disable security constrain in ispconfig 3 control panel to enable the multisites

Discussion in 'Installation/Configuration' started by qiubosu, Dec 2, 2010.

  1. qiubosu

    qiubosu Member

    in ispconfig 3 control panel, to use the shared drupal codebase for multisites, how to disable the security constraint? only disable the security for the domain with the drupal codebase shared by other domains? while the other domains share the drupal codebase don't need to disable their security constrains?
  2. cbj4074

    cbj4074 Member

    As far as I know, you will not be able to use suPHP on any of the sites that must access the shared Drupal code-base. You will likely be required to set the PHP mode to one of the other options on the Sites -> [choose domain] page within ISPConfig, such as Fast-CGI.

    Personally, I would not configure the shared Drupal code-base as an actual "Website" (unless you require end-user [as opposed to root] FTP/sFTP access to the files). Instead, I would install Drupal to /usr/share/drupal or similar.

    Then, all you should need to do is add the necessary shared Drupal directories to PHP's open_basedir directive for each site (Home -> Sites -> [domain.tld] -> Options [tab]). Here's an example of adding the necessary Roundcube directories to the open_basedir directive in order for users to be able to access Webmail from a given virtual host:

    <Directory /var/www/domain.tld/web/>
    php_admin_value safe_mode off
    php_admin_value register_globals off
    php_admin_value magic_quotes_gpc off
    php_admin_value display_errors off
    php_admin_value upload_tmp_dir "/var/www/clients/client2/web1/tmp"
    php_admin_value open_basedir "/tmp:/etc/roundcube/:/usr/share/roundcube:/var/log/roundcube:/var/lib/roundcube:/var/lib/roundcube/skins:/var/lib/roundcube/skins/default/templates:/var/lib/roundcube/plugins:/var/lib/roundcube/config:/var/lib/roundcube/bin:/var/lib/roundcube/program:/var/log/roundcube:/usr/share/php:/usr/share/pear:/var/www/clients/client2/web1/web:/var/www/clients/client2/web1/tmp"
    Obviously, you will need to change the "domain.tld" in the first line, and replace all of the Roundcube paths with the appropriate Drupal paths.

    To determine which Drupal paths must be added to the open_basedir directive, try accessing the homepage on any of the sites that use the code-base, then check /var/www/domain.tld/log/error.log each time the page does not load. Each time access to the Drupal site is denied on the grounds of an open_basedir restriction, the exact path that must be added will appear in error.log.

    Also, you will probably want to create a symbolic link or an Apache alias that points from each separate Website to the shared Drupal directory (e.g., /usr/share/drupal).

    Further, appropriate permissions must be set on the shared Drupal directory for access to be possible from each separate site.

    Finally, note that you must wait a few minutes between the time that you update a given Website's PHP or Apache directives and the time that the changes take effect.

    Good luck!
    Last edited: Dec 2, 2010
  3. qiubosu

    qiubosu Member

    may you help to give an example of your statement above?
  4. qiubosu

    qiubosu Member

    if not configure the shared drupal codebase as an actual website, then how to install the codebase site and configure it by login to the site? use http://localhost for this?

    do you mean add to "Apache directives" text field under Options tab? is this equivalent to edit httpd.conf? or .htaccess file?

    is "php_admin_value open_basedir "/tmp:/etc/roundcube/:/usr/share/roundcube:/var/log/roundcube:/var/lib/roundcube:/var/lib/roundcube/skins:/var/lib/roundcube/skins/default/templates:/var/lib/roundcube/plugins:/var/lib/roundcube/config:/var/lib/roundcube/bin:/var/lib/roundcube/program:/var/log/roundcube:/usr/share/php:/usr/share/pear:/var/www/clients/client2/web1/web:/var/www/clients/client2/web1/tmp"
    " equivalent to the content in the "PHP open_basedir" field under Options tab?

Share This Page