HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Apache2 With mod_fcgid And PHP5 On Ubuntu 11.10 (http://www.howtoforge.com/forums/showthread.php?t=58137)

centurianii 31st July 2012 13:59

Apache2 With mod_fcgid And PHP5 On Ubuntu 11.10
 
Hello there,

I'm trying to setup suexec in a cloud environment following this article: http://www.howtoforge.com/how-to-set...n-ubuntu-11.10
My question is simple: I don't want to use virtual domains as the author suggests but rather virtual subdomains in the form: john.superbhosting.com, alice.superbhosting.com etc.
Moreover, i don't want to reload again and again the apache2 server.
I've read the apache documentation for virtual domains and subdomains but how should apply all this to my Ubuntu 11.10 server?

Thank you in advance!

falko 1st August 2012 14:05

I think this is what you're looking for: http://httpd.apache.org/docs/2.2/en/vhosts/mass.html

centurianii 1st August 2012 22:51

Apache mass virtual hosting and suExec
 
Thank you Falco for your fast answer!

I'm aware of this link from Apache documentation but I have some questions there: Apache suggests the use of httpd.conf file whereas you suggest to write files at /var/www/ directory. Which approach is better?

Apache suggest to use mod_vhost_alias or mod_rewrite. Is some method better than the other? I think the first one is simpler.

There is another think I'm wondering about after reading this article some time ago: http://jp-larocque.livejournal.com/49475.html

The writer implies that some php can run under suExec with user writes and some other "non-userdir FastCGI scripts" to NOT use suEXEC. For that reason he gives a hack, a FastCGI wrapper hack script at /usr/local/sbin/fastcgi-suexec-hack:
Code:

#!/bin/sh
# This hack exists exclusively to work around the restriction that
# FastCGI wrappers (e.g. suEXEC) are an all-or-nothing ordeal.  Thou
# shalt not enable wrappers for userdirs but not for the whole site.
# Thou shalt not configure non-userdir FastCGI scripts to use suEXEC
# or thou shall suffer my wrath of mysterious suexec policy violation
# notices for 7 generations.
a php library
username="$1"
group="$2"
application="$3"

case "$(pwd)/" in
/home/*/public_html/*)
        exec /usr/lib/apache2/suexec "$username" "$group" "$application";;
*)
        application_abs="$(readlink -f "$application")"
        exec "$application_abs";;
esac

(my first language is not English and I need Oxford dictionary to understand "thou shall"!!)

My question is this: can I mix user php code with user permissions with a php library that has boarder permissions and runs as a www-data or even a user from the sudoers group??:D
(some require_once headers should import the php library but what is required is the user NOT to be able to hack that library)

Thanks again!

falko 2nd August 2012 13:37

Quote:

Originally Posted by centurianii (Post 283118)
Thank you Falco for your fast answer!

I'm aware of this link from Apache documentation but I have some questions there: Apache suggests the use of httpd.conf file whereas you suggest to write files at /var/www/ directory. Which approach is better?

You're mixing things up - /var/www/ is the document root where you must upload your HTML, PHP files, images, etc. while httpd.conf (or apache2.conf) are configuration files for Apache.

centurianii 2nd August 2012 20:18

1)
Quote:

Originally Posted by falko (Post 283155)
You're mixing things up - /var/www/ is the document root where you must upload your HTML, PHP files, images, etc. while httpd.conf (or apache2.conf) are configuration files for Apache.

Yes, indeed!!
Correcting myself: you suggested to create files at /etc/apache2/sites-available/ in the form:
Code:

<VirtualHost *:80>
...
</VirtualHost>

whereas Apache suggests writing at httpd.conf....(?)
2)
At the wrapper script at /var/www/php-fcgi-scripts/web1/php-fcgi-starter, you wrote:
Code:

...
exec /usr/lib/cgi-bin/php

but look at my installation:
Code:

xxx@xxx:~$ ls -al /usr/lib/cgi-bin
total 7952
drwxr-xr-x  2 root root    4096 2012-06-11 22:24 .
drwxr-xr-x 56 root root  12288 2012-07-15 13:56 ..
lrwxrwxrwx  1 root root      29 2012-06-11 22:24 php -> /etc/alternatives/php-cgi-bin
-rwxr-xr-x  1 root root 8112496 2012-05-04 02:01 php5

and
Code:

xxx@xxx:~$ ls -al /usr/bin
...
-rwxr-xr-x  1 root  root    8112496 2012-05-04 02:01 php5-cgi
lrwxrwxrwx  1 root  root        25 2012-06-11 22:24 php-cgi -> /etc/alternatives/php-cgi
...

...why calling /etc/alternatives/php-cgi-bin and not:
Code:

exec /usr/lib/cgi-bin/php5
or,
Code:

exec /usr/bin/php5-cgi
instead??

centurianii 8th August 2012 18:39

(104)Connection reset by peer: mod_fcgid: error
 
Hi,

following Falco's tutorial I set up a new domain, I'll call it www.john.com and I tried to see the result when I hit my browser to www.john.com/info.php:
Code:

Title: 500 Internel Server Error
Message: Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@john.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

At my /var/log/apache2/error.log:
Code:

[Wed Aug 08 17:25:19 2012] [warn] [client xxx.xxx.xxx.xxx] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://www.john.com/
[Wed Aug 08 17:25:19 2012] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: info.php, referer: http://www.john.com/

