Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th April 2007, 19:51
meemu meemu is offline
Member
 
Join Date: Apr 2007
Posts: 39
Thanks: 2
Thanked 8 Times in 5 Posts
Default fastcgi and php on Debian etch walkthrough

Debian 4.0 etch is the new stable distribution. Noteably, Debian has switched to version 2.2 of apache2. The following walkthrough shows how to setup php running inside the fastcgi apache2 module on this new Debian release.

This walkthrough is based on http://www.howtoforge.com/forums/showthread.php?t=4606 with the following exceptions:
  • use Debian PHP5 or PHP4 pre-compiled binary
  • does not require support for the imuteable bit
  • uses apache 2.2
  • and Debian 4.0 etch
Refer to the original instructions where this walkthrough does not make sense.



For simplicity's sake, this is all done as root. Usually, Debian people recommend using a normal unprivileged account for compiling things and getting package sources.
  • Install apache2.2 and download sources
Code:
apt-get install apache2.2-common apache2-threaded-dev apache2-mpm-worker
mkdir /root/install
cd /root/install
apt-get source apache2.2-common
cd apache2-2.2.3/
debian/rules
./configure
The last step will set the configuration options to the Debian defaults.
  • Patch suexec

Code:
cd support
vi suexec.c
Change accordingly, Line 567 (first and last line of this snippet).
Code:
/* no file owner check
    if ((uid != dir_info.st_uid) ||
        (gid != dir_info.st_gid) ||
 
 
        (uid != prg_info.st_uid) ||
        (gid != prg_info.st_gid)) {
        log_err("target uid/gid (%ld/%ld) mismatch "
                "with directory (%ld/%ld) or program (%ld/%ld)\n",
                uid, gid,
                dir_info.st_uid, dir_info.st_gid,
                prg_info.st_uid, prg_info.st_gid);
        exit(120);
    }
  */
  • Compile and "install" suexec
Code:
make suexec
mkdir -p /usr/local/lib/apache2/
cp suexec /usr/local/lib/apache2/suexec-fcgi
chown root.root /usr/local/lib/apache2/suexec-fcgi
chmod 4755 /usr/local/lib/apache2/suexec-fcgi
Checking the permissions on the file should look like this
Code:
stat /usr/local/lib/apache2/suexec-fcgi
  File: `/usr/local/lib/apache2/suexec-fcgi'
  Size: 24675           Blocks: 56         IO Block: 131072 regular file
Device: 803h/2051d      Inode: 73997       Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2007-04-24 07:24:21.000000000 +0100
Modify: 2007-04-20 13:30:09.000000000 +0100
Change: 2007-04-23 14:09:09.000000000 +0100
  • Install libapache2-mod-fastcgi

The libapache2-mod-fastcgi package is in the non-free section of the Debian repositories. If it's not there yet change your entry in /etc/apt/sources.list from

Code:
deb http://ftp.uk.debian.org/debian/ stable main
to

Code:
deb http://ftp.uk.debian.org/debian/ stable main non-free contrib
Contrib can be useful too sometimes.

Then install fastcgi

Code:
apt-get install libapache2-mod-fastcgi
And configure apache to use it

Code:
a2enmod fastcgi

Now to the configuration of mod_fastcgi. The following allows us to keep the php-fastcgi-starter outside of what the user can access or modify.

Code:
# /etc/apache2/mods-enabled/fastcgi.conf
<IfModule mod_fastcgi.c>
         #AddHandler fastcgi-script .fcgi
         #FastCgiWrapper /usr/lib/apache2/suexec2
         #FastCgiIpcDir /var/lib/apache2/fastcgi

        #temporary sockets are stored here, this must be at the top!
        FastCgiIpcDir /var/lib/apache2/fastcgi

