B Migrating to the mod_proxy_fcgi and mod_authnz_fcgi Modules
The mod_fastcgi
module was deprecated in the previous release and has been replaced in the current release by the mod_proxy_fcgi
and the mod_authnz_fcgi
modules. You must complete certain tasks to migrate from the mod_fastcgi
module to the mod_proxy_fcgi
and mod_authnz_fcgi
modules.
The mod_proxy_fcgi
module uses mod_proxy
to provide FastCGI support. The mod_authnz_fcgi
module allows FastCGI authorizer applications to authenticate users and authorize access to resources.
Complete the following tasks to migrate from the mod_fastcgi
module to the mod_proxy_fcgi
and mod_authnz_fcgi
modules:
- Task 1: Replace LoadModule Directives in htttpd.conf File
To update theLoadModule
directives in the Oracle HTTP Server configuration file,httpd.conf
open this file in an editor and replace the modulesmod_fastcgi
andmod_fcgi
with the modulesmod_proxy
,mod_proxy_fcgi
, andmod_authnz_fcgi
. - Task 2: Delete mod_fastcgi Configuration Directives From the htttpd.conf File
To migrate to the new modules provided by Oracle HTTP Server, you must delete the configuration directives that belong to the deprecated modulemod_fastcgi
in thehttpd.conf
file. - Task 3: Configure mod_proxy_fcgi to Act as a Reverse Proxy to an External FastCGI Server
Themod_proxy_fcgi
module does not have configuration directives. Instead, it uses the directives set on themod_proxy
module. Unlike themod_fcgid
andmod_fastcgi
modules, themod_proxy_fcgi
module has no provision for starting the application process. The purpose ofmod_proxy_fcgi
is to move this functionality outside of the web server for faster performance. So,mod_proxy_fcgi
simply will act as a reverse proxy to an external FastCGI server. - Task 4: Setup an External FastCGI Server
An external FastCGI server enables you to run FastCGI scripts external to the web server or even on a remote machine. Therefore, you must set up an external FastCGI server. - Task 5: Setup mod_authnz_fcgi to Work with FastCGI Authorizer Applications
You can set upmod_authnz_fcgi
module to work with FastCGI authorizer applications to authenticate users and authorize access to resources. It supports generic FastCGI authorizers that participate in a single phase for authentication and authorization, and Apache httpd specific authenticators and authorizers. FastCGI authorizers can authenticate using the user ID and password for basic authentication or authenticate using arbitrary mechanisms.
Task 1: Replace LoadModule Directives in htttpd.conf File
To update the LoadModule
directives in the Oracle HTTP Server configuration file, httpd.conf
open this file in an editor and replace the modulesmod_fastcgi
and mod_fcgi
with the modulesmod_proxy
,mod_proxy_fcgi
, and mod_authnz_fcgi
.
Edit the httpd.conf
file to comment out the LoadModule
lines for mod_fastcgi
and mod_fcgi
. Add LoadModule
lines for mod_proxy
, mod_proxy_fcgi
, and mod_authnz_fcgi
. For example:
# LoadModule fastcgi_module modules/mod_fastcgi.so # LoadModule fcgi_module modules/mod_fcgi.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi LoadModule authnz_fcgi_module modules/mod_authnz_fcgi
Task 2: Delete mod_fastcgi Configuration Directives From the htttpd.conf File
To migrate to the new modules provided by Oracle HTTP Server, you must delete the configuration directives that belong to the deprecated module mod_fastcgi
in the httpd.conf
file.
For more information on these directives, see Module mod_fastcgi.
-
FastCgiServer
-
FastCgiConfig
-
FastCgiExternalServer
-
FastCgiIpcDir
-
FastCgiWrapper
-
FastCgiAuthenticator
-
FastCgiAuthenticatorAuthoritative
-
FastCgiAuthorizer
-
FastCgiAuthorizerAuthoritative
-
FastCgiAccessChecker
-
FastCgiAccessCheckerAuthoritative
Task 3: Configure mod_proxy_fcgi to Act as a Reverse Proxy to an External FastCGI Server
The mod_proxy_fcgi
module does not have configuration directives. Instead, it uses the directives set on the mod_proxy
module. Unlike the mod_fcgid
and mod_fastcgi
modules, the mod_proxy_fcgi
module has no provision for starting the application process. The purpose of mod_proxy_fcgi
is to move this functionality outside of the web server for faster performance. So, mod_proxy_fcgi
simply will act as a reverse proxy to an external FastCGI server.
For examples of using mod_proxy_fcgi
, see:
http://httpd.apache.org/docs/trunk/mod/mod_proxy_fcgi.html
For information about the directives available for mod_proxy
, including reverse proxy examples, see:
http://httpd.apache.org/docs/trunk/mod/mod_proxy.html
Another way to setup the mod_proxy_fcgi
module to act as a reverse proxy to a FastCGI server is to force a request to be handled as a reverse-proxy request. To do this, you must create a suitable Handler pass-through (also known as Access via Handler). For more information about how to set up a Handler pass-through, see:
http://httpd.apache.org/docs/trunk/mod/mod_proxy.html#handler
Task 4: Setup an External FastCGI Server
An external FastCGI server enables you to run FastCGI scripts external to the web server or even on a remote machine. Therefore, you must set up an external FastCGI server.
The following list provides information on some available FastCGI server solutions:
-
fcgistarter, a utility for starting FastCGI programs. This solution is provided by Apache httpd 2.4. It only works on UNIX systems. See
http://httpd.apache.org/docs/trunk/programs/fcgistarter.html
. -
PHP-FPM, an alternative PHP FastCGI implementation. This solution is included with PHP release 5.3.3 and later. See
http://php.net/manual/en/install.fpm.configuration.php
. -
spawn-fcgi, a utility for spawning remote and local FastCGI processes. See
http://redmine.lighttpd.net/projects/spawn-fcgi/wiki/WikiStart
.
Task 5: Setup mod_authnz_fcgi to Work with FastCGI Authorizer Applications
You can set up mod_authnz_fcgi
module to work with FastCGI authorizer applications to authenticate users and authorize access to resources. It supports generic FastCGI authorizers that participate in a single phase for authentication and authorization, and Apache httpd specific authenticators and authorizers. FastCGI authorizers can authenticate using the user ID and password for basic authentication or authenticate using arbitrary mechanisms.
For more information about using mod_authnz_fcgi
, see http://httpd.apache.org/docs/trunk/mod/mod_authnz_fcgi.html
.