File: //usr/local/lsws/docs/zh-CN/External_FCGI_Auth.html
<!DOCTYPE html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Open LiteSpeed Web Server Users' Manual - Fast CGI Authorizer</title>
<meta name="description" content="Open LiteSpeed Web Server Users' Manual - Fast CGI Authorizer." />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="robots" content="noindex">
<link rel="shortcut icon" href="../img/favicon.ico" />
<link rel="stylesheet" type="text/css" href="../css/hdoc.css">
</head>
<body>
<div class="pagewrapper clearfix"><aside class="sidetree ls-col-1-5">
<figure>
<img src="img/ols_logo.svg" alt="openlitespeed logo" width="150px"/>
</figure>
<h3 class="ls-text-thin">OpenLiteSpeed Web Server <a href="index.html"> Users' Manual</a></h3>
<h5 class="ls-text-muted">Version 1.6 — Rev. 2</h5>
<hr/>
<div>
<ul>
<li><a href="license.html">License</a></li>
<li><a href="intro.html">Introduction</a></li>
<li><a href="install.html">Installation</a></li>
<li>
<a href="admin.html">Administration</a>
<ul class="level2">
<li><a href="ServerStat_Help.html">Service Manager</a></li>
</ul>
</li>
<li><a href="security.html">Security</a></li>
<li>
<a href="config.html">Configuration</a>
<ul class="level2">
<li><a href="ServGeneral_Help.html">Server General</a></li>
<li><a href="ServLog_Help.html">Server Log</a></li>
<li><a href="ServTuning_Help.html">Server Tuning</a></li>
<li><a href="ServSecurity_Help.html">Server Security</a></li>
<li><a href="ExtApp_Help.html">External Apps</a></li>
<ul class="level3">
<li><a href="External_FCGI.html">Fast CGI App</a></li>
<li><span class="current"><a href="External_FCGI_Auth.html">Fast CGI Authorizer</a></span></li>
<li><a href="External_LSAPI.html">LSAPI App</a></li>
<li><a href="External_Servlet.html">Servlet Engine</a></li>
<li><a href="External_WS.html">Web Server</a></li>
<li><a href="External_PL.html">Piped logger</a></li>
<li><a href="External_LB.html">Load Balancer</a></li>
</ul>
<li><a href="ScriptHandler_Help.html">Script Handler</a></li>
<li><a href="App_Server_Help.html">App Server Settings</a></li>
<li><a href="Module_Help.html">Module Configuration</a></li>
<li><a href="Listeners_General_Help.html">Listener General</a></li>
<li><a href="Listeners_SSL_Help.html">Listener SSL</a></li>
<li><a href="Templates_Help.html">Virtual Host Templates</a></li>
<li><a href="VirtualHosts_Help.html">Virtual Host Basic</a></li>
<li><a href="VHGeneral_Help.html">Virtual Host General</a></li>
<li><a href="VHSecurity_Help.html">Virtual Host Security</a></li>
<li><a href="VHSSL_Help.html">Virtual Host SSL</a></li>
<li><a href="Rewrite_Help.html">Rewrite</a></li>
<li><a href="Context_Help.html">Context</a></li>
<ul class="level3">
<li><a href="Static_Context.html">Static Context</a></li>
<li><a href="Java_Web_App_Context.html">Java Web App Context</a></li>
<li><a href="Servlet_Context.html">Servlet Context</a></li>
<li><a href="FCGI_Context.html">Fast CGI Context</a></li>
<li><a href="LSAPI_Context.html">LSAPI Context</a></li>
<li><a href="Proxy_Context.html">Proxy Context</a></li>
<li><a href="CGI_Context.html">CGI Context</a></li>
<li><a href="LB_Context.html">Load Balancer Context</a></li>
<li><a href="Redirect_Context.html">Redirect Context</a></li>
<li><a href="App_Server_Context.html">App Server Context</a></li>
<li><a href="Module_Context.html">Module Handler Context</a></li>
</ul>
<li><a href="VHWebSocket_Help.html">Web Socket Proxy</a></li>
</ul>
</li>
<li><a href="webconsole.html">Web Console</a>
<ul class="level2">
<li><a href="AdminGeneral_Help.html">Admin Console General</a></li>
<li><a href="AdminSecurity_Help.html">Admin Console Security</a></li>
<li><a href="AdminListeners_General_Help.html">Admin Listener General</a></li>
<li><a href="AdminListeners_SSL_Help.html">Admin Listener SSL</a></li>
</ul>
</li>
</ul>
</div>
</aside>
<article class="contentwrapper ls-col-3-5 clearfix"><div class="nav-bar ls-spacer-micro-top"><div class="prev">« <a href="External_FCGI.html">Fast CGI App</a></div><div class="center"><a href="ExtApp_Help.html">External Apps</a></div><div class="next"><a href="External_LSAPI.html">LiteSpeed SAPI App</a> »</div></div>