        #config
        FastCgiConfig -pass-header Authorization

        FastCgiWrapper /usr/local/lib/apache2/suexec-fcgi

        #php

        AddHandler php-fastcgi .php .php3 .php4 .php5 .phtml .phps
        <Location /php-fastcgi/php-fcgi-starter>
                SetHandler fastcgi-script
                Options +ExecCGI
        </Location>
        Action php-fastcgi /php-fastcgi/php-fcgi-starter

        #perl
        #TODO

        ##ISPConfig add this by the installtion of it

        ##ISPConfig INSTALL## AddType ##ISPConfig INSTALL## application/x-httpd-php .php

        <Directory "/var/www/">
                AllowOverride None
                Options +ExecCGI -MultiViews -Indexes
                Order allow,deny
                Allow from all
        </Directory>
</IfModule>
  • Install PHP4 and PHP5
Using the PHP from Debian packages makes is easier to maintain and upgrade the system. To install use

Code:
apt-get install php4-cgi php5-cgi php4-mysql php5-mysql
Edit the default configuration files and enable safe_mode and set open_basedir to /var/www. More importantly, add this to both files (/etc/php4/cgi/php.ini and /etc/php5/cgi/php.ini)
Code:
cgi.fix_pathinfo=1
(Note: I am not sure this is necessary)

Create the php-fastcgi starter script
(at this point worth mentioning that ISPConfig should already be installed)
Code:
/root/ispconfig/scripts/php-fcgi-starter
#!/bin/sh
PHPRC="/etc/php5/cgi/"
export PHPRC
PHP_FCGI_CHILDREN=3
export PHP_FCGI_CHILDREN
exec /usr/bin/php5-cgi
and
Code:
chown root.root /root/ispconfig/scripts/php-fcgi-starter
chmod 0755 /root/ispconfig/scripts/php-fcgi-starter
Now patch ISPConfig to use php-fastcgi instead of the php module and create the starter in the right place. This patch also changes the default permissions of new web sites to 750 and adds www-data to every group created by ISPConfig.

Apply this patch to
/root/ispconfig/scripts/lib/config.lib.php

Code:
1119c1119
1119c1119
<
---
>
1120a1121,1123
>   //mimo http://www.howtoforge.org/forums/showthread.php?t=4375
>   // add www user to each new group
>   $mod->system->add_user_to_group("web".$doc_id,$apache_user);
1127a1131,1135
>
>     //mimo 2nd part
>     exec("chmod 750 $web_path");
>     exec("chmod 750 $web_path_realname");
>
1385a1394,1405
>         //FASTCGI (here we could add a handler for different versions of php and php.ini files
>       //FASTCGI Modification
>       #$fcgip = $mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"];
>       $fcgip = $mod->system->server_conf["server_path_httpd_root"]."/php-fastcgi/"."web".$web["doc_id"];
>       if(!file_exists($fcgip."/php-fcgi-starter")) {
>               $mod->log->msg("creating $fcgip"."/php-fcgi-starter");
>               if(!file_exists($fcgip)) {
>                       exec("mkdir -p $fcgip");
>               }
>               exec("cp -p /root/ispconfig/scripts/php-fcgi-starter ".$fcgip."/ && chown root:root ".$fcgip."/php-fcgi-starter");
>       }
>
1387c1407,1410
<         $php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
---
>       // FASTCGI
>         //$php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
>       #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>       $php = "ScriptAlias /php-fastcgi/ $fcgip\n";
1390a1414,1415
>                 #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>                 $php = "ScriptAlias /php-fastcgi/ $fcgip/\n";
1423a1449,1450
> //disbaled FASTCGI
> /*
1432a1460
> */
2513c2541
< ?>
\ No newline at end of file
---
> ?>
1119c1119
<
---
>
1120a1121,1123
>   //mimo http://www.howtoforge.org/forums/showthread.php?t=4375
>   // add www user to each new group
>   $mod->system->add_user_to_group("web".$doc_id,$apache_user);
1127a1131,1135
>
>     //mimo 2nd part
>     exec("chmod 750 $web_path");
>     exec("chmod 750 $web_path_realname");
>
1385a1394,1405
>         //FASTCGI (here we could add a handler for different versions of php and php.ini files
>       //FASTCGI Modification
>       #$fcgip = $mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"];
>       $fcgip = $mod->system->server_conf["server_path_httpd_root"]."/php-fastcgi/"."web".$web["doc_id"];
>       if(!file_exists($fcgip."/php-fcgi-starter")) {
>               $mod->log->msg("creating $fcgip"."/php-fcgi-starter");
>               if(!file_exists($fcgip)) {
>                       exec("mkdir -p $fcgip");
>               }
>               exec("cp -p /root/ispconfig/scripts/php-fcgi-starter ".$fcgip."/ && chown root:root ".$fcgip."/php-fcgi-starter");
>       }
>
1387c1407,1410
<         $php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
---
>       // FASTCGI
>         //$php = "AddType application/x-httpd-php .php .php3 .php4 .php5";
>       #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>       $php = "ScriptAlias /php-fastcgi/ $fcgip\n";
1390a1414,1415
>                 #$php = "ScriptAlias /php-fastcgi/ ".$mod->system->server_conf["server_path_httpd_root"]."/"."web".$web["doc_id"]."/\n";
>                 $php = "ScriptAlias /php-fastcgi/ $fcgip/\n";
1423a1449,1450
> //disbaled FASTCGI
> /*
1432a1460
> */
2513c2541
< ?>
\ No newline at end of file
---
> ?>
Create the base directory for the php-fastcgi starter scripts. The idea is to have a separate one for each web site so that later on it is possible to chose the version and settings of PHP on a per site basis.

