How To Set Up Apache2 With mod_fcgid And PHP5 On Debian Lenny - Page 2

4 Testing

Now we create a small PHP test file, for example in the www.example1.com web site...

vi /var/www/web1/web/info.php

<?php
phpinfo();
?>

... and call that file in a browser (http://www.example1.com/info.php). If all goes well, the output should look similar to this, and you should see CGI/FastCGI in the Server API line:

 

5 Custom php.ini for Each Web Site

Because each web site has its own php-fcgi-starter wrapper script, it is possible to define different php.ini files for different web sites. To demonstrate this, I will copy the default php.ini (/etc/php5/cgi/php.ini) to the /var/www/web2/ directory and make www.example2.com use the php.ini from the /var/www/web2/ directory:

cp /etc/php5/cgi/php.ini /var/www/web2/
chown web2:web2 /var/www/web2/php.ini

(You can now modify /var/www/web2/php.ini to your likings.)

Then we open /var/www/php-fcgi-scripts/web2/php-fcgi-starter...

vi /var/www/php-fcgi-scripts/web2/php-fcgi-starter

... and put /var/www/web2/ in the PHPRC line:

#!/bin/sh
PHPRC=/var/www/web2/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php

Reload Apache afterwards:

/etc/init.d/apache2 reload

Create a new phpinfo(); file for www.example2.com...

vi /var/www/web2/web/info.php

<?php
phpinfo();
?>

... and call it in a browser (http://www.example2.com/info.php). The Loaded Configuration File line should now show /var/www/web2/php.ini:

 

6 Changing Single PHP Configuration Settings

Instead of passing a whole new php.ini file to your web site, you can as well change single PHP configuration settings in the php-fcgi-starter wrapper script (or use a combination of both) by adding the -d switch to the PHP executable. For example, if I want to disable magic_quotes_gpc for the web site www.example2.com, I'd do it as follows:

vi /var/www/php-fcgi-scripts/web2/php-fcgi-starter

#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php -d magic_quotes_gpc=off

Reload Apache afterwards:

/etc/init.d/apache2 reload

Then call the info.php script again in a browser (http://www.example2.com/info.php) and search for the magic_quotes_gpc line - it should show Off now:

 

7 Links

Share this page:

17 Comment(s)

Add comment

Comments

From: Robert at: 2009-12-06 20:51:37

Will "aptitude install apache2 apache2-suexec libapache2-mod-fcgid php5-cgi" install apache2-mpm-worker or apache2-mpm-event ?

And also, is HTTP Authentication now available when PHP is running in (fast)CGI mode ? (As apposed to PHP running as an Apache module.)

From: Robert at: 2009-12-07 16:40:16

OK, I found the answer to my first question with the -sPD flags. Thank God mpm-worker is installed and not the experimental mpm-event.:

sudo aptitude -sPD install apache2 apache2-suexec libapache2-mod-fcgid php5-cgi

Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done The following NEW packages will be installed: apache2 apache2-mpm-worker{a} (D: apache2) apache2-suexec apache2-utils{a} (D: apache2.2-common) apache2.2-bin{a} (D: apache2-mpm-worker, D: apache2.2-common) apache2.2-common{a} (D: apache2, D: apache2-mpm-worker, D: apache2-suexec, D: libapache2-mod-fcgid) libapache2-mod-fcgid libapr1{a} (D: apache2-utils, D: apache2.2-bin, D: libaprutil1) libaprutil1{a} (D: apache2-utils, D: apache2.2-bin, D: libaprutil1-dbd-sqlite3, D: libaprutil1-ldap) libaprutil1-dbd-sqlite3{a} (D: apache2.2-bin) libaprutil1-ldap{a} (D: apache2.2-bin) php5-cgi php5-common{a} (D: php5-cgi) ssl-cert{a} (R: apache2.2-common) 0 packages upgraded, 14 newly installed, 0 to remove and 0 not upgraded. Need to get 7,550kB of archives. After unpacking 18.6MB will be used. Do you want to continue? [Y/n/?] Would download/install/remove packages.

Any PHP programmers who can answer my second question about HTTP authentication ?

(It would be beneficial to others as well, who have scripts which depend on HTTP Authentication at some stage, to know this before installing PHP as (fast)CGI.)

From: Robert at: 2009-12-08 18:09:08

Apparently one still has to use workarounds to get HTTP Authentication to work in (fast)CGI mode :

http://www.modwest.com/help/kb5-103.html

http://www.besthostratings.com/articles/http-auth-php-cgi.html

From: Anonymous at: 2009-10-26 21:10:21

Thanks. I followed your HOWTO and it works to the point of calling a .php file. When browsing http://localhost/index.php, Firefox tells me "You have chosen to open index.php, which is a .php file", and asks me where to save it. It seems Apache does not properly handle the PHP. And idea?

