ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Проблема с perl (внешним на сокете).



http://www.fi.muni.cz/~kas/mrtg-rrd/ умеет FCGI
но пока nginx воспринимает слешь как переход каталога он просто незапускает
скрипт.
А если запускать скрипт через встроенный перл ? Можно ли получить большую
производительность ?
=======================================================================
Пока сделал так
=======================================================================
user  nobody nobody;
worker_processes  1;
pid        /var/run/nginx.pid;
#error_log /home/logs/nginx_error.log info;
error_log /home/logs/nginx_error.log debug;

events {    worker_connections  1024; }

http {
   include       mime.types;
   default_type  application/octet-stream;
   sendfile       on;
   tcp_nopush     on;
   tcp_nodelay    on;
   server_names_hash_max_size 2048;
   server_names_hash_bucket_size 128;
#log_format  main  '$remote_addr - $remote_user [$time_local] $request '
#                  '"$status" $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';
   client_header_timeout 3m;
   client_body_timeout 3m;
   send_timeout 3m;
   client_header_buffer_size 1k;
   large_client_header_buffers 4 4k;
   gzip on;
   gzip_min_length 1100;
   gzip_buffers 4 8k;
   gzip_types text/plain;
   output_buffers 1 32k;
   postpone_output 1460;
   keepalive_timeout 75 20;


   server {

listen 80;
server_name max 127.0.0.1 localhost 192.168.106.128 10.0.0.1;
# charset off;
access_log /home/logs/access.log;
root /home/htdocs;
index index.php index.html index.cgi index.pl;
## optimize_server_names off;
server_name_in_redirect off;


 location ~ .php$ {
  fastcgi_pass unix:/tmp/php-fcgi.sock;
  include  /usr/local/nginx/conf/phpcgi.conf;
  fastcgi_param SCRIPT_FILENAME /home/htdocs$fastcgi_script_name;
 }

 location ~ /index.cgi/ {
     if ($fastcgi_script_name ~ (.*/index.cgi)/.*$) {
          set $valid_fastcgi_script_name $1;
     }

      fastcgi_pass    unix:/var/run/nginx-fcgi.sock;
##   fastcgi_index    index.cgi;
  include  /usr/local/nginx/conf/fastcgi.conf;
  fastcgi_param SCRIPT_FILENAME /home/htdocs$valid_fastcgi_script_name;

 }

 location ~ .cgi {
      fastcgi_pass    unix:/var/run/nginx-fcgi.sock;
  fastcgi_index    index.cgi;
  include  /usr/local/nginx/conf/fastcgi.conf;
  fastcgi_param SCRIPT_FILENAME /home/htdocs$fastcgi_script_name;
 }

 location ~ .pl$  {
      fastcgi_pass    unix:/var/run/nginx-fcgi.sock;
  fastcgi_index    index.cgi;
  include  /usr/local/nginx/conf/fastcgi.conf;
  fastcgi_param SCRIPT_FILENAME /home/htdocs$fastcgi_script_name;
 }
 location /stats/ {
     auth_basic            "closed site";
     auth_basic_user_file  /home/htdocs/stats/.ht_passwd;
     index index.pl;
 }

 location /sql/ {
#      auth_basic            "closed site";
#      auth_basic_user_file  /home/htdocs/stats/.ht_passwd;
     index index.php;
 }

 error_page 404 /index.html;
     location /index.html {
     }
}
=======================================================================
#fastcgi.conf
fastcgi_connect_timeout 30;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
fastcgi_intercept_errors on;

fastcgi_param SCRIPT_NAME $fastcgi_script_name; # Добавил две строчки. fastcgi_param PATH_INFO "http://$http_host$request_uri";; # В них те переменные без которых неработает моя статистика.