<h1>Fast CGI Authorizer</h1><h2 id="top">Table of Contents</h2><section class="toc"><section class="toc-row"><header>Fast CGI Authorizer</header><p>
<a href="#extAppName">Name</a> | <a href="#extAppAddress">Address</a> | <a href="#maxConns">Max Connections</a> | <a href="#env">Environment</a> | <a href="#initTimeout">Initial Request Timeout (secs)</a> | <a href="#retryTimeout">Retry Timeout (secs)</a> | <a href="#persistConn">Persistent Connection</a> | <a href="#pcKeepAliveTimeout">Connection Keepalive Timeout</a> | <a href="#respBuffer">Response Buffering</a> | <a href="#autoStart">Start By Server</a> | <a href="#extAppPath">Command</a> | <a href="#backlog">Back Log</a> | <a href="#instances">Instances</a> | <a href="#extUser">Run As User</a> | <a href="#extGroup">Run As Group</a> | <a href="#extUmask">umask</a> | <a href="#runOnStartUp">Run On Start Up</a> | <a href="#extMaxIdleTime">Max Idle Time</a> | <a href="#extAppPriority">Priority</a> | <a href="#memSoftLimit">内存软限制</a> | <a href="#memHardLimit">内存硬限制</a> | <a href="#procSoftLimit">进程软限制</a> | <a href="#procHardLimit">进程硬限制</a></p></section>
</section>
<section><div class="helpitem"><article class="ls-helpitem"><div><header id="extAppName"><h3>Name<span class="ls-permlink"><a href="#extAppName"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>A unique name for this external application. You will refer to it by this name when you use it in other parts of the configuration.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extAppAddress"><h3>Address<span class="ls-permlink"><a href="#extAppAddress"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>A unique socket address used by the external application. IPv4/IPv6 sockets and Unix Domain Sockets (UDS) are supported. IPv4/IPv6 sockets can be used for communication over the network. UDS can only be used when the external application resides on the same machine as the server.</p> <h4>Syntax</h4><p>IPv4 or IPV6 address:port or UDS://path</p> <h4>Example</h4><div class="ls-example">127.0.0.1:5434<br/> UDS://tmp/lshttpd/php.sock.</div><h4>Tips</h4><p><span title="Security" class="ls-icon-security"></span> If the external application runs on the same machine, UDS is preferred. If you have to use an IPv4|IPV6 socket, set the IP address to <span class="val">localhost</span> or <span class="val">127.0.0.1</span>, so the external application is inaccessible from other machines.<br/> <span title="Performance" class="ls-icon-performance"></span> Unix Domain Sockets generally provide higher performance than IPv4 sockets.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="maxConns"><h3>Max Connections<span class="ls-permlink"><a href="#maxConns"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the maximum number of concurrent connections that can be established between the server and an external application. This setting controls how many requests can be processed concurrently by an external application, however, the real limit also depends on the external application itself. Setting this value higher will not help if the external application is not fast enough or cannot scale to a large number of concurrent requests.</p> <h4>Syntax</h4><p>无符号整数</p> <h4>Tips</h4><p><span title="Performance" class="ls-icon-performance"></span> Setting a high value does not directly translate to higher performance. Setting the limit to a value that will not overload the external application will provide the best performance/throughput.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="env"><h3>Environment<span class="ls-permlink"><a href="#env"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies extra environment variables for the external application.