From: john at keeping.me.uk (John Keeping)
Subject: FastCGI integration for cgit?
Date: Sat, 13 Apr 2013 10:34:10 +0100 [thread overview]
Message-ID: <20130413093410.GN2222@serenity.lan> (raw)
In-Reply-To: <28484901.erkyi2NjQ4@al>
On Sat, Apr 13, 2013 at 01:51:03AM -0700, Peter Wu wrote:
> I am investigating the options for deploying cgit+gitolite. As I am
> running nginx, I have to use fastcgi or something similar.
>
> Some resources that I found during a search:
>
> - http://russellhaering.com/2009/12/22/running-cgit-under-nginx/
> - https://gist.github.com/stran12/1394757
> - http://polemon.org/cgit_nginx
> - http://blog.zx2c4.com/293
>
> Their instructions however, do suggest the use of nginx + spawn-cgi +
> fcgiwrap + cgit. I have some issues with it:
>
> - Even if nginx and cgit run as different users, nginx can still run
> arbitrary commands under the rights of cgit (via SCRIPT_FILENAME).
> - If the only goal of fcgiwrap is to run cgit, why fcgiwrap at all and
> not integrate it into cgit?
>
> So I was wondering if somebody has already considered integrating
> fastcgi into cgit or other experiences with a nginx+(fastcgi+)cgit
> setup? I do not expect much traffic, but still want to have a secure
> (isolated) setup with predictable resource use.
The problem with implementing FastCGI in CGit is that CGit currently
relies on the OS cleaning up resources when the process exits. So if we
use the same process for multiple requests it will just keep growing (in
terms of memory use).
There has recently been some progress on improving the CGit side of
this, but Git also takes this approach for repository objects.
In addition to that, Git isn't designed for a process to work on more
than one repository, so it would be difficult to make CGit handle
multiple repositories in a single process correctly.
Given all of that, any implementation of FastCGI in CGit is going to
look more or less the same as fcgiwrap, so I don't see any reason not to
just use that.
AFAICT, SCRIPT_FILENAME should be managed for you by the webserver and
if you are using nginx then it can't actually be used to run arbitrary
commands [1]. But I've never use it so perhaps someone with experience
of using CGit with nginx would like to comment here.
[1] http://nginx.localdomain.pl/wiki/FcgiWrap
next prev parent reply other threads:[~2013-04-13 9:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-13 8:51 lekensteyn
2013-04-13 9:34 ` john [this message]
2013-04-15 14:32 ` Jason
2013-04-15 14:44 ` fcgiwrap+nginx configuration (was: Re: FastCGI integration for cgit?) lekensteyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130413093410.GN2222@serenity.lan \
--to=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).