fastcgi_param QUERY_STRING $query_string;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param REQUEST_METHOD $request_method;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param REQUEST_URI $request_uri;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
=======================================================================
#phpcgi.conf
fastcgi_pass_request_body off;
client_body_in_file_only clean;
fastcgi_param  REQUEST_BODY_FILE  $request_body_file;

fastcgi_connect_timeout 30;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
fastcgi_intercept_errors on;


fastcgi_param  QUERY_STRING    $query_string;
fastcgi_param  CONTENT_TYPE    $content_type;
fastcgi_param  CONTENT_LENGTH  $content_length;
fastcgi_param  REQUEST_URI     $request_uri;
fastcgi_param  REQUEST_METHOD  $request_method;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param   REDIRECT_STATUS 200;
# access_log /home/logs/access_log main;
# error_log /home/logs/error_log warn;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
fastcgi_index  index.php;
=======================================================================
#!/usr/bin/perl -w
use English '-no_match_vars';
use warnings;
use Memoize;
memoize('request_loop');
#use strict;
use FCGI;
use Socket;
use FCGI::ProcManager;
sub shutdown { FCGI::CloseSocket($socket); exit; }
sub restart  { FCGI::CloseSocket($socket); &main; }
use sigtrap 'handler', \&shutdown, 'normal-signals';
use sigtrap 'handler', \&restart,  'HUP';
require 'mach/sys/syscall.ph';


use Proc::Daemon; #debian pkg: libproc-daemon-perl
Proc::Daemon::Init; #daemonize
#hangs ProcManager for some reason - perldoc FCGI::ProcManager cites use of Daemontools as ideal



use IO::Handle;
autoflush STDOUT 1;
autoflush STDERR 1;

#use IPC::Open3;
#use Symbol qw(gensym);


use IO::All;
my $logfile="/home/logs/nginx-fcgi.log";
my $verbose="1";

#/usr/local/lib/perl5/site_perl/5.8.8/mach/sys/syscall.ph
#&daemonize; #we don't daemonize when running under runsv
#this keeps the program alive or something after exec'ing perl scripts
END()   { }
BEGIN() { }
{
   no warnings;
   *CORE::GLOBAL::exit = sub { die "fakeexit\nrc=" . shift() . "\n"; };
};
eval q{exit};
if ($@) {
   exit unless $@ =~ /^fakeexit/;
}

&main;

sub daemonize() {
   chdir '/' or die "Can't chdir to /: $!";
   defined( my $pid = fork ) or die "Can't fork: $!";
   exit if $pid;
   setsid() or die "Can't start a new session: $!";
   umask 0;
}

sub main {

       if ( ! $logfile ) {
 print "\n\tERROR\t log file must declared\n"
  . "\tuse $0 with option -l filename\n\n";
 exit 1;
}
# print " Using log file $logfile\n" if $verbose;
"\n\n" >> io($logfile);
addlog($logfile, "Starting Nginx-cfgi");
addlog($logfile, "Running with $> UID");
addlog($logfile, "Perl $]");
addlog($logfile, "Testing socket options");

foreach $item (keys %ENV) { delete $ENV{$item}; } #clearing ENVIRONMENT of unneeded stuffs

#$socket = FCGI::OpenSocket( "127.0.0.1:8999", 10 ); #use IP sockets
#$socket = FCGI::OpenSocket( "/var/run/nginx/perl_cgi-dispatch.sock", 10 ); #use UNIX sockets - user running this script must have w access to the 'nginx' folder!!
#foreach $item (keys %ENV) { delete $ENV{$item}; }
   $proc_manager = FCGI::ProcManager->new( {n_processes => 5} );
   $socket = FCGI::OpenSocket( "/var/run/nginx-fcgi.sock", 10 );
    system("chmod 777 /var/run/nginx-fcgi.sock");
#use UNIX sockets - user running this script must have w access to the 'nginx' folder!! $request = FCGI::Request( \*STDIN, \*STDOUT, \*STDERR, \%req_params, $socket,
       &FCGI::FAIL_ACCEPT_ON_INTR );
   $proc_manager->pm_manage();
#    print("Content-type: text/plain\r\n\r\nwoek");
   if ($request) { request_loop() };
   FCGI::CloseSocket($socket);
}


sub request_loop {

       while( $request->Accept() >= 0 ) {

       $proc_manager->pm_pre_dispatch();

