Hello, I'm in the process moving from really old Ubuntu server to new Debian 9 and I got VM from this tutorial https://www.howtoforge.com/tutorial...-stretch-apache-bind-dovecot-ispconfig-3-1/2/ Got everything working so far but I'm stuck now on version, because PHP 7 is installed and I have one very old site that only works with up to PHP 5.3 and I have to have that old PHP version and the website will be read only (archive). I cannot figure out how to add PHP 5.3 so that its selectable in ISPconfig? TIA
That PHP 5.3 is selectable in ISPConfig is probably the easy part, you just have to add the path to it under System > PHP versions. I guess the yourreal problem will be to get or compile PHP 5.3 for Debian 9 at all because of some libs, especially OpenSSL, are too new for PHP 5.3, so you will have to compile some older library versions first before you can compile PHP 5.3.
it can be done with some hefty patching, however you might loose some Openssl functionality ( or have to code unavail functions ). edit: deleted potentially dangerous stuff which has been superseeded by https://www.howtoforge.com/communit...bian-9-stretch-add-php-5-3.77549/#post-366596
Thanks for the reply! Can point me to any tutorial or help me achieve this ? I have inmotion hosting account for one of the critical website and they do it via .htaccess file PHP 5.3 together with PHP 7 http://www.inmotionhosting.com/supp...ation/using-multiple-php-versions-one-account I understand there's much more behind it but thought it might useful.
All they do is loading several mod_php versions and using different names + allow customers to set what handler to be used for serving .php files. You'd still need to build these modules for apache in that case. Regarding compiling php 5.3 - I don't know wether there's much help out there, it'd be time consuming to put all the pieces together :/ Only place I actually found ready made .deb is https://www.liveconfig.com/wiki/de/multiphp Depending on how much trust you have on running these binarys, it might be a solution or not.
The problem is not to use PHP 5.3 as I mentioned in #2 in this thread, you have just to enter 3 paths in ISPConfig and press save, that's all. So it's easier to achieve this in ISPconfig than what is described in the page you posted as you donÄt have to edit any files. What the guide you posted does not describe is the important part, how they compiled PHP 5.3 on Debian 9 as PHP 5.3 does not compile on Debian 9 without modifications in the source code as this PHP version is too old. @ztk.me posted above some steps to achieve this. I don't have another PHP 5.3 compile tutorial at hand for Debian 9.
As @ztk.me mentioned, getting PHP 5.3 to work on a current Linux is not an easy task and even an experienced admin might not be able to do this 'virtually' without actually doing the compilation on a system and then fixing compile issue after compile issue until it works. That's what makes it so complicated to help you with that trough the forum now. If you really need this, then one option might be is that you ask Florian if he can compile it for you remotely: http://www.ispconfig.org/get-support/?type=ispconfig
Ok, thanks for taking time to look into this. I came across this thread and last post explains a workaround, maybe ?https://unix.stackexchange.com/questions/379215/installing-php-5-3-on-debian-stretch-9 How about installing different OS on a different VM? I'm just looking to minimize errors and make it simple install process. ie. https://www.howtoforge.com/how-to-u...pm-and-fastcgi-with-ispconfig-3-debian-wheezy I would love if Florian could make it work but if another option is more simply and takes less time I would not bother him to waste his time. I'm open to any other options.
depends on your hardware, sure you _can_ setup a chroot debootstrap for example letting php-fpm run and let your site connect to it via TCP this puts some extra load onto your system on the other hand but with a decent system this should be neglible
however, you'd need to use some quirks like you can't use ISPConfig to manage php for that instance that easy and you would need to make sure (somehow) php-fpm can access the files as expected and the php-files which uses file operations aswell ... it can be done, but it won't be nice, but I doubt you need to change much for such an old piece of software if it runs as needed I guess. personally I doubt the prebuild debs from liveconfig contain malicious code, would be bad for their business - up to you however
last thought, ha yeah it's mentioneing running the complete web in a chroot with its own webserver and use same principle as how nodejs and such stuff works by using proxypass on a configured website - that'd be pretty easy to do
So I tested that old website with PHP 5.6 and it works! Started searching and came across this: http://www.linuxcompatible.org/news/story/php_5_6_30_packages_for_debian_9_available.html Is it simple as doing this: https://stackoverflow.com/questions/46378017/install-php5-6-in-debian-9 Finding it hard to believe its that easy Edit: I made a mistake because I thought I was testing in PHP 5.6 but it was actually PHP 5.5 Even in that version it works sort of but its throwing some error.
