Apache2 + mod_fastcgi + suexec on debian etch
By Chty on Monday, October 29 2007, 14:49 - Permalink
I know it's difficult to find good documentation to configure apache2 with mod_fastcgi and suexec to make php websites works. This
configuration works well with Debian Etch (4.0).
Here an example of configuration.
The following suppose that your web data are in /var/www/ (there are good reason for this as we'll see later).
/var/www/toto/: the web account of toto
/var/www/toto/web/: the web dir of the toto's account
/var/www/toto/conf/php.ini: you own php.ini file
/var/www/toto/cgi-bin/php.fcgi: the fcgi file which allow to run php5-cgi with a specific php.ini file for each virtual host
First of all don't forget that mod_fastcgi and mod_fcgid are different. Difference between mod_fastcgi and mod_fcgid is mostly at license level, since some might consider mod_fastcgi not to be totally free.
Enable fastcgi and suexec:
Suexec has no configuration file, because every parameter is hardcoded. Therefore, if you need to configure suexec, do it at apache2 compile time.
Let's see how...
AP_DOC_ROOT is set to "/var/www", which is the reason you would want to put your files in /var/www/. You cannot just ignore this fact; if this directory is inconsistently set, it just won't work. If you want to change this directory, you must recompile apache2 with your own configuration.
/var/www/toto/cgi-bin/php.fcgi:
fastcgi.conf: (in /etc/apache2/mods-available/ for Debian)
Let's configure (in /etc/apache2/sites-available/ for debian etch) a virtual host for toto:
restart apache2 :
A maximum of four php5-cgi will be launched when the first visitor will visit the website. They would be killed after a timeout of 240 seconds of inactivity, as set in fastcgi.conf.
It should work.
Please tell me know if you are aware of issue that may arise with such a configuration.
/var/www/toto/: the web account of toto
/var/www/toto/web/: the web dir of the toto's account
/var/www/toto/conf/php.ini: you own php.ini file
/var/www/toto/cgi-bin/php.fcgi: the fcgi file which allow to run php5-cgi with a specific php.ini file for each virtual host
First of all don't forget that mod_fastcgi and mod_fcgid are different. Difference between mod_fastcgi and mod_fcgid is mostly at license level, since some might consider mod_fastcgi not to be totally free.
Enable fastcgi and suexec:
#a2enmod fastcgi
#a2enmod suexecSuexec has no configuration file, because every parameter is hardcoded. Therefore, if you need to configure suexec, do it at apache2 compile time.
Let's see how...
#/usr/lib/apache2/suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"AP_DOC_ROOT is set to "/var/www", which is the reason you would want to put your files in /var/www/. You cannot just ignore this fact; if this directory is inconsistently set, it just won't work. If you want to change this directory, you must recompile apache2 with your own configuration.
/var/www/toto/cgi-bin/php.fcgi:
#!/bin/sh
PHPRC="/var/www/toto/conf/"
export PHPRC
PHP_FCGI_CHILDREN=4
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=200
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php5-cgifastcgi.conf: (in /etc/apache2/mods-available/ for Debian)
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
FastCgiWrapper /usr/lib/apache2/suexec
FastCgiIpcDir /var/lib/apache2/fastcgi
FastCgiConfig -singleThreshold 1 -autoUpdate -idle-timeout 240 -pass-header HTTP_AUTHORIZATION
</IfModule>
See http://www.fastcgi.com/ if you want to know about all the options possible in fastcgi.conf.Let's configure (in /etc/apache2/sites-available/ for debian etch) a virtual host for toto:
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin webmaster@toto.org
ServerName toto.org
DocumentRoot /var/www/toto/web/
SuexecUserGroup UserName GroupName
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/toto/web/>
Options -Indexes FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/toto/cgi-bin/
<Directory "/var/www/toto/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
AddHandler php-fastcgi .php
AddType application/x-httpd-php .php
DirectoryIndex index.html index.php
Action php-fastcgi /cgi-bin/php.fcgi
ServerSignature On
</VirtualHost>
This virtual host can be enabled in /etc/apache2/sites-enabled/ by creating a symbolic link.
Make sure to set appropriate rights for /var/www/toto/ you set in the virtual host (SuexecUserGroup), since php5-cgi will be executed with these rights.
Make sure to set appropriate rights for /var/www/toto/ you set in the virtual host (SuexecUserGroup), since php5-cgi will be executed with these rights.
restart apache2 :
#/etc/init.d/apache2 restartA maximum of four php5-cgi will be launched when the first visitor will visit the website. They would be killed after a timeout of 240 seconds of inactivity, as set in fastcgi.conf.
It should work.
Please tell me know if you are aware of issue that may arise with such a configuration.
