Why the php-cgi wrapper script for php-fpm? (Using virtualhost and suexec.)

Posted on

Why the php-cgi wrapper script for php-fpm? (Using virtualhost and suexec.) – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, virtualhost, fastcgi, php-fpm, suexec.

I just setup my server with Apache, FastCGI, and PHP-FPM. My question is regarding the /cgi-bin/ folder: is it really necessary to have a /cgi-bin/php-fpm wrapper for every single virtualhost that runs apache using a different user/group? Furthermore, if a user deletes the cgi-bin folder… the fpm/fastcgi benefits are lost. Ideally, I’d like to setup PHP-FPM without the need for anything outside of the .conf file.

As far as I can tell, the php-cgi binary (which is all that the php-fpm wrapper executes) is executable by all users on the system… so why the hassle of wrapping the same executable that’s going to be run by the user anyway? More specifically, how can I change this configuration to use the php-cgi binary directly, instead of going through the wrapper?

The relevant files/results related to my question are:


FastCgiExternalServer /var/www/localhost/cgi-bin/php-fpm -host

AddHandler php-fpm .php
Action php-fpm /cgi-bin/php-fpm

DirectoryIndex index.php

Server API: FPM/FastCGI

Lovely. Running benchmarks reports that the setup is, indeed, functioning very well: with ~135 requests per second, rather than 13 requests per second using the default Apache/PHP interpreter setup. So all that’s left is making the multi-user aspect seamless.

Solution :

As an example, on a Redhat/centos machines, the php-fpm is actually a binary in /usr/sbin/ directory. It intercepts call from the server (apache/nginx) to process php requests. The settings of php-fpm can be adjusted in php-fpm.conf (http://php-fpm.org/wiki/Configuration_File), which lets you fine-tune your system. php-fpm is quite advanced and gives you a lot of control to your system.

Somehow, the php-fpm file on your system seems to be more like a normal fastcgi/cgi wrapper. If you want to bypass using “your version of php-fpm” and use php-cgi directly, you can use a custom fastcgi wrapper. An example of a custom fastcgi wrapper is:

### Set PATH ###
exec $PHP_CGI

One of the options that can be set in php-fpm.conf is to let you execute php scripts as another user. Suexec also provides this function and it can be called by Apache to pass request to the fastcgi wrapper which will handle php files. Together, suexec + fastcgi provide some of key functions of php-fpm and thus can be used as an alternative.

Using a wrapper allows you to optionally do additional configuration such as setting environment variables, selecting a php.ini file, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *