OpenLiteSpeed Web Server Users' Manual

Version 1.4 Rev. 2

Fast CGI Authorizer

Table of Contents

Fast CGI Authorizer

Name | Address | Max Connections | Environment | Initial Request Timeout (secs) | Retry Timeout (secs) | Persistent Connection | Keep Alive Timeout (secs) | Response Buffering | Auto Start | Command | Back Log | Instances | suEXEC User | suEXEC Group | umask | Run On Start Up | Max Idle Time | Priority | Memory Soft Limit (bytes) | Memory Hard Limit | Process Soft Limit | Process Hard Limit | 

NameGo to top

Description

A unique name for this external application. You will refer to it by this name when you use it in other parts of the configuration.

AddressGo to top

Description

A unique socket address used by the external application. IPv4/IPv6 sockets and Unix Domain Sockets (UDS) are supported. IPv4/IPv6 sockets can be used for communication over the network. UDS can only be used when the external application resides on the same machine as the server.

Syntax

IPv4 or IPV6 address:port or UDS://path

Example

127.0.0.1:5434
UDS://tmp/lshttpd/php.sock.

Tips

[Security] If the external application runs on the same machine, UDS is preferred. If you have to use an IPv4|IPV6 socket, set the IP address to localhost or 127.0.0.1, so the external application is inaccessible from other machines.
[Performance] Unix Domain Sockets generally provide higher performance than IPv4 sockets.

Max ConnectionsGo to top

Description

Specifies the maximum number of concurrent connections that can be established between the server and an external application. This setting controls how many requests can be processed concurrently by an external application, however, the real limit also depends on the external application itself. Setting this value higher will not help if the external application is not fast enough or cannot scale to a large number of concurrent requests.

Syntax

Integer number

Tips

[Performance] Setting a high value does not directly translate to higher performance. Setting the limit to a value that will not overload the external application will provide the best performance/throughput.

EnvironmentGo to top

Description

Specifies extra environment variables for the external application.

Syntax

Key=value. Multiple variables can be separated by "ENTER"

Initial Request Timeout (secs)Go to top

Description

Specifies the maximum time in seconds the server will wait for the external application to respond to the first request over a new established connection. If the server does not receive any data from the external application within this timeout limit, it will mark this connection as bad. This helps to identify communication problems with external applications as quickly as possible. If some requests take longer to process, increase this limit to avoid 503 error messages.

Syntax

Integer number

Retry Timeout (secs)Go to top

Description

Specifies the period of time that the server waits before retrying an external application that had a prior communication problem.

Syntax

Integer number

Persistent ConnectionGo to top

Description

Specifies whether to keep the connection open after a request has been processed. Persistent connections can increase performance, but some FastCGI external applications do not support persistent connections fully. The default is "On".

Syntax

Select from radio box

Keep Alive Timeout (secs)Go to top

Description

Specifies the maximum time to keep an idle persistent connection open. When set to "-1", the connection will never timeout. When set to greater than or equal to 0, the connection will be closed after this time in seconds has passed.

Syntax

int

Response BufferingGo to top

Description

Specifies whether to buffer responses received from external applications. If a "nph-" (Non-Parsed-Header) script is detected, buffering is turned off for responses with full HTTP headers.

Syntax

Select from drop down list

Auto StartGo to top

Description

Specifies whether you want the web server to start the application automatically. Only FastCGI and LSAPI applications running on the same machine can be started automatically. The IP in the Address must be a local IP. Starting through the LiteSpeed CGI Daemon instead of a main server process will help reduce system overhead.

Syntax

Select from drop down list

CommandGo to top

Description

Specifies the full command line including parameters to execute the external application. Required value if Auto Start is enabled. A parameter should be quoted with a double or single quote if the parameter contains space or tab characters.

Syntax

Full path to the executable with optional parameters.

See Also

Auto Start

Back LogGo to top

Description

Specifies the backlog of the listening socket. Required if Auto Start is enabled.

