HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Feature Requests (http://www.howtoforge.com/forums/forumdisplay.php?f=17)
-   -   apache2-mpm-itk (http://www.howtoforge.com/forums/showthread.php?t=25918)

Ben 10th August 2008 18:16

apache2-mpm-itk
 
Hi till / falko,

how about implementing apache2-mpm-itk for IPSConfig3?
Looks seen from the security side really good...

http://mpm-itk.sesse.net/
http://blog.stuartherbert.com/php/20...shared-server/

till 31st August 2008 10:04

Looks interesting. Does anybody have tested this how it performs for a larger number of vhosts e.g. 100 - 20 performance and ram wise? The project is also marked as experimental at the moment.

Implementing this in ISPConfig 3 should be easy and could be most likely done by simply changing the apache configuration template without programming.

bjarne-j 3rd October 2008 00:23

Would it be possible to add mpm-itk support in ISPConfig 2 ?

mpm-itk sounds like a great way of dealing with PHP-security without sacrificing too much performance.

grungy 5th January 2009 15:32

I am running mpm-itk for 8 months now and I love it, to ad mpm-itk support to ISPCONFIG it is a matter of modifying apache templates to add:

<IfModule mpm_itk_module>
AssignUserId {SUEXEC_USER} {SUEXEC_GROUP}
</IfModule>

and for domains/subdomains.

p.s. you have to install mpm-itk apache - apt-get install apache2-mpm-itk

and that will remove your current apache

archerjd 7th January 2009 02:07

Could these settings be applied during the install of ISPC3?
E.g. the installer auto-detects which mpm you have installed?

I could see adding this capability definitely, but in the case that a site has an issue with it you should be able to turn it off. This could be done safely by removing the user directives from the vhost. When mpm-itk doesn't see the directives in Debian it just defaults to www-data:www-data.
I have used it with success and have been very happy with it for the experimental sites I have been testing but I haven't actually put it into production. The advantages you would have are phenomenal not to mention web applications that implement the DAV protocol.

grungy 7th January 2009 08:09

Quote:

Originally Posted by archerjd (Post 163304)
Could these settings be applied during the install of ISPC3?
E.g. the installer auto-detects which mpm you have installed?

I could see adding this capability definitely, but in the case that a site has an issue with it you should be able to turn it off. This could be done safely by removing the user directives from the vhost. When mpm-itk doesn't see the directives in Debian it just defaults to www-data:www-data.
I have used it with success and have been very happy with it for the experimental sites I have been testing but I haven't actually put it into production. The advantages you would have are phenomenal not to mention web applications that implement the DAV protocol.

Last night modified the template ISPCPNFIG vhost template to to add mpm-itk directives ad it works....

archerjd 7th January 2009 20:17

I noticed that you can't use shared applications, e.g phpMyAdmin. Am I wrong or is there a way around this?

grungy 8th January 2009 09:18

Quote:

Originally Posted by archerjd (Post 163461)
I noticed that you can't use shared applications, e.g phpMyAdmin. Am I wrong or is there a way around this?

there is a way around this, I know I solved this some time ago, I think it was with phptmp dir - php_admin_value upload_tmp_dir

grungy 9th January 2009 11:05

Quote:

Originally Posted by grungy (Post 163005)
I am running mpm-itk for 8 months now and I love it, to ad mpm-itk support to ISPCONFIG it is a matter of modifying apache templates to add:

<IfModule mpm_itk_module>
AssignUserId {SUEXEC_USER} {SUEXEC_GROUP}
</IfModule>

and for domains/subdomains.

p.s. you have to install mpm-itk apache - apt-get install apache2-mpm-itk

and that will remove your current apache


actually for ispconfig you have to add:

<IfModule mpm_itk_module>
AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
</IfModule>

grungy 12th January 2009 12:42

Feature request for mpm-itk - http://bugtracker.ispconfig.org/inde...=428&project=3


All times are GMT +2. The time now is 16:03.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.