anil.recoil.org
+8
CLAUDE.md
+8
CLAUDE.md
···
···+Both of these are intended to act as a reference implementation, for us to figure out what the ideal OCaml interface should look like for FastCGI.+Our target language is OCaml, using the Eio library. The README for Eio is in OCaml-EIO-README.md to give you a reference.
+735
spec/FastCGI_Specification.html
+735
spec/FastCGI_Specification.html
···
···+<meta name="description" content="This specification has narrow goal is to specify, from an application perspective, the interface between a FastCGI application and a Web server that supports FastCGI."/>+<meta name="keywords" content="fastcgi, fastcgi specification, fastcgi source, fastcgi php, fastcgi apache, fastcgi iis, fastcgi c++, fastcgi nginx, fastcgi download, fcgi spec, fcgi-spec, fastcgi overview, cgi, protocol specification, php-fpm, apache, mod_proxy_fastcgi, mod_fcgid, mod_fastcgi, fcgi2, fcgi sdk, nginx fastcgi, ngx_http_fastcgi_module, ligthttpd, cherokee, perl, python, ruby"/>+<link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>+<link rel="stylesheet" href="/assets/css/style.css?v=cfbb93ce861c9fb058b2d12ee0a83e55a1682c1f">+<h2 class="project-tagline">This specification has narrow goal is to specify, from an application perspective, the interface between a FastCGI application and a Web server that supports FastCGI.</h2>+<h5 id="copyright--1996-open-market-inc-245-first-street-cambridge-ma-02142-usa">Copyright © 1996 Open Market, Inc. 245 First Street, Cambridge, MA 02142 U.S.A.</h5>+<li><a href="#S5.2">5.2 Name-Value Pair Streams: <tt>FCGI_PARAMS</tt>, <tt>FCGI_RESULTS</tt></a></li>+<li><a href="#S5.3">5.3 Byte Streams: <tt>FCGI_STDIN</tt>, <tt>FCGI_DATA</tt>, <tt>FCGI_STDOUT</tt>, <tt>FCGI_STDERR</tt></a></li>+<p>FastCGI is an open extension to CGI that provides high performance for all Internet applications without the penalties of Web server APIs.</p>+<p>This specification has narrow goal: to specify, from an application perspective, the interface between a FastCGI application and a Web server that supports FastCGI. Many Web server features related to FastCGI, e.g. application management facilities, have nothing to do with the application to Web server interface, and are not described here.</p>+<p>This specification is for Unix (more precisely, for POSIX systems that support Berkeley Sockets). The bulk of the specification is a simple communications protocol that is independent of byte ordering and will extend to other systems.</p>+<p>We’ll introduce FastCGI by comparing it with conventional Unix implementations of CGI/1.1. FastCGI is designed to support long-lived application processes, i.e. <em>application servers</em>. That’s a major difference compared with conventional Unix implementations of CGI/1.1, which construct an application process, use it respond to one request, and have it exit.</p>+<p>The initial state of a FastCGI process is more spartan than the initial state of a CGI/1.1 process, because the FastCGI process doesn’t begin life connected to anything. It doesn’t have the conventional open files <tt>stdin</tt>, <tt>stdout</tt>, and <tt>stderr</tt>, and it doesn’t receive much information through environment variables. The key piece of initial state in a FastCGI process is a listening socket, through which it accepts connections from a Web server.</p>+<p>After a FastCGI process accepts a connection on its listening socket, the process executes a simple protocol to receive and send data. The protocol serves two purposes. First, the protocol multiplexes a single transport connection between several independent FastCGI requests. This supports applications that are able to process concurrent requests using event-driven or multi-threaded programming techniques. Second, within each request the protocol provides several independent data streams in each direction. This way, for instance, both <tt>stdout</tt> and <tt>stderr</tt> data pass over a single transport connection from the application to the Web server, rather than requiring separate pipes as with CGI/1.1.</p>+<p>A FastCGI application plays one of several well-defined <em>roles</em>. The most familiar is the <em>Responder</em> role, in which the application receives all the information associated with an HTTP request and generates an HTTP response; that’s the role CGI/1.1 programs play. A second role is <em>Authorizer</em>, in which the application receives all the information associated with an HTTP request and generates an authorized/unauthorized decision. A third role is <em>Filter</em>, in which the application receives all the information associated with an HTTP request, plus an extra stream of data from a file stored on the Web server, and generates a “filtered” version of the data stream as an HTTP response. The framework is extensible so that more FastCGI can be defined later.</p>+<p>In the remainder of this specification the terms “FastCGI application,” “application process,” or “application server” are abbreviated to “application” whenever that won’t cause confusion.</p>+<p>By default the Web server creates an argument list containing a single element, the name of the application, taken to be the last component of the executable’s path name. The Web server may provide a way to specify a different application name, or a more elaborate argument list.</p>+<p>Note that the file executed by the Web server might be an interpreter file (a text file that starts with the characters <tt>#!</tt>), in which case the application’s argument list is constructed as described in the <tt>execve</tt> manpage.</p>+<p>The Web server leaves a single file descriptor, <tt>FCGI_LISTENSOCK_FILENO</tt>, open when the application begins execution. This descriptor refers to a listening socket created by the Web server.</p>+<p><tt>FCGI_LISTENSOCK_FILENO</tt> equals <tt>STDIN_FILENO</tt>. The standard descriptors <tt>STDOUT_FILENO</tt> and <tt>STDERR_FILENO</tt> are closed when the application begins execution. A reliable method for an application to determine whether it was invoked using CGI or FastCGI is to call <tt>getpeername(FCGI_LISTENSOCK_FILENO)</tt>, which returns -1 with <tt>errno</tt> set to <tt>ENOTCONN</tt> for a FastCGI application.