Code:
mkdir /var/www/php-fastcgi
chown root.root /var/www/php-fastcgi
  • Finally, start or restart apache2. All done!

For new web sites ISPConfig will create this structure


/var/www/--+/webX/ <- normal content, user has full access
/var/www/--+/php-fastcgi/webX/php-fastcgi-starter

Last edited by meemu; 16th May 2007 at 17:33. Reason: found a couple of mistakes
Reply With Quote
The Following 3 Users Say Thank You to meemu For This Useful Post:
falko (25th April 2007), mtuser (17th May 2007), till (24th April 2007)
Sponsored Links
  #2  
Old 24th April 2007, 20:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,624
Thanks: 793
Thanked 4,994 Times in 3,909 Posts
Default

Thank you for the howto. I moved it to the tipps & tricks forum. I will try to implement your patch in the ISPConfig dev branch as php configuration option.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 25th April 2007, 13:50
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

Do you think you can create a tutorial and submit it? http://www.howtoforge.com/add_howto
That would be great!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 27th April 2007, 17:07
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till
I will try to implement your patch in the ISPConfig dev branch as php configuration option.
Hi Till, out of interest, what would the rough timescales of this be: 1week, 1month, 1year, ? ( *expecting* "when we're ready", but it doesn't hurt to ask )

I'm currently working on fastcgi packages ( php-binary & httpd_module ) for CentOS 4.4 (As I can't find any pre-build packages, you lucky debian people ! ), but I haven't yet figured how to config it properly, this could save me a whole load of hassle

EDIT:
Found Mod_fastcgi.rpm on this blokes website: http://www.city-fan.org/ftp/contrib/websrv/
I've built a php-fcgi binary avilable here: http://www.linickx.com/files/rpm/whi...2.4.1.i386.rpm

Code:
[root@www tmp]# /usr/bin/php-fcgi -v
PHP 4.3.9 (cgi-fcgi) (built: Apr 27 2007 11:41:10)
Copyright (c) 1997-2004 The PHP Group

Last edited by linickx; 28th April 2007 at 15:15.
Reply With Quote
  #5  
Old 9th May 2007, 06:50
Taguapire Taguapire is offline
Junior Member
 
Join Date: May 2007
Posts: 18
Thanks: 0
Thanked 1 Time in 1 Post
Question Why

Why use fastcgi instead PHP module?

Faster?

Better security?

