Urgent: TYPO3 in combination with suPHP

Discussion in 'Installation/Configuration' started by Hans, Apr 13, 2007.

Thread Status:
Not open for further replies.
  1. Hans

    Hans Moderator

    For some time i host some TYPO3 websites on my Debian Etch server with ISPConfig. The TYPO3 core is installed within /var/www and the website itself is installed within /var/www/webX/web/.

    The setup has been done according my Howto here:
    http://www.howtoforge.com/typo3_on_ispconfig

    I had never problems with this setup.
    Today, i migrated from php5mod to php5-cgi with suPHP.
    Everything went fine, cause i prepared this step very well.

    Now my server is running with suphp+php5-cgi and all the websites are up and running, no problems at all, except for the TYPO3 websites!

    When i visit a TYPO3 website an Internal error 500 occurs.
    Internal 500 errors are sometimes a little bit difficult to solve, but i am sure that it has something to do with permissions.

    Within this forum: http://www.typo3forum.net/forum/typo3-3-x-installation-und-updates/11596-typo3-suphp.html the same situation is described, but i do not understand the solution. (It is also in German).

    For me it is important that i solve this problem as soon as possible, because the TYPO3 sites are down.

    My /etc/log/suphp.log file shows me only a warning, which i understand:
    [warn] File "/var/www/typo3_src-4.0.4/index.php" is not in document root of Vhost "/var/www/web120/web"

    My /etc/log/apache2/access.log shows me:

    [13/Apr/2007:08:09:29 +0200] "GET / HTTP/1.0" 302 373 "-" "Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8 (internal dummy connection)"

    Can someone help me to solve this?

    Thanks in advance!
     
    Last edited: Apr 13, 2007
  2. till

    till Super Moderator

    Please have a look in the typo3 .htaccess file, does it contain any php_admin or value lines or anything to alter the php configuration? If yes, comment them out.
     
  3. Hans

    Hans Moderator

    Good morning Till,

    The .htaccess filename is _.htaccess, so it is not used.
    Within my Apache2.conf file, i have these settings:

    <Directory /var/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
    </Directory>

    Do you have any other suggestion for me?
     
  4. till

    till Super Moderator

    Please post the content of the vhost for this website Vhost_ispconfig.conf file.
     
  5. Hans

    Hans Moderator

    Till, this is one of the TYPO3 sites with Internal 500 errors:

    #
    #
    ######################################
    # Vhost: www.domain.nl:80
    ######################################
    #
    #
    <VirtualHost 1.2.3.4:80>
    ServerName www.domain.nl:80
    ServerAdmin webmaster@domain.nl
    DocumentRoot /var/www/web120/web
    ServerAlias www.domain.org domain.org domain.nl
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /var/www/web120/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web120/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    suPHP_Engine on
    suPHP_UserGroup web-admin web120
    AddHandler x-httpd-php .php .php3 .php4 .php5
     
    Last edited: Apr 13, 2007
  6. till

    till Super Moderator

    Hmm, thats ok too. Can you disable the document root checking in the suphp.conf file? Is SuEXEC disabled under management > server > settings ?
     
  7. Hans

    Hans Moderator

    Till, thank you for your help so far.

    Yes, suEXEC is disabled within ISPConfig and also via a2dismod suexec

    Now within /etc/suphp.conf, i removed:

    ;Path all scripts have to be in
    docroot=/

    So, i did:

    /etc/init.d/apache2 force-reload


    Pffff, not any better and i see that is Friday 13th ...

    What can we do?
     
  8. till

    till Super Moderator

    Do you get any errors in the error.log file of the website?
     
  9. till

    till Super Moderator

    Additionally, please post your complete suphp.conf file.
     
  10. Hans

    Hans Moderator

    The output of /etc/suphp.conf

    [global]
    ;Path to logfile
    logfile=/var/log/suphp.log

    ;Loglevel
    loglevel=info

    ;User Apache is running as
    webserver_user=www-data

    ;Path all scripts have to be in
    docroot=/

    ;Path to chroot() to before executing script
    ;chroot=/mychroot

    ; Security options
    allow_file_group_writeable=true
    allow_file_others_writeable=false
    allow_directory_group_writeable=true
    allow_directory_others_writeable=false

    ;Check wheter script is within DOCUMENT_ROOT
    check_vhost_docroot=true

    ;Send minor error messages to browser
    errors_to_browser=false

    ;PATH environment variable
    env_path=/bin:/usr/bin

    ;Umask to set, specify in octal notation
    umask=0077

    ; Minimum UID
    min_uid=100

    ; Minimum GID
    min_gid=100

    ; Minimum GID
    min_gid=100


    [handlers]
    ;Handler for php-scripts
    x-httpd-php=php:/usr/bin/php5-cgi

    ;Handler for CGI-scripts
    x-suphp-cgi=execute:!self


    The errors within /var/web120/log/error.log which might be interesting are:

    [Fri Apr 13 11:01:30 2007] [error] [client 1.2.3.4] SoftException in Application.cpp:214: File "/var/www/typo3_src-4.src-4.0.4/index.php" is not in document root of Vhost "/var/www/web120/web"

    [Fri Apr 13 11:01:30 2007] [error] [client 1.2.3.4] Premature end of script headers: index.php
     
    Last edited: Apr 13, 2007
  11. till

    till Super Moderator

    Please try to set:

    check_vhost_docroot=false
    errors_to_browser=true
     
  12. Hans

    Hans Moderator

    Till, i did.