From: traxxus at: 2010-04-21 12:06:33

Same problem here. If i go to www.server.com/info.php my browser wants to download the file. seems like problems with php.... i followed the tutorial step by step....


Please help.

From: George Negoita at: 2009-09-09 20:40:49

Quote from mod_fcgid's documentation:

"By default, PHP stops accepting new FastCGI connections after handling 500 requests; unfortunately, there is a potential race condition during the PHP cleanup code in which PHP can be shutting down but still have the socket open, so mod_fcgid under heavy load can send request number 501 to PHP and have it "accepted", but then PHP appears to simply exit, causing errors."

This is solved by setting MaxRequestsPerProcess to the same value as PHP_FCGI_MAX_REQUESTS. So, for your example, you should specify a value of 5000 for MaxRequestsPerProcess (unless debian comes with a default setting of 5000 or, unless you're reading this how-to just for fun, without having the need for a stable setup).

You can test this with ab:

ab -n 10000 -c 200 http://www.example1.com/info.php

You should get 0 failed requests.

From: ashish at: 2010-03-18 07:05:09

yes it says 0 failed requests, but still my info.php is not getting opened up in the browser. It's there in a downloadable mode though.


From: ashish khurana at: 2010-03-18 07:15:54

got it. You need to install "libapache2-mod-php5" too.

From: at: 2010-06-01 07:55:37

Well, actually, we did test this, and it was working for us. Maybe this has changed with recent Debian updates, but at the time of writing, it was working. We don't just copy old tutorials, we always test them, sometimes even twice or thrice, so your accusation is totally wrong and inappropriate.

BTW, if you have problems with a tutorial, please use the forum to ask for help. There's even this statement above the comment area: "Please do not use the comment function to ask for help! If you need help, please use our forum."

From: Webcyclopedie at: 2010-06-12 08:44:29

Thanks for this, it works perfectly for me on Debian Lenny 5.0.4 64 Bits.

Keep your good work.

From: Anonymous at: 2010-06-01 07:36:03

This article is absolutely worthless, and I'm disappointed that this site is even displaying it.

 It appears the author just copied, word for word, the same article for Debian Etch and claimed it worked for Debian Lenny. Well, it doesn't. 

 As others have pointed out, at the end of this article you end up with a server that isn't running php at all- instead it's just serving out the source code directly. Despite people bringing this up the original author hasn't bothered updating or even responding to the comments.

 This article should be erased until someone who is actually going to bother testing what they write gives it a go.

From: Heine Deelstra at: 2011-01-15 10:43:20

Debian Lenny comes with a default vhost with /var/www as its document root.

 By accessing the server via this default vhost (using ip for example), it is then possible to download scripts from the other vhosts, by simple path traversal.

 The default vhost must be disabled.

From: Christoph at: 2011-02-22 00:01:42

Hi, what file permissions are to be set for the directories up to the website directory? I had permanent "permission denied" errors until I made the directories world readable.

 But is this still safe?

 The problem is, that the Apache itself has to get to the web page directory, if he doesn't belong to the users group or if the permissions are not set world-readable it cannot get there.

 I think I maybe misunderstood something?

 

From: Anonymous at: 2011-07-30 11:44:00

fcgid lack the external fastcgi server feature, which means you cannot connect to php-fpm, the official php solution for fastcgi. If you don't wanna use php-fpm, that's fine. you can use fcgid to manage the processes, but you will lose the benefits which php-fpm can bring you and let you enjoy fastcgi. e.g. fastcgi_finish_request(), let you finish the request and do other server-side work.

From: traxxus at: 2010-08-19 20:18:43

VERY good tutorial. The only one which works correctly after.


THUMBS UP!!

From: Nikolay at: 2010-09-12 14:11:59

Hello,

very good tutorial. The only problem I have is that with a simple php script

<?php
$a = `cat /etc/passwd`;
echo $a;
?>

I can read anywhere on the hard disk where I have permission to read.Yes, I cannot read the other vhosts' files, but there are more interesting places I can check for clear text password and so on.

Adding open_basedir = /var/www/ does not stop the code above from being executed successfully.

Thanks,
Nikolay

From: mami at: 2011-03-03 21:13:35

Hi

Very good and prof tutorial. I have one question how i can enable php-cgi to others users system $home/public_html/ ? Can you added this example ?