suPHP 500 error

Discussion in 'Installation/Configuration' started by fatmike, Jul 31, 2014.

  1. fatmike

    fatmike Member HowtoForge Supporter

    Hi
    I tried to switch from fastcgi+SuEXEC to suPHP through ISPConfig3 but ended up with 500 Internal Server Error when trying to run php scripts.
    HTML,XML,js and all the other executing without errors.

    Here's my /etc/suphp/suphp.conf:
    Code:
    
    [global]
    ;Path to logfile
    logfile=/var/log/suphp/suphp.log
    
    ;Loglevel
    loglevel=info
    
    ;User Apache is running as
    webserver_user=www-data
    
    ;Path all scripts have to be in
    docroot=/var/www:${HOME}/public_html
    
    ;Path to chroot() to before executing script
    ;chroot=/mychroot
    
    ; Security options
    allow_file_group_writeable=true
    allow_file_others_writeable=false
    allow_directory_group_writeable=true
    allow_directory_others_writeable=false
    
    ;Check wheter script is within DOCUMENT_ROOT
    check_vhost_docroot=true
    
    ;Send minor error messages to browser
    errors_to_browser=false
    
    ;PATH environment variable
    env_path=/bin:/usr/bin
    
    ;Umask to set, specify in octal notation
    umask=0077
    
    ; Minimum UID
    min_uid=100
    
    ; Minimum GID
    min_gid=100
    
    [handlers]
    ;Handler for php-scripts
    application/x-httpd-suphp="php:/usr/bin/php-cgi"
    ;Handler for CGI-scripts
    x-suphp-cgi="execute:!self"
    
    I set
    Code:
    docroot=/var/www:${HOME}/public_html
    to
    Code:
    docroot=/var/www/*
    or
    Code:
    /var/www/clients/${GID}/${UID}/web
    but i had the same error.

    Owner:Group is correct (web11:client1)
    I've set all folders to 755 and files to 644
    Code:
    find /var/www/clients/client1/web11/web/ -type d -exec chmod 755 {} \;
    find /var/www/clients/client1/web11/web/ -type f -exec chmod 644 {} \;
    In suphp.log i get this error:
    Code:
    [Thu Jul 31 11:51:27 2014] [warn] Script "/var/www/clients/client1/web11/web/index.php" resolving to "/var/www/clients/client1/web11/web/index.php" not within configured docroot
    In httpd error log having this:
    Code:
    [Thu Jul 31 13:25:00 2014] [error] [client 5.54.141.20] SecurityException in Application.cpp:496: Handler not found in configuration
    [Thu Jul 31 13:25:00 2014] [error] [client 5.54.141.20] Caused by KeyNotFoundException in Configuration.cpp:234: Handler "x-httpd-suphp" not found
    [Thu Jul 31 13:25:00 2014] [error] [client 5.54.141.20] Premature end of script headers: index.php
    
    and my vhost file for that subdomain contains:

    Code:
    <Directory /var/www/subdomain.domain.net>
    		AllowOverride None
    				Order Deny,Allow
    		Deny from all
    		</Directory>
    
    <VirtualHost *:80>
    		DocumentRoot /var/www/clients/client1/web11/web
    
    		ServerName subdomain.domain.net
    		ServerAdmin [email protected]
    
    		ErrorLog /var/log/ispconfig/httpd/subdomain.domain.net/error.log
    
    		Alias /error/ "/var/www/subdomain.domain.net/web/error/"
    		ErrorDocument 400 /error/400.html
    		ErrorDocument 401 /error/401.html
    		ErrorDocument 403 /error/403.html
    		ErrorDocument 404 /error/404.html
    		ErrorDocument 405 /error/405.html
    		ErrorDocument 500 /error/500.html
    		ErrorDocument 502 /error/502.html
    		ErrorDocument 503 /error/503.html
    
    		<IfModule mod_ssl.c>
    		</IfModule>
    
    		<Directory /var/www/subdomain.domain.net/web>
    				Options +FollowSymLinks
    				AllowOverride All
    								Order allow,deny
    				Allow from all
    						</Directory>
    		<Directory /var/www/clients/client1/web11/web>
    				Options +FollowSymLinks
    				AllowOverride All
    								Order allow,deny
    				Allow from all
    						</Directory>
    
    		# cgi enabled
    	<Directory /var/www/clients/client1/web11/cgi-bin>
    						Order allow,deny
    			Allow from all
    					</Directory>
    		ScriptAlias  /cgi-bin/ /var/www/clients/client1/web11/cgi-bin/
    		<FilesMatch "\.(cgi|pl)$">
    			SetHandler cgi-script
    		</FilesMatch>
    		# Clear PHP settings of this website
    		<FilesMatch ".+\.ph(p[345]?|t|tml)$">
    				SetHandler None
    		</FilesMatch>
    		# suphp enabled
    		<Directory /var/www/clients/client1/web11/web>
    		<IfModule mod_suphp.c>
    			suPHP_Engine on
    			# suPHP_UserGroup web11 client1
    	suPHP_ConfigPath /var/www/conf/web11
    			<FilesMatch "\.php[345]?$">
    				SetHandler x-httpd-suphp
    			</FilesMatch>
    			suPHP_AddHandler x-httpd-suphp
    		</IfModule>
    		</Directory>
    
    		# add support for apache mpm_itk
    		<IfModule mpm_itk_module>
    			AssignUserId web11 client1
    		</IfModule>
    
    		<IfModule mod_dav_fs.c>
    		# Do not execute PHP files in webdav directory
    			<Directory /var/www/clients/client1/web11/webdav>
    				<ifModule mod_security2.c>
    					SecRuleRemoveById 960015
    					SecRuleRemoveById 960032
    				</ifModule>
    				<FilesMatch "\.ph(p3?|tml)$">
    					SetHandler None
    				</FilesMatch>
    			</Directory>
    			DavLockDB /var/www/clients/client1/web11/tmp/DavLock
    			# DO NOT REMOVE THE COMMENTS!
    			# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
    			# WEBDAV END
    		</IfModule>
    </VirtualHost>
    


    Debian 6.0.9 squeeze
    Apache 2.2.16
    PHP 5.4.30
    suPHP 0.7.1
    ISPConfig 3.0.5.4p1

    Any help?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Why did you try to use suphp at all? suphp is slow and outdated and should not be used anymore on current systems. Better use php-fcgi + suexec or php-fpm + suexec. They both run php in the same safe way then suphp, but are much faster.
     
  3. fatmike

    fatmike Member HowtoForge Supporter

    I can't be bothered with file, folder permission and it seems suphp is the way to go.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    with ph-fcgi + suexec, you will not get any folder permissions issues as long as you dont change the default ispconfig folder permissions. In any case, if you had any folder permsissions, the suphp will definately not fix it.
     
  5. fatmike

    fatmike Member HowtoForge Supporter

    I see.
    Thanks for the info!
     
  6. fatmike

    fatmike Member HowtoForge Supporter

    So when fcgi + suexec is enabled should i set all folder permissions to 755 and files to 644. What about safety?
    Owner:Group can be set to "root:root" or should be eg. "web11:client1"?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The files shall be owned by the web user and the client group of this website. Permission 755 or even better 750 should be fine.
     
    fatmike likes this.

Share This Page