Hi I tried to switch from fastcgi+SuEXEC to suPHP through ISPConfig3 but ended up with 500 Internal Server Error when trying to run php scripts. HTML,XML,js and all the other executing without errors. Here's my /etc/suphp/suphp.conf: Code: [global] ;Path to logfile logfile=/var/log/suphp/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=www-data ;Path all scripts have to be in docroot=/var/www:${HOME}/public_html ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts application/x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self" I set Code: docroot=/var/www:${HOME}/public_html to Code: docroot=/var/www/* or Code: /var/www/clients/${GID}/${UID}/web but i had the same error. Owner:Group is correct (web11:client1) I've set all folders to 755 and files to 644 Code: find /var/www/clients/client1/web11/web/ -type d -exec chmod 755 {} \; find /var/www/clients/client1/web11/web/ -type f -exec chmod 644 {} \; In suphp.log i get this error: Code: [Thu Jul 31 11:51:27 2014] [warn] Script "/var/www/clients/client1/web11/web/index.php" resolving to "/var/www/clients/client1/web11/web/index.php" not within configured docroot In httpd error log having this: Code: [Thu Jul 31 13:25:00 2014] [error] [client 5.54.141.20] SecurityException in Application.cpp:496: Handler not found in configuration [Thu Jul 31 13:25:00 2014] [error] [client 5.54.141.20] Caused by KeyNotFoundException in Configuration.cpp:234: Handler "x-httpd-suphp" not found [Thu Jul 31 13:25:00 2014] [error] [client 5.54.141.20] Premature end of script headers: index.php and my vhost file for that subdomain contains: Code: <Directory /var/www/subdomain.domain.net> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/clients/client1/web11/web ServerName subdomain.domain.net ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/subdomain.domain.net/error.log Alias /error/ "/var/www/subdomain.domain.net/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/subdomain.domain.net/web> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web11/web> Options +FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # cgi enabled <Directory /var/www/clients/client1/web11/cgi-bin> Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client1/web11/cgi-bin/ <FilesMatch "\.(cgi|pl)$"> SetHandler cgi-script </FilesMatch> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> # suphp enabled <Directory /var/www/clients/client1/web11/web> <IfModule mod_suphp.c> suPHP_Engine on # suPHP_UserGroup web11 client1 suPHP_ConfigPath /var/www/conf/web11 <FilesMatch "\.php[345]?$"> SetHandler x-httpd-suphp </FilesMatch> suPHP_AddHandler x-httpd-suphp </IfModule> </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web11 client1 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client1/web11/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client1/web11/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> Debian 6.0.9 squeeze Apache 2.2.16 PHP 5.4.30 suPHP 0.7.1 ISPConfig 3.0.5.4p1 Any help?
Why did you try to use suphp at all? suphp is slow and outdated and should not be used anymore on current systems. Better use php-fcgi + suexec or php-fpm + suexec. They both run php in the same safe way then suphp, but are much faster.
with ph-fcgi + suexec, you will not get any folder permissions issues as long as you dont change the default ispconfig folder permissions. In any case, if you had any folder permsissions, the suphp will definately not fix it.
So when fcgi + suexec is enabled should i set all folder permissions to 755 and files to 644. What about safety? Owner:Group can be set to "root:root" or should be eg. "web11:client1"?
The files shall be owned by the web user and the client group of this website. Permission 755 or even better 750 should be fine.
