suphp + ssl runs as www-data

Discussion in 'Installation/Configuration' started by staatslot, Sep 19, 2010.

  1. staatslot

    staatslot HowtoForge Supporter

    Hi all,

    I think I've found a nasty bug in ISPconfig 3.0.2.2.
    When a site that has suphp enabled runs at port 443 (SSL) php doens't run as the suphp user, but as www-data. When displaying that same site at port 80 (with no settings altered) it runs as the suphp user.

    I took a look at the vhost file of the sites I noticed this difference:

    PORT 80
    Code:
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # suphp enabled
        <Directory /var/www/clients/client17/web22/web>
            suPHP_Engine on
            # suPHP_UserGroup web22 client17
            AddHandler x-httpd-suphp .php .php3 .php4 .php5
            suPHP_AddHandler x-httpd-suphp
        </Directory>
    
    PORT 443
    Code:
        suPHP_Engine on
        # suPHP_UserGroup web22 client17
        AddHandler x-httpd-suphp .php .php3 .php4 .php5
        suPHP_AddHandler x-httpd-suphp
    The configuration file (php.ini) path is also different for both ports when running phpinfo().
    PORT 80
    Code:
    /etc/php5/cgi
    PORT 443
    Code:
    /etc/php5/apache2
    Changing the vhost files does the trick, so my best guess is ISPconfig is lacking to write the correct code to the vhost file for the SSL part of a website.

    Any help is very much appreciated!
     
  2. till

    till Super Moderator

    You can change the code for the vhost in /usr/local/ispconfig/server/conf/vhost.conf.master
     
  3. staatslot

    staatslot HowtoForge Supporter

    thanks Till, I changed that file and now it works fine!
    Maybe something to fix for the next major release?

    Thanks a lot!
     
  4. till

    till Super Moderator

    I will add it to the bugtracker.
     
  5. u4david

    u4david New Member

    Could you drop more detail on this fix?

    just little more detail .Thank you.
     
  6. staatslot

    staatslot HowtoForge Supporter

    no problem.
    Open the /usr/local/ispconfig/server/conf/vhost.conf.master file on your webserver, not the server ispconfig is running. Browse to the part that reads
    Code:
    ###########################################################
    # SSL Vhost
    ###########################################################
    
    locate this piece of code:
    Code:
    <tmpl_if name='suexec'op='==' value='y'>
        # suexec enabled
        SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
    </tmpl_if>
    beneath it repace with:

    Code:
    # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
    <tmpl_if name='php' op='==' value='mod'>
        # mod_php enabled
        AddType application/x-httpd-php .php .php3 .php4 .php5
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
        php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
        php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
    <tmpl_if name='security_level' op='==' value='20'>
        php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
    </tmpl_if>
    </tmpl_if>
    <tmpl_if name='php' op='==' value='suphp'>
        # suphp enabled
        <Directory {tmpl_var name='web_document_root'}>
            suPHP_Engine on
            # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
            AddHandler x-httpd-suphp .php .php3 .php4 .php5
            suPHP_AddHandler x-httpd-suphp
        </Directory>
    </tmpl_if>
    that does the trick. but according to till it will be fixed in a next release as he added it to the bugtracker.
     
  7. u4david

    u4david New Member

    Thank you

    Thank you that will do.
     

Share This Page