After days of intensive search to solve my problem, I couldn't get anything that worked, so here it is.
I‘m running a chrooted php with FastCGI and php-fpm (under Ubuntu 16.04 with php7), which works well, however I get the expected DNS resolution problem, for example when trying to file_get_content : file_get_contents(): php_network_getaddresses: getaddrinfo failed.
I looked online quite a bit and here's what i've already tried (without success) :
I used the methods described here, and also tried to adapt this tutorial in order to copy all the libraries used by php, and of course copied hosts and resolv files
I also tried to use nscd to link hosts file inside and outside the chroot by mounting it inside the chroot at /var/run/nscd
I also got some SSL issues, so I downloaded this certificate and put it where the default php-curl certificate was probably missing (found after openssl_get_cert_locations() : ["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem)
edit: This doesn't seem to do much as phpinfo() returns no value for the certs files (see), so maybe I should tweak a bit openssl config file but I really don't know what to look for.
Using debootstrap (or other programs like this) is not an option for me, because it creates a too large chroot, and I'm willing to keep it lightweight and fast to create as I could have many chroots running on one machine.
Plus, here are my config files, however I doubt the problem to be here because most php functions work well under chroot :
Default php-fpm pool:
[${username}]
user = ${username}
group = www-data
listen = /run/php/php7.0-fpm.${username}.sock
listen.owner = ${username}
listen.group = www-data
pm = ondemand
pm.max_children = 20
pm.process_idle_timeout = 10s
pm.max_requests = 250
chroot = /var/www/${username}
chdir = /
Default apache virtualhost file :
<VirtualHost *:80>
ServerName www.${domain}
ServerAlias ${domain}
ServerAdmin webmaster#${domain}
DocumentRoot /var/www/${username}/var/www/${username}
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi-${username} .php
Action php7-fcgi-${username} /php7-fcgi-${username} virtual
Alias /php7-fcgi-${username} /usr/lib/cgi-bin/php7-fcgi-${username}
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-${username} -socket /var/run/php/php7.0-fpm.${username}.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
</VirtualHost>
Thanks !
Under Ubuntu 16.04, you need at least these files in your chroot:
etc/resolv.conf
lib/libnss_dns.so.2
You can hardlink to prevent using extra disk space (only works when the chroot is on the same partition as /lib):
ln --logical /lib/x86_64-linux-gnu/libnss_dns.so.2 /chroot/lib
If it still fails (future Ubuntu?) you can debug the issue by running strace -e file -fp $(pgrep fpm)
Related
mautic throws amazing error during installation :
The site is currently offline due to encountering an error. If the problem persists, please contact the system administrator.
so i went into server log which shows :
PHP Warning: include(): Failed opening '/var/www/myfolder/var/cache/prod/middlewares.cache.php' for inclusion (include_path='.:/usr/share/php') in /var/www/myfolder/app/middlewares/MiddlewareBuilder.php on line 82PHP message: PHP Warning - Invalid argument supplied for foreach() - in file /var/www/mauticwp/app/middlewares/MiddlewareBuilder.php - at line 84PHP message: PHP Warning: Invalid argument supplied for foreach() in /var/www/mauticwp/app/middlewares/MiddlewareBuilder.php on line 84PHP message: RuntimeException: Unable to create the "cache" directory (/var/www/myfolder/var/cache/prod). - in file /var/www/myfolder/vendor/symfony/http-kernel/Kernel.php - at line 765'
#NameVirtualHost *:8000
<VirtualHost *:8000>
ServerAdmin webmaster#localhost
ServerName somesubdomain.mydomains.com
ServerAlias www.somesubdomain.mydomains.com
DocumentRoot /var/www/some_directory
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mpm_itk_module>
AssignUserId mauticadmin www-data
</IfModule>
<IfModule mod_fastcgi.c>
AddHandler php7.4-fcgi .php
Action php7.4-fcgi /php7.4-fcgi virtual
Alias /php7.4-fcgi /usr/lib/cgi-bin/php7.4-fcgi-somesubdomain.mydomains.com
FastCgiExternalServer /usr/lib/cgi-bin/php7.4-fcgi-test.com -socket /var/run/php/php7.4-fpm-mautic.ndedges.com.sock -pass-header Authorization
</IfModule>
<Directory /var/www/some_directory>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<FilesMatch .php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>
within fpm/pool.d/www.mautic.conf. i added
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
as I have multiple PHP in the same server. I have Cloudflare configured within WordPress and redirects to HTTPS. but i am unable to use ip and port to use it.
