FCGI.pm ?

Roger Hoover roger.hoover at gmail.com
Wed Mar 4 20:24:19 MSK 2009


Precisely.  With regard to PAM, I think the answer is no.
Authentication/Authorization for the XMLRPC API are done using configured
username/password.  The risk is somewhat limited by the fact that it can use
a unix domain socket so that at least exposure is limited to the machine.

On Wed, Mar 4, 2009 at 1:42 AM, Grzegorz Nosek <grzegorz.nosek at gmail.com>wrote:

> On śro, mar 04, 2009 at 12:55:01 -0800, mike wrote:
> > Why not just make a php-fpm style thing like we talked about?
> >
> > Define pools of fastcgi resources, with various configuration options,
> > timeout thresholds, error logging/capturing perhaps, ability to run as
> > different uid/gid per pool, adaptive process spawning (hard limits
> > etc.) ...
>
> [disclaimer: I haven't worked with supervisord yet, so I'm possibly
> wrong about its capabilities]
>
> Well, this is the foundation, which AIUI supervisord provides. However,
> it has no possibility to know how busy the managed processes are and
> when to spawn/kill (again, php-fpm has it too easy, it's not implementable
> this way in a generic process manager). Thus it needs some notification
> from Nginx when it's overloaded (and when backends are idle -- but this
> is a harder task).
>
> So, to recap: supervisord alone allows you to run a statically-sized
> pool of processes (with some nifty features like you mentioned above).
>
> If you need dynamic pool sizing, you need some external help, either from
> Nginx, or possibly the kernel. What we're discussing here is not an
> alternative to a dynamic process pool, it's one of the few sensible ways
> to implement it in a language-agnostic way.
>
> (BTW, I wonder whether supervisord can interface with PAM)
>
> Best regards,
>  Grzegorz Nosek
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090304/88e415c7/attachment.html>


More information about the nginx mailing list