For some time i host some TYPO3 websites on my Debian Etch server with ISPConfig. The TYPO3 core is installed within /var/www and the website itself is installed within /var/www/webX/web/.

The setup has been done according my Howto here:
http://www.howtoforge.com/typo3_on_ispconfig

I had never problems with this setup.
Today, i migrated from php5mod to php5-cgi with suPHP.
Everything went fine, cause i prepared this step very well.

Now my server is running with suphp+php5-cgi and all the websites are up and running, no problems at all, except for the TYPO3 websites!

When i visit a TYPO3 website an Internal error 500 occurs.
Internal 500 errors are sometimes a little bit difficult to solve, but i am sure that it has something to do with permissions.

Within this forum: http://www.typo3forum.net/forum/typo3-3-x-installation-und-updates/11596-typo3-suphp.html the same situation is described, but i do not understand the solution. (It is also in German).

For me it is important that i solve this problem as soon as possible, because the TYPO3 sites are down.

My /etc/log/suphp.log file shows me only a warning, which i understand:
[warn] File "/var/www/typo3_src-4.0.4/index.php" is not in document root of Vhost "/var/www/web120/web"

My /etc/log/apache2/access.log shows me:

[13/Apr/2007:08:09:29 +0200] "GET / HTTP/1.0" 302 373 "-" "Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8 (internal dummy connection)"

Can someone help me to solve this?

Thanks in advance!

Please have a look in the typo3 .htaccess file, does it contain any php_admin or value lines or anything to alter the php configuration? If yes, comment them out.

Good morning Till,

The .htaccess filename is _.htaccess, so it is not used.
Within my Apache2.conf file, i have these settings:

<Directory /var/www/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>

Do you have any other suggestion for me?

Please post the content of the vhost for this website Vhost_ispconfig.conf file.

Till, this is one of the TYPO3 sites with Internal 500 errors:

#
#
######################################
# Vhost: www.domain.nl:80
######################################
#
#
<VirtualHost 1.2.3.4:80>
ServerName www.domain.nl:80
ServerAdmin webmaster@domain.nl
DocumentRoot /var/www/web120/web
ServerAlias www.domain.org domain.org domain.nl
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web120/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web120/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
suPHP_Engine on
suPHP_UserGroup web-admin web120
AddHandler x-httpd-php .php .php3 .php4 .php5

Hmm, thats ok too. Can you disable the document root checking in the suphp.conf file? Is SuEXEC disabled under management > server > settings ?

Till, thank you for your help so far.

Yes, suEXEC is disabled within ISPConfig and also via a2dismod suexec

Now within /etc/suphp.conf, i removed:

;Path all scripts have to be in
docroot=/

So, i did:

/etc/init.d/apache2 force-reload


Pffff, not any better and i see that is Friday 13th ...

What can we do?

Do you get any errors in the error.log file of the website?

Additionally, please post your complete suphp.conf file.

The output of /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=www-data

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

; Minimum GID
min_gid=100


[handlers]
;Handler for php-scripts
x-httpd-php=php:/usr/bin/php5-cgi

;Handler for CGI-scripts
x-suphp-cgi=execute:!self


The errors within /var/web120/log/error.log which might be interesting are:

[Fri Apr 13 11:01:30 2007] [error] [client 1.2.3.4] SoftException in Application.cpp:214: File "/var/www/typo3_src-4.src-4.0.4/index.php" is not in document root of Vhost "/var/www/web120/web"

[Fri Apr 13 11:01:30 2007] [error] [client 1.2.3.4] Premature end of script headers: index.php

Please try to set:

check_vhost_docroot=false
errors_to_browser=true

Till, i did.

The first time i tried to visit the site i saw this on the screen:

Internal Server Error
UID of script "/var/www/web120/web/index.php" is smaller than min_uid

suPHP 0.6.2

Ok, please try to set:

; Minimum UID
min_uid=0

; Minimum GID
min_gid=0

; Minimum GID
min_gid=0

But be aware that these changes as well as disabling the docroot will reduce the security. Or make sure that all php files are owned by users with userid's > 100.