I am completely clueless about what could be the reason.
thx
Most of the time it is Cache and Permission related Issue, In my opinion It has nothing to do with Apache configuration.
Use ps aux to identify which user owns the apache process,
Mostly it is www-data,
Make sure to chown on all directories and sub directories to change ownership to www-data.
Make sure files and directories have proper permissions for www-data, Mautic needs write access to Media, var/cache and var/logs directories.
https://tutorialsjoint.com/install-mautic/ in this tutorial checkout the section "Setting rights and permissions for Mautic Installation".
It'll work the same weather it is nginx or apache as this problem seems to be linux related only.
i also find some error
[mpm_prefork:notice] [pid 1440453] AH00163: Apache/2.4.41 (Ubuntu) mod_fcgid/2.3.9 mpm-itk/2.4.7-04 OpenSSL/1.1.1f configured -- resuming normal operations
<FilesMatch ".php$"> # Apache 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/"
this one did the job. i removed that fpm configuration but it works like a charm. actually, the same settings did not work for him but it worked for me.
ref: https://askubuntu.com/questions/1317077/apache-sethandler-not-working-with-multiple-php-version
maybe due to the apache2 version. but it has a different problem now i can access it through elastic ip and non SSL port but not with the A record.
now mautic is set with SES but i need to set a bounce endpoint with sns topic. and set a cronjob as www-data.
I was able to access with the IP not using the SSL of Cloudflare proxied A record because it doesn't support other than these ports to trust support.cloudflare.com/hc/en-us/articles/… Cloudflare only accept these ports nothing else. After changing those it was immediately turned into grey and secured. –
https://community.cloudflare.com/t/subdomains-are-not-getting-redirected-to-themselves/279745
for very long time I'm trying to set up apache server on ubuntu with multiple hosts and somehow it just doesn't want to work for me.
My general goal: Hosting multiple websites with apache and using chrooted php and ftp. For ftp it's not a problem using vsftpd but PHP seems to be a problem.
In the current configuration without chroot php can access to files using scandir and thus access to other virtual hosts.
If there's a better way to solve this problem you can also make a suggestion! Trying for 2 or 3 days now to get this working.
I've set up a virtual machine for testing purpose and want to show my current configuration and hope to find some help.
I've added two hosts on my /etc/hosts: web1 and web2, thus I'm using http://web1 and http://web2 for testing.
apache config of my vhost web1:
<VirtualHost *:80>
ServerAdmin admin#yadbo.com
ServerName web1
DocumentRoot /var/www/web1/html
ErrorLog /var/www/web1/logs/error.log
CustomLog /var/www/web1/logs/logaccess.log combined
AssignUserId web1 www-data
DirectoryIndex index.php
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
AddHandler php7-fcgi-web1 .php
Action php7-fcgi-web1 /php7-fcgi-web1
Alias /php7-fcgi-web1 /usr/lib/cgi-bin/php7-fcgi-web1
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-web1 -socket /run/php/php7.4-fpm.web1.sock -pass-header Authorization
<FilesMatch \.php$ >
SetHandler php7-fcgi-web1
</FilesMatch>
</VirtualHost>
I've added also new pool for my user web1 in /etc/php/7.4/fpm/pool.d/web1:
[web1]
listen = /run/php/php7.4-fpm.web1.sock
access.log = /var/www/web1/logs/$pool.access.log
prefix = /var/www/web1/
chroot = $prefix
chdir = /
user = web1
group = www-data
listen.owner = web1
listen.group = www-data
listen.mode = 0660
php_value[session.save_path] = /sessions
pm=dynamic
pm.max_children=5
pm.start_servers=2
pm.min_spare_servers=1
pm.max_spare_servers=3
That's pretty much all I got as configuration. I've also tried to add some softlinks in /var/www/html to make the sockets accessable and adapted the links but it still doesn't work...
In current configuration which I've used I get 404 for every php file and thus it claims it can't find e.g. /index.php 404.
