Original Document here...
The FastCGI module in IIS enables popular application frameworksthat support the FastCGI protocol to be hosted on the IIS web server ina high-performance and reliable way. FastCGI provides ahigh-performance alternative to the Common Gateway Interface (CGI), astandard way of interfacing external applications with Web servers thathas been supported as part of the IIS feature-set since the very firstrelease.
CGI programs are executables launched by the web server for eachrequest in order to process the request and generate dynamic responsesthat are sent back to the client. Because many of these frameworks donot support multi-threaded execution, CGI enables them to executereliably on IIS by executing exactly one request per process.Unfortunately, it provides poor performance due to the high cost ofstarting and shutting down a process for each request.
FastCGI addresses the performance issues inherent in CGI byproviding a mechanism to reuse a single process over and over again formany requests. Additionally, FastCGI maintains compatibility withnon-thread-safe libraries by providing a pool of reusable processes andensuring that each process will only handle one request at a time.
Add the CGI role service by going to Server Manager -> Roles-> Add Role Services. This enables both the CGI and FastCGI services:
Add the CGI feature by going to Control Panel -> Programs andFeatures -> Turn Windows features on or off. This enables both theCGI and FastCGI services.
The update for IIS 7.0 FastCGI module fixes several knowncompatibility issues with popular PHP applications. Install the updatefrom one of the following locations:
NOTE: This step is optional.
Among other useful features Administration Pack for IIS 7.0 has avery convenient user interface for configuring FastCGI settings.Administration Pack can be installed from these locations:
It is recommended to use a non-thread safe build of PHP with IIS 7.0FastCGI. A non-thread safe build of PHP provides significantperformance gains over the standard build by not doing anythread-safety checks, which are not necessary, since FastCGI ensures asingle threaded execution environment.
C:\PHP>php –info
If PHP was installed correctly and all its dependencies areavailable on the machine, then this command will output the current PHPconfiguration information.
In order for IIS 7.0 to host PHP applications, it is necessary toadd a handler mapping that tells IIS to pass all PHP specific requeststo the PHP application framework via FastCGI protocol.
Open IIS Manager and then select and open “Handler Mappings” at the server level:
Select the “Add Module Mapping” action and specify the configurations settings as below:
Click OK. A dialog box appears asking if you want to create a FastCGI application for this executable. Click Yes.
Test that the handler mapping works correctly by creating aphpinfo.php file in the C:\inetpub\wwwroot folder that contains thefollowing code:
Open a browser and navigate to http://localhost/phpinfo.php. If everything was setup correctly, then you will see the standard PHP information page:
NOTE: If you do not see "FastCgiModule" in the"Modules:" drop-down list then it means that the module is notregistered or not enabled. To check if FastCGI module is registeredopen the IIS configuration file%WINDIR%\windows\system32\config\applicationHost.config and check thatthe following line is present in section:
Also, in the same file, check that the FastCGI module is added to the section:
Alternatively, the above mentioned steps can be completed by using command line tool appcmd.
To create the FastCGI application process pool, run the following command:
C:\>%windir%\system32\inetsrv\appcmd set config /section:system.webServer/fastCGI /+[fullPath='c:\{php_folder}\php-cgi.exe']After that, create the handler mapping:
C:\>%windir%\system32\inetsrv\appcmdset config /section:system.webServer/handlers/+[name='PHP_via_FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='c:\{php_folder}\php-cgi.exe',resourceType='Unspecified']Note: If you are using PHP version 4.X, instead of php-cgi.exe, you can use php.exe.
This download contains a summary presentation on Best Practices for hosting PHP in a shared hosting environment.
The recommendation for isolating PHP web sites in a shared hostingenvironment is consistent with all general security isolationrecommendations for IIS 7.0. In particular, it is recommended to:
For more details about security isolation in a shared hosting environment, refer to Isolating Sites with Application Pools.
Make sure that FastCGI always recycles the php-cgi.exe processesbefore the native PHP recycling kicks in. The FastCGI process recyclingbehavior is controlled by the configuration property instanceMaxRequests.This property specifies how many requests the FastCGI process willprocess before recycling. PHP also has a similar process recyclingfunctionality that is controlled by an environment variable PHP_FCGI_MAX_REQUESTS. By setting instanceMaxRequests to be smaller or equal to PHP_FCGI_MAX_REQUESTS, you can ensure that the native PHP process recycling logic will never kick in.
The FastCGI settings can be configured either by using IIS Manager or by using the command line tool appcmd.
To configure FastCGI recycling settings by using IIS Manager, you need to install Administration Pack for IIS 7.0 and then select FastCGI settings at the server level:
Next select the FastCGI application that you want to configure and click "Edit..." in the Actions pane on right hand side:
In the "Edit FastCGI application" dialog, set instanceMaxRequest to 10000 and then click on the browse button next to the EnvironmentVariables setting:
Add the PHP_FCGI_MAX_REQUESTS environment variable and set its value to 10000:
Note: If you do not configure these settings, then the following default settings are used: instanceMaxRequests = 200, PHP_FCGI_MAX_REQUESTS = 500 (on most PHP builds).
