|KFCGI(8)||System Manager's Manual||KFCGI(8)|
kfcgi — FastCGI
server for kcgi applications
kfcgi server starts up
workers processes of prog to
handle FastCGI connections. It can handle any FastCGI worker implementing
the FastCGI v1.0 Specification as well as those implementing the FastCGI
Extensions for Management Control (see
By default, it opens the socket
/var/www/run/httpd.sock in mode 0660 under the
current user and group, changes to a file-system jail in
/var/www, daemonises and opens its system log, then
starts 3 workers executing prog, which must exist
relative to the file-system jail root. The back-log is twice the worker pool
-n) or, in the event of variable-sized pools,
twice the maximum worker size (
The arguments are as follows:
- Do not daemonise and, in addition to syslog, print messages to standard error.
- Be more verbose in output. This can produce a lot of output.
- The connection backlog. If this is too small, connections will be refused and cause the request to error out. The operating system will usually truncate this.
- The initial number of workers >1.
- The maximum number of workers in a variable-sized pool. By default, this
- Location of file-system jail. This is mandatory: use the root directory if you insist on being insecure.
- Use a variable-sized pool of workers. This can
used for workers implementing the FastCGI Extensions for Management
Control. The pool will be at least (and initially) size
-n, maximum size
-Nwith a release policy dictated by
- Alternative socket path.
- The user in whose name (user and group) the socket is created.
- The user in whose name the process is dropped.
- The amount of time in seconds a worker must be idle before being released from a variable-sized pool. By default, this is five minutes.
To properly stop a
kfcgi server, send it a
SIGTERM. If you send a
SIGHUP to the process, it will restart all
kfcgi utility exits 0 on
success, and >0 if an error occurs.
On OpenBSD, the default user for the web server is “www”. Assuming we have a server that doesn't need any files, we can run the following to keep it in a safe jail:
This will execute /fcgi-bin/prog within the default file-system jail of /var/www as user “www”. It will create the default socket /var/www/run/httpd.sock in mode 0660 as user “www”.
This can also be extended to run a variable-sized pool of workers that responds to system load.
This will start with only two servers, but scale it to 100 in the event of a burst of communication. Workers started to handle the burst will be terminated after 10 seconds.
kfcgi implements the “FastCGI
Specification”, version 1.0, published 29 April 1996, for properly
passing connections to the workers. It also implements the
Extensions for Management Control for variable-sized worker pools.
|September 23, 2021||OpenBSD 6.7|