As part of a web-based project I work on, we generate new "sites" which are accessed by passing in a different parameter to $_GET. All of the sites live in /usr/local/sites. None of the sites are owned (either user or group) by the user we use (hwphp, www-data is the default apache user still), but the user is in the group so can read all files in the directories.
I have a python script that generates sites and after running it, half the time when I try and visit it by going to http://localhost/index.php?site=newsite I get File not found: /var/local/sites/newsite/config/config.ini though running PHP CLI it can find the file and hwphp user can read it just fine, just when I go through PHP-FPM/Apache it fails.
Here's my pool configuration:
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[submitty]
user = hwphp
group = hwphp
listen = /run/php/php7.0-fpm-submitty.sock
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
and my apache configuration:
<VirtualHost 192.168.56.101:80>
AddDefaultCharset utf-8
ServerAdmin ADMIN#DOMAIN.HERE
ServerName 192.168.56.101
DocumentRoot /usr/local/submitty/site/public
DirectoryIndex index.html index.php index.htm index.cgi
SuexecUserGroup hwphp hwphp
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi .php
Action php7-fcgi /php7-fcgi
Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php/php7.0-fpm-submitty.sock -pass-header Authorization
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php7-fcgi
</FilesMatch>
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
<Files .*>
Order allow,deny
Deny from all
</Files>
<Files *~>
Order allow,deny
Deny from all
</Files>
<Files #*>
Order allow,deny
Deny from all
</Files>
<Directory />
AllowOverride None
</Directory>
<Directory /usr/local/submitty/site/public>
Require all granted
Order allow,deny
Allow from all
</Directory>
LogLevel error
ErrorLog ${APACHE_LOG_DIR}/submitty.log
CustomLog ${APACHE_LOG_DIR}/submitty.log combined
</VirtualHost>
as soon as I do:
service php7.0-fpm restart
and it works fine and the file is found. Not sure why this might be as it makes no sense (and why a simple restart is what fixes it).
Server is Ubuntu 16.04, using PHP 7 and Apache 2.4, everything from the stock apt-get installs.
The issue ended up being that PHP was doing some caching of the file read which was causing the issues when trying to open the files. Doing a restart of php-fpm flushed the cache and made things just work.
Related
I am looking to run an number of Apache server which will host websites for multiple clients. I have installed the libapache2-mpm-itk module and have created unique users/groups for each clients set of files. And configured their corresponding vhost file to run the process with that user/group.
<IfModule mpm_itk_module>
AssignUserId www-client www-client1
</IfModule>
This works fine until I try to use PHP sessions. In the vhost file I have also added a custom session save path.
php_admin_value session.save_path "/var/www/html/client1/_php/session"
A PHP script is able to generate session files in the directory with the following permissions but isn't able to read them:
-rw------- www-client1 www-client1
A full example of my vhost is:
<VirtualHost *:443>
ServerName client1.com
ServerAlias client1.com www.client1.com
DocumentRoot /var/www/html/client1/www
ErrorLog /var/www/logs/client1/www-error.log
CustomLog /var/www/logs/client1/www-access.log combined
php_admin_value error_log "/var/www/logs/client1/www-error.php.log"
<Directory /var/www/html/client1/www>
Options None
AllowOverride None
Order Deny,Allow
Allow from All
</Directory>
<IfModule mpm_itk_module>
AssignUserId www-client1 www-client1
</IfModule>
php_admin_value log_errors 1
php_admin_value open_basedir "/var/www/html/client1"
php_admin_value upload_tmp_dir "/var/www/html/client1/_php/upload_tmp"
php_admin_value session.save_path "/var/www/html/client1/_php/session"
php_admin_value soap.wsdl_cache_dir "/var/www/html/client1/_php/soap_cache"
SSLEngine On
SSLCertificateFile /var/www/certs/client1/www.crt
SSLCertificateKeyFile /var/www/certs/client/www.key
</VirtualHost>
I'm running Apache 2.4.41,PHP 7.4.3 on Ubuntu 20.04 and there are no errors being outputted to any of my log files.
Any ideas/suggestions on this and further enhancements would be very much appreciated.
After a lot of Googling I have found a solution.
I also needed to ensure that php-fpm was installed and adding the following lines of configuration to the Apache VHost pointing to a unique PHP FPM socket per user fixed my issue.
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php-fpm-client1.sock|fcgi://localhost"
</FilesMatch>
My PHP FPM configuration file looks like:
vi /etc/php/X/fpm/pool.d/client1.conf
[client1]
user = www-client1
group = www-client1
listen = /run/php/php-fpm-client1.sock
listen.owner = www-client1
listen.group = www-client1
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[log_errors] = 1
php_admin_value[error_log] = "/var/www/logs/client1/php-error.log"
php_admin_value[open_basedir] = "/var/www/html/client1"
php_admin_value[session.save_path] = "/var/www/html/client1/_php/session"
bash /etc/init.d/php*-fpm restart
I also found that all php_admin_value values defined in the VHost needed to be moved to the FPM pool.
I have 2 different virtual hosts on my apache server. One of them needs php7.x and another need php5.x.
Is it possible to use project-specific PHP versions?
I have tried the following,
Running two PHP versions on the same server
but my apache server crashed saying there's some syntactical error in one of the fpm's config file.
Also I cant follow this solution since It advices to uninstall apache and start over again and I can't do that on a live server.
Is there any way to do this without uninstalling the apache server.
Thank you for your suggestions.
for windows on file httpd-vhosta.conf
<VirtualHost *:80>
DocumentRoot "d:/server/htdocs/"
ServerName localhost
ServerAlias www.localhost
<Directory "d:/server/htdocs/">
Require all granted
<Files ~ "\.php$">
AddHandler fcgid-script .php
#FcgidWrapper "d:/server/php/php-5.6.40-Win32-VC11-x64/php-cgi.exe" .php
FcgidWrapper "d:/server/php/php-7.1.24-Win32-VC14-x64/php-cgi.exe" .php
Options +ExecCGI
</Files>
</Directory>
ErrorLog "D:/server/apache/logs/error-localhost.log"
SetEnv APP_ON_LOCAL 1
</VirtualHost>
I have searched the web for days now, taking what I have found and applying it to my configuration and still cannot work with php on my local machine. I am at a total loss and frustrated to say the least!
Running on Linux Mint 18 Cinnamon 64-bit and pretty sure that Ive went over all configuration files that otherwise need to be edited in order to get php configured, I'm at a stand still! The following are my Apache2 files.
apache2.conf
ServerRoot "/etc/apache2"
The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
Mutex file:${APACHE_LOCK_DIR} default
PidFile: The file in which the server should record its process
identification number when it starts.
This needs to be set in /etc/apache2/envvars
PidFile ${APACHE_PID_FILE}
Timeout: The number of seconds before receives and sends time out.
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
And,
dir.conf
<IfModule mod_dir.c>
Directory Index index.php index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>
I keep reading references to the httpd.conf file however this file does not exist. Am I suppose to manually create my own following an installation?
All I get is the following error when navigating to http://localhost/
**Error**
Not found: vhost: localhost
In the past I never bothered creating separate sites/vhosts. All I am interested in is getting php served up when navigating to my /var/www/html directory.
Any help would be greatly appreciated!#
I have installed a new Ubuntu 16.04 server and enabled PHP-FPM using this guide. I have also enabled the userdir module (so that I can have virtual sites running from a public_html folder under /home/$user) and mod_ruid2.
One of the things that has to be done according to the first guide is to add these three lines to 000-default.conf:
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>
With the tree lines added, my conf-file looks like this:
<VirtualHost *:80>
ServerName jrrtest
RMode stat
ServerAdmin webmaster#localhost
DocumentRoot /home/jrr/public_html
ErrorLog ${APACHE_LOG_DIR}/jrrtest-error.log
CustomLog ${APACHE_LOG_DIR}/jrrtest-access.log combined
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>
</VirtualHost>
PHP is now executing as expected, but when I try to upload files using the examples on this page, it is not working. If i try to upload a file I get this error in the Apache error_log:
PHP Warning: move_uploaded_file(uploads/jorara.png): failed to open stream: Permission denied in /home/jrr/public_html/upload.php on line 38\nPHP message: PHP Warning: move_uploaded_file(): Unable to move '/tmp/phpAJsos1' to 'uploads/jorara.png' in /home/jrr/public_html/upload.php on line 38
If i remove the FilesMatch lines from 000-default.conf the upload functionality is working againg, but php is no longer executing using FastCGI as I want it to.
