Apache2 With mod_fcgid And PHP5 On Ubuntu 11.10

Discussion in 'Server Operation' started by centurianii, Jul 31, 2012.

  1. centurianii

    centurianii New Member

    Hello there,

    I'm trying to setup suexec in a cloud environment following this article: http://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-ubuntu-11.10
    My question is simple: I don't want to use virtual domains as the author suggests but rather virtual subdomains in the form: john.superbhosting.com, alice.superbhosting.com etc.
    Moreover, i don't want to reload again and again the apache2 server.
    I've read the apache documentation for virtual domains and subdomains but how should apply all this to my Ubuntu 11.10 server?

    Thank you in advance!
  2. falko

    falko Super Moderator

  3. centurianii

    centurianii New Member

    Apache mass virtual hosting and suExec

    Thank you Falco for your fast answer!

    I'm aware of this link from Apache documentation but I have some questions there: Apache suggests the use of httpd.conf file whereas you suggest to write files at /var/www/ directory. Which approach is better?

    Apache suggest to use mod_vhost_alias or mod_rewrite. Is some method better than the other? I think the first one is simpler.

    There is another think I'm wondering about after reading this article some time ago: http://jp-larocque.livejournal.com/49475.html

    The writer implies that some php can run under suExec with user writes and some other "non-userdir FastCGI scripts" to NOT use suEXEC. For that reason he gives a hack, a FastCGI wrapper hack script at /usr/local/sbin/fastcgi-suexec-hack:
    # This hack exists exclusively to work around the restriction that
    # FastCGI wrappers (e.g. suEXEC) are an all-or-nothing ordeal.  Thou
    # shalt not enable wrappers for userdirs but not for the whole site.
    # Thou shalt not configure non-userdir FastCGI scripts to use suEXEC
    # or thou shall suffer my wrath of mysterious suexec policy violation
    # notices for 7 generations.
    a php library 
    case "$(pwd)/" in
    	exec /usr/lib/apache2/suexec "$username" "$group" "$application";;
    	application_abs="$(readlink -f "$application")"
    	exec "$application_abs";;
    (my first language is not English and I need Oxford dictionary to understand "thou shall"!!)

    My question is this: can I mix user php code with user permissions with a php library that has boarder permissions and runs as a www-data or even a user from the sudoers group??:D
    (some require_once headers should import the php library but what is required is the user NOT to be able to hack that library)

    Thanks again!
  4. falko

    falko Super Moderator

    You're mixing things up - /var/www/ is the document root where you must upload your HTML, PHP files, images, etc. while httpd.conf (or apache2.conf) are configuration files for Apache.
  5. centurianii

    centurianii New Member

    Yes, indeed!!
    Correcting myself: you suggested to create files at /etc/apache2/sites-available/ in the form:
    <VirtualHost *:80>
    whereas Apache suggests writing at httpd.conf....(?)
    At the wrapper script at /var/www/php-fcgi-scripts/web1/php-fcgi-starter, you wrote:
    exec /usr/lib/cgi-bin/php
    but look at my installation:
    xxx@xxx:~$ ls -al /usr/lib/cgi-bin
    total 7952
    drwxr-xr-x  2 root root    4096 2012-06-11 22:24 .
    drwxr-xr-x 56 root root   12288 2012-07-15 13:56 ..
    lrwxrwxrwx  1 root root      29 2012-06-11 22:24 php -> /etc/alternatives/php-cgi-bin
    -rwxr-xr-x  1 root root 8112496 2012-05-04 02:01 php5
    xxx@xxx:~$ ls -al /usr/bin
    -rwxr-xr-x  1 root   root    8112496 2012-05-04 02:01 php5-cgi
    lrwxrwxrwx  1 root   root         25 2012-06-11 22:24 php-cgi -> /etc/alternatives/php-cgi
    ...why calling /etc/alternatives/php-cgi-bin and not:
    exec /usr/lib/cgi-bin/php5
    exec /usr/bin/php5-cgi
  6. centurianii

    centurianii New Member

    (104)Connection reset by peer: mod_fcgid: error


    following Falco's tutorial I set up a new domain, I'll call it www.john.com and I tried to see the result when I hit my browser to www.john.com/info.php:
    Title: 500 Internel Server Error
    Message: Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.
    Please contact the server administrator, webmaster@john.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
    More information about this error may be available in the server error log.
    At my /var/log/apache2/error.log:
    [Wed Aug 08 17:25:19 2012] [warn] [client xxx.xxx.xxx.xxx] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server, referer: http://www.john.com/
    [Wed Aug 08 17:25:19 2012] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: info.php, referer: http://www.john.com/
    From what I can see googling this error there is no simple solution or solution at all :(
  7. falko

    falko Super Moderator

    Can you post your FCGI starter script, your vhost configuration, and your /etc/apache2/mods-available/fcgid.conf file?
  8. centurianii

    centurianii New Member

    Sorry for my delayed reply,

    here is my data:
    1) <root># cat /var/www/php-fcgi-scripts/john/php-fcgi-starter
    #in case we activate a per user php.ini
    export PHPRC
    export PHP_FCGI_MAX_REQUESTS=5000
    export PHP_FCGI_CHILDREN=8
    exec /usr/lib/cgi-bin/php
    2) <root># apache2ctl -S
    VirtualHost configuration:
    wildcard NameVirtualHosts and _default_ servers:
    *:80                   is a NameVirtualHost
             default server superbhosting.com (/etc/apache2/sites-enabled/000-default:1)
             port 80 namevhost superbhosting.com (/etc/apache2/sites-enabled/000-default:1)
             port 80 namevhost www.alice.com (/etc/apache2/sites-enabled/alice:1)
             port 80 namevhost www.john.com (/etc/apache2/sites-enabled/john:1)
    Syntax OK
    Attention: my testing refers to www.john.com which in fact is another domain officially registered and activated (NS, A, CNAME records).
    When I hit my browser at www.john.com I can see:
    Index of /
    [ICO]	Name	Last modified	Size	Description
    [ ]	info.php	08-Aug-2012 09:53 	38
    When I hit at www.john.com/info.php there is an error!