</p>+<p>The Web server’s choice of reliable transport, Unix stream pipes (<tt>AF_UNIX</tt>) or TCP/IP (<tt>AF_INET</tt>), is implicit in the internal state of the <tt>FCGI_LISTENSOCK_FILENO</tt> socket.</p>+<p>The Web server may use environment variables to pass parameters to the application. This specification defines one such variable, <tt>FCGI_WEB_SERVER_ADDRS</tt>; we expect more to be defined as the specification evolves. The Web server may provide a way to bind other environment variables, such as the <tt>PATH</tt> variable.</p>+<p>The Web server may provide a way to specify other components of an application’s initial process state, such as the priority, user ID, group ID, root directory, and working directory of the process.</p>+<p>We use C language notation to define protocol message formats. All structure elements are defined in terms of the <tt>unsigned char</tt> type, and are arranged so that an ISO C compiler lays them out in the obvious manner, with no padding. The first byte defined in the structure is transmitted first, the second byte second, etc.</p>+<p>First, when two adjacent structure components are named identically except for the suffixes “<tt>B1</tt>” and “<tt>B0</tt>,” it means that the two components may be viewed as a single number, computed as <tt>B1«8 + B0</tt>. The name of this single number is the name of the components, minus the suffixes. This convention generalizes in an obvious way to handle numbers represented in more than two bytes.</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> struct {+<p>meaning a structure of varying length, where the length of a component is determined by the values of the indicated earlier component or components.</p>+<h4 id="32-accepting-transport-connections"><a name="S3.2">3.2 Accepting Transport Connections</a></h4>+<p>A FastCGI application calls <tt>accept()</tt> on the socket referred to by file descriptor <tt>FCGI_LISTENSOCK_FILENO</tt> to accept a new transport connection. If the <tt>accept()</tt> succeeds, and the <tt>FCGI_WEB_SERVER_ADDRS</tt> environment variable is bound, the application application immediately performs the following special processing:</p>+<p><tt>FCGI_WEB_SERVER_ADDRS</tt>: The value is a list of valid IP addresses for the Web server.</p>+<p>If <tt>FCGI_WEB_SERVER_ADDRS</tt> was bound, the application checks the peer IP address of the new connection for membership in the list. If the check fails (including the possibility that the connection didn’t use TCP/IP transport), the application responds by closing the connection.</p>+<p><tt>FCGI_WEB_SERVER_ADDRS</tt> is expressed as a comma-separated list of IP addresses. Each IP address is written as four decimal numbers in the range [0..255] separated by decimal points. So one legal binding for this variable is <tt>FCGI_WEB_SERVER_ADDRS=199.170.183.28,199.170.183.71</tt>.</p>+<p>An application may accept several concurrent transport connections, but it need not do so.</p>+<p>Applications execute requests from a Web server using a simple protocol. Details of the protocol depend upon the application’s role, but roughly speaking the Web server first sends parameters and other data to the application, then the application sends result data to the Web server, and finally the application sends the Web server an indication that the request is complete.</p>+<p>All data that flows over the transport connection is carried in <em>FastCGI records</em>. FastCGI records accomplish two things. First, records multiplex the transport connection between several independent FastCGI requests. This multiplexing supports applications that are able to process concurrent requests using event-driven or multi-threaded programming techniques. Second, records provide several independent data streams in each direction within a single request. This way, for instance, both <tt>stdout</tt> and <tt>stderr</tt> data can pass over a single transport connection from the application to the Web server, rather than requiring separate connections.</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> typedef struct {+<p>A FastCGI record consists of a fixed-length prefix followed by a variable number of content and padding bytes. A record contains seven components:</p>+<li><tt>version</tt>: Identifies the FastCGI protocol version. This specification documents <tt>FCGI_VERSION_1</tt>.</li>+<li><tt>type</tt>: Identifies the FastCGI record type, i.e. the general function that the record performs. Specific record types and their functions are detailed in later sections.</li>+<li><tt>requestId</tt>: Identifies the <em>FastCGI request</em> to which the record belongs.</li>+<li><tt>contentLength</tt>: The number of bytes in the <tt>contentData</tt> component of the record.</li>+<li><tt>paddingLength</tt>: The number of bytes in the <tt>paddingData</tt> component of the record.</li>+<li><tt>contentData</tt>: Between 0 and 65535 bytes of data, interpreted according to the record type.</li>+<p>We use a relaxed C <tt>struct</tt> initializer syntax to specify constant FastCGI records. We omit the <tt>version</tt> component, ignore padding, and treat <tt>requestId</tt> as a number. Thus <tt>{FCGI_END_REQUEST, 1, {FCGI_REQUEST_COMPLETE,0}}</tt> is a record with <tt>type == FCGI_END_REQUEST</tt>, <tt>requestId == 1</tt>, and <tt>contentData == {FCGI_REQUEST_COMPLETE,0}</tt>.</p>+<p>The protocol allows senders to pad the records they send, and requires receivers to interpret the <tt>paddingLength</tt> and skip the <tt>paddingData</tt>. Padding allows senders to keep data aligned for more efficient processing. Experience with the X window system protocols shows the performance benefit of such alignment.</p>+<p>We recommend that records be placed on boundaries that are multiples of eight bytes. The fixed-length portion of a <tt>FCGI_Record</tt> is eight bytes.