for very long time I'm trying to set up apache server on ubuntu with multiple hosts and somehow it just doesn't want to work for me.
My general goal: Hosting multiple websites with apache and using chrooted php and ftp. For ftp it's not a problem using vsftpd but PHP seems to be a problem.
In the current configuration without chroot php can access to files using scandir and thus access to other virtual hosts.
If there's a better way to solve this problem you can also make a suggestion! Trying for 2 or 3 days now to get this working.
I've set up a virtual machine for testing purpose and want to show my current configuration and hope to find some help.
I've added two hosts on my /etc/hosts: web1 and web2, thus I'm using http://web1 and http://web2 for testing.
apache config of my vhost web1:
<VirtualHost *:80>
ServerAdmin admin#yadbo.com
ServerName web1
DocumentRoot /var/www/web1/html
ErrorLog /var/www/web1/logs/error.log
CustomLog /var/www/web1/logs/logaccess.log combined
AssignUserId web1 www-data
DirectoryIndex index.php
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
AddHandler php7-fcgi-web1 .php
Action php7-fcgi-web1 /php7-fcgi-web1
Alias /php7-fcgi-web1 /usr/lib/cgi-bin/php7-fcgi-web1
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-web1 -socket /run/php/php7.4-fpm.web1.sock -pass-header Authorization
<FilesMatch \.php$ >
SetHandler php7-fcgi-web1
</FilesMatch>
</VirtualHost>
I've added also new pool for my user web1 in /etc/php/7.4/fpm/pool.d/web1:
[web1]
listen = /run/php/php7.4-fpm.web1.sock
access.log = /var/www/web1/logs/$pool.access.log
prefix = /var/www/web1/
chroot = $prefix
chdir = /
user = web1
group = www-data
listen.owner = web1
listen.group = www-data
listen.mode = 0660
php_value[session.save_path] = /sessions
pm=dynamic
pm.max_children=5
pm.start_servers=2
pm.min_spare_servers=1
pm.max_spare_servers=3
That's pretty much all I got as configuration. I've also tried to add some softlinks in /var/www/html to make the sockets accessable and adapted the links but it still doesn't work...
In current configuration which I've used I get 404 for every php file and thus it claims it can't find e.g. /index.php 404.
I know I'm missing something due to chroot. But I'm new to this topic and have really difficulties at setting up this construction.
I really hope I can find help here.
Thank you in advance for your time!
FPM runs its own process, not as part of the apache process (mod_fcgid).
Related
I'm setting up a windows server 2019 with apache 2.4 and PHP 5.6.
I was able to load the phpinfo in the browser with localhost.
I am trying to get the sites to open up in an htdocs folder on another drive (D:) using an alias that, according to our networking team is quoting, "DNS is set up correctly pointing to newprod.company.name.com", with "newprod" being the acutal alias.
In my httpd.conf file, I have the following settings:
Define SRVROOT "c:/Apache24"
ServerRoot "${SRVROOT}"
Listen 80
The above is pointing at the C: drive where Apache24 is located.
LoadModule rewrite_module modules/mod_rewrite.so
I have the above module uncommented. There are several other modules that have been uncommented, but the one above seems to be one of the main modules that, according to various Apache setup tutorials, is the main module.
ServerAdmin my.company#company.com
ServerName newprod.company.name.com:80
ServerName Localhost:80
According to various tutorials, the above seems to be accurate. I have compared my previous httpd.conf files, and they work using very similar configurations, including Localhost:80.
DocumentRoot "D:/htdocs"
<Directory "D:/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
The main part to focus on above the D:/htdocs. This is where I figured the sites should be opening from, as well as opening using the alias.
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
The above is typical for an Apache setup, per various tutorials.
<VirtualHost newprod.company.name.com:80>
ServerName newprod.company.name.com
Redirect / http://newprod.company.name.com/
</VirtualHost>
I use the above on another server (with a different alias) without any issues.
PHPIniDir "C:/PHP5.6"
AddHandler application/x-httpd-php .php
LoadModule php5_module "C:/PHP5.6/php5apache2_4.dll"
Then finally, the above is to ensure Apache will read PHP.
I have two other servers that are loading the sites with their own aliases with no problem. I literally went line for line trying to ensure everything matches. The only things that don't match is the PHP configurations at the bottom of the file. My other two servers are using PHP 7.4, while the problem server is using PHP 5.6.
Why aren't my sites loading using the alias I provided?
If you're using
ServerName newprod.company.name.com:80
ServerName Localhost:80
in main httpd.conf (or main apache config file), get rid of
ServerName Localhost:80
The vhost configuration
<VirtualHost newprod.company.name.com:80>
ServerName newprod.company.name.com
Redirect / http://newprod.company.name.com/
</VirtualHost>
is probably going to create a redirect loop: if that's all the configuration inside the virtualhost, get rid of it: it's useless.