I know I'm missing something due to chroot. But I'm new to this topic and have really difficulties at setting up this construction.
I really hope I can find help here.
Thank you in advance for your time!
FPM runs its own process, not as part of the apache process (mod_fcgid).
I have tried many php files like huge file, small file but any of them is not working it will load and shows 504 gateway error
I tried test.php file with one line of code it is also showing the same error
<?php echo"Hi working fine"; ?>
I think you have updated php execution time in php config but what about Nginx config?
Try updating your Nginx Config :
Step 1 : Updates for your website test.com
vim /etc/nginx/sites-available/test.com
Step 2 : Updating Execution Time
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_read_timeout 300;
}
Step 3 : Don't forget to reload to reflect changes
service php5-fpm reload
service nginx reload
Hope this helps.
I'd check in the following order:
1) If php5-fpm is running:
sudo service php5-fpm status
if it returns the process number - try telneting it:
telnet 127.0.0.1 9000
2) If telnet returns connected status - I'd start checking the /etc/nginx/sites-enabled if the config of your site is there. If it's there - check that the stuff is set up correspondingly...one of the examples of how to set up nginx with php-fpm is here:
https://www.howtoforge.com/installing-nginx-with-php5-fpm-and-mysql-on-ubuntu-14.04-lts-lemp
3) If that is ok - reload the php5-fpm and nginx and check if permissions in your site dir (typically something like /var/www/html/site.com) are set right for user www-data (the default nginx user).
If that is ok - then I can't think of anything more without seeing configs and having fingertips on machine terminal.
Hopefully this helps a bit.
Had this problem on Ubuntu 16.04 with Apache and PHP 7.0. Tried a dozen solutions, which still gave me errors, and then found https://www.howtoforge.com/tutorial/apache-with-php-fpm-on-ubuntu-16-04/ which worked for me. With PHP 7.0 and Apache 2 installed, and as superuser:
apt install libapache2-mod-fastcgi php7.0-fpm
a2enmod actions fastcgi alias
Restart Apache.
And then add the following to a copy of /etc/apache2/sites-available/000-default.conf as a child of <VirtualHost>
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
<IfModule mod_fastcgi.c>
SetHandler php7-fcgi.php
Action php7-fcgi /php7-fcgi virtual
Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php/php7.0-fpm.sock -pass-header Authorization
</IfModule>
In my case, I used a Sites directory in Home instead of /var/www/ and also had inside :
ServerName localhost
ServerAdmin me#myemail.com
DocumentRoot /home/me/Sites
If using a copy of 000-default.conf make sure to disable it with a2disconf and enable your copy with a2enconf.
I can't seem to configure HHVM and Apache, it keeps giving me a 404 file not found error. My configuration file for the website is saved as www.example.com.conf, it contains:
<VirtualHost *:80>
ServerName website.com
ServerAdmin mail#website.com
DocumentRoot /var/www/website.com/public_html/
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/website.com.com/public_html/$1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Note that I've removed my actual website name, but it's for a subdomain so it's this: subdomain.xyz.com. I've tried looking up how to fix this, but whatever I've tried doesn't seem to work; even the GitHub issues people have posted on the official repository don't seem to work. I also haven't changed the default apache configuration, the only thing I have changed is the root directory of my website which does much up to the directory in the configuration file above.
Any ideas? Thanks.
I know it's been two months already, but maybe it helps someone else (I had a similar issue occur many times when configuring HHVM + Apache2).
Try to enable the vhost if you haven't yet done so. Issue sudo a2ensite www.example.com and reload apache afterwards with sudo service apache2 reload.
If the vhost is ok and you have your browser requests visible in the vhost access log, then it means that it's not Apache2 that's the culprit there.
So if you're still with me and the first two steps didn't help, try the following, although in HHVM 3.7 it shoulnd't be the case anymore (but it might, I just follow the try-and-check method when it comes to configuring HHVM, and it usually works). Open /etc/hhvm/server.ini and append the following line to that file:
hhvm.server.fix_path_info = true
After changing the HHVM's configuration, issue sudo service hhvm restart. Then try to refresh your website. It should be all good.