</p>+<p>The Web server re-uses FastCGI request IDs; the application keeps track of the current state of each request ID on a given transport connection. A request ID <tt>R</tt> becomes active when the application receives a record <tt>{FCGI_BEGIN_REQUEST, R, …}</tt> and becomes inactive when the application sends a record <tt>{FCGI_END_REQUEST, R, …}</tt> to the Web server.</p>+<p>While a request ID <tt>R</tt> is inactive, the application ignores records with <tt>requestId == R</tt>, except for <tt>FCGI_BEGIN_REQUEST</tt> records as just described.</p>+<p>The Web server attempts to keep FastCGI request IDs small. That way the application can keep track of request ID states using a short array rather than a long array or a hash table. An application also has the option of accepting only one request at a time. In this case the application simply checks incoming <tt>requestId</tt> values against the current request ID.</p>+<p>The first distinction is between <em>management</em> records and <em>application</em> records. A management record contains information that is not specific to any Web server request, such as information about the protocol capabilities of the application. An application record contains information about a particular request, identified by the <tt>requestId</tt> component.</p>+<p>Management records have a <tt>requestId</tt> value of zero, also called the <em>null request ID</em>. Application records have a nonzero <tt>requestId</tt>.</p>+<p>The second distinction is between <em>discrete</em> and <em>stream</em> records. A discrete record contains a meaningful unit of data all by itself. A stream record is part of a <em>stream</em>, i.e. a series of zero or more non-empty records (<tt>length != 0</tt>) of the stream type, followed by an empty record (<tt>length == 0</tt>) of the stream type. The <tt>contentData</tt> components of a stream’s records, when concatenated, form a byte sequence; this byte sequence is the value of the stream. Therefore the value of a stream is independent of how many records it contains or how its bytes are divided among the non-empty records.</p>+<p>These two classifications are independent. Among the record types defined in this version of the FastCGI protocol, all management record types are also discrete record types, and nearly all application record types are stream record types. But three application record types are discrete, and nothing prevents defining a management record type that’s a stream in some later version of the protocol.</p>+<p>In many of their roles, FastCGI applications need to read and write varying numbers of variable-length values. So it is useful to adopt a standard format for encoding a name-value pair.</p>+<p>FastCGI transmits a name-value pair as the length of the name, followed by the length of the value, followed by the name, followed by the value. Lengths of 127 bytes and less can be encoded in one byte, while longer lengths are always encoded in four bytes:</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> typedef struct {+<p>The high-order bit of the first byte of a length indicates the length’s encoding. A high-order zero implies a one-byte encoding, a one a four-byte encoding.</p>+<p>This name-value pair format allows the sender to transmit binary values without additional encoding, and enables the receiver to allocate the correct amount of storage immediately even for large values.</p>+<h4 id="35-closing-transport-connections"><a name="S3.5">3.5 Closing Transport Connections</a></h4>+<p>The Web server controls the lifetime of transport connections. The Web server can close a connection when no requests are active. Or the Web server can delegate close authority to the application (see <tt>FCGI_BEGIN_REQUEST</tt>). In this case the application closes the connection at the end of a specified request.</p>+<p>This flexibility accommodates a variety of application styles. Simple applications will process one request at a time and accept a new transport connection for each request. More complex applications will process concurrent requests, over one or multiple transport connections, and will keep transport connections open for long periods of time.</p>+<p>A simple application gets a significant performance boost by closing the transport connection when it has finished writing its response. The Web server needs to control the connection lifetime for long-lived connections.</p>+<p>When an application closes a connection or finds that a connection has closed, the application initiates a new connection.</p>+<h4 id="41-fcgi_get_values-fcgi_get_values_result"><a name="S4.1">4.1 <tt>FCGI_GET_VALUES, FCGI_GET_VALUES_RESULT</tt></a></h4>+<p>The Web server can query specific variables within the application. The server will typically perform a query on application startup in order to to automate certain aspects of system configuration.</p>+<p>The application receives a query as a record <tt>{FCGI_GET_VALUES, 0, …}</tt>. The <tt>contentData</tt> portion of a <tt>FCGI_GET_VALUES</tt> record contains a sequence of name-value pairs with empty values.</p>+<p>The application responds by sending a record <tt>{FCGI_GET_VALUES_RESULT, 0, …}</tt> with the values supplied. If the application doesn’t understand a variable name that was included in the query, it omits that name from the response.</p>+<p><tt>FCGI_GET_VALUES</tt> is designed to allow an open-ended set of variables. The initial set provides information to help the server perform application and connection management:</p>+<li><tt>FCGI_MAX_CONNS</tt>: The maximum number of concurrent transport connections this application will accept, e.g. <tt>“1”</tt> or <tt>“10”</tt>.</li>+<li><tt>FCGI_MAX_REQS</tt>: The maximum number of concurrent requests this application will accept, e.g. <tt>“1”</tt> or <tt>“50”</tt>.</li>+<li><tt>FCGI_MPXS_CONNS</tt>: <tt>“0”</tt> if this application does not multiplex connections (i.e. handle concurrent requests over each connection), <tt>“1”</tt> otherwise.