Current best practices for FastCGI with Python under Nginx?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Current best practices for FastCGI with Python under Nginx?
I'd like to set up some web-accessible Python 3 scripts using the FastCGI API and UNIX domain sockets. By sockets I mean the files themselves not network connections because I'd prefer to deal with the file system permissions for access control and privilege separation.
Should Nginx be launching and keeping the script alive? Should that happen independently of the web server first?
What are the current best practices for FastCGI with Python under Nginx?
FastCGI should be treated with care, you must take care to escape anything you can when dealing with input of any kind, you must also never write programs that assume any variable assignment, always and I mean always ensure that variables are valid and have traps for every piece of code that references them.
1) Validate user input
2) Ensure any parsing of user input is valid before parsing
3) Any function that references a variable of any kind should check if the contents of that variable is valid, if it isn't make the function default to a safe default
4) Try to avoid any os.system, subprocess or using any external application, use pythons libraries to achieve the same thing.
All it takes is one slip up and that box can be exploited or if there real smart rooted.
Adding to what /dev/random said, all of which is important...in addition to validating input before processing, use the form elements to limit what can be entered, where practical. For example, if asking for a US state name, present a drop-down list with only valid states rather than ask the visitor to type in a name. If the number of options is small, the radio button is effective, too, as only one selection can be made. Sex/gender is a good example
Always use the POST method, to prevent hacking of the URL, which is possible when using GET. The GET method exposes the name/value pairs being passed to the script; the POST method doesn't do that.
The GET method exposes the name/value pairs being passed to the script; the POST method doesn't do that.
On the other hand GET does allow the URL to get bookmarked. And it is still trivial to form a custom POST request.
Those are all good practices I've been aware of since 1997 or so, in the context of regular CGI independent of language. My main question is about FastCGI itself and 1) if any particular python modules are recommended to deal with it and 2) how the script is launched. One way would be to launch the python script as a service and let it wait. Another way might be to have the web server itself launch the script and hopefully let it stay running so as to avoid both duplicates and initialization delays.
Any suggestions in regards to dealing with the FastCGI API itself? Flask? Something else?
On the other hand GET does allow the URL to get bookmarked. And it is still trivial to form a custom POST request.
I don't want to hijack your thread; so feel free to ignore this...
I don't know much (anything?) specific about python or FastCGI.
I get (pun intended) what you're saying about bookmarking, but I've never been comfortable with having the input data "exposed" like that. It can be tweaked in the address bar...'tho one can, of course, code to catch any invalid stuff. Yes, it can be a pain to re-enter stuff when using POST.
I read "trivial to form a custom POST request" as easy...is that what you meant? I certainly don't find it difficult.
My web-based applications are coded in perl. They usually both present the form and process it, but occasionally the form pages are static and only the server-side script is dynamic.
I'd think whether or not to have the script running all the time would be a function of how fast it runs. I have no problems starting a script to read the database and create 20 reports at one time. Takes about a minute. As long as the user understands that, there's no issue. Additionally, once the script has fired off, waiting for it is not necessary. The links to the reports will be there when the page is reloaded/revisited.
I'm also not sure how a web form would connect to a running process, but maybe you already know how to do that. (See my 2nd sentence, above)
Sorry I can't help with specifics. Will be watching to learn from this thread.
My web-based applications are coded in perl. They usually both present the form and process it, but occasionally the form pages are static and only the server-side script is dynamic.
That's how I normally do it: perl with all processing on the server side and no javascript, at least not any js interfering with the functionality. No third-party requests at all for extrnal objects.
As for the python, I won't say more so as to avoid derailing the thread, but am interested in whether the python script should wait on its own or get its initial launch from the web server. The python module flup seems to be useful for FastCGI, is there an optimal way to use it? Or a better module?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.