Is port 80 on your apache server reachable from another pc? Are you able to telnet from a pc in the same lan on po 80 of apache server? Have you checked if the firewall is dropping the first syn packet?
After days of intensive search to solve my problem, I couldn't get anything that worked, so here it is.
I‘m running a chrooted php with FastCGI and php-fpm (under Ubuntu 16.04 with php7), which works well, however I get the expected DNS resolution problem, for example when trying to file_get_content : file_get_contents(): php_network_getaddresses: getaddrinfo failed.
I looked online quite a bit and here's what i've already tried (without success) :
I used the methods described here, and also tried to adapt this tutorial in order to copy all the libraries used by php, and of course copied hosts and resolv files
I also tried to use nscd to link hosts file inside and outside the chroot by mounting it inside the chroot at /var/run/nscd
I also got some SSL issues, so I downloaded this certificate and put it where the default php-curl certificate was probably missing (found after openssl_get_cert_locations() : ["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem)
edit: This doesn't seem to do much as phpinfo() returns no value for the certs files (see), so maybe I should tweak a bit openssl config file but I really don't know what to look for.
Using debootstrap (or other programs like this) is not an option for me, because it creates a too large chroot, and I'm willing to keep it lightweight and fast to create as I could have many chroots running on one machine.
Plus, here are my config files, however I doubt the problem to be here because most php functions work well under chroot :
Default php-fpm pool:
[${username}]
user = ${username}
group = www-data
listen = /run/php/php7.0-fpm.${username}.sock
listen.owner = ${username}
listen.group = www-data
pm = ondemand
pm.max_children = 20
pm.process_idle_timeout = 10s
pm.max_requests = 250
chroot = /var/www/${username}
chdir = /
Default apache virtualhost file :
<VirtualHost *:80>
ServerName www.${domain}
ServerAlias ${domain}
ServerAdmin webmaster#${domain}
DocumentRoot /var/www/${username}/var/www/${username}
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi-${username} .php
Action php7-fcgi-${username} /php7-fcgi-${username} virtual
Alias /php7-fcgi-${username} /usr/lib/cgi-bin/php7-fcgi-${username}
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-${username} -socket /var/run/php/php7.0-fpm.${username}.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
</VirtualHost>
Thanks !
Under Ubuntu 16.04, you need at least these files in your chroot:
etc/resolv.conf
lib/libnss_dns.so.2
You can hardlink to prevent using extra disk space (only works when the chroot is on the same partition as /lib):
ln --logical /lib/x86_64-linux-gnu/libnss_dns.so.2 /chroot/lib
If it still fails (future Ubuntu?) you can debug the issue by running strace -e file -fp $(pgrep fpm)
I have set up a default Apache + php-fpm and the setup below works. Is it good enough for running hosting on or is there modules I'm missing?
I'm just trying to learn how it all works together and how to create user separation/isolation - so that files created on a vhost on server is owned by that user and not apache/www (system users). I also want to be able to have several php-fpm pools.
The way I have set it up, kind of works by having one php-fpm pool per user. All files managed by this vhost is owned by the user I have put into the fpm-pool-config. But I would need to create a lot of ports and one /etc/php-fpm.d/test99com.conf per user.
Is the setup below safe? I notice cPanel have user-section in their vhost and I only have it in my php-fpm.
I would also know how to limit the vhost by memory: For instance max 256 MB.
Note that I only intend to host PHP-software (no cgi/perl).
Apache httpd.conf
<VirtualHost *>
DocumentRoot "/home/test99/public_html"
ServerName test99.com
<FilesMatch \.php$>
#SetHandler application/x-httpd-php
SetHandler "proxy:fcgi://127.0.0.1:9001"
</FilesMatch>
<Directory "/home/test99/public_html">
allow from all
Options None
Require all granted
</Directory>
</VirtualHost>
php-fpm.d/test99no.conf
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[test99]
user = test99
group = test99
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
I am running Apache 2.2.26 with PHP 5.4.24 on Mac OS X 10.9.4. I have several virtual hosts running on this system, and all of them run successfully. I'm trying to add environment variables to one of the virtual hosts, and I don't want them to be in .htaccess so my only option is adding them to the in httpd-vhosts.conf.
The problem is that the environment variables don't appear after I install them in the httpd-vhosts.conf file (and, of course, after I restart Apache "sudo apachectl restart"). If, however, I add them to .htaccess (just for comparison purposes), they appear just fine. What am I missing?
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mysite.local
DocumentRoot "/path/to/mysite.com"
SetEnv siteid 1234
ErrorLog "/var/log/apache2/mysite.local-error_log"
</VirtualHost>
I've also double-checked my php.ini file to be sure there's nothing prohibitive there, and the only relevant line looks good:
variables_order = "GPCSE"
Again, just to be clear, my virtual hosts RUN FINE. It's just that the environment variables don't appear when called in my PHP code. I've tried each of these three commands:
echo $_SERVER["siteid"];
echo getenv("siteid");
echo apache_getenv("siteid");
What can I be doing wrong??
