me
/
guix
Archived
1
0
Fork 0

gnu: Add fcgiwrap service.

* doc/guix.texi (Web Services): Add documentation.
* gnu/services/web.scm (<fcgiwrap-configuration>): New record type.
(fcgiwrap-accounts, fcgiwrap-shepherd-service): New service extensions.
(fcgiwrap-service-type): New service type.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
master
Andy Wingo 2017-04-27 10:08:36 +02:00 committed by Ludovic Courtès
parent 1cae188e61
commit a5130d10fa
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 109 additions and 2 deletions

View File

@ -13731,7 +13731,8 @@ Local accounts with lower values will silently fail to authenticate.
@cindex web
@cindex www
@cindex HTTP
The @code{(gnu services web)} module provides the following service:
The @code{(gnu services web)} module provides the nginx web server and
also a fastcgi wrapper daemon.
@deffn {Scheme Procedure} nginx-service [#:nginx nginx] @
[#:log-directory ``/var/log/nginx''] @
@ -13883,6 +13884,56 @@ body of a named location block cannot contain location blocks.
@end table
@end deftp
@cindex fastcgi
@cindex fcgiwrap
FastCGI is an interface between the front-end and the back-end of a web
service. It is a somewhat legacy facility; new web services should
generally just talk HTTP between the front-end and the back-end.
However there are a number of back-end services such as PHP or the
optimized HTTP Git repository access that use FastCGI, so we have
support for it in Guix.
To use FastCGI, you configure the front-end web server (e.g., nginx) to
dispatch some subset of its requests to the fastcgi backend, which
listens on a local TCP or UNIX socket. There is an intermediary
@code{fcgiwrap} program that sits between the actual backend process and
the web server. The front-end indicates which backend program to run,
passing that information to the @code{fcgiwrap} process.
@defvr {Scheme Variable} fcgiwrap-service-type
A service type for the @code{fcgiwrap} FastCGI proxy.
@end defvr
@deftp {Data Type} fcgiwrap-configuration
Data type representing the configuration of the @code{fcgiwrap} serice.
This type has the following parameters:
@table @asis
@item @code{package} (default: @code{fcgiwrap})
The fcgiwrap package to use.
@item @code{socket} (default: @code{tcp:127.0.0.1:9000})
The socket on which the @code{fcgiwrap} process should listen, as a
string. Valid @var{socket} values include
@code{unix:@var{/path/to/unix/socket}},
@code{tcp:@var{dot.ted.qu.ad}:@var{port}} and
@code{tcp6:[@var{ipv6_addr}]:port}.
@item @code{user} (default: @code{fcgiwrap})
@itemx @code{group} (default: @code{fcgiwrap})
The user and group names, as strings, under which to run the
@code{fcgiwrap} process. The @code{fastcgi} service will ensure that if
the user asks for the specific user or group names @code{fcgiwrap} that
the corresponding user and/or group is present on the system.
It is possible to configure a FastCGI-backed web service to pass HTTP
authentication information from the front-end to the back-end, and to
allow @code{fcgiwrap} to run the back-end process as a corresponding
local user. To enable this capability on the back-end., run
@code{fcgiwrap} as the @code{root} user and group. Note that this
capability also has to be configured on the front-end as well.
@end table
@end deftp
@node DNS Services
@subsubsection DNS Services

View File

@ -41,7 +41,11 @@
nginx-named-location-configuration
nginx-named-location-configuration?
nginx-service
nginx-service-type))
nginx-service-type
fcgiwrap-configuration
fcgiwrap-configuration?
fcgiwrap-service-type))
;;; Commentary:
;;;
@ -305,3 +309,55 @@ files in LOG-DIRECTORY, and stores temporary runtime files in RUN-DIRECTORY."
(server-blocks server-list)
(upstream-blocks upstream-list)
(file config-file))))
(define-record-type* <fcgiwrap-configuration> fcgiwrap-configuration
make-fcgiwrap-configuration
fcgiwrap-configuration?
(package fcgiwrap-configuration-package ;<package>
(default fcgiwrap))
(socket fcgiwrap-configuration-socket
(default "tcp:127.0.0.1:9000"))
(user fcgiwrap-configuration-user
(default "fcgiwrap"))
(group fcgiwrap-configuration-group
(default "fcgiwrap")))
(define fcgiwrap-accounts
(match-lambda
(($ <fcgiwrap-configuration> package socket user group)
(filter identity
(list
(and (equal? group "fcgiwrap")
(user-group
(name "fcgiwrap")
(system? #t)))
(and (equal? user "fcgiwrap")
(user-account
(name "fcgiwrap")
(group group)
(system? #t)
(comment "Fcgiwrap Daemon")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))))))
(define fcgiwrap-shepherd-service
(match-lambda
(($ <fcgiwrap-configuration> package socket user group)
(list (shepherd-service
(provision '(fcgiwrap))
(documentation "Run the fcgiwrap daemon.")
(requirement '(networking))
(start #~(make-forkexec-constructor
'(#$(file-append package "/sbin/fcgiwrap")
"-s" #$socket)
#:user #$user #:group #$group))
(stop #~(make-kill-destructor)))))))
(define fcgiwrap-service-type
(service-type (name 'fcgiwrap)
(extensions
(list (service-extension shepherd-root-service-type
fcgiwrap-shepherd-service)
(service-extension account-service-type
fcgiwrap-accounts)))
(default-value (fcgiwrap-configuration))))