HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=19)
-   -   fastcgi and php on Debian etch walkthrough (http://www.howtoforge.com/forums/showthread.php?t=12302)

meemu 24th April 2007 19:51

fastcgi and php on Debian etch walkthrough
 
Debian 4.0 etch is the new stable distribution. Noteably, Debian has switched to version 2.2 of apache2. The following walkthrough shows how to setup php running inside the fastcgi apache2 module on this new Debian release.

This walkthrough is based on http://www.howtoforge.com/forums/showthread.php?t=4606 with the following exceptions:
  • use Debian PHP5 or PHP4 pre-compiled binary
  • does not require support for the imuteable bit
  • uses apache 2.2
  • and Debian 4.0 etch
Refer to the original instructions where this walkthrough does not make sense.



For simplicity's sake, this is all done as root. Usually, Debian people recommend using a normal unprivileged account for compiling things and getting package sources.
  • Install apache2.2 and download sources
Code:

apt-get install apache2.2-common apache2-threaded-dev apache2-mpm-worker
mkdir /root/install
cd /root/install
apt-get source apache2.2-common
cd apache2-2.2.3/
debian/rules
./configure

The last step will set the configuration options to the Debian defaults.
  • Patch suexec

Code:

cd support
vi suexec.c

Change accordingly, Line 567 (first and last line of this snippet).
Code:

/* no file owner check
    if ((uid != dir_info.st_uid) ||
        (gid != dir_info.st_gid) ||
 
 
        (uid != prg_info.st_uid) ||
        (gid != prg_info.st_gid)) {
        log_err("target uid/gid (%ld/%ld) mismatch "
                "with directory (%ld/%ld) or program (%ld/%ld)\n",
                uid, gid,
                dir_info.st_uid, dir_info.st_gid,
                prg_info.st_uid, prg_info.st_gid);
        exit(120);
    }
  */

  • Compile and "install" suexec
Code:

make suexec
mkdir -p /usr/local/lib/apache2/
cp suexec /usr/local/lib/apache2/suexec-fcgi
chown root.root /usr/local/lib/apache2/suexec-fcgi
chmod 4755 /usr/local/lib/apache2/suexec-fcgi

Checking the permissions on the file should look like this
Code:

stat /usr/local/lib/apache2/suexec-fcgi
  File: `/usr/local/lib/apache2/suexec-fcgi'
  Size: 24675          Blocks: 56        IO Block: 131072 regular file
Device: 803h/2051d      Inode: 73997      Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)  Gid: (    0/    root)
Access: 2007-04-24 07:24:21.000000000 +0100
Modify: 2007-04-20 13:30:09.000000000 +0100
Change: 2007-04-23 14:09:09.000000000 +0100

  • Install libapache2-mod-fastcgi

The libapache2-mod-fastcgi package is in the non-free section of the Debian repositories. If it's not there yet change your entry in /etc/apt/sources.list from

Code:

deb http://ftp.uk.debian.org/debian/ stable main
to

Code:

deb http://ftp.uk.debian.org/debian/ stable main non-free contrib
Contrib can be useful too sometimes.

Then install fastcgi

Code:

apt-get install libapache2-mod-fastcgi
And configure apache to use it

Code:

a2enmod fastcgi

Now to the configuration of mod_fastcgi. The following allows us to keep the php-fastcgi-starter outside of what the user can access or modify.

Code:

# /etc/apache2/mods-enabled/fastcgi.conf
<IfModule mod_fastcgi.c>
        #AddHandler fastcgi-script .fcgi
        #FastCgiWrapper /usr/lib/apache2/suexec2
        #FastCgiIpcDir /var/lib/apache2/fastcgi

        #temporary sockets are stored here, this must be at the top!
        FastCgiIpcDir /var/lib/apache2/fastcgi

        #config
        FastCgiConfig -pass-header Authorization

        FastCgiWrapper /usr/local/lib/apache2/suexec-fcgi

        #php

        AddHandler php-fastcgi .php .php3 .php4 .php5 .phtml .phps
        <Location /php-fastcgi/php-fcgi-starter>
                SetHandler fastcgi-script
                Options +ExecCGI
        </Location>
        Action php-fastcgi /php-fastcgi/php-fcgi-starter