    3) cat /etc/apache2/mods-available/fcgid.conf
    <IfModule mod_fcgid.c>
      AddHandler    fcgid-script .fcgi
      FcgidConnectTimeout 20
      PHP_Fix_Pathinfo_Enable 1
    4) what is installed?
    <root># dpkg-query -l '*apache2*'
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend 
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) 
    ||/ Name                           Version                        Description 
    ii  apache2                        2.2.20-1ubuntu1.2              Apache HTTP Server metapackage 
    un  apache2-common                 <none>                         (no description available) 
    un  apache2-doc                    <none>                         (no description available) 
    un  apache2-mpm                    <none>                         (no description available) 
    un  apache2-mpm-event              <none>                         (no description available) 
    un  apache2-mpm-itk                <none>                         (no description available) 
    un  apache2-mpm-prefork            <none>                         (no description available) 
    ii  apache2-mpm-worker             2.2.20-1ubuntu1.2              Apache HTTP Server - high speed threaded model 
    ii  apache2-suexec                 2.2.20-1ubuntu1.2              Standard suexec program for Apache 2 mod_suexec 
    un  apache2-suexec-custom          <none>                         (no description available) 
    ii  apache2-utils                  2.2.20-1ubuntu1.2              utility programs for webservers 
    ii  apache2.2-bin                  2.2.20-1ubuntu1.2              Apache HTTP Server common binary files 
    ii  apache2.2-common               2.2.20-1ubuntu1.2              Apache HTTP Server common files 
    un  libapache2-mod-apparmor        <none>                         (no description available) 
    un  libapache2-mod-auth-kerb       <none>                         (no description available) 
    ii  libapache2-mod-fcgid           1:2.3.6-1+squeeze1build0.11.10 an alternative module compat with mod_fastcgi
    <root># dpkg-query -l '*php*'
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend 
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) 
    ||/ Name                              Version                           Description 
    un  php-pear                          <none>                            (no description available) 
    ii  php5-cgi                          5.3.6-13ubuntu3.7                 server-side, HTML-embedded scripting language (CGI binary) 
    ii  php5-common                       5.3.6-13ubuntu3.7                 Common files for packages built from the php5 source 
    un  php5-json                         <none>                            (no description available) 
    un  php5-mhash                        <none>                            (no description available) 
    un  php5-suhosin                      <none>                            (no description available) 
    un  phpapi-20090626                   <none>                            (no description available)
    Hope this helps!
  9. centurianii

    centurianii New Member

    I believe I should give my permissions-I started with umask=0077 but I changed it to 744 permissions for user john-so, let's see it:

    <root># ls -al /var/www/php-fcgi-scripts
    total 16
    drwxr--r-- 4 root  root  4096 2012-07-30 15:19 .
    drwxr-xr-x 5 root  root  4096 2012-07-30 15:19 ..
    drwxr--r-- 2 alice alice 4096 2012-07-30 15:26 alice
    drwxr--r-- 2 john  john  4096 2012-07-30 15:24 john
    <root># ls -al /var/www/php-fcgi-scripts/john
    total 12
    drwxr--r-- 2 john john 4096 2012-07-30 15:24 .
    drwxr--r-- 4 root root 4096 2012-07-30 15:19 ..
    -rwxr-xr-x 1 john john  200 2012-08-08 17:45 php-fcgi-starter
    <root># ls -al /etc/apache2/sites-available/
    total 32
    drwxr-xr-x 2 root root 4096 2012-08-12 16:13 .
    drwxr-xr-x 8 root root 4096 2012-08-12 13:52 ..
    -rw-r--r-- 1 root root  590 2012-08-07 08:07 alice
    -rw-r--r-- 1 root root  950 2012-02-14 16:35 default
    -rw-r--r-- 1 root root 7469 2012-02-14 16:35 default-ssl
    -rwxr--r-- 1 root root  584 2012-08-07 08:08 john
  10. centurianii

    centurianii New Member

    I have to report another error after I installed and unistalled apache2-suexec-custom:
    <root># service apache2 restart
    Syntax error on line 8 of /etc/apache2/sites-enabled/john:
    Invalid command 'SuexecUserGroup', perhaps misspelled or defined by a module not included in the server configuration
    Action 'configtest' failed.
    The Apache error log may have more information.
    If I disable john's site then apache can do a restart!
    This error wasn't before, so what's going wrong now I wonder?
  11. centurianii

    centurianii New Member

    S u c c e s s !!!

    I managed to solve all problems related with setting up different domains, here's how:
    1) I applied
    - 0755 permissions to ALL directories "/var/www/php-fcgi-scripts/<user>" and file "php-fcgi-starter" at the end of the path
    - 0755 permissions to ALL directories "/etc/apache2/sites-available/" and 644 to ALL files at the end of the path
    - 0755 permissions to ALL directories "/var/www/<user>/web", 600 for file "/var/www/<user>/php.ini" and 600 to ALL files "/var/www/<user>/web/*"

    2) I enabled suexec as I had disabled it by accident
    <root># a2enmod suexec

    Now, I have to experiment with mass virtual hosting and 3rd level subdomains!:rolleyes:

Share This Page