HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   suphp + ssl runs as www-data (http://www.howtoforge.com/forums/showthread.php?t=48891)

staatslot 19th September 2010 15:04

suphp + ssl runs as www-data
 
Hi all,

I think I've found a nasty bug in ISPconfig 3.0.2.2.
When a site that has suphp enabled runs at port 443 (SSL) php doens't run as the suphp user, but as www-data. When displaying that same site at port 80 (with no settings altered) it runs as the suphp user.

I took a look at the vhost file of the sites I noticed this difference:

PORT 80
Code:

    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # suphp enabled
    <Directory /var/www/clients/client17/web22/web>
        suPHP_Engine on
        # suPHP_UserGroup web22 client17
        AddHandler x-httpd-suphp .php .php3 .php4 .php5
        suPHP_AddHandler x-httpd-suphp
    </Directory>

PORT 443
Code:

    suPHP_Engine on
    # suPHP_UserGroup web22 client17
    AddHandler x-httpd-suphp .php .php3 .php4 .php5
    suPHP_AddHandler x-httpd-suphp

The configuration file (php.ini) path is also different for both ports when running phpinfo().
PORT 80
Code:

/etc/php5/cgi
PORT 443
Code:

/etc/php5/apache2
Changing the vhost files does the trick, so my best guess is ISPconfig is lacking to write the correct code to the vhost file for the SSL part of a website.

Any help is very much appreciated!

till 19th September 2010 15:16

You can change the code for the vhost in /usr/local/ispconfig/server/conf/vhost.conf.master

staatslot 19th September 2010 15:51

thanks Till, I changed that file and now it works fine!
Maybe something to fix for the next major release?

Thanks a lot!

till 19th September 2010 16:06

I will add it to the bugtracker.

u4david 21st September 2010 03:12

Could you drop more detail on this fix?
 
just little more detail .Thank you.

staatslot 22nd September 2010 10:36

Quote:

Originally Posted by u4david (Post 239816)
just little more detail .Thank you.

no problem.
Open the /usr/local/ispconfig/server/conf/vhost.conf.master file on your webserver, not the server ispconfig is running. Browse to the part that reads
Code:

###########################################################
# SSL Vhost
###########################################################

locate this piece of code:
Code:

<tmpl_if name='suexec'op='==' value='y'>
    # suexec enabled
    SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
</tmpl_if>

beneath it repace with:

Code:

# Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
<tmpl_if name='php' op='==' value='mod'>
    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
    php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
    php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
    # suphp enabled
    <Directory {tmpl_var name='web_document_root'}>
        suPHP_Engine on
        # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
        AddHandler x-httpd-suphp .php .php3 .php4 .php5
        suPHP_AddHandler x-httpd-suphp
    </Directory>
</tmpl_if>

that does the trick. but according to till it will be fixed in a next release as he added it to the bugtracker.

u4david 22nd September 2010 14:47

Thank you
 
Thank you that will do.


All times are GMT +2. The time now is 22:09.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.