Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Other Forums > Smalltalk

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th July 2012, 13:04
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 150
Thanks: 10
Thanked 2 Times in 2 Posts
Default Installing Joomla 2.5.6 using Mod-PHP

Hi
I am trying to install Joomla 2.5.6 on my server using Mod-PHP handler but the installer goes into an infinite loop after I select the language.

When I choose to use FastCGI instead (done through ISPConfig) and wait a bit for the cache/buffer to clear, the Joomla installer DOES NOT loop indefinately but actually makes it to the next screen where it shows me the php setting I have. Here it shows "output_buffering" on and recommends I turn it off. Which I can easily do via the default php.ini for the server.

But here is where my dilema starts.

The reason for needing to use Mod-PHP rather than FastCGI is that Mod-PHP enables the use of PHP settings inside .htaccess files. This is a critical feature I need at this point in time.
You see, I have some scripts that need register_globals and magic_quotes_gpc on for them to work. I am not in a position at the moment to fix them. Perhaps some time in the future, but not right now.

Mod-PHP allows me to set my php.ini file for a more secure server setup, ie by having register_globals and magic_quotes_gpc OFF by default, and then turn them on where required via .htaccess inside specific folders.

However, if I use FastCGI, I can't control php settings on a per folder basis. I only have the option to set php.ini settings on a site basis. This is unsatisfactory for me.

I've been a Joomla (pre-version 2) user for a number of years now on a server running Mod-PHP, and would like to continue with Joomla. But if it's not going to work, then I have to look at another CMS.

1) Has anyone been able to install Joomla 2.5.6 (or similar version) using Mod-PHP? How did you do it?
2) If I've miss understood something here, please feel free to enlighten me.

Cheers,
Nap
__________________
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MySQL 5.5.38, PHP 5.5.9, ISPConfig 3.0.5.4p1, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)
Reply With Quote
Sponsored Links
  #2  
Old 30th July 2012, 13:15
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,500 Times in 4,329 Posts
Default

Website specific php settings are avalable for fastcgi in ISPConfig 3, so there is no need to use mod_php for a website at all and its also quite insecure. The security that you think to add by using folder specific php settings are completely lost by the use of mod_php, so at the end your site is more insecure.

1) Change php mode of the website to fastcgi
2) Enable the suexec checkbox in the website settings.
3) Set the php options that you want to have for this specific website in the custom php.ini field on the options tab of the website settings.
4) Install joomla.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 30th July 2012, 13:40
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 150
Thanks: 10
Thanked 2 Times in 2 Posts
Default

Hi Till, thnx.

With FastCGI, the install is fine. There are other reasons for needing to use Mod-PHP.

I am not satisfied with site specific settings, because from the site owners' point of view, they are global settings. I need the option of being able to loosen up the security on certain folders only, not the whole site.

I use register_globals ON for a forked version of an OS web app (located in a sub-folder of the webroot folder) through .htaccess.
Is this making my whole site at higher risk? I think it's only that app. that can be attacked with register_globals type exploits.
That script has been on a live site for 6 years now without being hacked, so I'm not concerned about it. I have more urgent things to do at the moment (check my postings concerning pure-ftp/TSL issues).

Is there something I've misunderstood here about PHP?

Nap
__________________
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MySQL 5.5.38, PHP 5.5.9, ISPConfig 3.0.5.4p1, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)
Reply With Quote
  #4  
Old 30th July 2012, 13:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,500 Times in 4,329 Posts
Default

Using mod_php is a much higher risk for the following reasons:

1) It runs the site under the apache user and not the website specific user, so if your site gets hacked, then the hacker can infect all other sites on your server easily.
2) With mod_php you have to run very "open" chmod settings to make folders workd writable for joomla which is not required for fastcgi / suexec.
3) If you want to isolate apps, then you put them in a separate subdomain and not a subfolder.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 30th July 2012, 14:02
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 150
Thanks: 10
Thanked 2 Times in 2 Posts
Default

so I can set custom php settings for the sub-domain, like I can for the domain itself?

but that doesn't eliminate the risk to the whole server (like you mentioned).
__________________
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MySQL 5.5.38, PHP 5.5.9, ISPConfig 3.0.5.4p1, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)
Reply With Quote
  #6  
Old 30th July 2012, 14:08
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,500 Times in 4,329 Posts
Default

Quote:
so I can set custom php settings for the sub-domain, like I can for the domain itself?
Yes.

Quote:
but that doesn't eliminate the risk to the whole server (like you mentioned).
That reduces the risk a lot because fastcgi runs a separate php process for each website under a separate linux system user while mod_php runs one php process inside apache which is used for all websites and which uses the same linux system user. So with fastcgi and suexec, you have separated php processes and also separate linux users so the full linux file system permission restrictions apply for each website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 30th July 2012, 14:11
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 150
Thanks: 10
Thanked 2 Times in 2 Posts
Default

I'll have a go at using a sub-domain.


I'm looking in the default php.ini file at output_buffer as it was setup by ISPConfig. It has a value of 4096. Joomla is asking that I turn it off.

What do you recommend I do?
__________________
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MySQL 5.5.38, PHP 5.5.9, ISPConfig 3.0.5.4p1, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)
Reply With Quote
  #8  
Old 12th January 2013, 12:50
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 430
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

Forget mod-php and use su-php. So far it suits Joomla best. ISPConfig 3.0.5 comes with php-fpm. Does anyone have any experience using it with Joomla?
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #9  
Old 13th January 2013, 12:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Quote:
Originally Posted by SamTzu View Post
Does anyone have any experience using it with Joomla?
No problems with nginx + PHP-FPM. Works like a charm.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 30th August 2013, 10:11
sakry sakry is offline
Junior Member
 
Join Date: Aug 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

im having the same problem
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Only Problems since Updating from 3.0.3.3 to 3.0.4.1 mbay General 4 17th May 2012 12:56
ubuntu and nginx delgado2061 Installation/Configuration 0 27th November 2011 23:36
Problem with services!! banzaiwebstudio.com Installation/Configuration 7 19th May 2010 21:13
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18


All times are GMT +2. The time now is 18:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.