        #perl
        #TODO

        ##ISPConfig add this by the installtion of it

        ##ISPConfig INSTALL## AddType ##ISPConfig INSTALL## application/x-httpd-php .php

        <Directory "/var/www/">
                AllowOverride None
                Options +ExecCGI -MultiViews -Indexes
                Order allow,deny
                Allow from all
        </Directory>
</IfModule>

  • Install PHP4 and PHP5
Using the PHP from Debian packages makes is easier to maintain and upgrade the system. To install use

Code:

apt-get install php4-cgi php5-cgi php4-mysql php5-mysql
Edit the default configuration files and enable safe_mode and set open_basedir to /var/www. More importantly, add this to both files (/etc/php4/cgi/php.ini and /etc/php5/cgi/php.ini)
Code:

cgi.fix_pathinfo=1
(Note: I am not sure this is necessary)

Create the php-fastcgi starter script
(at this point worth mentioning that ISPConfig should already be installed)
Code:

/root/ispconfig/scripts/php-fcgi-starter
#!/bin/sh
PHPRC="/etc/php5/cgi/"
export PHPRC
PHP_FCGI_CHILDREN=3
export PHP_FCGI_CHILDREN
exec /usr/bin/php5-cgi

and
Code:

chown root.root /root/ispconfig/scripts/php-fcgi-starter
chmod 0755 /root/ispconfig/scripts/php-fcgi-starter

Now patch ISPConfig to use php-fastcgi instead of the php module and create the starter in the right place. This patch also changes the default permissions of new web sites to 750 and adds www-data to every group created by ISPConfig.

Apply this patch to
/root/ispconfig/scripts/lib/config.lib.php

Code:

1119c1119
1119c1119
<
---
>
1120a1121,1123
>  //mimo http://www.howtoforge.org/forums/showthread.php?t=4375
>  // add www user to each new group
>  $mod->system->add_user_to_group("web".$doc_id,$apache_user);
1127a1131,1135
>
>    //mimo 2nd part
>    exec("chmod 750 $web_path");
>    exec("chmod 750 $web_path_realname");
>
1385a1394,1405
>        //FASTCGI (here we could add a handler for different versions of php and php.ini files
>      //FASTCGI Modification
>      #$fcgip = $mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"];
>      $fcgip = $mod->system->server_conf["server_path_httpd_root"]."/php-fastcgi/"."web".$web["doc_id"];
>      if(!file_exists($fcgip."/php-fcgi-starter")) {
>              $mod->log->msg("creating $fcgip"."/php-fcgi-starter");
>              if(!file_exists($fcgip)) {
>                      exec("mkdir -p $fcgip");
>              }
>              exec("cp -p /root/ispconfig/scripts/php-fcgi-starter ".$fcgip."/ && chown root:root ".$fcgip."/php-fcgi-starter");
>      }
>
1387c1407,1410
<        $php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
---
>      // FASTCGI
>        //$php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
>      #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>      $php = "ScriptAlias /php-fastcgi/ $fcgip\n";
1390a1414,1415
>                #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>                $php = "ScriptAlias /php-fastcgi/ $fcgip/\n";
1423a1449,1450
> //disbaled FASTCGI
> /*
1432a1460
> */
2513c2541
< ?>
\ No newline at end of file
---
> ?>
1119c1119
<
---
>
1120a1121,1123
>  //mimo http://www.howtoforge.org/forums/showthread.php?t=4375
>  // add www user to each new group
>  $mod->system->add_user_to_group("web".$doc_id,$apache_user);
1127a1131,1135
>
>    //mimo 2nd part
>    exec("chmod 750 $web_path");
>    exec("chmod 750 $web_path_realname");
>
1385a1394,1405
>        //FASTCGI (here we could add a handler for different versions of php and php.ini files
>      //FASTCGI Modification
>      #$fcgip = $mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"];
>      $fcgip = $mod->system->server_conf["server_path_httpd_root"]."/php-fastcgi/"."web".$web["doc_id"];
>      if(!file_exists($fcgip."/php-fcgi-starter")) {
>              $mod->log->msg("creating $fcgip"."/php-fcgi-starter");
>              if(!file_exists($fcgip)) {
>                      exec("mkdir -p $fcgip");
>              }
>              exec("cp -p /root/ispconfig/scripts/php-fcgi-starter ".$fcgip."/ && chown root:root ".$fcgip."/php-fcgi-starter");
>      }
>
1387c1407,1410
<        $php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
---
>      // FASTCGI
>        //$php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
>      #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>      $php = "ScriptAlias /php-fastcgi/ $fcgip\n";
1390a1414,1415
>                #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>                $php = "ScriptAlias /php-fastcgi/ $fcgip/\n";
1423a1449,1450
> //disbaled FASTCGI
> /*
1432a1460
> */
2513c2541
< ?>
\ No newline at end of file
---
> ?>