# if ($req_params{SCRIPT_FILENAME}=~ /^(.*index.cgi).*/) { $req_params{SCRIPT_FILENAME}=$1;} addlog($logfile, "req_params{SCRIPT_FILENAME}=$req_params{SCRIPT_FILENAME}");
  addlog($logfile, "req_params{PATH_INFO}=$req_params{PATH_INFO}");
          #processing any STDIN input from WebServer (for CGI-POST actions)
          $stdin_passthrough ='';
# addlog($logfile, "req_params{'CONTENT_LENGTH'}=$req_params{'CONTENT_LENGTH'}\n");
   if ($req_params{'CONTENT_LENGTH'} ne "") {
$req_len = 0 + $req_params{'CONTENT_LENGTH'}; } else { $req_len = 0; }

if (($req_params{'REQUEST_METHOD'} eq 'POST') && ($req_len != 0) ){
               my $bytes_read = 0;
               while ($bytes_read < $req_len) {
                       my $data = '';
my $bytes = read(STDIN, $data, ($req_len - $bytes_read));
                       last if ($bytes == 0 || !defined($bytes));
                       $stdin_passthrough .= $data;
                       $bytes_read += $bytes;
               }
           }

           #running the cgi app
           if ( (-x $req_params{SCRIPT_FILENAME}) &&  #can I execute this?
                (-s $req_params{SCRIPT_FILENAME}) &&  #Is this file empty?
(-r $req_params{SCRIPT_FILENAME}) #can I read this file?
           ){
               pipe(CHILD_RD, PARENT_WR);
               my $pid = open(KID_TO_READ, "-|");
               unless(defined($pid)) {
                       print("Content-type: text/plain\r\n\r\n");
print "Error: CGI app returned no output - Executing $req_params{SCRIPT_FILENAME} failed !\n";
                       next;
               }
               if ($pid > 0) {
                       close(CHILD_RD);
                       print PARENT_WR $stdin_passthrough;
                       close(PARENT_WR);

                       while(my $s = <KID_TO_READ>) { print $s; }
                       close KID_TO_READ;
                       waitpid($pid, 0);
               } else {
                       foreach $key ( keys %req_params){
                          $ENV{$key} = $req_params{$key};
                       }
                       # cd to the script's local directory
if ($req_params{SCRIPT_FILENAME} =~ /^(.*)\/[^\/]+$/) {
                               chdir $1;
                       }

                       close(PARENT_WR);
                       close(STDIN);
                       syscall(&SYS_dup2, fileno(CHILD_RD), 0);

# $ENV{PATH_INFO}="http://$req_params{SERVER_NAME}$req_params{REQUEST_URI}";;

$EUID  = "65534";
$EGID  = "65534";

                       exec($req_params{SCRIPT_FILENAME});
                       die("exec failed");
               }
           }
           else {
               print("Content-type: text/plain\r\n\r\n");
print "Error: No such CGI app - $req_params{SCRIPT_FILENAME} may not exist or is not executable by this process.\n";
           }
$proc_manager->pm_post_dispatch();
       }
}


sub addlog {
my ($log_file, $log_message) = @_;
my $curr_time = logformat();
my $write_message = "[$curr_time]   $log_message";
$write_message >> io($log_file);
"\n" >> io($log_file);
}
sub logformat {
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$iddst) = localtime(time);
my $datestring;
$year += 1900;
$mon++;
$mon  = addzero($mon);
$mday = addzero($mday);
$min  = addzero($min);
$datestring = "$year-$mon-$mday $hour:$min";
return($datestring);
}
sub addzero {
my ($date) = shift;
if ($date < 10) {
 return "0$date";
}
      return $date;
}

=======================================================================
Строки из перл скрипта которые меняли переменные окружения убрал и добавил демонизацию и $EUID = "65534"; $EGID = "65534"; чтоб безопасность хоть как то увеличить ...
Если кто то подскажет как реализовать эту кнструкцию
 location ~ /index.cgi/ {
     if ($fastcgi_script_name ~ (.*/index.cgi)/.*$) {
          set $valid_fastcgi_script_name $1;
     }
с проверкой файла и вложенным циклом, чтобы было для всех случаев буду признателен.
=======================================================================

С уважением Max.
maxhl@xxxxxxxxxxxxxx 71006063

 




Copyright © Lexa Software, 1996-2009.