Regards,

Taguapire
Reply With Quote
The Following User Says Thank You to Taguapire For This Useful Post:
feeninuoumn (20th December 2013)
  #6  
Old 9th May 2007, 11:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,624
Thanks: 793
Thanked 4,994 Times in 3,909 Posts
Default

fastcgi is not faster the mod_php, but it allows to run php under the admin user of the websites instead of the apache user.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
feeninuoumn (22nd December 2013)
  #7  
Old 9th May 2007, 11:18
linickx linickx is offline
Member
 
Join Date: Oct 2006
Location: UK
Posts: 52
Thanks: 3
Thanked 0 Times in 0 Posts
Default

like suphp, except apc ,eaccelerator and xcache appear to support fast-cgi .

redhat-like users might be interested in reading this php bug before using fast-cgi tho.
Reply With Quote
  #8  
Old 31st July 2007, 11:19
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 7 Times in 6 Posts
Default

Quote:
Originally Posted by meemu
...


Change accordingly, Line 567 (first and last line of this snippet).
Code:
/* no file owner check
    if ((uid != dir_info.st_uid) ||
        (gid != dir_info.st_gid) ||
 
 
        (uid != prg_info.st_uid) ||
        (gid != prg_info.st_gid)) {
        log_err("target uid/gid (%ld/%ld) mismatch "
                "with directory (%ld/%ld) or program (%ld/%ld)\n",
                uid, gid,
                dir_info.st_uid, dir_info.st_gid,
                prg_info.st_uid, prg_info.st_gid);
        exit(120);
    }
  */

...
Now patch ISPConfig to use php-fastcgi instead of the php module and create the starter in the right place. This patch also changes the default permissions of new web sites to 750 and adds www-data to every group created by ISPConfig.
Why do you patch sussec, does'nt it work like for apache2 from its default?

Why do you adds www-data to every group created by ISPConfig?

I'm using apache2.0 together with php-fast-cgi and sussec on sarge3.1 but there was no need to cange something like you told. Is all this different with etch?

Last edited by tom; 31st July 2007 at 11:35.
Reply With Quote
  #9  
Old 6th October 2007, 12:43
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

Would be cool to know against which version of /root/ispconfig/scripts/lib/config.lib.php this diff was taken like with diff -u or so (includes context)
From the date of your post I would think
ISPConfig-2.2.12 (2007-04-17 00:18)
which I'm going to try now...

Last edited by jmroth; 6th October 2007 at 12:45.
Reply With Quote
  #10  
Old 6th October 2007, 14:50
jmroth jmroth is offline
ISPConfig Developer
 
Join Date: Sep 2005
Posts: 191
Thanks: 1
Thanked 6 Times in 6 Posts
Default

Quote:
Originally Posted by tom
Why do you patch sussec, does'nt it work like for apache2 from its default?
I guess he patches it because php-fcgi-starter is owned by root, and we want this to be executed by suexec but not modifiable by the user. So what he wants to do is avoid error 120.
But when I try it, it already exits at error 107 with
Code:
[2007-10-06 14:17:42]: uid: (root/root) gid: (0/0) cmd: php-fcgi-starter
[2007-10-06 14:17:42]: cannot run as forbidden uid (0/php-fcgi-starter)
Quote:
Originally Posted by tom
Why do you adds www-data to every group created by ISPConfig?
I would be interested in that too!

Furthermore, with this tutorial, they forget to set e.g. AP_HTTPD_USER, which is for example mentioned here: http://www.howtoforge.com/forums/showthread.php?t=4606
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fastcgi and php with ispconfig tosser Installation/Configuration 14 18th January 2009 13:41
Cron - PHP: Call to undefined function: gzinflate() safoo Server Operation 12 26th January 2007 17:49
fastCGI and PHP just wont work! meridianblade Server Operation 13 9th January 2007 18:30
fastcgi and php with ispconfig tosser Tips/Tricks/Mods 3 25th June 2006 21:01


All times are GMT +2. The time now is 22:54.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.