If I reenable the FilesMatch lines and change the owner on the uploads folder to www-data:www-data I can also get the upload functionality to work.
How can I configure PHP-FPM so that the owner of the php script can upload files to a folder owned by same owner as the script owner?
Regards,
Jørgen
After spending a couple of hours searching, I finally found a solution that seems to be working.
What I ended up doing was this.
Installed a standard Ubuntu with LAMP.
Installed these extra packages:
apt-get install libapache2-mod-fastcgi php7.0-fpm
Enabled these Apache modules:
a2enmod actions fastcgi
Created a couple of directories:
/var/www/testsite/htdocs
/var/www/testsite/phpsessions
/var/www/testsite/logs
Created a new php-fpm pool in the file /etc/php/7.0/fpm/pool.d/testsite.conf:
[testsite]
user = testsite
group = testsite
listen = /run/php/php7.0-fpm.testsite.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[session.save_path] = /var/www/testsite/phpsessions
php_admin_value[session.save_handler] = files
php_admin_value[display_errors] = Off
php_admin_value[log_errors] = On
php_admin_value[error_log] = "/var/www/testsite/logs/php_error.log"
php_admin_value[open_basedir] = "/var/www/testsite/htdocs:/usr/share/php:/tmp:/var/www/testsite/phpsessions"
In my first attempts with listen.owner and listen.group I had them set to testsite. That gave me problems accessing the socket file /run/php/php7.0-fpm.testsite.sock if I did not set listen.mode to 0666. In my (and a lot of other peoples) opinion that is a security risk. Instead I enden up setting listen.owner, listen.group and listen.mode to the above shown values which seems to be the recommend solution.
Created a site definition in the file /etc/apache2/sites-available/testsite.conf with this content:
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi-testsite .php
Action php7-fcgi-testsite /php7-fcgi-testsite
Alias /php7-fcgi-testsite /usr/lib/cgi-bin/php7-fcgi-testsite
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-testsite -socket /run/php/php7.0-fpm.testsite.sock -pass-header Authorization
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
</IfModule>
<VirtualHost *:80>
ServerName testsite
ServerAdmin webmaster#localhost
DocumentRoot /var/www/testsite/htdocs
ErrorLog ${APACHE_LOG_DIR}/testsite-error.log
CustomLog ${APACHE_LOG_DIR}/testsite-access.log combined
<Directory /var/www/testsite/htdocs>
Options -Indexes
</Directory>
<IfModule mod_fastcgi.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php7-fcgi-testsite
</FilesMatch>
</IfModule>
</VirtualHost>
Enabled the new site:
a2ensite testsite
Disabled the default php module in Apache:
a2dismod php7.0
Restartet Apache and PHP-FPM:
systemctl restart php7.0-fpm apache2
The status of php-fpm (including the new pool) can be seen with this command:
systemctl status php7.0-fpm
Created the file info.php in /var/www/testsite/htdocs with this content:
<?php
phpinfo();
?>
Accessing testsite/info.php in a browser now shows that php is running as FastCGI which is what i wanted and files can be uploaded without problems.
I am using PHP 7.0.5 and Apache 2.4.20 and I would like to run Squirrelmail.
I am getting a 403 Forbidden error when I try to access any of the squirrelmail pages like HostName/squirrelmail, HostName/squirrelmail/src/login.php or HostName/squirrelmail/src/configtest.php ect.
In my httpd.conf I have:
Alias /squirrelmail /usr/local/squirrelmail/www
<Directory /usr/local/squirrelmail/www>
Options None
AllowOverride None
DirectoryIndex index.php
Order Allow,Deny
Allow from all
</Directory>
This is due to httpd 2.4 access control has changed from the previous version
the solution is as follows
Order allow,deny Allow from all
should be replaced by:
Require all granted
then restart httpd
systemctl restart httpd
You must check the log of Apache to solve the problem, in centos 7 the logs will be in tow pathes:
/var/log/httpd/error_log
Or
/var/log/httpd/ssl_error_log
In generally Apache vhost.conf file must contain this lines:
Alias /webmail /usr/share/squirrelmail
<Directory "/usr/share/squirrelmail">
Options Indexes MultiViews
Require all granted
AllowOverride none
Order allow,deny
Allow from all
Options +SymLinksIfOwnerMatch
DirectoryIndex index.php index.html index.htm
</Directory>