Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• Sympa/Nginx

Running sympa on nginx with systemd fastcgi spawn

Spawning fcgi wrapper using systemd

On modern systems you can use systemd to spawn fast-cgi processes via socket activation [1][2]

This way is even recommended by spawn-fcgi authors, when new enough version of systemd is available [1]

To turn socket activation for sympa's cgi, you should create two files:

/etc/systemd/system/sympa-fastcgi.socket:

[Socket]
ListenStream=/var/run/sympa-fastcgi
Accept=false

[Install]
WantedBy=sockets.target

and /etc/systemd/system/sympa-fastcgi.service:

[Service]
Type=simple
ExecStart=/usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi
User=sympa
Group=sympa
StandardInput=socket

Reload systemd with new config:

systemctl daemon-reload

Enable socket activation by default:

systemctl enable sympa-fastcgi.socket

And activate it now:

systemctl start sympa-fastcgi.socket

Now as soon as web server tries to connect to /var/run/sympa-fastcgi UNIX socket, systemd will automatically start sympa-fastcgi service that will process the request.

For more info read the links at the beginning of this section

Configuring nginx to run sympa

Put following file into /etc/nginx/sites-enabled/sympa:

server {
    listen      80;
    server_name _;  # or explicitly list domains you like to process

    root    /usr/lib/cgi-bin/sympa;
    rewrite ^/$ /sympa permanent;

    location /sympa {
        include        fastcgi_params;

        fastcgi_pass  unix:/var/run/sympa-fastcgi;

        # If you changed wwsympa_url in sympa.conf, change this regex too!
        fastcgi_split_path_info ^(/sympa)(.*)$;

        fastcgi_param SCRIPT_FILENAME $document_root/wwsympa.fcgi;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param USERID sympa;

        # According to RFC3875 (https://tools.ietf.org/html/rfc3875#section-4.1.14) in SERVER_NAME
        # we should put an actual hostname user came to. For nginx it is in $host
        # This will allow to run sympa multihost instances
        fastcgi_param  SERVER_NAME        $host;
    }

    location /static-sympa/css {
        alias /var/lib/sympa/css;
    }
    location /static-sympa/pictures {
        alias /var/lib/sympa/pictures;
    }
    location /static-sympa {
        alias /usr/share/sympa/static_content;
    }

    location ^~ /css-sympa/ {
        alias /var/lib/sympa/css/;
        access_log off;
    }
}

In this file you might want to change server_name option from _ to the explicit list of host names if your server hosts not only sympa services.

Old ways, Stretch and earlier: Running Sympa on Nginx+FastCGI

Note: This is outdated, see 978932#20

Here is just a nginx configuration file example that may be useful for others:

# based on https://gist.github.com/bjacint/7862912

server {
    listen       80;

    server_name  *.*;
    root         /usr/lib/cgi-bin/sympa;
    access_log   /var/log/nginx/sympa.access.log;
    error_log    /var/log/nginx/sympa.error.log;
    error_page   403 500 502 503 504 /50x.html;

    rewrite ^/$ /wws permanent;

    # While configuring sympa, you should specify wwsympa_url for each robot.
    # if you do not do so, sympa will generate wwsympa_url as ${robot_name}/sympa.
    # So to prevent non-active urls for robots without wwsympa_url, we do this redirect:

    rewrite ^/sympa/(.*)$ /wws/$1 permanent;

    location ^~ /static-sympa/ {
        alias /var/lib/sympa/static_content/;
        access_log off;
    }
    location /50x.html {
        root /usr/share/nginx/html;
    }
    location ~* \.(php|pl|py|jsp|asp|sh|cgi|bin|csh|ksh|out|run|o)$ {
        deny all;
    }
    location ~ /\.ht {
        deny all;
    }
    location /wws {
        gzip off;
        fastcgi_pass   unix:/run/fcgiwrap.socket;
        fastcgi_split_path_info ^(/wws)(.+)$;
        fastcgi_param  QUERY_STRING       $query_string;
        fastcgi_param  REQUEST_METHOD     $request_method;
        fastcgi_param  CONTENT_TYPE       $content_type;
        fastcgi_param  CONTENT_LENGTH     $content_length;
        fastcgi_param  PATH_INFO          $fastcgi_path_info;
        fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param  REQUEST_URI        $request_uri;
        fastcgi_param  DOCUMENT_URI       $document_uri;
        fastcgi_param  DOCUMENT_ROOT      $document_root;
        fastcgi_param  SERVER_PROTOCOL    $server_protocol;
        fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param  SERVER_SOFTWARE    nginx;
        fastcgi_param  REMOTE_ADDR        $remote_addr;
        fastcgi_param  REMOTE_PORT        $remote_port;
        fastcgi_param  SERVER_ADDR        $server_addr;
        fastcgi_param  SERVER_PORT        $server_port;

        # According to RFC3875 (https://tools.ietf.org/html/rfc3875#section-4.1.14) in SERVER_NAME
        # we should put an actual hostname user came to. For nginx it is in $host
        # This will allow to run sympa multihost instances
        fastcgi_param  SERVER_NAME        $host;

        fastcgi_param  REMOTE_USER        $remote_user;
        fastcgi_param  SCRIPT_FILENAME    $document_root/wwsympa-wrapper.fcgi;

        fastcgi_param  HTTP_HOST           $http_host;
        fastcgi_intercept_errors on;
    }
}

See Also

Sympa

License

This work is licensed under a Creative Commons Attribution 4.0 International License or newer.