Hello there, I'm trying to setup suexec in a cloud environment following this article: http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-ubuntu-11.10 My question is simple: I don't want to use virtual domains as the author suggests but rather virtual subdomains in the form: john.superbhosting.com, alice.superbhosting.com etc. Moreover, i don't want to reload again and again the apache2 server. I've read the apache documentation for virtual domains and subdomains but how should apply all this to my Ubuntu 11.10 server? Thank you in advance!
Apache mass virtual hosting and suExec Thank you Falco for your fast answer! I'm aware of this link from Apache documentation but I have some questions there: Apache suggests the use of httpd.conf file whereas you suggest to write files at /var/www/ directory. Which approach is better? Apache suggest to use mod_vhost_alias or mod_rewrite. Is some method better than the other? I think the first one is simpler. There is another think I'm wondering about after reading this article some time ago: http://jp-larocque.livejournal.com/49475.html The writer implies that some php can run under suExec with user writes and some other "non-userdir FastCGI scripts" to NOT use suEXEC. For that reason he gives a hack, a FastCGI wrapper hack script at /usr/local/sbin/fastcgi-suexec-hack: Code: #!/bin/sh # This hack exists exclusively to work around the restriction that # FastCGI wrappers (e.g. suEXEC) are an all-or-nothing ordeal. Thou # shalt not enable wrappers for userdirs but not for the whole site. # Thou shalt not configure non-userdir FastCGI scripts to use suEXEC # or thou shall suffer my wrath of mysterious suexec policy violation # notices for 7 generations. a php library username="$1" group="$2" application="$3" case "$(pwd)/" in /home/*/public_html/*) exec /usr/lib/apache2/suexec "$username" "$group" "$application";; *) application_abs="$(readlink -f "$application")" exec "$application_abs";; esac (my first language is not English and I need Oxford dictionary to understand "thou shall"!!) My question is this: can I mix user php code with user permissions with a php library that has boarder permissions and runs as a www-data or even a user from the sudoers group?? (some require_once headers should import the php library but what is required is the user NOT to be able to hack that library) Thanks again!
You're mixing things up - /var/www/ is the document root where you must upload your HTML, PHP files, images, etc. while httpd.conf (or apache2.conf) are configuration files for Apache.
1) Yes, indeed!! Correcting myself: you suggested to create files at /etc/apache2/sites-available/ in the form: Code: <VirtualHost *:80> ... </VirtualHost> whereas Apache suggests writing at httpd.conf....(?) 2) At the wrapper script at /var/www/php-fcgi-scripts/web1/php-fcgi-starter, you wrote: Code: ... exec /usr/lib/cgi-bin/php but look at my installation: Code: xxx@xxx:~$ ls -al /usr/lib/cgi-bin total 7952 drwxr-xr-x 2 root root 4096 2012-06-11 22:24 . drwxr-xr-x 56 root root 12288 2012-07-15 13:56 .. lrwxrwxrwx 1 root root 29 2012-06-11 22:24 php -> /etc/alternatives/php-cgi-bin -rwxr-xr-x 1 root root 8112496 2012-05-04 02:01 php5 and Code: xxx@xxx:~$ ls -al /usr/bin ... -rwxr-xr-x 1 root root 8112496 2012-05-04 02:01 php5-cgi lrwxrwxrwx 1 root root 25 2012-06-11 22:24 php-cgi -> /etc/alternatives/php-cgi ... ...why calling /etc/alternatives/php-cgi-bin and not: Code: exec /usr/lib/cgi-bin/php5 or, Code: exec /usr/bin/php5-cgi instead??
(104)Connection reset by peer: mod_fcgid: error Hi, following Falco's tutorial I set up a new domain, I'll call it www.john.com and I tried to see the result when I hit my browser to www.john.com/info.php: Code: Title: 500 Internel Server Error Message: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. At my /var/log/apache2/error.log: Code: [Wed Aug 08 17:25:19 2012] [warn] [client xxx.xxx.xxx.xxx] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://www.john.com/ [Wed Aug 08 17:25:19 2012] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: info.php, referer: http://www.john.com/ From what I can see googling this error there is no simple solution or solution at all
Can you post your FCGI starter script, your vhost configuration, and your /etc/apache2/mods-available/fcgid.conf file?