yes, debootstrap is some kind of VM .... however it won't automatically "boot" on startup, it's more like running applications in a different context of the host system. That's where docker comes into play, docker uses images of such directories which are started automatically, oh btw. you could use proxmox and setup an "old" server with debian jessie - much overhead but easy to achieve. for completeness, example using debootstrap ( I didn't cover installation of apc or configure apache or symlink, more to that at the end of this post ) On your host-system do Code: export MY_CHROOT=/jessie-chroot mkdir -p $MY_CHROOT debootstrap jessie $MY_CHROOT http://httpredir.debian.org/debian/ echo "proc $MY_CHROOT/proc proc defaults 0 0" >> /etc/fstab mount proc $MY_CHROOT/proc -t proc echo "sysfs $MY_CHROOT/sys sysfs defaults 0 0" >> /etc/fstab mount sysfs $MY_CHROOT/sys -t sysfs cp /etc/hosts $MY_CHROOT/etc/hosts chroot $MY_CHROOT /bin/bash within chroot do Code: apt-get update apt-get install locales bzip2 dpkg-reconfigure tzdata locales mkdir /opt/php-5.3.29 mkdir /usr/local/src/php5-build cd /usr/local/src/php5-build wget http://de.php.net/get/php-5.3.29.tar.bz2/from/this/mirror -O php-5.3.29.tar.bz2 tar jxf php-5.3.29.tar.bz2 apt-get install libbz2-dev libxml2-dev libcurl4-openssl-dev libjpeg-dev libpng-dev libxpm-dev libfreetype6-dev libc-client2007e-dev libkrb5-dev libmcrypt-dev libpq-dev libmysqlclient-dev build-essential mkdir /usr/include/freetype2/freetype ln -s /usr/include/freetype2/freetype.h /usr/include/freetype2/freetype/freetype.h ln -s /usr/lib/libc-client.a /usr/lib/x86_64-linux-gnu/libc-client.a cd php-5.3.29/ ./configure --prefix=/opt/php-5.3.29 --with-pdo-pgsql --with-zlib-dir --with-freetype-dir --enable-mbstring --with-xpm-dir=/usr --with-libxml-dir=/usr --enable-soap --enable-calendar --with-curl --with-mcrypt --with-zlib --with-gd --with-pgsql --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --with-mhash --enable-zip --with-pcre-regex --with-mysql --with-pdo-mysql --with-mysqli --with-jpeg-dir=/usr --with-png-dir=/usr --enable-gd-native-ttf --with-openssl --with-fpm-user=www-data --with-fpm-group=www-data --with-libdir=/lib/x86_64-linux-gnu --enable-ftp --with-imap --with-imap-ssl --with-kerberos --with-gettext --enable-fpm make make install Now you have different options: 1. Run php-fpm in that chroot using tcp listener ( configure additional php version in ispconfig, you'd need to link the pool.d / conf.d / php.ini folder to host system where ISPConfig can place webxy.conf .... and uhm add some fake stop/start script, maybe you need to manually reload or hack some stuff together) however you would need to link the /var directory into that chroot and copy the corresponding web/client user passwd/group entries into that chroot aswell ( theory I might still have missed something ) 2. install apache with mod_fastcgi and mpm_worker ( recommended ) or use mod_fcgi ( doesn't need patched mod_fastcgi be compiled by yourself, however performance is better with mod_fastcgi ) and set apache port to listen on some differen port and add proxypass config in ISPConfig for that website ( no need to configure PHP on ISPConfig, but changing configs/reloading webserver needs to be done in chroot ) 3. use real virtualization like lxc ct-chroot container ( best performance ) or quemu or docker or setup admin interface to manage your servers using proxmox.
