Apache
(→Scripts) |
|||
| (One intermediate revision by one user not shown) | |||
| Line 22: | Line 22: | ||
The wrapper scripts are /usr/local/lib/apache/(php,cgi)-wrapper. | The wrapper scripts are /usr/local/lib/apache/(php,cgi)-wrapper. | ||
| − | ==FastCGI== | + | ==[[FastCGI]]== |
For vhost php scripting, we have a fastcgi system set up. This way, the php-cgi processes can stay alive and we avoid the huge hit (~0.3s) to start up php each time. It works by having fastcgi call a different wrapper (/usr/local/lib/apache/fcgi-php-vhost) which does roughly the same things (gets tokens, etc) but doesn't do filename checks and runs k5start background to keep php-cgi's tokens alive. | For vhost php scripting, we have a fastcgi system set up. This way, the php-cgi processes can stay alive and we avoid the huge hit (~0.3s) to start up php each time. It works by having fastcgi call a different wrapper (/usr/local/lib/apache/fcgi-php-vhost) which does roughly the same things (gets tokens, etc) but doesn't do filename checks and runs k5start background to keep php-cgi's tokens alive. | ||
| Line 33: | Line 33: | ||
Note that if you remove a vhost, you have to manually delete stuff from drop/vhost/aliases and from the vhosts directory on the webservers. | Note that if you remove a vhost, you have to manually delete stuff from drop/vhost/aliases and from the vhosts directory on the webservers. | ||
| + | |||
| + | =Nagios tests= | ||
| + | * Basic HTTP (issues a GET / request, sees if it succeedes) | ||
| + | * User static/cgi/php- gets files from /~test/ to make sure they work and the script wrapper is working correctly. The test php script also tries to connect to the database | ||
| + | * Vhost static/cgi/php- gets files from jdtest.caltech.edu (vhost for test) and checks same thing as user stuff | ||
| + | * Apache k5start process- ensures that apache's k5start process hasn't died | ||
| + | * fastcgi process count- makes sure that at least 1 or 2 fastcgi processes are running, otherwise there is probably an issue with the fastcgi setup | ||
| + | |||
[[Category:Sysadmin_Documentation]] | [[Category:Sysadmin_Documentation]] | ||
Latest revision as of 21:47, 20 March 2010
UGCS uses Apache2 to do our webserving. However, we have a number of customizations to make it work nicely with AFS etc.
Contents |
Customizations
- Apache needs to start under K5start so everything has the right kerberos tokens (for www-data). This requires a minor modification to apache2ctl: on the line where it starts httpd, you need to prepend a ${KSTART_CMD} to the command. Note that you will have to re-do this edit every time apache2 is updated.
- You then need to edit the file /etc/apache2/envvars:
export APACHE_ARGUMENTS='-D NO_DETACH'
export KSTART_CMD="/usr/bin/k5start -b -o www-data -g www-data -m 640 -K 10 -t -f /etc/apache2/www-data.keytab www-data@UGCS.CALTECH.EDU --"
This way apache won't background, which causes k5start to exit. k5start only really works right with AFS when it is running a command. You also have to make sure that the wrapper scripts create a new PAG before getting tokens, otherwise AFS will get confused (you can tell by running `tokens`, `klist` won't show it)
Basic info
- Currently www.ugcs.caltech.edu is a CNAME for poseidon. Poseidon runs apache2 and is the main webserver
- Dionysus also has a copy of the webserver and its config. Webserver config is generated on demeter and distributed through remctl and cfengine.
- Logs are sent to charon via syslog-ng. syslog:local1 (/var/log/ugcs/poseidon/local1.log) is used for errors, and syslog:local2 (/var/log/ugcs/poseidon/local2.log) is used for access logs. The messages go through wrapper scripts in /usr/local/sbin which also try to determine what user the message was for, and put it in their appropriate folder in /afs/.ugcs/apache-logs. See also Logging
Scripts
Scripting on UGCS is run through a series of wrappers and some apache configuration. The apache configuration re-writes requests for ~/cgi-bin and ~/*.php to the appropriate wrapper scripts. There is a bit of messiness in the configuration to make sure that the file exists (and is accessable) before it gets rewritten to avoid information leakage. See /etc/apache2/site-parts/ugcs-homedirs for the scripts
The wrapper scripts are /usr/local/lib/apache/(php,cgi)-wrapper.
FastCGI
For vhost php scripting, we have a fastcgi system set up. This way, the php-cgi processes can stay alive and we avoid the huge hit (~0.3s) to start up php each time. It works by having fastcgi call a different wrapper (/usr/local/lib/apache/fcgi-php-vhost) which does roughly the same things (gets tokens, etc) but doesn't do filename checks and runs k5start background to keep php-cgi's tokens alive.
This means that if you change php or fastcgi stuff, you need to either completely restart apache or "killall php-cgi" so the new changes will get picked up.
Virtual hosts
Virtual hosts are supported by a series of remctl scripts that automatically generate the configuration files, place them in the appropriate place, and reload apache as necessary. See Remctl and demeter:/usr/local/lib/remctl/vhost and demeter:/usr/local/lib/vhost
See `man vhost`, and also create_vhost (a wrapper to automate creating the files)
Note that if you remove a vhost, you have to manually delete stuff from drop/vhost/aliases and from the vhosts directory on the webservers.
Nagios tests
- Basic HTTP (issues a GET / request, sees if it succeedes)
- User static/cgi/php- gets files from /~test/ to make sure they work and the script wrapper is working correctly. The test php script also tries to connect to the database
- Vhost static/cgi/php- gets files from jdtest.caltech.edu (vhost for test) and checks same thing as user stuff
- Apache k5start process- ensures that apache's k5start process hasn't died
- fastcgi process count- makes sure that at least 1 or 2 fastcgi processes are running, otherwise there is probably an issue with the fastcgi setup