To configure the recycling behavior of FastCGI and PHP via appcmd, use the following commands:
C:\>%windir%\system32\inetsrv\appcmdset config -section:system.webServer/fastCgi/[fullPath='c:\{php_folder}\php-cgi.exe'].instanceMaxRequests:10000Many PHP applications may rely on functions or features availableonly in certain versions of PHP. If such applications are to be hostedon the same server then different PHP versions must be enabled andrunning side-by-side. The IIS 7.0 FastCGI handler fully supportsrunning multiple versions of PHP on the same web server.
For example, let’s assume that on your web server you plan tosupport PHP 4.4.8, PHP 5.2.1 and PHP 5.2.5 non-thread safe. To enablethat, you must place corresponding PHP binaries in separate folders onthe file system (e.g. C:\php448\, C:\php521\ and C:\php525nts) and thencreate FastCGI application process pools for each version:
C:\>%windir%\system32\inetsrv\appcmd set config /section:system.webServer/fastCGI /+[fullPath='c:\php448\php.exe']Now, if you have 3 web sites (site1, site2, site3), where each siteneeds to use a different PHP version, you can define handler mappingson each of those sites to reference a corresponding FastCGI applicationprocess pool.
Note: Each FastCGI process pool is uniquely identified by a combination of fullPath and arguments properties.
C:\>%windir%\system32\inetsrv\appcmdset config site1 –section:system.webServer/handlers/+”..[name=’PHP448_via_FastCGI’,path=’*.php’,verb=’*’,modules=’FastCgiModule’,scriptProcessor=’c:\php448\php.exe’,resourceType=’Either’]The following settings can be used to tighten the security of a PHPinstallation. To make the recommended changes locate and open thephp.ini file and edit the configuration settings as described below:
TH { PADDING-RIGHT: 4px; PADDING-LEFT: 4px; PADDING-BOTTOM: 4px; COLOR: white; PADDING-TOP: 4px; BACKGROUND-COLOR: #222222 } TR { BACKGROUND-COLOR: #dddddd } TD { PADDING-RIGHT: 4px; PADDING-LEFT: 4px; PADDING-BOTTOM: 4px; PADDING-TOP: 4px }Setting | Description |
---|---|
allow_url_fopen=Off allow_url_include=Off |
Disable remote URLs for file handling functions, which may cause code injection vulnerabilities. |
register_globals=Off | Disable register_globals. |
open_basedir="c:\inetpub\" | Restrict where PHP processes can read and write on a file system. |
safe_mode=Off safe_mode_gid=Off |
Disable safe mode |
max_execution_time=30 max_input_time=60 |
Limit script execution time |
memory_limit=16M upload_max_filesize=2M post_max_size=8M max_input_nesting_levels=64 |
Limit memory usage and file sizes |
display_errors=Off log_errors=On error_log="C:\path\of\your\choice" |
Configure error messages and logging |
fastcgi.logging=0 | IIS FastCGI module will fail the request when PHP sends any data on stderr by using FastCGI protocol. Disabling FastCGI logging will prevent PHP from sending error information over stderr, and generating 500 response codes for the client. |
expose_php=Off | Hide presence of PHP |
The section describes the recommended way of enabling per-site PHPconfiguration . Note that this recommendation was discovered andvalidated by Radney Jasmin with hosting provider GoDaddy.com who now offers PHP hosting on Windows Server 2008 via FastCGI.
When each web site has its own application pool (which is arecommended practice on IIS 7.0), it is possible to associate adedicated FastCGI process pool with each web site. A FastCGI processpool is uniquely identified by the combination of fullPath and argumentsattributes. So, if it is necessary to create several FastCGI processpools for the same process executable, such as php-cgi.exe, the argumentsattribute can be used to distinguish process pools definitions. Inaddition, with php-cgi.exe processes the command line switch "-d" canbe used to define an INI entry for PHP process. This switch can be usedto set a PHP setting that makes the arguments string unique.
For example, if there are two web sites "website1" and "website2"that need to have their own set of PHP settings, the FastCGI processpools can be defined as follows:
In this example the PHP setting open_basedir isused to distinguish between process pool definitions. In addition itenforces that the PHP executable for each process pool can perform fileoperations only within the root folder of the corresponding web site.
Then website1 can have the PHP handler mapping as follows:
and website2 can have the PHP handler mapping as follows:
When the PHP process starts it determines the location of the configuration php.ini file by using various settings. The PHP documentationprovides detailed description of the PHP start up process. Note thatone of the places where PHP process searches for php.ini location isthe PHPRC environment variable. If PHP process finds a php.ini file inthe path specified in this environment variable then it will use it,otherwise it will revert to default location of php.ini. Thisenvironment variable can be used to allow hosting customers to usetheir own versions of php.ini files.
For example if there are two websites: website1 and website2;located at the following file paths: C:\WebSites\website1 andC:\WebSites\website2 then the php-cgi.exe process pools in the section of applicationHost.config can be configured asbelow:
This way website1 can have its own version of php.ini in theC:\WebSites\website1, while website2 can have its own version ofphp.ini located in C:\WebSites\website2. This configuration alsoensures that if there is no php.ini found in location specified byPHPRC environment variable then PHP will fall back to using the defaultphp.ini file located in the same folder where php-cgi.exe is located.
The majority of popular PHP applications rely on the URL rewritingfunctionality in web servers to enable user friendly and search enginefriendly URL's. IIS 7.0 provides URL rewriting capabilities via the URL rewrite module.
Refer to the following articles for more information on how to use the URL Rewrite Module: