fastcgi and php on Debian etch walkthrough

I touched it chowned it and chmodded it. No difference, it stays 0 byte. I once tried to run it from the commandline and the file was created. But not from apache it seems... this is how suexec looks like:

Code:

w154:/usr/lib/apache2# ls -l
total 16
drwxr-xr-x 2 root root      4096 Feb 27 21:44 modules
-rwsr-x--- 1 root www-data 10244 Jan 27 19:19 suexec

w154:/usr/lib/apache2# ./suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

 

maybe needs to be world readable - here's what mine looks like (note I moved it to local so it doesn't get overwritten by debian)

-rwsr-xr-x 1 root root 24675 2007-04-20 13:30 /usr/local/lib/apache2/suexec-fcgi

 

ok, I'm dumb... I always looked at the wrong suexec...

Code:

w154:/usr/local/lib/apache2# ./suexec-fcgi -V
 -D AP_DOC_ROOT="/usr/local/apache2/htdocs"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

of course there's something wrong with this... how do I set doc_root and logfile?

 

It's explained here:

http://www.howtoforge.com/forums/showthread.php?t=4606

 

cool, you saved my day, thanks

Now I only still have the problem, that new sites don't go into vhosts, any ideas on this?

Edit: ok, forget it, works now also...

 

First of all: I'am new to ISPConfig and I never used a System with it before.

I currently have a system set up like explained in this german howto:

http://http://www.fabianfuchs.com/archives/7-Apache2.2-+-PHP5-+-FastCGI-+-suEXEC-auf-Debian-Etch.html

My question is: Is it possible to use the same patch for ISPConfig like in this thread and do I have to compile an own suexec-fcgi ?
I used the howto above because I'am not so familiar with compiling my own programs ;-)

At the end the support for fcgid is already implemented in ISPConfig, but i didn't found any post about this.

Could you please help me?

P.S. Sorry for my bad english!

 

strange thing again... a newly configured website gives me a 403 error on every request...
Edit: When I see that correct, there is no new php5-cgi process started with that user (the other sites have their processes), and there is nothing about it in apache2/error.log. Am I missing something?

 

Did you restart apache or just reload?

 

I restarted several times meanwhile, nothing changes... What's interesting, the error comes up even when I enter a page that doesn't exist (i.e. dfkdfk.php). I have no idea where to look at, since there's nothing useful logged. No suexec entry, no apache/error.log, only a entry in the site-specific error.log which just states the obvious "403 permission denied".

 

which permissions is denied? I mean which file is it trying to open?

It's worth checking whether ispconfig created a correct apache config - the new host does it have these things in it?

Code:

SuexecUserGroup uid gid
ScriptAlias /php-fastcgi/ /var/www/php-fastcgi/gid/
AddHandler php-fastcgi .php .php3 .php4 .php5 .phtml .phps

and you have this in /var/www/php-fastcgi/gid/

Code:

php-fcgi-starter  php.ini

 

i don't see that, since there's no real information in the logs, but as mentioned, it doesn't matter if I call an existing php file or some nonsense...

SuexecUserGroup is there, as well as ScriptAlias, but no "AddHandler" directive. Though I don't have that for any of the sites, and the old ones are working... I do have AddType though with the mentioned filetypes. I think that's a setting in a ISPConfig file (somewhere where it reads AddHandler, AddType or both)

there is the php-fcgi-starter script but no php.ini. But again, this is the same for all directories...
(no copy paste right now, gotta love putty for Windows Mobile )

 

hmmm that looks all okay i'd say. Maybe, since it is a permission denied errors, carefully compare all folders involved - starting from /var/www all the way to /var/www/php-fastcgi and see if there are any differences between the working ones and the new ones

 

hm, can't see any relevant differences here (web5 works, web8 is the new one)

Code:

w154:/var/www# ls -l
total 40
drwxr-xr-x 2 root              root 4096 Feb 27 20:39 apache2-default
drwxr-xr-x 3 root              root 4096 Oct 10 00:30 localhost
drwxr-xr-x 8 root              root 4096 Feb 29 00:21 php-fastcgi
drwxr-xr-x 2 root              root 4096 Oct  9 01:39 sharedip
drwxr-xr-x 8 web3_lars         web3 4096 Feb 27 22:30 web3
drwxr-xr-x 9 web4_lars         web4 4096 Feb 27 22:13 web4
drwxr-xr-x 9 web5_perforations web5 4096 Mar  2 00:42 web5
drwxr-xr-x 8 web6_durchbruch   web6 4096 Mar  2 00:43 web6
drwxr-x--- 8 web8_lars         web8 4096 Mar  2 00:43 web8
drwxr-xr-x 2 root              root 4096 Feb  1 06:25 webalizer
lrwxrwxrwx 1 www-data          web6   13 Feb 10 23:07 www.cafe-durchbruch.de -> /var/www/web6
lrwxrwxrwx 1 www-data          web4   13 Oct 11 20:33 www.mittelerdes-schwert.de -> /var/www/web4
lrwxrwxrwx 1 www-data          web8   13 Feb 29 00:21 www.oeschey-it.de -> /var/www/web8
lrwxrwxrwx 1 www-data          web3   13 Oct  9 07:42 www.oeschey.de -> /var/www/web3
lrwxrwxrwx 1 www-data          web5   13 Feb 10 23:01 www.perforations.de -> /var/www/web5

w154:/var/www# ls -l web5
total 28
lrwxrwxrwx  1 root              root   44 Mar  2 00:42 Maildir -> /var/www/web5/user/web5_perforations/Maildir
drwxr-xr-x  2 www-data          web5 4096 Feb 22 22:21 backup
drwxrwxr-x  2 www-data          web5 4096 Feb 10 23:01 cgi-bin
drwxr-xr-x  3 web5_perforations web5 4096 Mar  2 00:30 log
drwxrwxrwx  2 web5_perforations web5 4096 Feb 10 23:01 phptmp
drwxr-xr-x  2 web5_perforations web5 4096 Feb 10 23:01 ssl
drwxr-xr-x  4 web5_perforations web5 4096 Feb 20 21:27 user
drwxrwxr-x 23 web5_perforations web5 4096 Feb 19 20:07 web

w154:/var/www# ls -l web8
total 24
lrwxrwxrwx 1 root      root   36 Mar  2 00:43 Maildir -> /var/www/web8/user/web8_lars/Maildir
drwxr-xr-x 2 web8_lars web8 4096 Feb 29 00:21 cgi-bin
drwxr-xr-x 3 web8_lars web8 4096 Feb 29 00:30 log
drwxrwxrwx 2 web8_lars web8 4096 Feb 29 00:21 phptmp
drwxr-xr-x 2 web8_lars web8 4096 Feb 29 00:21 ssl
drwxr-xr-x 3 web8_lars web8 4096 Feb 29 00:22 user
drwxrwxr-x 4 web8_lars web8 4096 Feb 29 04:00 web

w154:/var/www# ls -l web5/web/
total 80720
-rw-rw-r--  1 web5_perforations web5   104874 Feb 22 18:52 CHANGELOG.php
-rw-rw-r--  1 web5_perforations web5     3429 Feb 12 16:35 COPYRIGHT.php
-rw-rw-r--  1 web5_perforations web5     4376 Feb 12 16:36 INSTALL.php
-rw-rw-r--  1 web5_perforations web5    17977 Feb 12 16:36 LICENSE.php
drwxrwxr-x  9 web5_perforations web5     4096 Feb 12 15:43 administrator
drwxrwxr-x  2 web5_perforations web5   540672 Mar  2 01:05 cache
drwxrwxr-x 26 web5_perforations web5     4096 Feb 29 09:39 components
-rw-rw-r--  1 web5_perforations web5     2672 Feb 18 19:46 configuration.php
-rw-rw-r--  1 web5_perforations web5     4372 Feb 12 16:35 configuration.php-dist
drwxrwxr-x  2 web5_perforations web5     4096 Feb 12 16:16 css
drwxrwxr-x  2 web5_perforations web5     4096 Feb 12 16:16 editor
drwxrwxr-x  2 web5_perforations web5     4096 Feb 10 23:01 error
-rw-rw-r--  1 web5_perforations web5     3262 Feb 12 16:35 favicon.ico
-rw-rw-r--  1 web5_perforations web5 81460234 Feb 12 16:36 gamedata.db9
-rw-rw-r--  1 web5_perforations web5     3745 Feb 12 16:36 globals.php
drwxrwxr-x  3 web5_perforations web5    12288 Feb 12 16:17 help
-rw-rw-r--  1 web5_perforations web5     4829 Feb 12 16:36 htaccess.txt
drwxrwxr-x  7 web5_perforations web5     4096 Feb 12 16:18 images
drwxrwxr-x  5 web5_perforations web5     4096 Feb 12 16:20 img
drwxrwxr-x 10 web5_perforations web5     4096 Feb 12 16:22 includes
-rw-rw-r--  1 web5_perforations web5     1011 Feb 19 20:07 index.html.weg
-rw-rw-r--  1 web5_perforations web5     8481 Feb 22 18:52 index.php
-rw-rw-r--  1 web5_perforations web5     5216 Feb 22 18:52 index2.php
drwxrwxr-x  2 web5_perforations web5     4096 Feb 12 16:22 language
-rw-rw-r--  1 web5_perforations web5      710 Feb 12 16:36 mainbody.php
drwxrwxr-x  7 web5_perforations web5     4096 Feb 12 16:34 mambots
drwxrwxr-x  4 web5_perforations web5     4096 Feb 29 09:39 media
drwxrwxr-x  4 web5_perforations web5     4096 Feb 21 17:05 modules
drwxrwxr-x  2 web5_perforations web5     4096 Feb 12 16:34 netpbm
drwxrwxr-x  4 web5_perforations web5     4096 Feb 12 16:35 nonmambo
-rw-rw-r--  1 web5_perforations web5     4929 Feb 12 16:36 offline.php
-rw-rw-r--  1 web5_perforations web5     2474 Feb 12 16:36 offlinebar.php
-rw-rw-r--  1 web5_perforations web5      709 Feb 12 16:36 pathway.php
drwxrwxr-x  2 web5_perforations web5     4096 Feb 12 15:38 picture_library
drwxrwxr-x  2 web5_perforations web5     4096 Feb 12 15:38 plesk-stat
-rw-rw-r--  1 web5_perforations web5      286 Feb 12 16:36 robots.txt
drwxr-xr-x  2 web5_perforations web5     4096 Feb 20 04:00 stats
drwxrwxr-x 14 web5_perforations web5     4096 Feb 21 13:44 templates
drwxrwxr-x  9 web5_perforations web5     4096 Feb 12 16:35 test

w154:/var/www# ls -l web8/web/
total 12
drwxrwxr-x 2 web8_lars web8 4096 Feb 29 00:21 error
-rw-rw-r-- 1 web8_lars web8 1246 Mar  2 00:43 index.html
drwxr-xr-x 2 web8_lars web8 4096 Feb 29 04:00 stats

w154:/var/www# ls -l php-fastcgi/web5/
total 4
-rwxr-xr-x 1 root root 114 Feb 27 21:49 php-fcgi-starter

w154:/var/www# ls -l php-fastcgi/web8/
total 4
-rwxr-xr-x 1 root root 114 Feb 27 21:49 php-fcgi-starter

 

Well here it is. web 8 is not world readable. Add the apache user to the web8 group (my patch does that) or change the permissions so the apache user can access the folder.

 

Yeah, I found that soon afterwards... I reverted to standard php, and when it still wouldn't work, I stumbled over it Currently I'm running the suphp from a mini-howto here and it works ok so far... Maybe some day I'm fearless enough again to try fastcgi + suexec