Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Feature Requests

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th August 2008, 18:16
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default apache2-mpm-itk

Hi till / falko,

how about implementing apache2-mpm-itk for IPSConfig3?
Looks seen from the security side really good...

http://mpm-itk.sesse.net/
http://blog.stuartherbert.com/php/20...shared-server/
Reply With Quote
Sponsored Links
  #2  
Old 31st August 2008, 10:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,478
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Looks interesting. Does anybody have tested this how it performs for a larger number of vhosts e.g. 100 - 20 performance and ram wise? The project is also marked as experimental at the moment.

Implementing this in ISPConfig 3 should be easy and could be most likely done by simply changing the apache configuration template without programming.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 3rd October 2008, 00:23
bjarne-j bjarne-j is offline
Junior Member
 
Join Date: Apr 2008
Posts: 17
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Would it be possible to add mpm-itk support in ISPConfig 2 ?

mpm-itk sounds like a great way of dealing with PHP-security without sacrificing too much performance.
Reply With Quote
  #4  
Old 5th January 2009, 15:32
grungy grungy is offline
Senior Member
 
Join Date: Dec 2008
Posts: 152
Thanks: 13
Thanked 14 Times in 9 Posts
Default

I am running mpm-itk for 8 months now and I love it, to ad mpm-itk support to ISPCONFIG it is a matter of modifying apache templates to add:

<IfModule mpm_itk_module>
AssignUserId {SUEXEC_USER} {SUEXEC_GROUP}
</IfModule>

and for domains/subdomains.

p.s. you have to install mpm-itk apache - apt-get install apache2-mpm-itk

and that will remove your current apache
Reply With Quote
  #5  
Old 7th January 2009, 02:07
archerjd archerjd is offline
Member
 
Join Date: Dec 2006
Posts: 66
Thanks: 6
Thanked 6 Times in 6 Posts
Default

Could these settings be applied during the install of ISPC3?
E.g. the installer auto-detects which mpm you have installed?

I could see adding this capability definitely, but in the case that a site has an issue with it you should be able to turn it off. This could be done safely by removing the user directives from the vhost. When mpm-itk doesn't see the directives in Debian it just defaults to www-data:www-data.
I have used it with success and have been very happy with it for the experimental sites I have been testing but I haven't actually put it into production. The advantages you would have are phenomenal not to mention web applications that implement the DAV protocol.
__________________
The very powerful and the very stupid have one thing in common.
Instead of altering their views to fit the facts, they alter the facts
to fit their views ... which can be very uncomfortable if you happen to
be one of the facts that needs altering.

-- Doctor Who, "Face of Evil"

Last edited by archerjd; 7th January 2009 at 03:16.
Reply With Quote
  #6  
Old 7th January 2009, 08:09
grungy grungy is offline
Senior Member
 
Join Date: Dec 2008
Posts: 152
Thanks: 13
Thanked 14 Times in 9 Posts
Default

Quote:
Originally Posted by archerjd View Post
Could these settings be applied during the install of ISPC3?
E.g. the installer auto-detects which mpm you have installed?

I could see adding this capability definitely, but in the case that a site has an issue with it you should be able to turn it off. This could be done safely by removing the user directives from the vhost. When mpm-itk doesn't see the directives in Debian it just defaults to www-data:www-data.
I have used it with success and have been very happy with it for the experimental sites I have been testing but I haven't actually put it into production. The advantages you would have are phenomenal not to mention web applications that implement the DAV protocol.
Last night modified the template ISPCPNFIG vhost template to to add mpm-itk directives ad it works....
Reply With Quote
  #7  
Old 7th January 2009, 20:17
archerjd archerjd is offline
Member
 
Join Date: Dec 2006
Posts: 66
Thanks: 6
Thanked 6 Times in 6 Posts
Default

I noticed that you can't use shared applications, e.g phpMyAdmin. Am I wrong or is there a way around this?
__________________
The very powerful and the very stupid have one thing in common.
Instead of altering their views to fit the facts, they alter the facts
to fit their views ... which can be very uncomfortable if you happen to
be one of the facts that needs altering.

-- Doctor Who, "Face of Evil"
Reply With Quote
  #8  
Old 8th January 2009, 09:18
grungy grungy is offline
Senior Member
 
Join Date: Dec 2008
Posts: 152
Thanks: 13
Thanked 14 Times in 9 Posts
Default

Quote:
Originally Posted by archerjd View Post
I noticed that you can't use shared applications, e.g phpMyAdmin. Am I wrong or is there a way around this?
there is a way around this, I know I solved this some time ago, I think it was with phptmp dir - php_admin_value upload_tmp_dir
Reply With Quote
  #9  
Old 9th January 2009, 11:05
grungy grungy is offline
Senior Member
 
Join Date: Dec 2008
Posts: 152
Thanks: 13
Thanked 14 Times in 9 Posts
Default

Quote:
Originally Posted by grungy View Post
I am running mpm-itk for 8 months now and I love it, to ad mpm-itk support to ISPCONFIG it is a matter of modifying apache templates to add:

<IfModule mpm_itk_module>
AssignUserId {SUEXEC_USER} {SUEXEC_GROUP}
</IfModule>

and for domains/subdomains.

p.s. you have to install mpm-itk apache - apt-get install apache2-mpm-itk

and that will remove your current apache

actually for ispconfig you have to add:

<IfModule mpm_itk_module>
AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
</IfModule>
Reply With Quote
The Following 2 Users Say Thank You to grungy For This Useful Post:
falko (9th January 2009), stefanm (20th October 2009)
  #10  
Old 12th January 2009, 12:42
grungy grungy is offline
Senior Member
 
Join Date: Dec 2008
Posts: 152
Thanks: 13
Thanked 14 Times in 9 Posts
 
Default

Feature request for mpm-itk - http://bugtracker.ispconfig.org/inde...=428&project=3
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSI with Apache2 on Debian jchaven Server Operation 7 25th August 2008 17:06
Apache2 undefined symbol: gzopen64 PhilyWisk Installation/Configuration 5 1st May 2008 21:29
Apache2 without APXS ctroyp Installation/Configuration 8 29th January 2007 03:05
Web server offline after php4 and apache2 upgrade dfriis Installation/Configuration 11 7th December 2006 16:14
PHP on Apache2 no longer works after ISPconfig azorman Installation/Configuration 6 23rd July 2006 22:06


All times are GMT +2. The time now is 01:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.