Steve Kemp's Blog Writings relating to Debian & Free Software

Changing my stack ..

Saturday, 22 February 2014

For the past few years I've hosted all my websites in a "special" way:

  • Each website runs under its own UID.
  • Each website runs a local thttpd / webserver.
  • Each server binds to localhost, on a high-port.
    • My recipe is that the port of the webserver for user "foo" is "$(id -u foo)".
  • On the front-end I have a proxy to route connections to the appropriate back-end, based on the Host header.

The webserver I chose initially was thttpd, which gained points because it was small, auditable, and simple to launch. Something like this was my recipe:

exec thttpd -D -C /srv/

Unfortunately thttpd suffers from a few omissions, most notably it doesn't support either "Keep-Alive", or "Compression" (i.e. gzip/deflate), so it would always be slower than I wanted.

On the plus side it was simple to use, supported CGI scripts, and served me well once I'd patched it to support X-Forwarded-For for IPv6 connections.

Recently I setup a server optimization site and was a little disappointed that the site itself scored poorly on Google's page-speed test. So I removed thttpd for that site, and replacing it with nginx. The end result was that the site scored 98/100 on Google's page-speed test. Progress. Unfortunately I couldn't do that globally because nginx doesn't support old-school plain CGI scripts.

So last night I removed both nginx and thttpd, and now every site on my box is hosted using lighttpd.

There weren't too many differences in the setup, though I had to add some rules to add caching for *.css, etc, and some of my code needed updating.

Beyond that today I've setup a dedicated docker host - which allows me to easily spin up containers. Currently I've got graphite monitoring for my random hosts, and a wordpress guest for plugin development/testing.

Now to go back to reading Off to be the wizard .. - not as good as Rick Cook's wizardry series (which got less good as time went on, but started off strongly), but still entertaining.



Comments On This Entry

[gravitar] Krister Brus

Submitted at 11:10:22 on 23 February 2014

I may be missing something in your configuration, but nginx does in fact support "old-school plain CGI scripts" via wrapper script fcgiwrap. Install the package fcgiwrap, include one file in the nginx setup, and nginx is ready to serve scripts, for example Very easy and it works well.

[gravitar] Steve Kemp

Submitted at 11:39:02 on 23 February 2014

What I meant was that nginx doesn't support native CGI scripts.

You can get CGI via fastcgi, or the fcgiwrap tool you mention, but that means running a second daemon for each user - since I want all CGI scripts for a site to run as that sites's UID. (i.e. One compromised site cannot read/mess-with another.)


Comments are closed on posts which are more than ten days old.

Spiral Logo


Recent Posts

Recent Tags


RSS Feed

  • Subscribe to feed