Create the base directory for the php-fastcgi starter scripts. The idea is to have a separate one for each web site so that later on it is possible to chose the version and settings of PHP on a per site basis.

Code:

mkdir /var/www/php-fastcgi
chown root.root /var/www/php-fastcgi

  • Finally, start or restart apache2. All done!

For new web sites ISPConfig will create this structure


/var/www/--+/webX/ <- normal content, user has full access
/var/www/--+/php-fastcgi/webX/php-fastcgi-starter

till 24th April 2007 20:49

Thank you for the howto. I moved it to the tipps & tricks forum. I will try to implement your patch in the ISPConfig dev branch as php configuration option.

falko 25th April 2007 13:50

Do you think you can create a tutorial and submit it? http://www.howtoforge.com/add_howto
That would be great! :)

linickx 27th April 2007 17:07

Quote:

Originally Posted by till
I will try to implement your patch in the ISPConfig dev branch as php configuration option.

Hi Till, out of interest, what would the rough timescales of this be: 1week, 1month, 1year, ? ( *expecting* "when we're ready", but it doesn't hurt to ask )

I'm currently working on fastcgi packages ( php-binary & httpd_module ) for CentOS 4.4 (As I can't find any pre-build packages, you lucky debian people ! :p ), but I haven't yet figured how to config it properly, this could save me a whole load of hassle :)

EDIT:
Found Mod_fastcgi.rpm on this blokes website: http://www.city-fan.org/ftp/contrib/websrv/
I've built a php-fcgi binary avilable here: http://www.linickx.com/files/rpm/whi...2.4.1.i386.rpm

Code:

[root@www tmp]# /usr/bin/php-fcgi -v
PHP 4.3.9 (cgi-fcgi) (built: Apr 27 2007 11:41:10)
Copyright (c) 1997-2004 The PHP Group


Taguapire 9th May 2007 06:50

Why
 
Why use fastcgi instead PHP module?

Faster?

Better security?

Regards,

Taguapire

till 9th May 2007 11:06

fastcgi is not faster the mod_php, but it allows to run php under the admin user of the websites instead of the apache user.

linickx 9th May 2007 11:18

like suphp, except apc ,eaccelerator and xcache appear to support fast-cgi .

redhat-like users might be interested in reading this php bug before using fast-cgi tho.

Ovidiu 9th May 2007 11:51

would this be the solution to allow my users who use fastcgi to kill their own processes? sometimes I am required to killall -9 dispatch.fcgi because they make some bigger changes in their scripts...

also I'd like to ask a question about the settings of fastcgi:

I am trying to use these config options:

Quote:

-maxClassProcesses n (10)
The maximum number of dynamic FastCGI application instances allowed to run for any one FastCGI application. It must be <= to -maxProcesses (this is not programmatically enforced).
-maxProcesses n (50)
The maximum total number of dynamic FastCGI application instances allowed to run at any one time. It must be >= to -maxClassProcesses (this is not programmatically enforced).
The first option limits the number of children of a certain script (I guess determined by the name) the second one limits the total number of active children.
BUT if I set a limit for the first one, this does not work out for me as my different instances all have the same name: dispatch.fcgi so if I set option#1 to 2 because I want each "scritp" running max. 2 times in parallel I won't be able to have more than 2 dispatch.fcgi in total on my system...

