Hi all, Any other comments about the patch? I believe it is simple enough and could ease the migration from mod_php to PHP-FPM (and make use of the new event mode) with minimal changes to the default configurations. Could you consider adding it? Pretty please :)
To give more background, at Bitnami we have 800.000+ monthly *new* installs just for Apache + PHP environments, a growing number of them in the cloud. We have daily requests for switching to nginx as the default, but we believe Apache 2.4 event MPM + PHP-FPM to be equivalent in terms of performance and you get all the other goodness of Apache. This is a small change that would make the transition to the event MPM on our side significantly easier (long story) Best regards, Juanjo. 2014-02-18 15:46 GMT+01:00 ryo takatsuki <[email protected]>: >>AddHandler might be tricky from security point of view, eg. most of cms >>software >>usually checks only for last extension before writing uploaded files, >>but this AddHandler will also >>pass test.php.jpeg to php which might execute this > > Yes, It would be probably safer to use something like: > > <FilesMatch \.php$> > SetHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/" > </FilesMatch> > > 2014-02-17 0:11 GMT+01:00 Lazy <[email protected]>: >> 2014-02-06 ryo takatsuki <[email protected]>: >>> Hi, >>> >>> I have an improvement request to suggest but I would like to first provide >>> some background to justify it, I apologise for the long email :). >>> >>> I'm actively using mod_proxy to forward PHP files requests to PHP-FPM. My >>> current approach is to use a RewriteRule with the 'P' flag because (in most >>> of the cases) it plays nicely with other rules configured by the >>> applications I'm configuring, as well as allowing per-Directory >>> configurations. >>> >>> To make it properly work I must assure the proxy RewriteRule must be the >>> latest one to be evaluated. The problem is that from time to time I >>> encounter corner cases in which the rules previously executed include a [L] >>> option that abort the next rules evaluation, skipping the proxy one, making >>> Apache serve the PHP text as plain text. This can be solved by tweaking the >>> rules but it is a tedious process and is hard to determine all the scenarios >>> in which the rewrites could go wrong. >> >> IMHO this is a good idea, a handler is more compatible with .htacess >> files created for >> mod_php and it fits shared hosting env >> >>> >>> Thinking about my goal with all of this was at the beginning, I realised I >>> only wanted a way of configuring a handler for all my PHP files, that in >>> this case is PHP-FPM, without having to worry about what happens before the >>> resource is going to be served. This made my think about the possibility of >>> adding this functionality to mod_proxy itself, allowing defining a proxy >>> worker as a handler for certain types of files. Something like: >>> >>> AddHandler "proxy:unix:/path/to/app.sock|fcgi://localhost/" .php >> >> AddHandler might be tricky from security point of view, eg. most of cms >> software >> usually checks only for last extension before writing uploaded files, >> but this AddHandler will also >> pass test.php.jpeg to php which might execute this >> >>> I made a quick POC, it is a really small change and for those in my >>> situation it could really simplify the configuration of their apps. Of >>> course, I'm open to criticisms and alternative solutions :). >>> >>> >>> The code that adds the new functionality is inserted at the beginning of >>> mod_proxy's proxy_handler. The conditions are a little weird because I only >>> wanted to check the handler if it is not a proxy request already. >>> >>> diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c >>> index 9d7c92f..49f3bdc 100644 >>> --- a/modules/proxy/mod_proxy.c >>> +++ b/modules/proxy/mod_proxy.c >>> @@ -927,8 +927,20 @@ static int proxy_handler(request_rec *r) >>> struct dirconn_entry *list = (struct dirconn_entry >>> *)conf->dirconn->elts; >>> >>> /* is this for us? */ >>> - if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) >>> != 0) >>> + if (!r->filename) >>> + return DECLINED; >>> + >>> + if (!r->proxyreq) { >>> + if (r->handler && strncmp(r->handler, "proxy:", 6) == 0 && >>> strncmp(r->filename, "proxy:", 6) != 0) { >>> + r->proxyreq = PROXYREQ_REVERSE; >>> + r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL); >>> + apr_table_setn(r->notes, "rewrite-proxy", "1"); >>> + } else { >>> return DECLINED; >>> + } >>> + } else if (strncmp(r->filename, "proxy:", 6) != 0) { >>> + return DECLINED; >>> + } >>> >>> /* handle max-forwards / OPTIONS / TRACE */ >>> if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) { > > > > -- > I've seen things you people wouldn't believe. > Attack ships on fire off the shoulder of Orion. > I watched C-beams glitter in the dark near Tannhauser Gate. > All those moments will be lost in time like tears in rain. > Time to die. -- I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near Tannhauser Gate. All those moments will be lost in time like tears in rain. Time to die.