</li>+<p>An application may receive a <tt>FCGI_GET_VALUES</tt> record at any time. The application’s response should not involve the application proper but only the FastCGI library.</p>+<p>The set of management record types is likely to grow in future versions of this protocol. To provide for this evolution, the protocol includes the <tt>FCGI_UNKNOWN_TYPE</tt> management record. When an application receives a management record whose type <tt>T</tt> it does not understand, the application responds with <tt>{FCGI_UNKNOWN_TYPE, 0, {T}}</tt>.</p>+<p>The <tt>contentData</tt> component of a <tt>FCGI_UNKNOWN_TYPE</tt> record has the form:</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> typedef struct {+<p>The <tt>contentData</tt> component of a <tt>FCGI_BEGIN_REQUEST</tt> record has the form:</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> typedef struct {+<p>The <tt>role</tt> component sets the role the Web server expects the application to play. The currently-defined roles are:</p>+<li><tt>flags & FCGI_KEEP_CONN</tt>: If zero, the application closes the connection after responding to this request. If not zero, the application does not close the connection after responding to this request; the Web server retains responsibility for the connection.</li>+<h4 id="52-name-value-pair-stream-fcgi_params"><a name="S5.2">5.2 Name-Value Pair Stream: <tt>FCGI_PARAMS</tt></a></h4>+<p>is a stream record type used in sending name-value pairs from the Web server to the application. The name-value pairs are sent down the stream one after the other, in no specified order.</p>+<h4 id="53-byte-streams-fcgi_stdin-fcgi_data-fcgi_stdout-fcgi_stderr"><a name="S5.3">5.3 Byte Streams: <tt>FCGI_STDIN</tt>, <tt>FCGI_DATA</tt>, <tt>FCGI_STDOUT</tt>, <tt>FCGI_STDERR</tt></a></h4>+<p>is a stream record type used in sending arbitrary data from the Web server to the application. <tt>FCGI_DATA</tt> is a second stream record type used to send additional data to the application.</p>+<p><tt>FCGI_STDOUT</tt> and <tt>FCGI_STDERR</tt> are stream record types for sending arbitrary data and error data respectively from the application to the Web server.</p>+<p>The Web server sends a <tt>FCGI_ABORT_REQUEST</tt> record to abort a request. After receiving <tt>{FCGI_ABORT_REQUEST, R}</tt>, the application responds as soon as possible with <tt>{FCGI_END_REQUEST, R, {FCGI_REQUEST_COMPLETE, appStatus}}</tt>. This is truly a response from the application, not a low-level acknowledgement from the FastCGI library.</p>+<p>A Web server aborts a FastCGI request when an HTTP client closes its transport connection while the FastCGI request is running on behalf of that client. The situation may seem unlikely; most FastCGI requests will have short response times, with the Web server providing output buffering if the client is slow. But the FastCGI application may be delayed communicating with another system, or performing a server push.</p>+<p>When a Web server is not multiplexing requests over a transport connection, the Web server can abort a request by closing the request’s transport connection. But with multiplexed requests, closing the transport connection has the unfortunate effect of aborting <em>all</em> the requests on the connection.</p>+<p>The application sends a <tt>FCGI_END_REQUEST</tt> record to terminate a request, either because the application has processed the request or because the application has rejected the request.</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> typedef struct {+<p>The <tt>appStatus</tt> component is an application-level status code. Each role documents its usage of <tt>appStatus</tt>.</p>+<p>The <tt>protocolStatus</tt> component is a protocol-level status code; the possible <tt>protocolStatus</tt> values are:</p>+<li><tt>FCGI_CANT_MPX_CONN</tt>: rejecting a new request. This happens when a Web server sends concurrent requests over one connection to an application that is designed to process one request at a time per connection.</li>+<li><tt>FCGI_OVERLOADED</tt>: rejecting a new request. This happens when the application runs out of some resource, e.g. database connections.</li>+<li><tt>FCGI_UNKNOWN_ROLE</tt>: rejecting a new request. This happens when the Web server has specified a role that is unknown to the application.</li>+<p>Role protocols only include records with application record types. They transfer essentially all data using streams.</p>+<p>To make the protocols reliable and to simplify application programming, role protocols are designed to use <em>nearly sequential marshalling</em>. In a protocol with strictly sequential marshalling, the application receives its first input, then its second, etc. until it has received them all. Similarly, the application sends its first output, then its second, etc. until it has sent them all. Inputs are not interleaved with each other, and outputs are not interleaved with each other.</p>+<p>The sequential marshalling rule is too restrictive for some FastCGI roles, because CGI programs can write to both <tt>stdout</tt> and <tt>stderr</tt> without timing restrictions. So role protocols that use both <tt>FCGI_STDOUT</tt> and <tt>FCGI_STDERR</tt> allow these two streams to be interleaved.</p>+<p>All role protocols use the <tt>FCGI_STDERR</tt> stream just the way <tt>stderr</tt> is used in conventional applications programming: to report application-level errors in an intelligible way. Use of the <tt>FCGI_STDERR</tt> stream is always optional. If an application has no errors to report, it sends either no <tt>FCGI_STDERR</tt> records or one zero-length <tt>FCGI_STDERR</tt> record.</p>+<p>When a role protocol calls for transmitting a stream other than <tt>FCGI_STDERR</tt>, at least one record of the stream type is always transmitted, even if the stream is empty.</p>+<p>Again in the interests of reliable protocols and simplified application programming, role protocols are designed to be <em>nearly request-response</em>. In a truly request-response protocol, the application receives all of its input records before sending its first output record. Request-response protocols don’t allow pipelining.