Ok Till, i realise that...

Now i have on screen:

Internal Server Error
Mismatch between target UID (10260) and UID (0) of file "/var/www/typo3_src-4.0.4/index.php"

suPHP 0.6.2

Thanks for your help again. This his very hard, pfff.

I think this part can not be solved without copying the typo3 src directory to every website. SuPHP is a mechanism for running PHP scripts in a secure manner. This means that it checks every file if it is owned by the correct user, in our case the administrator of the website.

As you have a central place for the typo3 sources, this would mean that the same file, e.g. /var/www/typo3_src-4.0.4/index.php is owned by different users, which is not possible.

Till,

I, prepared my migration from php5mod to php5-cgi+suPHP very well, but I did not for see that this configuration was not possible. But, to be honest: This morning I came to the same conclusion.

The reason I switched to suPHP is for security reasons and to give more comfort to the clients.
Especially the clients who are using the populair Joomla as their CMS.

Now I am planning the following:

- Put the /etc/suphp.conf in its original state for security reasons.
- Put the TYPO3 core within /var/www/webX/ of each TYPO3 site, the TYPO3 site itself will be in: /var/www/webX/web/ with a symlink to the /webX folder above.

I expect that this will work.

Of course this is a little bit more work, in case I have to update the TYPO3 core, but this choice is a compromise and for me the best option at the moment.

I want to thank you for your wonderful support.
The inconvinious was maybe not so nice for some of my clients, but we are an experience richer!

I have given you my howto “How To Set Up suPHP On A Debian Etch Based ISPConfig Server” in return!

Apache can be configured to use either PHP5 or suPHP on a per virtual host basis.

For the TYPO3 websites on my server, i do not want suPHP.
Reason for this, is that TYPO3 will not function properly with suPHP enabled.

To get the TYPO3 sites up and running again, i need to know how i can configure Apache, so that the TYPO3 sites are using PHP and not suPHP.
Can anyone tell me how to do this?

I haven't tried this, but you could try to enable both the normal PHP module and the suPHP module in Apache, and in a suPHP vhost you'd use something like this:

suPHP_Engine on
suPHP_UserGroup testuser test
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php

And in a "normal" vhost, you'd use the normal PHP configuration. But it's possible that this doesn't work.

Otherwise, instead of using the normal PHP module, you could use the CGI version.

Falko,

Within /etc/apache2/vhosts/Vhosts_ispconfig.conf i have:

<VirtualHost 1.2.3.4:80>
ServerName www.domain.nl:80
ServerAdmin webmaster@domain.nl
DocumentRoot /var/www/web120/web
ServerAlias www.domain.org domain.nl domain.org
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Defa$
ScriptAlias /cgi-bin/ /var/www/web120/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web120/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
suPHP_Engine on
suPHP_UserGroup admin web120
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web120/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web120/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web120/user/$1/web/$3
</VirtualHost>

Maybe i am on the wrong track but i was thinking about enable php4 or 5 as a module as well (indeed).
And then put this in the vhost as published above (within /etc/apache2/vhosts/Vhosts_ispconfig.conf:


suPHP_Engine off
RemoveHandler .php
php_admin_flag engine on

Falko,

I did it!

First i enabled php5 as a module as well with:

a2enmod php5

And after that i restarted Apache with:

/etc/init.d/apache2 force-reload

Within ISPConfig, i added the next lines within the Apache directive field for the TYPO3 site:

suPHP_Engine off
RemoveHandler .php
php_admin_flag engine on


Now, i have PHP5-mod and PHP5-CGI+suPHP both on my server.
All the sites make use of this.

The TYPO3 site which is still setup like described here:

http://www.howtoforge.com/typo3_on_ispconfig

uses PHP5MOD in stead of PHP5-CGI+suPHP

This works!

One more question:
Why is it sometimes so difficult to find something very simple?

I was quiet busy the last couple of days, first the upgrade to Etch and the migration to php5-cgi+suPHP. But with php5mod as well, my server is very flexible! :)