yeah screw that, I patched halfway trough openssl.c to make it compatible with 1.1 but uhm yeah didn't even start to test that yet ... soo if you really need that, go for @till 's suggestion and get a quote - or ask liveconfig support what they did .... where I guess they just disabled imap and openssl - support. however, I'm going to go the same way I likely did it the last time, since my linked build-package doesn't contain much patched files I'm going to use openssl 1.0.1 and maybe patch curl which might be easier or whatever is needed to get the job done fast nice lecture for that topic btw. https://github.com/bukka/php-src/compare/openssl_aead_with_error_store...bukka:openssl_1_1_port
done if you need postgresql-support, additional steps needs to be done ( compile libpsql with openssl 1.0.2 ) change the -j4 at make commands to approximal your cpu cores Code: apt-get install libbz2-dev libxml2-dev libcurl4-openssl-dev libjpeg-dev libpng-dev libxpm-dev libfreetype6-dev libc-client2007e-dev libkrb5-dev libmcrypt-dev libpq-dev libmariadbclient-dev-compat build-essential libxml2-dev libcurl4-openssl-dev libpcre3-dev libbz2-dev libjpeg-dev libpng-dev libfreetype6-dev libmcrypt-dev libmhash-dev freetds-dev libmariadbclient-dev-compat unixodbc-dev libxslt1-dev libfcgi-dev libfcgi0ldbl libmcrypt-dev libssl-dev Code: mkdir /usr/local/src/openssl cd /usr/local/src/openssl wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz tar xf openssl-1.0.2l.tar.gz cd openssl-1.0.2l ./config shared --openssldir=/usr/local/openssl/ enable-ec_nistp_64_gcc_128 make depend make -j4 make install ln -s /usr/local/openssl/lib /usr/local/openssl/lib/x86_64-linux-gnu Code: mkdir /usr/local/src/curl cd /usr/local/src/curl wget https://curl.haxx.se/download/curl-7.56.0.tar.gz tar xf curl-7.56.0.tar.gz cd curl-7.56.0 env PKG_CONFIG_PATH=/usr/local/openssl/lib/pkgconfig LDFLAGS=-Wl,-rpath=/usr/local/openssl/lib ./configure --with-ssl=/usr/local/openssl --with-zlib --prefix=/usr/local/curl make -j4 make install Code: mkdir /usr/local/imap cd /usr/local/imap wget http://http.debian.net/debian/pool/main/u/uw-imap/uw-imap_2007f\~dfsg-5.dsc wget http://http.debian.net/debian/pool/main/u/uw-imap/uw-imap_2007f\~dfsg.orig.tar.gz wget http://cdn-fastly.deb.debian.org/debian/pool/main/u/uw-imap/uw-imap_2007f~dfsg-5.debian.tar.xz dpkg-source -x uw-imap_2007f~dfsg-5.dsc cd uw-imap-2007f~dfsg/ touch {ipv6,lnxok} ## make process will fail, however it generates what we need, still make slx SSLINCLUDE=/usr/local/openssl/include/ SSLLIB=/usr/local/openssl/lib EXTRAAUTHENTICATORS=gss mkdir lib include cp c-client/*.c lib/ cp c-client/*.h include/ cp c-client/c-client.a lib/libc-client.a ln -s /usr/lib/libc-client.a /usr/lib/x86_64-linux-gnu/libc-client.a Code: mkdir /opt/php-5.3.29 mkdir /usr/local/src/php5-build cd /usr/local/src/php5-build wget http://de.php.net/get/php-5.3.29.tar.bz2/from/this/mirror -O php-5.3.29.tar.bz2 tar jxf php-5.3.29.tar.bz2 optional suhoshin-patch Code: cd /usr/local/src/php5-build wget https://download.suhosin.org/suhosin-patch-5.3.9-0.9.10.patch.gz gunzip suhosin-patch-5.3.9-0.9.10.patch.gz cd php-5.3.29 patch -p 1 -i ../suhosin-patch-5.3.9-0.9.10.patch ## the failed hunks are the visible notes it was build with suhoshin patch, no worries if you did not patch do Code: cd php-5.3.29/ continue Code: LDFLAGS="-Wl,-rpath=/usr/local/openssl/lib,-rpath=/usr/local/curl/lib" ./configure --with-config-file-path=/etc/php/5.3/php.ini --with-config-file-scan-dir=/etc/php/5.3/mods-enabled --prefix=/opt/php-5.3.29 --with-zlib-dir --with-freetype-dir --enable-mbstring --with-xpm-dir=/usr --with-libxml-dir=/usr --enable-soap --enable-calendar --with-curl=/usr/local/curl --with-mcrypt --with-zlib --with-gd --disable-rpath --enable-inline-optimization --with-bz2 --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --with-mhash --enable-zip --with-pcre-regex --with-mysql --with-pdo-mysql --with-mysqli --with-jpeg-dir=/usr --with-png-dir=/usr --enable-gd-native-ttf --with-openssl=/usr/local/openssl --with-imap=/usr/local/imap/uw-imap-2007f~dfsg --with-kerberos --with-imap-ssl --with-fpm-user=www-data --with-fpm-group=www-data --with-libdir=lib/x86_64-linux-gnu --enable-ftp --with-gettext --enable-fpm LDFLAGS="-Wl,-rpath=/usr/local/openssl/lib,-rpath=/usr/local/curl/lib" make -j4 make install Code: mkdir -p /etc/php/5.3/fpm/pool.d mkdir /etc/php/5.3/mods-enabled be aware that session-id calculation can be pretty easy guessed by attackers under circumstances and the default entropy-length is way to low. This options have been superseeded in php 7 and are not avail but in 5.3 they're empty / not used by default, double-check. a value of 32 for entropy_length is known to be too small, it's up to you session.entropy_file session.entropy_length Code: cd /usr/local/src/php5-build/php-5.3.29 cp php.ini-production php.ini sed -i 's/^\(short_open_tag\s*=\s*\).*$/\1On/' php.ini sed -i 's/^\(expose_php\s*=\s*\).*$/\1Off/' php.ini sed -i 's/^\(default_socket_timeout\s*=\s*\).*$/\110/' php.ini sed -i 's/^\(;date\.timezone\s*=\s*\).*$/date\.timezone="Europe\/Berlin"/' php.ini sed -i 's/^\(session\.cookie_httponly\s*=\s*\).*$/\11/' php.ini sed -i 's/^\(session\.hash_function\s*=\s*\).*$/\11/' php.ini sed -i 's/^\(session\.hash_bits_per_character\s*=\s*\).*$/\16/' php.ini sed -i 's/^\(disable_functions\s*=\s*\).*$/\1pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,/' php.ini cp php.ini /etc/php/5.3/ /etc/php/5.3/fpm/php-fpm.conf ( see attached php-fpm.conf.txt ) /etc/php/5.3/fpm/pool.d/www.conf ( see attached www.conf.txt ) /etc/init.d/php5.3-fpm ( see attached php5.3-fpm.txt ) /lib/systemd/system/php5.3-fpm.service ( see attached php5.3-fpm.service.txt ) optional Install APC Code: mkdir /usr/local/src/php5-build/apc cd /usr/local/src/php5-build/apc wget http://pecl.php.net/get/APC -O 3.1.13.tar.gz tar xf 3.1.13.tar.gz cd APC-3.1.13/ /opt/php-5.3.29/bin/phpize ./configure --with-php-config=/opt/php-5.3.29/bin/php-config make -j4 make install /etc/php/5.3/mods-enabled/apc.ini Code: extension=/opt/php-5.3.29/lib/php/extensions/no-debug-non-zts-20090626/apc.so apc.enabled=1 apc.shm_size=128M apc.ttl=0 apc.gc_ttl=600 apc.enable_cli=1 apc.mmap_file_mask=/tmp/apc.XXXXXX optional suhoshin extension ( it's not the same as the patch! ) Code: mkdir /usr/local/src/php5-build/suhoshin cd /usr/local/src/php5-build/suhoshin wget https://download.suhosin.org/suhosin-0.9.37.1.tar.gz tar xf suhosin-0.9.37.1.tar.gz cd suhosin-0.9.37.1 /opt/php-5.3.29/bin/phpize ./configure --with-php-config=/opt/php-5.3.29/bin/php-config make make install echo "extension=suhosin.so" > /etc/php/5.3/mods-enabled/suhoshin.ini see https://suhosin.org/stories/configuration.html for options Code: ln -s /opt/php-5.3.29/bin/php /usr/bin/php5.3 ln -s /opt/php-5.3.29/sbin/php-fpm /usr/sbin/php-fpm5.3 update-alternatives --install /usr/bin/php php /usr/bin/php5.3 0 Code: chmod +x /etc/init.d/php5.3-fpm update-rc.d php5.3-fpm defaults check/set your default system php Code: update-alternatives --config php Code: systemctl enable php5.3-fpm.service systemctl daemon-reload systemctl restart php5.3-fpm.service go to System > Additional PHP Versions in ISPConfig and compare to attached Picture No cgi, please don't use cgi! for TLS usage in this version, there has been a discussion: https://bugs.php.net/bug.php?id=65329 edit: added suhoshin patch edit: added suhoshin extension edit: added some disable_functions edit: tls hint
Thank you so much for posting these! I found out today using VM that another application (Centova Cast) will not work properly on Debian 9 Stretch So in my quest to migrate to a new server it looks like the best option will be to install Debian 8 Jessie. With Jessie I should be able to install PHP 5.3 https://www.howtoforge.com/how-to-u...pm-and-fastcgi-with-ispconfig-3-debian-wheezy Correct?
Why doesn't it support Debian 9? Does it have issues with the new apache syntax maybe? Anyway, yes you can install jessie like in the tutorial. Maybe have a look at https://www.proxmox.com/