Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 5th March 2011, 07:46
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default Fastcgi + SuExec + APC and is SuExec even needed?

Hello folks,

Here comes a novel of epic size...do not attempt to read it all at once. This could cause internal bleeding, anal leakage, or at the very least your IQ will drop by ten points. lol

Alot of people on the Joomla forums recommend "Alternative PHP Cache" for joomla sites. After some reading it is not quite clear to me how compatible this will be.

I currently have ISPConfig 3 set up like here: http://www.howtoforge.com/perfect-se...ispconfig-3-p4

I am running fastcgi and suexec together. Now first question:


Question 1. The tutorial http://www.howtoforge.com/apc-php5-apache2-debian-etch is telling you how to set up APC with fastcgi, but it is a tutorial for a setup using fast cgi by itself NOT with suexec also running correct?


Question 2. I have a book from the library talking about apache and php. It stated that Suexec is ONLY needed on shared hosting, and that it slows down the web serving. From what I can see on the web almost everytime suexec is mentioned it is discussing shared hosting or scenarios where someone one who already has valid access to the machine can run malicious php /mysql stuff.

Is the above statement generally true? I look at logs and see all these Chinese IPs constantly pinging the server etc so I automatically want to enable anything that even sounds secure lol But I am such a newb, I never thought to find out if I truly needed that security. So now it has me wondering if I even need SuExec. If I don't then you all have a tutorial for me already for setting up APC with Debian and fast cgi, and those tutorials always come off without a hitch.



I have a handful of small sites just for my family. My brother in law is in the miltary so I let him host is seargents association or something on it. But aside from him or myself no one else is on there.

I do electroplating and jewelry in my part time so one day I could forsee myself having a couple ecommerce sites, but the two of us would still be the only people with direct access to the machine.

Is Suexec really needed in my case? The other thing I have read alot is that Suexec will stop malicious scripts from causing too much harm, but if we are the only two retards with access?? And if a hacker or something forced his way into the server wouldnt he be good enough to just turn off security anyway? As far as injecting code or whatever isnt that what suhosin stops? Which I have enabled.


So your thoughts and advice on Suexec first then I'll continue from there if need be.


Also just as a thought, your all's tutorials are so damned perfect, literally taking us new folks by the hand lol Hell I come to howtoforge for any server question before going anywhere else.

Have you all thought about making like linux, apache, php, mysql educational videos and then selling subscriptions etc to them? Most of these books on linux are so bland I find it similair to nails going across the blackboard as I read them lol


As always thanks for the help and suggestions folks,


Scott
Reply With Quote
Sponsored Links
  #2  
Old 6th March 2011, 12:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by scottrill2 View Post
Question 1. The tutorial http://www.howtoforge.com/apc-php5-apache2-debian-etch is telling you how to set up APC with fastcgi, but it is a tutorial for a setup using fast cgi by itself NOT with suexec also running correct?
That should work for suExec as well.


Quote:
Originally Posted by scottrill2 View Post
Question 2. I have a book from the library talking about apache and php. It stated that Suexec is ONLY needed on shared hosting, and that it slows down the web serving. From what I can see on the web almost everytime suexec is mentioned it is discussing shared hosting or scenarios where someone one who already has valid access to the machine can run malicious php /mysql stuff.

Is the above statement generally true? I look at logs and see all these Chinese IPs constantly pinging the server etc so I automatically want to enable anything that even sounds secure lol But I am such a newb, I never thought to find out if I truly needed that security. So now it has me wondering if I even need SuExec. If I don't then you all have a tutorial for me already for setting up APC with Debian and fast cgi, and those tutorials always come off without a hitch.
You need suExec only if you also host web sites for people you don't know or don't trust. It has to do with people that have access to your server (i.e., people that could upload malicious scripts to your server), but not with remote users (unless your web applications have some vulnerability that could be abused by remote users/hackers).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
scottrill2 (12th March 2011)
  #3  
Old 12th March 2011, 08:24
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
 
Default Thanks for the reply.

I appreciate the input Falko. I was away part of the week so I just now got around to following the tutorial, went like a charm.

I will go ahead and keep SuExec, only because eventually I will probably throw up a site to offer electroplating services and don't want to get hacked because of a loophole or whatever.




So tonight I started searching for the "best" recommended settings for APC with fast-cgi and suexec enabled. I came across this site:

http://www.brandonturner.net/blog/20..._opcode_cache/

He recommends mod_fastcgi over the newer mod_fcgid to squeeze out the most performance. All of his other settings it appears I can set right in ISPConfig 3's control panel.

In a nutshell he states: "The fact that PHP spawns its own children is ignored by mod_fcgid. If we use mod_fcgid with our setup, we can only handle one concurrent PHP request. This is not good. A long running request could easily block multiple smaller requests."


Does what he says make enough sense for me to uninstall mod_fcgid and replace with mod_fastcgi?





Also how would switching to mod_fastcgi affect ISPConfig 3 in general?

Thanks as always for the input.


Scott
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 10:49.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.