</p>+<p>The request-response rule is too restrictive for some FastCGI roles; after all, CGI programs aren’t restricted to read all of <tt>stdin</tt> before starting to write <tt>stdout</tt>. So some role protocols allow that specific possibility. First the application receives all of its inputs except for a final stream input. As the application begins to receive the final stream input, it can begin writing its output.</p>+<p>When a role protocol uses <tt>FCGI_PARAMS</tt> to transmit textual values, such as the values that CGI programs obtain from environment variables, the length of the value does not include the terminating null byte, and the value itself does not include a null byte. An application that needs to provide <tt>environ(7)</tt> format name-value pairs must insert an equal sign between the name and value and append a null byte after the value.</p>+<p>Role protocols do not support the non-parsed header feature of CGI. FastCGI applications set response status using the <tt>Status</tt> and <tt>Location</tt> CGI headers.</p>+<p>A Responder FastCGI application has the same purpose as a CGI/1.1 program: It receives all the information associated with an HTTP request and generates an HTTP response.</p>+<li>The Responder application receives CGI/1.1 environment variables from the Web server over <tt>FCGI_PARAMS</tt>.</li>+<li>Next the Responder application receives CGI/1.1 <tt>stdin</tt> data from the Web server over <tt>FCGI_STDIN</tt>. The application receives at most <tt>CONTENT_LENGTH</tt> bytes from this stream before receiving the end-of-stream indication. (The application receives less than <tt>CONTENT_LENGTH</tt> bytes only if the HTTP client fails to provide them, e.g. because the client crashed.)</li>+<li>The Responder application sends CGI/1.1 <tt>stdout</tt> data to the Web server over <tt>FCGI_STDOUT</tt>, and CGI/1.1 <tt>stderr</tt> data over <tt>FCGI_STDERR</tt>. The application sends these concurrently, not one after the other. The application must wait to finish reading <tt>FCGI_PARAMS</tt> before it begins writing <tt>FCGI_STDOUT</tt> and <tt>FCGI_STDERR</tt>, but it needn’t finish reading from <tt>FCGI_STDIN</tt> before it begins writing these two streams.</li>+<li>After sending all its <tt>stdout</tt> and <tt>stderr</tt> data, the Responder application sends a <tt>FCGI_END_REQUEST</tt> record. The application sets the <tt>protocolStatus</tt> component to <tt>FCGI_REQUEST_COMPLETE</tt> and the <tt>appStatus</tt> component to the status code that the CGI program would have returned via the <tt>exit</tt> system call.</li>+<p>A Responder performing an update, e.g. implementing a <tt>POST</tt> method, should compare the number of bytes received on <tt>FCGI_STDIN</tt> with <tt>CONTENT_LENGTH</tt> and abort the update if the two numbers are not equal.</p>+<p>An Authorizer FastCGI application receives all the information associated with an HTTP request and generates an authorized/unauthorized decision. In case of an authorized decision the Authorizer can also associate name-value pairs with the HTTP request; when giving an unauthorized decision the Authorizer sends a complete response to the HTTP client.</p>+<p>Since CGI/1.1 defines a perfectly good way to represent the information associated with an HTTP request, Authorizers use the same representation:</p>+<li>The Authorizer application receives HTTP request information from the Web server on the <tt>FCGI_PARAMS</tt> stream, in the same format as a Responder. The Web server does not send <tt>CONTENT_LENGTH</tt>, <tt>PATH_INFO</tt>, <tt>PATH_TRANSLATED</tt>, and <tt>SCRIPT_NAME</tt> headers.</li>+<p>The Authorizer application sends <tt>stdout</tt> and <tt>stderr</tt> data in the same manner as a Responder. The CGI/1.1 response status specifies the disposition of the request. If the application sends status 200 (OK), the Web server allows access. Depending upon its configuration the Web server may proceed with other access checks, including requests to other Authorizers.</p>+<p>An Authorizer application’s 200 response may include headers whose names are prefixed with <tt>Variable-</tt>. These headers communicate name-value pairs from the application to the Web server. For instance, the response header</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> Variable-AUTH_METHOD: database lookup+<p>transmits the value <tt>“database lookup”</tt> with name <tt>AUTH-METHOD</tt>. The server associates such name-value pairs with the HTTP request and includes them in subsequent CGI or FastCGI requests performed in processing the HTTP request. When the application gives a 200 response, the server ignores response headers whose names aren’t prefixed with <tt>Variable-</tt> prefix, and ignores any response content.</p>+<p>For Authorizer response status values other than “200” (OK), the Web server denies access and sends the response status, headers, and content back to the HTTP client.</p>+<p>A Filter FastCGI application receives all the information associated with an HTTP request, plus an extra stream of data from a file stored on the Web server, and generates a “filtered” version of the data stream as an HTTP response.</p>+<p>A Filter is similar in functionality to a Responder that takes a data file as a parameter. The difference is that with a Filter, both the data file and the Filter itself can be access controlled using the Web server’s access control mechanisms, while a Responder that takes the name of a data file as a parameter must perform its own access control checks on the data file.</p>+<p>The steps taken by a Filter are similar to those of a Responder. The server presents the Filter with environment variables first, then standard input (normally form <tt>POST</tt> data), finally the data file input:</p>+<li>Like a Responder, the Filter application receives name-value pairs from the Web server over <tt>FCGI_PARAMS</tt>. Filter applications receive two Filter-specific variables: <tt>FCGI_DATA_LAST_MOD</tt> and <tt>FCGI_DATA_LENGTH</tt>.