Multiple installs of Django - How to configure transparent multiplex through the webserver (Lighttpd)?

Question

Hi Everyone,

This question flows from the answer to:How does one set up multiple accounts with separate databases for Django on one server?

I haven't seen anything like this on Google or elsewhere (perhaps I have the wrong vocabulary), so I think input could be a valuable addition to the internet discourse.

How could one configure a server likeso:

• One installation of Lighttpd
• Multiple Django projects running as FastCGI
• The Django projects may be added/removed at will, and ought not to require restarting the webserver
• Transparent redirection of all requests/responses to a particular Django installation depending on the current user

I.e. Given Django projects (with corresponding FastCGI socket):

• Bob (/tmp/bob.fcgi)
• Sue (/tmp/sue.fcgi)
• Joe (/tmp/joe.fcgi)

The Django projects being started with a (oversimplified) script likeso:

#!/bin/sh
NAME=bob

SOCKET=/tmp/$NAME.fcgi

PROTO=fcgi
DAEMON=true

/django_projects/$NAME/manage.py runfcgi protocol=$PROTO socket=$SOCKET
  daemonize=$DAEMON

I want traffic to http://www.example.com/ to direct the request to the correct Django application depending on the user that is logged in.

In other words, http://www.example.com should come "be" /tmp/bob.fcgi if bob is logged in, /tmp/joe.fcgi if joe is logged in, /tmp/sue.fcgi if sue is logged in. If no-one is logged in, it should redirect to a login page.

I've contemplated a demultiplexing "plexer" FastCGI script with the following algorithm:

1. If the cookie $PLEX is set, pipe request to /tmp/$PLEX.fcgi

2. Otherwise redirect to login page (which sets the cookie PLEX based on a many-to-one mapping of Username => PLEX)

Of course as a matter of security $PLEX should be taint checked, and $PLEX shouldn't give rise to any presumption of trust.

A Lighttpd configuration would be likeso (though Apache, Nginx, etc. could be used just as easily):

fastcgi.server = ( "plexer.fcgi" =>
                           ( "localhost" =>
                             (   
                               "socket" => "/tmp/plexer.fcgi",
                               "check-local" => "disable"
                             )
                           )   
                 )

Input and thoughts, helpful links, and to know how to properly implement the FastCGI plexer would all be appreciated.

Thank you.

Answer 1

Here's roughly how I solved this:

In lighttpd.conf

$SERVER["socket"] == "localhost:81" {
  include_shell "/opt/bin/lighttpd_conf.py"
}

And corresponding lighttpd_conf.py:

#!/usr/bin/python
import fileinput
ACCOUNT_LIST_FILE = "/opt/servers/account_list.txt"

for user in fileinput.input(ACCOUNT_LIST_FILE):
    print """
 $HTTP[\"url\"] =~ \"^/%s/\" {
  scgi.server = ( \"/\" => 
   (
   (
    \"socket\" => \"/tmp/user-socket-%s.scgi\",
    \"check-local\" => \"disable\",
   )
   )
  )
 }
    """ % (user, user)

Where ACCOUNT_LIST_FILE contains a number of accounts, e.g.

abc1
abc2
abc3

The server will map http://example.com/abc1 to /tmp/user-socket-abc1.scgi, where presumably a Django instance for user abc1 is talking SCGI.

One must obviously perform some sort of taint checking on the names of accounts (I generate these).