HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Smalltalk (http://www.howtoforge.com/forums/forumdisplay.php?f=11)
-   -   Installing Joomla 2.5.6 using Mod-PHP (http://www.howtoforge.com/forums/showthread.php?t=58125)

Nap 30th July 2012 13:04

Installing Joomla 2.5.6 using Mod-PHP
 
Hi
I am trying to install Joomla 2.5.6 on my server using Mod-PHP handler but the installer goes into an infinite loop after I select the language.

When I choose to use FastCGI instead (done through ISPConfig) and wait a bit for the cache/buffer to clear, the Joomla installer DOES NOT loop indefinately but actually makes it to the next screen where it shows me the php setting I have. Here it shows "output_buffering" on and recommends I turn it off. Which I can easily do via the default php.ini for the server.

But here is where my dilema starts.

The reason for needing to use Mod-PHP rather than FastCGI is that Mod-PHP enables the use of PHP settings inside .htaccess files. This is a critical feature I need at this point in time.
You see, I have some scripts that need register_globals and magic_quotes_gpc on for them to work. I am not in a position at the moment to fix them. Perhaps some time in the future, but not right now.

Mod-PHP allows me to set my php.ini file for a more secure server setup, ie by having register_globals and magic_quotes_gpc OFF by default, and then turn them on where required via .htaccess inside specific folders.

However, if I use FastCGI, I can't control php settings on a per folder basis. I only have the option to set php.ini settings on a site basis. This is unsatisfactory for me.

I've been a Joomla (pre-version 2) user for a number of years now on a server running Mod-PHP, and would like to continue with Joomla. But if it's not going to work, then I have to look at another CMS.

1) Has anyone been able to install Joomla 2.5.6 (or similar version) using Mod-PHP? How did you do it?
2) If I've miss understood something here, please feel free to enlighten me.

Cheers,
Nap

till 30th July 2012 13:15

Website specific php settings are avalable for fastcgi in ISPConfig 3, so there is no need to use mod_php for a website at all and its also quite insecure. The security that you think to add by using folder specific php settings are completely lost by the use of mod_php, so at the end your site is more insecure.

1) Change php mode of the website to fastcgi
2) Enable the suexec checkbox in the website settings.
3) Set the php options that you want to have for this specific website in the custom php.ini field on the options tab of the website settings.
4) Install joomla.

Nap 30th July 2012 13:40

Hi Till, thnx.

With FastCGI, the install is fine. There are other reasons for needing to use Mod-PHP.

I am not satisfied with site specific settings, because from the site owners' point of view, they are global settings. I need the option of being able to loosen up the security on certain folders only, not the whole site.

I use register_globals ON for a forked version of an OS web app (located in a sub-folder of the webroot folder) through .htaccess.
Is this making my whole site at higher risk? I think it's only that app. that can be attacked with register_globals type exploits.
That script has been on a live site for 6 years now without being hacked, so I'm not concerned about it. I have more urgent things to do at the moment (check my postings concerning pure-ftp/TSL issues).

Is there something I've misunderstood here about PHP?

Nap

till 30th July 2012 13:50

Using mod_php is a much higher risk for the following reasons:

1) It runs the site under the apache user and not the website specific user, so if your site gets hacked, then the hacker can infect all other sites on your server easily.
2) With mod_php you have to run very "open" chmod settings to make folders workd writable for joomla which is not required for fastcgi / suexec.
3) If you want to isolate apps, then you put them in a separate subdomain and not a subfolder.

Nap 30th July 2012 14:02

so I can set custom php settings for the sub-domain, like I can for the domain itself?

but that doesn't eliminate the risk to the whole server (like you mentioned).

till 30th July 2012 14:08

Quote:

so I can set custom php settings for the sub-domain, like I can for the domain itself?
Yes.

Quote:

but that doesn't eliminate the risk to the whole server (like you mentioned).
That reduces the risk a lot because fastcgi runs a separate php process for each website under a separate linux system user while mod_php runs one php process inside apache which is used for all websites and which uses the same linux system user. So with fastcgi and suexec, you have separated php processes and also separate linux users so the full linux file system permission restrictions apply for each website.

Nap 30th July 2012 14:11

I'll have a go at using a sub-domain.


I'm looking in the default php.ini file at output_buffer as it was setup by ISPConfig. It has a value of 4096. Joomla is asking that I turn it off.

What do you recommend I do?

SamTzu 12th January 2013 12:50

Forget mod-php and use su-php. So far it suits Joomla best. ISPConfig 3.0.5 comes with php-fpm. Does anyone have any experience using it with Joomla?

falko 13th January 2013 12:54

Quote:

Originally Posted by SamTzu (Post 290678)
Does anyone have any experience using it with Joomla?

No problems with nginx + PHP-FPM. Works like a charm. :)

sakry 30th August 2013 10:11

im having the same problem


All times are GMT +2. The time now is 11:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.