Sorry for my delayed reply, here is my data: 1) <root># cat /var/www/php-fcgi-scripts/john/php-fcgi-starter Code: #!/bin/sh #in case we activate a per user php.ini #PHPRC=/var/www/john/ PHPRC=/etc/php5/cgi/ export PHPRC export PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_CHILDREN=8 exec /usr/lib/cgi-bin/php 2) <root># apache2ctl -S Code: VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:80 is a NameVirtualHost default server superbhosting.com (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost superbhosting.com (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost www.alice.com (/etc/apache2/sites-enabled/alice:1) port 80 namevhost www.john.com (/etc/apache2/sites-enabled/john:1) Syntax OK Attention: my testing refers to www.john.com which in fact is another domain officially registered and activated (NS, A, CNAME records). When I hit my browser at www.john.com I can see: Code: Index of / [ICO] Name Last modified Size Description [ ] info.php 08-Aug-2012 09:53 38 When I hit at www.john.com/info.php there is an error! 3) cat /etc/apache2/mods-available/fcgid.conf Code: <IfModule mod_fcgid.c> AddHandler fcgid-script .fcgi FcgidConnectTimeout 20 PHP_Fix_Pathinfo_Enable 1 </IfModule> 4) what is installed? <root># dpkg-query -l '*apache2*' Code: Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============================-==============================-============================================================================ ii apache2 2.2.20-1ubuntu1.2 Apache HTTP Server metapackage un apache2-common <none> (no description available) un apache2-doc <none> (no description available) un apache2-mpm <none> (no description available) un apache2-mpm-event <none> (no description available) un apache2-mpm-itk <none> (no description available) un apache2-mpm-prefork <none> (no description available) ii apache2-mpm-worker 2.2.20-1ubuntu1.2 Apache HTTP Server - high speed threaded model ii apache2-suexec 2.2.20-1ubuntu1.2 Standard suexec program for Apache 2 mod_suexec un apache2-suexec-custom <none> (no description available) ii apache2-utils 2.2.20-1ubuntu1.2 utility programs for webservers ii apache2.2-bin 2.2.20-1ubuntu1.2 Apache HTTP Server common binary files ii apache2.2-common 2.2.20-1ubuntu1.2 Apache HTTP Server common files un libapache2-mod-apparmor <none> (no description available) un libapache2-mod-auth-kerb <none> (no description available) ii libapache2-mod-fcgid 1:2.3.6-1+squeeze1build0.11.10 an alternative module compat with mod_fastcgi <root># dpkg-query -l '*php*' Code: Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-=================================-=================================-================================================================================== un php-pear <none> (no description available) ii php5-cgi 5.3.6-13ubuntu3.7 server-side, HTML-embedded scripting language (CGI binary) ii php5-common 5.3.6-13ubuntu3.7 Common files for packages built from the php5 source un php5-json <none> (no description available) un php5-mhash <none> (no description available) un php5-suhosin <none> (no description available) un phpapi-20090626 <none> (no description available) Hope this helps!
I believe I should give my permissions-I started with umask=0077 but I changed it to 744 permissions for user john-so, let's see it: Code: <root># ls -al /var/www/php-fcgi-scripts total 16 drwxr--r-- 4 root root 4096 2012-07-30 15:19 . drwxr-xr-x 5 root root 4096 2012-07-30 15:19 .. drwxr--r-- 2 alice alice 4096 2012-07-30 15:26 alice drwxr--r-- 2 john john 4096 2012-07-30 15:24 john Code: <root># ls -al /var/www/php-fcgi-scripts/john total 12 drwxr--r-- 2 john john 4096 2012-07-30 15:24 . drwxr--r-- 4 root root 4096 2012-07-30 15:19 .. -rwxr-xr-x 1 john john 200 2012-08-08 17:45 php-fcgi-starter Code: <root># ls -al /etc/apache2/sites-available/ total 32 drwxr-xr-x 2 root root 4096 2012-08-12 16:13 . drwxr-xr-x 8 root root 4096 2012-08-12 13:52 .. -rw-r--r-- 1 root root 590 2012-08-07 08:07 alice -rw-r--r-- 1 root root 950 2012-02-14 16:35 default -rw-r--r-- 1 root root 7469 2012-02-14 16:35 default-ssl -rwxr--r-- 1 root root 584 2012-08-07 08:08 john
I have to report another error after I installed and unistalled apache2-suexec-custom: Code: <root># service apache2 restart Syntax error on line 8 of /etc/apache2/sites-enabled/john: Invalid command 'SuexecUserGroup', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. ...fail! If I disable john's site then apache can do a restart! This error wasn't before, so what's going wrong now I wonder?
S u c c e s s !!! I managed to solve all problems related with setting up different domains, here's how: 1) I applied - 0755 permissions to ALL directories "/var/www/php-fcgi-scripts/<user>" and file "php-fcgi-starter" at the end of the path - 0755 permissions to ALL directories "/etc/apache2/sites-available/" and 644 to ALL files at the end of the path - 0755 permissions to ALL directories "/var/www/<user>/web", 600 for file "/var/www/<user>/php.ini" and 600 to ALL files "/var/www/<user>/web/*" 2) I enabled suexec as I had disabled it by accident <root># a2enmod suexec Now, I have to experiment with mass virtual hosting and 3rd level subdomains!