</p> <h4>Syntax</h4><p>Key=value. Multiple variables can be separated by "ENTER"</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="initTimeout"><h3>Initial Request Timeout (secs)<span class="ls-permlink"><a href="#initTimeout"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the maximum time in seconds the server will wait for the external application to respond to the first request over a new established connection. If the server does not receive any data from the external application within this timeout limit, it will mark this connection as bad. This helps to identify communication problems with external applications as quickly as possible. If some requests take longer to process, increase this limit to avoid 503 error messages.</p> <h4>Syntax</h4><p>无符号整数</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="retryTimeout"><h3>Retry Timeout (secs)<span class="ls-permlink"><a href="#retryTimeout"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the period of time that the server waits before retrying an external application that had a prior communication problem.</p> <h4>Syntax</h4><p>无符号整数</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="persistConn"><h3>Persistent Connection<span class="ls-permlink"><a href="#persistConn"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies whether to keep the connection open after a request has been processed. Persistent connections can increase performance, but some FastCGI external applications do not support persistent connections fully. The default is "On".</p> <h4>Syntax</h4><p>Select from radio box</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="pcKeepAliveTimeout"><h3>Connection Keepalive Timeout<span class="ls-permlink"><a href="#pcKeepAliveTimeout"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the maximum time in seconds to keep an idle persistent connection open.<br/><br/> When set to "-1", the connection will never timeout. When set to 0 or greater, the connection will be closed after this time in seconds has passed.</p> <h4>Syntax</h4><p>int</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="respBuffer"><h3>Response Buffering<span class="ls-permlink"><a href="#respBuffer"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies whether to buffer responses received from external applications. If a "nph-" (Non-Parsed-Header) script is detected, buffering is turned off for responses with full HTTP headers.</p> <h4>Syntax</h4><p>Select from drop down list</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="autoStart"><h3>Start By Server<span class="ls-permlink"><a href="#autoStart"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies whether you want the web server to start the application automatically. Only FastCGI and LSAPI applications running on the same machine can be started automatically. The IP in the <span class="tagl"><a href="#extAppAddress">Address</a></span> must be a local IP. Starting through the LiteSpeed CGI Daemon instead of a main server process will help reduce system overhead.<br/><br/> Default value: Yes (Through CGI Daemon)</p> <h4>Syntax</h4><p>Select from drop down list</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extAppPath"><h3>Command<span class="ls-permlink"><a href="#extAppPath"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the full command line including parameters to execute the external application. Required value if <span class="tagl"><a href="#autoStart">Start By Server</a></span> is enabled. A parameter should be quoted with a double or single quote if the parameter contains space or tab characters.</p> <h4>Syntax</h4><p>Full path to the executable with optional parameters.</p> <h4>See Also</h4><p class="ls-text-small"><span class="tagl"><a href="#autoStart">Start By Server</a></span></p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="backlog"><h3>Back Log<span class="ls-permlink"><a href="#backlog"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the backlog of the listening socket. Required if <span class="tagl"><a href="#autoStart">Start By Server</a></span> is enabled.