B Migrating to the mod_proxy_fcgi and mod_authnz_fcgi Modules

The mod_fastcgi module was deprecated in the previous release and has been replaced in the current release by the mod_proxy_fcgi and the mod_authnz_fcgi modules. You must complete certain tasks to migrate from the mod_fastcgi module to the mod_proxy_fcgi and mod_authnz_fcgi modules.

The mod_proxy_fcgi module uses mod_proxy to provide FastCGI support. The mod_authnz_fcgi module allows FastCGI authorizer applications to authenticate users and authorize access to resources.

Complete the following tasks to migrate from the mod_fastcgi module to the mod_proxy_fcgi and mod_authnz_fcgi modules:

• Task 1: Replace LoadModule Directives in htttpd.conf File

• Task 2: Delete mod_fastcgi Configuration Directives From the htttpd.conf File

• Task 3: Configure mod_proxy_fcgi to Act as a Reverse Proxy to an External FastCGI Server

• Task 4: Setup an External FastCGI Server

• Task 5: Setup mod_authnz_fcgi to Work with FastCGI Authorizer Applications

• Task 1: Replace LoadModule Directives in htttpd.conf File
  To update the LoadModule directives in the Oracle HTTP Server configuration file, httpd.conf open this file in an editor and replace the modulesmod_fastcgi and mod_fcgi with the modulesmod_proxy ,mod_proxy_fcgi , and mod_authnz_fcgi .
• Task 2: Delete mod_fastcgi Configuration Directives From the htttpd.conf File
  To migrate to the new modules provided by Oracle HTTP Server, you must delete the configuration directives that belong to the deprecated module mod_fastcgi in the httpd.conf file.
• Task 3: Configure mod_proxy_fcgi to Act as a Reverse Proxy to an External FastCGI Server
  The mod_proxy_fcgi module does not have configuration directives. Instead, it uses the directives set on the mod_proxy module. Unlike the mod_fcgid and mod_fastcgi modules, the mod_proxy_fcgi module has no provision for starting the application process. The purpose of mod_proxy_fcgi is to move this functionality outside of the web server for faster performance. So, mod_proxy_fcgi simply will act as a reverse proxy to an external FastCGI server.
• Task 4: Setup an External FastCGI Server
  An external FastCGI server enables you to run FastCGI scripts external to the web server or even on a remote machine. Therefore, you must set up an external FastCGI server.
• Task 5: Setup mod_authnz_fcgi to Work with FastCGI Authorizer Applications
  You can set up mod_authnz_fcgi module to work with FastCGI authorizer applications to authenticate users and authorize access to resources. It supports generic FastCGI authorizers that participate in a single phase for authentication and authorization, and Apache httpd specific authenticators and authorizers. FastCGI authorizers can authenticate using the user ID and password for basic authentication or authenticate using arbitrary mechanisms.

Task 1: Replace LoadModule Directives in htttpd.conf File

To update the LoadModule directives in the Oracle HTTP Server configuration file, httpd.conf open this file in an editor and replace the modulesmod_fastcgi and mod_fcgi with the modulesmod_proxy ,mod_proxy_fcgi , and mod_authnz_fcgi .

Edit the httpd.conf file to comment out the LoadModule lines for mod_fastcgi and mod_fcgi. Add LoadModule lines for mod_proxy, mod_proxy_fcgi, and mod_authnz_fcgi. For example:

# LoadModule fastcgi_module modules/mod_fastcgi.so
# LoadModule fcgi_module modules/mod_fcgi.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi

Task 2: Delete mod_fastcgi Configuration Directives From the htttpd.conf File

To migrate to the new modules provided by Oracle HTTP Server, you must delete the configuration directives that belong to the deprecated module mod_fastcgi in the httpd.conf file.

For more information on these directives, see Module mod_fastcgi.

• FastCgiServer

• FastCgiConfig

• FastCgiExternalServer

• FastCgiIpcDir

• FastCgiWrapper

• FastCgiAuthenticator

• FastCgiAuthenticatorAuthoritative

• FastCgiAuthorizer

• FastCgiAuthorizerAuthoritative

• FastCgiAccessChecker

• FastCgiAccessCheckerAuthoritative

Task 3: Configure mod_proxy_fcgi to Act as a Reverse Proxy to an External FastCGI Server

The mod_proxy_fcgi module does not have configuration directives. Instead, it uses the directives set on the mod_proxy module. Unlike the mod_fcgid and mod_fastcgi modules, the mod_proxy_fcgi module has no provision for starting the application process. The purpose of mod_proxy_fcgi is to move this functionality outside of the web server for faster performance. So, mod_proxy_fcgi simply will act as a reverse proxy to an external FastCGI server.

For examples of using mod_proxy_fcgi, see:

http://httpd.apache.org/docs/trunk/mod/mod_proxy_fcgi.html

For information about the directives available for mod_proxy, including reverse proxy examples, see:

http://httpd.apache.org/docs/trunk/mod/mod_proxy.html

Another way to setup the mod_proxy_fcgi module to act as a reverse proxy to a FastCGI server is to force a request to be handled as a reverse-proxy request. To do this, you must create a suitable Handler pass-through (also known as Access via Handler). For more information about how to set up a Handler pass-through, see:

http://httpd.apache.org/docs/trunk/mod/mod_proxy.html#handler

Task 4: Setup an External FastCGI Server

An external FastCGI server enables you to run FastCGI scripts external to the web server or even on a remote machine. Therefore, you must set up an external FastCGI server.

The following list provides information on some available FastCGI server solutions:

• fcgistarter, a utility for starting FastCGI programs. This solution is provided by Apache httpd 2.4. It only works on UNIX systems. See http://httpd.apache.org/docs/trunk/programs/fcgistarter.html.

• PHP-FPM, an alternative PHP FastCGI implementation. This solution is included with PHP release 5.3.3 and later. See http://php.net/manual/en/install.fpm.configuration.php.

• spawn-fcgi, a utility for spawning remote and local FastCGI processes. See http://redmine.lighttpd.net/projects/spawn-fcgi/wiki/WikiStart.

Task 5: Setup mod_authnz_fcgi to Work with FastCGI Authorizer Applications

You can set up mod_authnz_fcgi module to work with FastCGI authorizer applications to authenticate users and authorize access to resources. It supports generic FastCGI authorizers that participate in a single phase for authentication and authorization, and Apache httpd specific authenticators and authorizers. FastCGI authorizers can authenticate using the user ID and password for basic authentication or authenticate using arbitrary mechanisms.

For more information about using mod_authnz_fcgi, see http://httpd.apache.org/docs/trunk/mod/mod_authnz_fcgi.html.