/$1/fcgi.sock;
 fastcgi_index index.php;
	fastcgi_param	HTTPS	on;
 fastcgi_param SCRIPT_FILENAME /home/$1/www/$2.php;
 fastcgi_param PATH_INFO $fastcgi_path_info;
 include fastcgi_params;
}

location ~ ^/~([a-zA-Z0-9]*)/?(.*)$ {
	alias /home/$1/www/$2;
	index index.html index.htm index.php index.pl;
	autoindex on;
}

Jalankan

OK, saatnya menjalankan konfigurasi baru yang telah dibuat. Pertama kita jalankan dulu FastCGI socket untuk semua user.

# /etc/init.d/fcgi-socket-all start
Starting All PHP FastCGI:
* starting socket for c0kr3x...done.
* starting socket for blackice84...done.
* starting socket for cakming...done.
* starting socket for abid...done.
* starting socket for www-data...done.
Done starting all socket.

Kita dapat melihat owner dari masing-masing socket dengan menggunakan perintah ps

# ps aux
c0kr3x 13971 0.5 1.4 66120 7356 ? Ss 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/c0kr3x/fcgi.sock
c0kr3x 13974 0.0 0.5 66120 2744 ? S 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/c0kr3x/fcgi.sock
1002 13983 0.5 1.4 66120 7356 ? Ss 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/blackice84/fcgi.sock
1002 13986 0.0 0.5 66120 2744 ? S 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/blackice84/fcgi.sock
cakming 13995 0.5 1.4 66120 7356 ? Ss 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/cakming/fcgi.sock
cakming 13998 0.0 0.5 66120 2744 ? S 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/cakming/fcgi.sock
abid 14007 0.5 1.4 66120 7356 ? Ss 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/abid/fcgi.sock
abid 14010 0.0 0.5 66120 2744 ? S 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/abid/fcgi.sock
www-data 14079 0.6 1.4 66120 7356 ? Ss 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/www-data/fcgi.sock
www-data 14082 0.0 0.5 66120 2744 ? S 12:07 0:00 /usr/bin/php-cgi -b /var/run/fcgi-socket/www-data/fcgi.sock

Ketika suatu halaman PHP dipanggil Nginx akan melakukan request ke socket yang telah ditentukan. Misal ketika mengunjungi http://repo.stikom.edu/~c0kr3x/abc.php maka abc.php akan dijalankan sebagai user c0kr3x BUKAN www-data.

Starting FastCGI Socket untuk individual user
Misal kita ingin menghentikan proses FastCGI socket user c0kr3x maka perintah yang digunakan adalah:

# /usr/local/bin/fcgi-socket stop c0kr3x

Contoh lain ketika kita ingin memberikan konfigurasi php.ini yang berbeda, misal php-abc.ini.

# /usr/local/bin/fcgi-socket start c0kr3x /lokasi/dari/php-abc.ni

Kesimpulan

Konfigurasi shared hosting seperti ini memiliki kelebihan dan kelemahan, diantaranya:
Kelebihan

  • Setiap PHP script dijalankan oleh owner script itu sendiri
  • Performance lebih baik untuk setiap vhost karena resource socket tidak dibagi dengan user lain
  • Dalam hal security, meskipun tanpa menggunakan safe_mode atau open_basedir script PHP dari seorang user tidak dapat melihat/menulis/mengeksekusi script dari user lain jika memang permission tidak diberikan oleh user yang bersangkutan.
  • Setiap user dapat memiliki konfigrasi php.ini berbeda-beda

Kelemahan

  • Karena setiap user dibuatkan FastCGI socket sendiri-sendiri maka memory yang diperlukan cukup besar. Jadi perlu dilakukan perhitungan jumlah memory yang diperlukan jika jumlah user cukup banyak.

Referensi:
http://till.klampaeckel.de/blog/archives/51-Ubuntu-nginx php-cgi-on-a-socket.html
http://www.ruby-forum.com/topic/170190

Related Post

16 Comments

Eusebia

6 April 2015

An interesting discussin is definitely worth comment.
There’s no doubt that that you ought to publish more
on this subject, it may not be a taboo matter but typiclly people don’t discuss these issues.
To the next! Besst wishes!!


michigan background check

29 December 2014

wonderful submit, very informative. I’m wondering why the opposite experts of this sector don’t understand this.
You must continue your writing. I’m sure, you have a great readers’ base already!


horsebox insurance compare

25 July 2014

Maintaining and repairing homes came in highest
here with 46% of respondents using a release scheme for
your property, where horsebox insurance you sell a part of your home.
As an example, the United States, sacrificed their fortunes for the greater
good of the Republic.


fleet insurance how many cars

26 May 2014

Remember that haulage fleet insurance your business requires.
So it’s important to choose the type of GPS
and which is best suited for your company. Broker Willis Re
said that larger, more serious bodily injury claims are
the real reason motor fleet insurance premiums have risen by 70% from two years ago.
It was a natural choice because of the insurance, including the disclosures under” Risk Factors” and” There’s No Place Like Home.


social anxiety symptoms adults

3 February 2013

Wow, superb blog layout! How long have you been
blogging for? you make blogging look easy. The overall look of your web site is fantastic, as well as the content!


Post a Comment

Your email is never shared.