</li>+<li>Next the Filter application receives CGI/1.1 <tt>stdin</tt> data from the Web server over <tt>FCGI_STDIN</tt>. The application receives at most <tt>CONTENT_LENGTH</tt> bytes from this stream before receiving the end-of-stream indication. (The application receives less than <tt>CONTENT_LENGTH</tt> bytes only if the HTTP client fails to provide them, e.g. because the client crashed.)</li>+<li>Next the Filter application receives the file data from the Web server over <tt>FCGI_DATA</tt>. This file’s last modification time (expressed as an integer number of seconds since the epoch January 1, 1970 UTC) is <tt>FCGI_DATA_LAST_MOD</tt>; the application may consult this variable and respond from a cache without reading the file data. The application reads at most <tt>FCGI_DATA_LENGTH</tt> bytes from this stream before receiving the end-of-stream indication.</li>+<li>The Filter application sends CGI/1.1 <tt>stdout</tt> data to the Web server over <tt>FCGI_STDOUT</tt>, and CGI/1.1 <tt>stderr</tt> data over <tt>FCGI_STDERR</tt>. The application sends these concurrently, not one after the other. The application must wait to finish reading <tt>FCGI_STDIN</tt> before it begins writing <tt>FCGI_STDOUT</tt> and <tt>FCGI_STDERR</tt>, but it needn’t finish reading from <tt>FCGI_DATA</tt> before it begins writing these two streams.</li>+<li>After sending all its <tt>stdout</tt> and <tt>stderr</tt> data, the application sends a <tt>FCGI_END_REQUEST</tt> record. The application sets the <tt>protocolStatus</tt> component to <tt>FCGI_REQUEST_COMPLETE</tt> and the <tt>appStatus</tt> component to the status code that a similar CGI program would have returned via the <tt>exit</tt> system call.</li>+<p>A Filter should compare the number of bytes received on <tt>FCGI_STDIN</tt> with <tt>CONTENT_LENGTH</tt> and on <tt>FCGI_DATA</tt> with <tt>FCGI_DATA_LENGTH</tt>. If the numbers don’t match and the Filter is a query, the Filter response should provide an indication that data is missing. If the numbers don’t match and the Filter is an update, the Filter should abort the update.</p>+<p>A FastCGI application exits with zero status to indicate that it terminated on purpose, e.g. in order to perform a crude form of garbage collection. A FastCGI application that exits with nonzero status is assumed to have crashed. How a Web server or other application manager responds to applications that exit with zero or nonzero status is outside the scope of this specification.</p>+<p>A Web server can request that a FastCGI application exit by sending it <tt>SIGTERM</tt>. If the application ignores <tt>SIGTERM</tt> the Web server can resort to <tt>SIGKILL</tt>.</p>+<p>FastCGI applications report application-level errors with the <tt>FCGI_STDERR</tt> stream and the <tt>appStatus</tt> component of the <tt>FCGI_END_REQUEST</tt> record. In many cases an error will be reported directly to the user via the <tt>FCGI_STDOUT</tt> stream.</p>+<p>On Unix, applications report lower-level errors, including FastCGI protocol errors and syntax errors in FastCGI environment variables, to <tt>syslog</tt>. Depending upon the severity of the error, the application may either continue or exit with nonzero status.</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/*+<h3 id="a-table-properties-of-the-record-types"><a name="SA">A. Table: Properties of the record types</a></h3>+<p>The following chart lists all of the record types and indicates these properties of each:</p>+<li><tt>WS->App</tt>: records of this type can only be sent by the Web server to the application. Records of other types can only be sent by the application to the Web server.</li>+<li><tt>management</tt>: records of this type contain information that is not specific to a Web server request, and use the null request ID. Records of other types contain request-specific information, and cannot use the null request ID.</li>+<li><tt>stream</tt>: records of this type form a stream, terminated by a record with empty <tt>contentData</tt>. Records of other types are discrete; each carries a meaningful unit of data.</li>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> WS->App management stream+<h3 id="b-typical-protocol-message-flow"><a name="SB">B. Typical Protocol Message Flow</a></h3>+<li>The <tt>contentData</tt> of stream records (<tt>FCGI_PARAMS</tt>, <tt>FCGI_STDIN</tt>, <tt>FCGI_STDOUT</tt>, and <tt>FCGI_STDERR</tt>) is represented as a character string. A string ending in <tt>” … “</tt> is too long to display, so only a prefix is shown.</li>+<li>Messages sent to the Web server are indented with respect to messages received from the Web server.</li>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>{FCGI_BEGIN_REQUEST, 1, {FCGI_RESPONDER, 0}}+<p>2. Similar to example 1, but this time with data on <tt>stdin</tt>. The Web server chooses to send the parameters using more <tt>FCGI_PARAMS</tt> records than before:</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>{FCGI_BEGIN_REQUEST, 1, {FCGI_RESPONDER, 0}}+<p>3. Similar to example 1, but this time the application detects an error. The application logs a message to <tt>stderr</tt>, returns a page to the client, and returns non-zero exit status to the Web server. The application chooses to send the page using more <tt>FCGI_STDOUT</tt> records:</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>{FCGI_BEGIN_REQUEST, 1, {FCGI_RESPONDER, 0}}+<p>4. Two instances of example 1, multiplexed onto a single connection. The first request is more difficult than the second, so the application finishes the requests out of order:</p>+<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>{FCGI_BEGIN_REQUEST, 1, {FCGI_RESPONDER, FCGI_KEEP_CONN}}+<p><strong>© 1995, 1996 Open Market, Inc. / <a href="https://www.linkedin.com/in/mark-brown-32a01b11/">Mark R. Brown</a></strong></p>+<span class="site-footer-owner"><a href="https://github.com/FastCGI-Archives">FastCGI Github Archives</a> is maintained by <a href="https://github.com/mcarbonneaux">mcarbonneaux</a>.</span>