Syntax

Integer number

InstancesGo to top

Description

Specifies the maximum instances of the external application the server will create. It is required if Auto Start is enabled. Most FastCGI/LSAPI applications can only process one request per process instance and for those types of applications, instances should be set to match the value of Max Connections. Some FastCGI/LSAPI applications can spawn multiple child processes to handle multiple requests concurrently. For these types of applications, instances should be set to "1" and environment variables used to control how many child processes the application can spawn.

Syntax

Integer number

suEXEC UserGo to top

Description

Specifies username that the external application will run as. If not set, the external application will run as the user of the web server.

Syntax

Valid username.

See Also

extGroup

suEXEC GroupGo to top

Description

Specifies group name that the external application will run as.

Syntax

Valid group name.

See Also

extUser

umaskGo to top

Description

Sets default umask for this external application's processes. See man 2 umask for details. The default value taken from the server-level umask setting.

Syntax

value valid range [000]-[777].

See Also

CGI umask

Run On Start UpGo to top

Description

Specifies whether to start the external application at server start up. Only applicable to external applications that can manage their own child processes and where Instances value is set to "1". If enabled, external processes will be created at server startup instead of run-time.

Syntax

Select from radio box

Tips

[Performance] If the configured external process has significant startup overhead, like a Rails app, then this option should be enabled to decrease first page response time.

Max Idle TimeGo to top

Description

Specifies the maximum idle time before an external application is stopped by the server. When set to "-1", the external application will not be stopped by the server. The default value is "-1". This feature allows resources used by idle applications to be freed. It is especially useful in the mass hosting environment when you need to define many applications running in "setuid" mode for the sake of maximum security.

Syntax

Select from radio box

Tips

[Performance] This feature is especially useful in the mass hosting environment. In order to prevent files owned by one virtual host from being accessed by the external application scripts of another virtual host, mass hosting often requires many different applications running at the same time in SetUID mode. Set this Max Idle Time low to prevent these external applications from idling unnecessarily.

PriorityGo to top

Description

Specifies priority of the external application process. Value ranges from -20 to 20. A lower number means a higher priority. An external application process cannot have a higher priority than the web server. If this priority is set to a lower number than the server's, the server's priority will be used for this value.

Syntax

int

See Also

Server Priority

Memory Soft Limit (bytes)Go to top

Description

Specifies the memory consumption limit in bytes for an external application process or an external application started by the server.

The main purpose of this limit is to prevent excessive memory usage because of software bugs or intentional attacks, not to impose a limit on normal usage. Make sure to leave enough head room, otherwise your application may fail and 503 error may be returned. It can be set at the server- level or at an individual external application level. The server-level limit will be used if it is not set at the individual application level.

The operating system's default setting will be used if the value is absent at both levels or set to 0.

Syntax

Integer number

Tips

[Attention] Do not over adjust this limit. This may result in 503 errors if your application needs more memory.

Memory Hard LimitGo to top

Description

Much the same as Memory Soft Limit (bytes), except the soft limit can be raised up to the hard limit from within a user process. The hard limit can be set at server level or at an individual external application level. The server-level limit will be used if it is not set at an individual application level.

The operating system's default will be used if the value is absent at both levels or set to 0.

Syntax

Integer number

Example

[Attention] Do not over adjust this limit. This may result in 503 errors if your application need more memory.

Process Soft LimitGo to top

Description

Limits the total number of processes that can be created on behalf of a user. All existing processes will be counted against this limit, not just new processes to be started.
The limit can be set at the server level or at an individual external application level. The server-level limit will be used if it is not set at an individual application level. The operating system's default setting will be used if this value is 0 or absent at both levels.

Syntax

Integer number

Tips

PHP scripts can call for forking processes. The main purpose of this limit is as a last line of defense to prevent fork bombs and other attacks caused by PHP processes creating other processes.
Setting this setting too low can severely hurt functionality. The setting will thus be ignored below certain levels.
When using suEXEC Daemon mode, the actual process limit will be higher than this setting to make sure parent processes are not limited.

Process Hard LimitGo to top

Description

Much the same as Process Soft Limit, except the soft limit can be raised up to the hard limit from within a user process. The hard limit can be set at the server level or at an individual external application level. The server-level limit will be used if it is not set at an individual application level. The operating system's default value will be used if the value is absent at both levels or set to 0.

Syntax

Integer number