    The first time i tried to visit the site i saw this on the screen:

    Internal Server Error
    UID of script "/var/www/web120/web/index.php" is smaller than min_uid

    suPHP 0.6.2
     
  13. till

    till Super Moderator

    Ok, please try to set:

    ; Minimum UID
    min_uid=0

    ; Minimum GID
    min_gid=0

    ; Minimum GID
    min_gid=0

    But be aware that these changes as well as disabling the docroot will reduce the security. Or make sure that all php files are owned by users with userid's > 100.
     
  14. Hans

    Hans Moderator

    Ok Till, i realise that...

    Now i have on screen:

    Internal Server Error
    Mismatch between target UID (10260) and UID (0) of file "/var/www/typo3_src-4.0.4/index.php"

    suPHP 0.6.2

    Thanks for your help again. This his very hard, pfff.
     
  15. till

    till Super Moderator

    I think this part can not be solved without copying the typo3 src directory to every website. SuPHP is a mechanism for running PHP scripts in a secure manner. This means that it checks every file if it is owned by the correct user, in our case the administrator of the website.

    As you have a central place for the typo3 sources, this would mean that the same file, e.g. /var/www/typo3_src-4.0.4/index.php is owned by different users, which is not possible.
     
  16. Hans

    Hans Moderator

    Thanks for all!

    Till,

    I, prepared my migration from php5mod to php5-cgi+suPHP very well, but I did not for see that this configuration was not possible. But, to be honest: This morning I came to the same conclusion.

    The reason I switched to suPHP is for security reasons and to give more comfort to the clients.
    Especially the clients who are using the populair Joomla as their CMS.

    Now I am planning the following:

    - Put the /etc/suphp.conf in its original state for security reasons.
    - Put the TYPO3 core within /var/www/webX/ of each TYPO3 site, the TYPO3 site itself will be in: /var/www/webX/web/ with a symlink to the /webX folder above.

    I expect that this will work.

    Of course this is a little bit more work, in case I have to update the TYPO3 core, but this choice is a compromise and for me the best option at the moment.

    I want to thank you for your wonderful support.
    The inconvinious was maybe not so nice for some of my clients, but we are an experience richer!

    I have given you my howto “How To Set Up suPHP On A Debian Etch Based ISPConfig Server” in return!
     
    Last edited: Apr 13, 2007
  17. Hans

    Hans Moderator

    Still urgent:

    Apache can be configured to use either PHP5 or suPHP on a per virtual host basis.

    For the TYPO3 websites on my server, i do not want suPHP.
    Reason for this, is that TYPO3 will not function properly with suPHP enabled.

    To get the TYPO3 sites up and running again, i need to know how i can configure Apache, so that the TYPO3 sites are using PHP and not suPHP.
    Can anyone tell me how to do this?
     
    Last edited: Apr 14, 2007
  18. falko

    falko Super Moderator

    I haven't tried this, but you could try to enable both the normal PHP module and the suPHP module in Apache, and in a suPHP vhost you'd use something like this:

    Code:
      suPHP_Engine on
      suPHP_UserGroup testuser test
      AddHandler x-httpd-php .php .php3 .php4 .php5
      suPHP_AddHandler x-httpd-php
    And in a "normal" vhost, you'd use the normal PHP configuration. But it's possible that this doesn't work.

    Otherwise, instead of using the normal PHP module, you could use the CGI version.
     
  19. Hans

    Hans Moderator

    Falko,

    Within /etc/apache2/vhosts/Vhosts_ispconfig.conf i have:

    <VirtualHost 1.2.3.4:80>
    ServerName www.domain.nl:80
    ServerAdmin webmaster@domain.nl
    DocumentRoot /var/www/web120/web
    ServerAlias www.domain.org domain.nl domain.org
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Defa$
    ScriptAlias /cgi-bin/ /var/www/web120/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web120/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    suPHP_Engine on
    suPHP_UserGroup admin web120
    AddHandler x-httpd-php .php .php3 .php4 .php5
    suPHP_AddHandler x-httpd-php

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web120/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web120/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web120/user/$1/web/$3
    </VirtualHost>
     
    Last edited: Apr 14, 2007
  20. Hans

    Hans Moderator

    Maybe i am on the wrong track but i was thinking about enable php4 or 5 as a module as well (indeed).
    And then put this in the vhost as published above (within /etc/apache2/vhosts/Vhosts_ispconfig.conf:


    suPHP_Engine off
    RemoveHandler .php
    php_admin_flag engine on
     
Thread Status:
Not open for further replies.

Share This Page