Is there a workaround or did I udnerstand thsi wrong?

meemu 15th May 2007 11:03

did you do ?
Code:

cd apache2-2.2.3/
debian/rules

and
Code:

apt-get install apache2.2-common apache2-threaded-dev apache2-mpm-worker
I think it could be apache2-threaded-dev that is missing

mtuser 15th May 2007 11:23

apt-get source apache2.2-common
Quote:

Fetched 6452kB in 36s (175kB/s)
gpg: Signature made Mon 15 Jan 2007 11:11:06 PM ICT using DSA key ID 5E0577F2
gpg: Can't check signature: public key not found
dpkg-source: extracting apache2 in apache2-2.2.3
dpkg-source: unpacking apache2_2.2.3.orig.tar.gz
dpkg-source: applying ./apache2_2.2.3-3.2build1.diff.gz
root@srvguest:/root/install#
is this any problem?
Quote:

root@srvguest:/root/install/apache2-2.2.3# debian/rules
test -d debian/patched || install -d debian/patched
dpatch apply-all
applying patch 001_branding to ./ ... ok.
applying patch 002_apachectl to ./ ... ok.
applying patch 004_usr_bin_perl_0wnz_j00 to ./ ... ok.
applying patch 008_make_include_safe to ./ ... ok.
applying patch 009_apache2_has_dso to ./ ... ok.
applying patch 010_fhs_compliance to ./ ... ok.
applying patch 017_fix_ipv6 to ./ ... ok.
applying patch 031_apxs2_sucks_more to ./ ... ok.
applying patch 032_suexec_is_shared to ./ ... ok.
applying patch 033_dbm_read_hash_or_btree to ./ ... ok.
applying patch 034_apxs2_libtool_fixtastic to ./ ... ok.
applying patch 038_no_LD_LIBRARY_PATH to ./ ... ok.
applying patch 042_htdigest_CAN-2005-1344 to ./ ... ok.
applying patch 043_ajp_connection_reuse to ./ ... ok.
applying patch 099_config_guess_sub_update to ./ ... ok.
dpatch cat-all >>patch-stampT
mv -f patch-stampT patch-stamp
root@srvguest:/root/install/apache2-2.2.3#
i already installed apache2.2-common apache2-threaded-dev apache2-mpm-worker
Quote:

root@srvguest:/root/install/apache2-2.2.3# cd support
root@srvguest:/root/install/apache2-2.2.3/support# pico suexec.c
root@srvguest:/root/install/apache2-2.2.3/support# make suexec
cc suexec.c -o suexec
suexec.c:33:17: error: apr.h: No such file or directory
suexec.c:34:23: error: ap_config.h: No such file or directory
In file included from suexec.c:35:
suexec.h:31:30: error: ap_config_layout.h: No such file or directory
suexec.c: In function ‘err_output’:
suexec.c:154: error: ‘DEFAULT_EXP_LOGFILEDIR’ undeclared (first use in this function)
suexec.c:154: error: (Each undeclared identifier is reported only once
suexec.c:154: error: for each function it appears in.)
suexec.c:154: error: expected ‘)’ before string constant
suexec.c:154: error: too few arguments to function ‘fopen’
suexec.c: In function ‘main’:
suexec.c:278: warning: assignment makes pointer from integer without a cast
suexec.c:293: error: dereferencing pointer to incomplete type
suexec.c:297: error: ‘DEFAULT_EXP_HTDOCSDIR’ undeclared (first use in this function)
suexec.c:306: error: ‘DEFAULT_EXP_LOGFILEDIR’ undeclared (first use in this function)
suexec.c:306: error: expected ‘)’ before string constant
suexec.c:346: error: dereferencing pointer to incomplete type
suexec.c:347: error: dereferencing pointer to incomplete type
suexec.c:378: warning: assignment makes pointer from integer without a cast
suexec.c:384: warning: assignment makes pointer from integer without a cast
suexec.c:394: warning: assignment makes pointer from integer without a cast
suexec.c:398: error: dereferencing pointer to incomplete type
suexec.c:399: error: dereferencing pointer to incomplete type
suexec.c:436: error: dereferencing pointer to incomplete type
suexec.c:437: error: dereferencing pointer to incomplete type
suexec.c:438: error: dereferencing pointer to incomplete type
suexec.c:494: warning: comparison between pointer and integer
suexec.c:502: warning: comparison between pointer and integer
suexec.c:510: warning: comparison between pointer and integer
suexec.c:636: error: ‘errno’ undeclared (first use in this function)
make: *** [suexec] Error 1
root@srvguest:/root/install/apache2-2.2.3/support#


All times are GMT +2. The time now is 09:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.