+1905
spec/OCaml-EIO-README.md
+1905
spec/OCaml-EIO-README.md
···
···+[API reference][Eio API] | [#eio Matrix chat](https://matrix.to/#/#eio:roscidus.com) | [Dev meetings][]+The `Unix` library provided with OCaml uses blocking IO operations, and is not well suited to concurrent programs such as network services or interactive applications.+For many years, the solution was to use libraries such as Lwt and Async, which provide a monadic interface.+These libraries allow writing code as if there were multiple threads of execution, each with their own stack, but the stacks are simulated using the heap.+Additionally, modern operating systems provide high-performance alternatives to the old Unix `select` call.+For example, Linux's io_uring system has applications write the operations they want to perform to a ring buffer,+You can always [fall back to using Lwt libraries](#lwt) to provide missing features if necessary.+- [Eio][] provides concurrency primitives (promises, etc.) and a high-level, cross-platform OS API.+- [Eio_windows][] is for use on Windows (incomplete - [help wanted](https://github.com/ocaml-multicore/eio/issues/125)).+- [Eio_main][] selects an appropriate backend (e.g. `eio_linux` or `eio_posix`), depending on your platform.+If you want to install the latest unreleased development version of Eio, see [HACKING.md](./HACKING.md).+module, as follows. (The leftmost `#` shown below is the Utop prompt, so enter the text after the+- The `env` argument represents the standard environment of a Unix process, allowing it to interact with the outside world.+A program will typically start by extracting from `env` whatever things the program will need and then calling `main` with them.+- The type of the `main` function here tells us that this program only interacts via the `out` flow.+For example, on Linux this will call `Eio_linux.run`. For non-portable code you can use the platform-specific library directly.+Because external resources are provided to `main` as arguments, we can easily replace them with mocks for testing.+For example, instead of giving `main` the real standard output, we can have it write to a buffer:+[Eio.traceln][] provides convenient printf-style debugging, without requiring you to plumb `stderr` through your code.+Calling an operation that performs an effect (such as `yield`) can switch to a different thread.+The upper horizontal bar is the initial fiber, and the brackets show `Fiber.both` creating a second fiber.+In the eio-trace window, scrolling with the mouse or touchpad will zoom in or out of the diagram.+When an exception is raised, it propagates towards the root until handled, cancelling the other branches as it goes.+You should assume that any operation that can switch fibers can also raise a `Cancelled` exception if an uncaught exception+Note: using `Fiber.first` to ensure that *exactly one* of two actions is performed is not reliable.+There is usually a possibility that both actions succeed at the same time (and one result is thrown away).+then the kernel may have already performed both reads by the time it tells Eio about the first one.+This works because Eio does not provide e.g. a way to open a file without attaching it to a switch.+If a function doesn't have a switch and wants to open a file, it must use `Switch.run` to create one.+But then the function can't return until `Switch.run` does, at which point the file is closed.+The exception (or exceptions) passed to `fail` will be raised by `run` when the fibers have exited.+Here is a server connection handler that handles an incoming connection by sending the client a message:+Note: `Eio_mock.Backend.run` can be used instead of `Eio_main.run` for tests that don't access the outside environment at all.+(a multi-domain loop has to assume it might get an event from another domain, and so must keep waiting).+The key idea here is that the lambda calculus already contains a perfectly good security system:+In a capability-safe language, we don't have to read the entire code-base to find the answers:+- To check whether telemetry is sent, we need to follow the `net` authority as it is passed to `main`.+- `main` uses `net` to open a listening socket on the loopback interface, which it passes to `run_server`.+`run_server` does not get the full `net` access, so we probably don't need to read that code; however,+we might want to check whether we granted other parties access to this port on our loopback network.+We could make that code easier to audit by passing it `(fun () -> Eio.Net.connect net addr)` instead of `net` .+Since OCaml is not a capability language, code can ignore Eio and use the non-capability APIs directly.+If the user enters a line that doesn't fit in the buffer then the buffer will be enlarged as needed.+This is useful when handling untrusted input, since otherwise when you try to read one line an+attacker could just keep sending e.g. 'x' characters until your service ran out of memory and crashed.+Errors interacting with the outside world are indicated by the `Eio.Io (err, context)` exception.+This is roughly equivalent to the `Unix.Unix_error` exception from the OCaml standard library.+For portable code, you will want to avoid matching backend-specific errors, so you would avoid the first case.+The `Eio.Io` type is extensible, so libraries can also add additional top-level error types if needed.+To avoid this problem, you can use `Eio.Exn.Backend.show` to hide the backend-specific part of errors:+An `'a Path.t` is a pair of a capability to a base directory (of type `'a`) and a string path relative to that.+You can use `open_dir` (or `with_open_dir`) to create a restricted capability to a subdirectory:+There are various optional arguments for setting the process's current directory or connecting up the standard streams.