</p> <h4>Syntax</h4><p>无符号整数</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="instances"><h3>Instances<span class="ls-permlink"><a href="#instances"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the maximum instances of the external application the server will create. It is required if <span class="tagl"><a href="#autoStart">Start By Server</a></span> is enabled. Most FastCGI/LSAPI applications can only process one request per process instance and for those types of applications, instances should be set to match the value of <span class="tagl"><a href="#maxConns">Max Connections</a></span>. Some FastCGI/LSAPI applications can spawn multiple child processes to handle multiple requests concurrently. For these types of applications, instances should be set to "1" and environment variables used to control how many child processes the application can spawn.</p> <h4>Syntax</h4><p>无符号整数</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extUser"><h3>Run As User<span class="ls-permlink"><a href="#extUser"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>The external application will run as this specified user name. If not set, Virtual Host level settings will be inherited.<br/><br/> Default value: Not Set</p> <h4>Syntax</h4><p>Valid username.</p> <h4>See Also</h4><p class="ls-text-small">extGroup</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extGroup"><h3>Run As Group<span class="ls-permlink"><a href="#extGroup"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>The external application will run as this specified group name. If not set, Virtual Host level settings will be inherited.<br/><br/> Default value: Not Set</p> <h4>Syntax</h4><p>Valid group name.</p> <h4>See Also</h4><p class="ls-text-small">extUser</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extUmask"><h3>umask<span class="ls-permlink"><a href="#extUmask"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Sets default umask for this external application's processes. See <span class="cmd"> man 2 umask </span> for details. The default value taken from the server-level <span class="tagl"><a href="ServSecurity_Help.html#umask">umask</a></span> setting.</p> <h4>Syntax</h4><p>value valid range [000]-[777].</p> <h4>See Also</h4><p class="ls-text-small">CGI <span class="tagl"><a href="ServSecurity_Help.html#umask">umask</a></span></p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="runOnStartUp"><h3>Run On Start Up<span class="ls-permlink"><a href="#runOnStartUp"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies whether to start the external application at server start up. Only applicable to external applications that can manage their own child processes and where <span class="tagl"><a href="#instances">Instances</a></span> value is set to "1".<br/><br/> If enabled, external processes will be created at server startup instead of run-time.<br/><br/> When selecting "Yes (Detached mode)", all detached process can be restarted at the Server level or Virtual Host level by touching the '.lsphp_restart.txt' file under the $SERVER_ROOT/admin/tmp/ or $VH_ROOT/ directory respectively.<br/><br/> Default value: Yes (Detached mode)</p> <h4>Syntax</h4><p>Select from radio box</p> <h4>Tips</h4><p><span title="Performance" class="ls-icon-performance"></span> If the configured external process has significant startup overhead, like a Rails app, then this option should be enabled to decrease first page response time.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extMaxIdleTime"><h3>Max Idle Time<span class="ls-permlink"><a href="#extMaxIdleTime"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies the maximum idle time before an external application is stopped by the server, freeing idle resources. When set to "-1", the external application will not be stopped by the server unless running in ProcessGroup mode where idle external applications will be stopped after 30 seconds. The default value is "-1".</p> <h4>Syntax</h4><p>Select from radio box</p> <h4>Tips</h4><p><span title="Performance" class="ls-icon-performance"></span> This feature is especially useful in the mass hosting environment where, in order to prevent files owned by one virtual host from being accessed by the external application scripts of another virtual host, many different applications are run at the same time in SetUID mode. Set this value low to prevent these external applications from idling unnecessarily.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="extAppPriority"><h3>Priority<span class="ls-permlink"><a href="#extAppPriority"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>Specifies priority of the external application process. Value ranges from <span class="val">-20</span> to <span class="val">20</span>. A lower number means a higher priority. An external application process cannot have a higher priority than the web server. If this priority is set to a lower number than the server's, the server's priority will be used for this value.</p> <h4>Syntax</h4><p>int</p> <h4>See Also</h4><p class="ls-text-small">Server <span class="tagl"><a href="ServGeneral_Help.html#serverPriority">优先级</a></span></p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="memSoftLimit"><h3>内存软限制<span class="ls-permlink"><a href="#memSoftLimit"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>以字节为单位指定服务器启动的外部应用进程或程序的内存占用限制。<br/><br/> 此限制的目的主要是为了防范软件缺陷或蓄意攻击造成的过度内存使用, 而不是限制正常使用。确保留有足够的内存,否则您的应用程序可能故障并 返回503错误。限制可以在服务器级别或独立的外部应用程序级别设置。如 果未在独立的外部应用程序级别设定限制,将使用服务器级别的限制。<br/><br/> 如果在两个级别都没有设置该限制,或者限制值设为<span class="val">0</span>,将使用操 作系统的默认设置。</p> <h4>Syntax</h4><p>无符号整数</p> <h4>Tips</h4><p>[注意] 不要过度调整这个限制。如果您的应用程序需要更多的内存, 这可能会导致503错误。</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="memHardLimit"><h3>内存硬限制<span class="ls-permlink"><a href="#memHardLimit"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>与<span class="tagl"><a href="#memSoftLimit">内存软限制</a></span>非常相同,但是在一个用户进程中,软限制 可以被放宽到硬限制的数值。硬限制可以在服务器级别或独立的外部应用程序级别设 置。如果未在独立的外部应用程序级别设定限制,将使用服务器级别的限制。<br/><br/> 如果在两个级别都没有设置该限制,或者限制值设为<span class="val">0</span>,将使用操 作系统的默认设置。</p> <h4>Syntax</h4><p>无符号整数</p> <h4>Tips</h4><p><span title="Attention" class="ls-icon-attention"></span> Do not over adjust this limit. This may result in 503 errors if your application need more memory.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="procSoftLimit"><h3>进程软限制<span class="ls-permlink"><a href="#procSoftLimit"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>限制一个用户可以创建的进程总数。所有存在的进程都将被统计在内, 而不是只包括新启动的进程。如果限制被设置为<span class="val">10</span>,并且一个用户下 有超过10个进程在运行,那么网站服务器将不会再为该用户(通过 suEXEC) 启动新进程。<br/><br/> 此限制的主要目的是为了防范“fork炸弹”攻击或过量使用,而不是限制正常使用 (如果该限制被设置的过低,它将被服务器忽略)。确保留有足够空余。 本项目可以在服务器级别或独立的外部应用程序级别设置。如果未在独立的外部应用程 序级别设定限制,将使用服务器级别的限制。如果在两个级别都没有设置该限制, 或者限制值设为<span class="val">0</span>,将使用操作系统的默认设置。</p> <h4>Syntax</h4><p>无符号整数</p> <h4>Tips</h4><p><span title="Information" class="ls-icon-info"></span> PHP scripts can call for forking processes. The main purpose of this limit is as a last line of defense to prevent fork bombs and other attacks caused by PHP processes creating other processes.<br/><br/> Setting this setting too low can severely hurt functionality. The setting will thus be ignored below certain levels.<br/><br/> When <b>Run On Start Up</b> is set to "Yes (Daemon mode)", the actual process limit will be higher than this setting to make sure parent processes are not limited.</p> </article> </div>
<div class="helpitem"><article class="ls-helpitem"><div><header id="procHardLimit"><h3>进程硬限制<span class="ls-permlink"><a href="#procHardLimit"></a></span><span class="top"><a href="#top">⇑</a></span></h3></header></div><h4>Description</h4><p>与<span class="tagl"><a href="#procSoftLimit">进程软限制</a></span>非常相同,但是,在用户进程中软限制 可以被放宽到硬限制的数值。硬限制可以在服务器级别或独立的外部应用程序级别设 置。如果未在独立的外部应用程序级别设定限制,将使用服务器级别的限制。 如果在两个级别都没有设置该限制,或者限制值设为<span class="val">0</span>,将使用操 作系统的默认设置。</p> <h4>Syntax</h4><p>无符号整数</p> </article> </div>
</section>
</article><div class="ls-col-1-1"><footer class="copyright">Copyright © 2013-2018. <a href="https://www.litespeedtech.com">LiteSpeed Technologies Inc.</a> All rights reserved.</footer>
</div></div>
</body>
</html>