I had similar issues and back then it was the most common fix on all webservers I configured to work with HHVM. But, after the latest updates, I had to comment that line out of my hhvm server.ini in order for my code to work - I read that they have somehow changed the parameters of the server and this parameter does no good anymore, AFAIK.
I have also tried to put that line in /etc/hhvm/php.ini but as far as I remember, it should go to server.ini because it's a server parameter.
So. Try it and let me know if that helped. If not then please issue the following commands on your webserver and paste the output here, so I can see if you have the necessary modules installed
ls /etc/apache2/mods-available | grep -E 'proxy|alias|fcgi|hhvm'
ls /etc/apache2/mods-enabled | grep -E 'proxy|alias|fcgi|hhvm'
Oh, and please include your full HHVM and Apache2 version output:
hhvm --version
apache2 -v
UPDATE: the following error is coming up in the Apache error logs...
[Sat Dec 08 16:41:39 2012] [error] [client 127.0.0.1]
PHP Fatal error: require_once():
Failed opening required 'Zend/Application.php'
(include_path='/Library/WebServer/Documents/quickstart/library:.:/php/includes:/Users/markmcdonnell/Dropbox/Library/PHP/ZendFramework-1.12.0/library')
in /Library/WebServer/Documents/quickstart/public/index.php on line 18
I'm using Mac OSX 10.8.2 (Mountain Lion) and I'm having problems getting the Zend framework set-up and running (just the basic QuickStart).
I'm using Apache 2.2.22
My localhost files are accessible from /Library/WebServer/Documents
I have PHP 5.3.15 running as well.
I've created a new project via the command line (using the zf.sh file) called 'quickstart' (as per the section on the Zend website recommends) and that is stored here: /Library/WebServer/Documents/quickstart
I've followed both the official Zend website instructions and also an online book about installing Zend: http://www.survivethedeepend.com/zendframeworkbook/en/1.0/creating.a.local.domain.using.apache.virtual.hosts
My php.ini (/private/etc/php.ini) file has been updated to include the path to the library folder inside the ZendFramework directory...
include_path = ".:/php/includes:/Users/<home>/Dropbox/Library/PHP/ZendFramework-1.12.0/library"
I've updated /etc/apache2/httpd.conf so it includes...
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
# Ensure "localhost" is preserved unchanged pointed
# to the default document root for our system.
<VirtualHost *:80>
ServerName localhost
DocumentRoot /Library/WebServer/Documents
</VirtualHost>
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerName quickstart.local
DocumentRoot /Library/WebServer/Documents/quickstart/public
SetEnv APPLICATION_ENV "development"
<Directory /Library/WebServer/Documents/quickstart/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
...I've also updated /etc/hosts so it includes...
127.0.0.1 localhost
127.0.0.1 quickstart.local
I'm restarting Apache using sudo apachectl graceful (I've also used sudo apachectl restart)
So if I try and now access http://localhost/ I see my /Library/WebServer/Documents directory and I can see PHP is running still with no problems. But if I try and access http://quickstart.local/ I just get an empty page?
Can any one advise as to what the problem might be, what I'm missing and what I can do to get the initial 'welcome' page to display.
I'm sure I'm just missing someone small, but it's obviously causing problem enough for the basic page not to show.
Thanks.
Mark
Just for others who may have followed this. The answer by Kamil, above, will work, but opens a security hole outside Apache's security configuration. That's fine as long as you know it and have another layer of security above Apache.
Another way to resolve the problem is to put the ZendFramework somewhere inside the root directory's hierarchy. Like:
DocumentRoot/Library/WebServer/Documents/ZendFramework-1.12.0/library
or
DocumentRoot/Library/WebServer/Documents/quickstart/public/ZendFramework-1.12.0/library
Any path that's inside the root directory of your Apache server.
Maybe a user permissions issue between the Zend files and the Apache process.
Since you can create the project using zf.sh, the Zend files are obviously there. But the fail you get via Apache suggests that the Zend files might not be accessible via the Apache process (that is, the user under which the Apache process runs).
$ chmod 0777 /Users/markmcdonnell/Dropbox/Library/PHP/ZendFramework-1.12.0/library
to test.
You could probably get away with much less expansive permissions - 0644, for example - but I confess I'm terrible at that aspect of it. ;-)