apache

We suddenly received some calls from customers that their sites aren't loading. Looking in the apache error logs gave us the following information:

[Tue Jul 21 17:33:59 2009] [error] (24)Too many open files: mod_fcgid: couldn't set child process attributes: /var/lib/apache2/fcgid/sock/27657.218
[Tue Jul 21 17:33:59 2009] [warn] (24)Too many open files: mod_fcgid: spawn process /var/www/hosting/users/user11/php-fastcgi/php4-fcgi error


We had long suspected that something wasn't quite acting as advertised with our PHP Fastcgi set up. Not that we had any issues, but like many tutorials recommend, we using a wrapper script to run the fastcgi enabled version of php. In that wrapper script we set PHP_FCGI_CHILDREN variable and exec'd php. Here is the snippet from our config:

Apache:

ScriptAlias /php-fastcgi/ /path/to/users/home/php-fastcgi/
AddType application/x-httpd-fastphp .php
Action application/x-httpd-fastphp /php-fastcgi/php5-fcgi


php5-fcgi:

#!/bin/sh
PHPRC="/etc/php4/cgi"

Being a little frustrated by the unwieldy beast that is apache, I am wanting to try out some of the sexy new http servers about town, namely cherokee, lighttpd and nginx. So to work out which I like better I'm going to set up and then benchmark the following:
- a drupal site
- a ruby on rails site
- both running under fastcgi as a designated user for that site
- test with and without a database backend
- test primarily on OpenSolaris. Maybe compare to Linux.

Everyone knows that you need to be careful about what you let you users or the general public upload through a PHP script. At work this week I've seen two separate companies hosting site with us get stung by image upload scripts which allowed a PHP file to be uploaded. Surely this is obviously wrong you say! However, the image upload script did check the uploaded file to confirm it was an image, and it did so with the file command. However, the PHP file cunningly had GIF89a as it's first line - tricking file into believing it was an image.

At work we use mod_fcgid to run php (libapache2-mod-fcgid from Debian to be exact). This makes php nice and fast, but more importantly, it runs each site's php pages as that site's user. However, if php scripts start running for a long time, we start seeing cryptic error messages in the browser ("Premature end of script headers: php4-fcgi" for example) and also as cryptic errors in Apache's error log. And those error.log messages seem quite hard to link back to the fcgid config so I thought I'd document them here.


exit(idle timeout), terminated by calling exit(), return code: 0