Re: suPHP - secure/reliable?
From: Sam Nilsson (lists_at_servingpeace.com)
Date: 11/03/05
- Previous message: Todd: "sysinstall install.cfg questions"
- In reply to: jonas: "Re: suPHP - secure/reliable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 03 Nov 2005 10:53:09 -0800 To: jonas <jonas@schiebtsich.net>
jonas wrote:
> I'd be really intrested to hear some few details about installation through
> the ports. From what I saw in the FastCGI documentation you need to do some
> strange configuration changes to your httpd.conf, so that .php files are
> properly passed to the FastCGI handler and that they'll be executed under the
> correct user. Could you share a quick overview what you did to get this up
> and running, apart from makeing install?
>
> Thanks!
Sure. Here is the basic method that I used to build apache2 with suexec,
fastcgi, and php5. These instructions come from my notes, so there are
probably some mistakes and typos. Setting this stuff up is a process:
-- Install Ports:
Edit /usr/local/etc/pkgtools.conf. Add the following to the MAKE_ARGS
section:
'www/apache2*' => 'WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www
SUEXEC_USERDIR=public_html',
'www/mod_fastcgi*' => 'WITH_APACHE2=yes',
'www/php5-cgi*' => 'WITH_FASTCGI=yes',
$ portupgrade -pNi www/apache2
$ portupgrade -pNi www/mod_fastcgi
$ portupgrade -pNi www/php5-cgi
-- Setup Apache:
Add the following to the /usr/local/etc/apache2/httpd.conf - global section
FastCgiIpcDir /usr/local/fastcgi-ipc
FastCgiWrapper sbin/suexec
Edit any virtual hosts in httpd.conf following this example:
<VirtualHost *:80>
ServerName virtual-domain.tld
DocumentRoot /usr/local/www/virtual/virtual-domain.tld/public_html
...
SuexecUserGroup username groupname
# alternatively
# SuexecUserGroup #userid #groupid
AddHandler php-fastcgi .php
Alias /cgi-bin/ /usr/local/www/virtual/virtual-domain.tld/cgi-bin/
<Location /cgi-bin/php>
SetHandler fastcgi-script
Options ExecCGI
</Location>
Action php-fastcgi /cgi-bin/php
AddType application/x-httpd-php .php
Other Apache Config Issues
In order for php to work with this setup, each virtual host must have
its own cgi-bin directory.
* The cgi-bin directory must be owned by the customer's uid and gid
(from /etc/passwd).
* All cgi scripts must be owned by the customer's uid/gid.
* The cgi-bin directory must contain the following script which
must also be owned by the customer's uid/gid.
$ cat /usr/local/www/virtual/virtual-domain.tld/cgi-bin/php
#!/bin/sh
PHPRC="/usr/local/etc/php/php.ini" # or any custom php.ini file
export PHPRC
#PHP_FCGI_CHILDREN=4
#export PHP_FCGI_CHILDREN
exec /usr/local/bin/php
---- Now you can run a script like /usr/local/www/virtual/virtual-domain.tld/public_html/test.php and it will be run using suexec and fastcgi. It doesn't matter who owns the test.php script file, just the ownership of /cgi-bin and /cgi-bin/php. If you want to run normal cgi scripts from public_html, then the script and its parent directory must be owned exactly as indicated by the SuexecUserGroup directive. Let me know if you need any clarifications or if you have any more questions. - Sam _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Todd: "sysinstall install.cfg questions"
- In reply to: jonas: "Re: suPHP - secure/reliable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