From what I can see googling this error there is no simple solution or solution at all :(

falko 9th August 2012 15:00

Can you post your FCGI starter script, your vhost configuration, and your /etc/apache2/mods-available/fcgid.conf file?

centurianii 12th August 2012 09:41

Sorry for my delayed reply,

here is my data:
1) <root># cat /var/www/php-fcgi-scripts/john/php-fcgi-starter
Code:

#!/bin/sh
#in case we activate a per user php.ini
#PHPRC=/var/www/john/
PHPRC=/etc/php5/cgi/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php

2) <root># apache2ctl -S
Code:

VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                  is a NameVirtualHost
        default server superbhosting.com (/etc/apache2/sites-enabled/000-default:1)
        port 80 namevhost superbhosting.com (/etc/apache2/sites-enabled/000-default:1)
        port 80 namevhost www.alice.com (/etc/apache2/sites-enabled/alice:1)
        port 80 namevhost www.john.com (/etc/apache2/sites-enabled/john:1)
Syntax OK

Attention: my testing refers to www.john.com which in fact is another domain officially registered and activated (NS, A, CNAME records).
When I hit my browser at www.john.com I can see:
Code:

Index of /
[ICO]        Name        Last modified        Size        Description
[ ]        info.php        08-Aug-2012 09:53        38

When I hit at www.john.com/info.php there is an error!

3) cat /etc/apache2/mods-available/fcgid.conf
Code:

<IfModule mod_fcgid.c>
  AddHandler    fcgid-script .fcgi
  FcgidConnectTimeout 20
  PHP_Fix_Pathinfo_Enable 1
</IfModule>

4) what is installed?
<root># dpkg-query -l '*apache2*'
Code:

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                          Version                        Description
+++-==============================-==============================-============================================================================
ii  apache2                        2.2.20-1ubuntu1.2              Apache HTTP Server metapackage
un  apache2-common                <none>                        (no description available)
un  apache2-doc                    <none>                        (no description available)
un  apache2-mpm                    <none>                        (no description available)
un  apache2-mpm-event              <none>                        (no description available)
un  apache2-mpm-itk                <none>                        (no description available)
un  apache2-mpm-prefork            <none>                        (no description available)
ii  apache2-mpm-worker            2.2.20-1ubuntu1.2              Apache HTTP Server - high speed threaded model
ii  apache2-suexec                2.2.20-1ubuntu1.2              Standard suexec program for Apache 2 mod_suexec
un  apache2-suexec-custom          <none>                        (no description available)
ii  apache2-utils                  2.2.20-1ubuntu1.2              utility programs for webservers
ii  apache2.2-bin                  2.2.20-1ubuntu1.2              Apache HTTP Server common binary files
ii  apache2.2-common              2.2.20-1ubuntu1.2              Apache HTTP Server common files
un  libapache2-mod-apparmor        <none>                        (no description available)
un  libapache2-mod-auth-kerb      <none>                        (no description available)
ii  libapache2-mod-fcgid          1:2.3.6-1+squeeze1build0.11.10 an alternative module compat with mod_fastcgi

<root># dpkg-query -l '*php*'
Code:

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                              Version                          Description
+++-=================================-=================================-==================================================================================
un  php-pear                          <none>                            (no description available)
ii  php5-cgi                          5.3.6-13ubuntu3.7                server-side, HTML-embedded scripting language (CGI binary)
ii  php5-common                      5.3.6-13ubuntu3.7                Common files for packages built from the php5 source
un  php5-json                        <none>                            (no description available)
un  php5-mhash                        <none>                            (no description available)
un  php5-suhosin                      <none>                            (no description available)
un  phpapi-20090626                  <none>                            (no description available)

Hope this helps!

centurianii 12th August 2012 23:04

I believe I should give my permissions-I started with umask=0077 but I changed it to 744 permissions for user john-so, let's see it:

Code:

<root># ls -al /var/www/php-fcgi-scripts
total 16
drwxr--r-- 4 root  root  4096 2012-07-30 15:19 .
drwxr-xr-x 5 root  root  4096 2012-07-30 15:19 ..
drwxr--r-- 2 alice alice 4096 2012-07-30 15:26 alice
drwxr--r-- 2 john  john  4096 2012-07-30 15:24 john

Code:

<root># ls -al /var/www/php-fcgi-scripts/john
total 12
drwxr--r-- 2 john john 4096 2012-07-30 15:24 .
drwxr--r-- 4 root root 4096 2012-07-30 15:19 ..
-rwxr-xr-x 1 john john  200 2012-08-08 17:45 php-fcgi-starter

Code:

<root># ls -al /etc/apache2/sites-available/
total 32
drwxr-xr-x 2 root root 4096 2012-08-12 16:13 .
drwxr-xr-x 8 root root 4096 2012-08-12 13:52 ..
-rw-r--r-- 1 root root  590 2012-08-07 08:07 alice
-rw-r--r-- 1 root root  950 2012-02-14 16:35 default
-rw-r--r-- 1 root root 7469 2012-02-14 16:35 default-ssl
-rwxr--r-- 1 root root  584 2012-08-07 08:08 john


centurianii 13th August 2012 00:22

I have to report another error after I installed and unistalled apache2-suexec-custom:
Code:

<root># service apache2 restart
Syntax error on line 8 of /etc/apache2/sites-enabled/john:
Invalid command 'SuexecUserGroup', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
  ...fail!

If I disable john's site then apache can do a restart!
This error wasn't before, so what's going wrong now I wonder?


All times are GMT +2. The time now is 05:54.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.