This has been an excruciating quest for me, but I have found a very simple yet obscure answer. First of all, let me clarify my earlier question, that what I didn't realize is my Mac runs OS X Server, which has effectively altered the way Apache runs on my system.
With that said, below is the equivalent httpd-vhosts.conf file PER VIRTUAL HOST installed on my system via OS X Server application.
/Library/Server/Web/Config/apache2/sites/0000_any_80_mylocalsite.conf
Clearly, "80" is the port for regular http requests and "mylocalsite" is the name of the local virtual host that I created (within the OS X Server application). Now that this file has been produced by OS X Server, I can now edit it as follows:
sudo vi /Library/Server/Web/Config/apache2/sites/0000_any_80_mylocalsite.conf
Which opened a config file looking similar and almost exactly like a normal httpd-vhosts.conf file (note the SetEnv testid "1234" line which is the solution I have been searching for, and this can only be done manually and not through the OS X Server application)...
<VirtualHost *:80>
ServerName mysite.local
ServerAdmin admin#example.com
DocumentRoot "/my/local/docroot/path/to/mysite.com"
SetEnv testid "1234"
DirectoryIndex index.html index.php /wiki/ /xcode/ default.html
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine Off
SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProxyEngine On
SSLProxyProtocol -ALL +SSLv3 +TLSv1
</IfModule>
<Directory "/my/local/docroot/path/to/mysite.com">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride All
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Deny from all
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
</VirtualHost>
PLEASE, I hope this helps someone else someday. I have spent far too much time searching for this solution, only to stumble on it in brute-force tactics, and I would like to know this hopefully saves someone hours of searching themselves.
In order for me to be able to run a Zend Framework project on my local development machine, I made changes to Apache's \etc\apache2\httpd.conf and the openSUSE system's \etc\hosts files. I set up a test3.local alias for an individual Zend project, and things seem to "work".
Before I started fiddling with things, I could access phpMyAdmin simply by entering http://localhost/phpMyAdmin/ in my browser. And if I take away my changes, that once again works.
Using this answer as a basis, I tried to set up an additional virtual host specifically for phpMyAdmin, hoping to "solve" this problem. But right now if key in the virtual host name, admin.local, that I intend to take me to phpMyAdmin, I get a 403 error like this:
(source: willmatheson.com)
Here is my present httpd.conf:
### Virtual server configuration ############################################
IncludeOptional /etc/apache2/vhosts.d/*.conf
<VirtualHost *:80>
ServerName test3.local
DocumentRoot /home/william/public_html/ZendTest3/public
SetEnv APPLICATION_ENV "development"
<Directory /home/william/public_html/ZendTest3/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName admin.local
DocumentRoot /var/lib/mysql/phpMyAdmin
# This gives permission to serve the directory
<Directory /var/lib/mysql/phpMyAdmin>
DirectoryIndex index.php
Options None
AllowOverride All
# This allows eveyone to access phpmyadmin, which you may not want
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>
and hosts:
127.0.0.1 localhost
127.0.0.1 local
127.0.0.1 test3.local
127.0.0.1 admin.local
Ideally I'd like to not have to specify a virtual host for phpMyAdmin at all, because I'm sure to muck it up, and just somehow have the settings to make the Zend project work but to also have phpMyAdmin work like it did before.
I know this question was already answered, but I thought I'd share what I did to overcome a similar problem, in case it helps anyone else.
My problem was:
I started to get localhost/phpmyadmin 404 error after changing the DocumentRoot folder in httpd.conf. The change I made was to change the DocumentRoot
from:
DocumentRoot "C:\Program Files (x86)\Zend\Apache2/htdocs"
to:
DocumentRoot "C:\Program Files (x86)\Zend\Apache2/htdocs/a/deeper/folder"
I fixed it by changing a line in zend.conf
from:
Alias /phpMyAdmin "C:\Program Files (x86)\Zend\phpMyAdmin"
to:
Alias /phpMyAdmin "C:\Program Files (x86)\Zend\ZendServer\data\apps\http\__default__\0\phpMyAdmin\4.0.5.4_41"
Hope this helps somebody else!
Well, there's a good reason I was getting a 403 - I was digging in the wrong place. My installation of phpMyAdmin was actually in /srv/www/htdocs/phpMyAdmin. Changed that, restarted Apache (sudo systemctl restart apache2.service) and things seem to work.
If you're interested in how the heck to find files and folders on openSUSE, the following steps worked for me:
sudo zypper install findutils-locate
su
updatedb (go check your e-mail)
locate phpMyAdmin (like that, not 'phpmyadmin')