+If you want to capture the output of a process, you can provide a suitable `Eio.Flow.sink` as the `stdout` argument,+The mock backend provides a mock clock that advances automatically where there is nothing left to do:+OCaml allows a program to create multiple *domains* in which to run code, allowing multiple CPUs to be used at once.+Fibers are scheduled cooperatively within a single domain, but fibers in different domains run in parallel.+(though extra care needs to be taken when using multiple cores; see the [Multicore Guide](./doc/multicore.md) for details).+- You must ensure that the function passed to `run` doesn't have access to any non-threadsafe values.+- `Domain_manager.run` waits for the domain to finish, but it allows other fibers to run while waiting.+Each domain worker starts new jobs until the total `~weight` of its running jobs reaches `1.0`.+Jobs are queued up if they cannot be started immediately due to all domain workers being busy (`>= 1.0`).+Usually you will only want one pool for an entire application, so the pool is typically created when the application starts:+The total number of domains should not exceed `Domain.recommended_domain_count` or the number of cores on your system.+In other words, the fraction of time actively spent executing OCaml code, not just waiting for I/O or system calls.+In the above code snippet we use `~weight:1.0` because the job is entirely CPU-bound: it never waits for I/O or other syscalls.+Each domain worker starts new jobs until the total `~weight` of its running jobs reaches `1.0`.+Promises are thread-safe; you can wait for a promise in one domain and resolve it in another.+with the twist that another user might ask the cache for the value while it's still adding it.+We don't want to start a second fetch in that case, so instead we just store promises in the cache:+`Fiber.List.iter` is like `List.iter` but doesn't wait for each job to finish before starting the next.+A [stream][Eio.Stream] is a bounded queue. Reading from an empty stream waits until an item is available.+We use a zero-capacity stream here, which means that the `Stream.add` doesn't succeed until a worker accepts the job.+This is a good choice for a worker pool because it means that if the client fiber gets cancelled while waiting for a worker+then the job will never be run. It's also more efficient, as 0-capacity streams use a lock-free algorithm that is faster+The `Fiber.check ()` checks whether the worker itself has been cancelled, and exits the loop if so.+because if we continue instead then the following `Stream.take` will perform the check anyway.+Note: in a real system, you would probably use [Eio.Executor_pool][] for this rather than making your own pool.+- [Eio.Mutex][] provides *mutual exclusion*, so that only one fiber can access a resource at a time.+The above version is not safe to share across domains, because `await_zero` relies on the value of `x` not changing+Here, `Eio.Condition.await` registers itself with `changed` and only then releases the mutex,+In particular, it is easy to miss a notification due to `broadcast` getting called before `await`.+Programs using only the Eio APIs can only behave non-deterministically if given a capability to do so from somewhere else.+Performing IO with external objects (e.g., `stdout`, files, or network sockets) will introduce non-determinism,+Note that `traceln` is unusual. Although it writes (by default) to stderr, it will not switch fibers.+Instead, if the OS is not ready to receive trace output, the whole domain is paused until it is ready.+In particular, if you test your code by providing (deterministic) mocks then the tests will be deterministic.+An easy way to write tests is by having the mocks call `traceln` and then comparing the trace output with the expected output.+Programs can behave non-deterministically when using `Eio_unix` or the various `Low_level` APIs provided by the backends.+- [gemini-eio][] is a simple Gemini browser. It shows how to integrate Eio with `ocaml-tls` and `notty`.+- [cohttp-eio/examples](https://github.com/mirage/ocaml-cohttp/tree/master/cohttp-eio/examples) shows how to use Eio with HTTP.+[Async_eio][] has experimental support for running Async and Eio code together in a single domain.+In particular, `Eio_unix.run_in_systhread` can be used to run a blocking operation in a separate systhread,+For certain compute-intensive tasks it may be useful to send work to a pool of [Domainslib][] worker domains.+You can resolve an Eio promise from non-Eio domains (or systhreads), which provides an easy way to retrieve the result.+Note that most Domainslib functions can only be called from code running in the Domainslib pool,+The bridge function `run_in_pool` makes use of the fact that `Domainslib.Task.async` is able to run from+Remember to keep the type polymorphic in your interface so users don't need to do this manually.+For example, if you need an `Eio.Flow.source` then users should be able to use a `Flow.two_way`+In many cases, it's clearer (if a little more verbose) to take the resources you need as separate arguments, e.g.+- [doc/rationale.md](doc/rationale.md) describes some of Eio's design tradeoffs in more detail.+- [Experiences with effects (video)](https://watch.ocaml.org/videos/watch/74ece0a8-380f-4e2a-bef5-c6bb9092be89), OCaml Workshop 2021.+- ["Retrofitting Concurrency onto OCaml"](https://kcsrk.info/papers/retro-concurrency_pldi_21.pdf) (to appear, PLDI 2021)+- [Concurrent System Programming with Effect Handlers](https://www.repository.cam.ac.uk/bitstream/handle/1810/283239/paper.pdf?sequence=3&isAllowed=y)+- [Asynchronous effect based IO using effect handlers](https://github.com/kayceesrk/ocaml-aeio)+[Eio.Domain_manager]: https://ocaml-multicore.github.io/eio/eio/Eio/Domain_manager/index.html+[Eio_windows]: https://github.com/ocaml-multicore/eio/blob/main/lib_eio_windows/eio_windows.mli+[Dev meetings]: https://docs.google.com/document/d/1ZBfbjAkvEkv9ldumpZV5VXrEc_HpPeYjHPW_TiwJe4Q
+277
spec/fcgi.go
+277
spec/fcgi.go
···
···+// https://web.archive.org/web/20150420080736/http://www.fastcgi.com/drupal/node/6?q=node/22#S8