I set up a virtual host that uses mod_suexec to run PHP scripts as a different user than www-data.
<VirtualHost *:80>
ServerName my.server.com
DocumentRoot /srv/my-site
SuexecUserGroup webconfig webconfig
</VirtualHost>
However, when I create a directory or a file (mkdir, file_put_contents), those files/dirs have www-data as an owner. I also can not read files that are only readable by webconfig.
I also noticed this strange behaviour: This php file:
echo get_current_user()."\n";
echo `whoami`."\n";
echo exec('whoami')."\n";
produces the following output:
webconfig
www-data
www-data
mod_php5 is actually incompatible with mod_suexec. As described in this article, you have to use mod_suphp and php-cgi instead. The downside is that this decreases performance.
A simple solution that works for Ubuntu is
apt-get install -y suphp-common, libapache2-mod-suphp
a2dismod php5
a2enmod suphp
The linked article describes how to use mod_php5 for some vhosts and mod_suphp for others.
Related
On my local dev maschine (Ubuntu), I have apache2 and different php version to develop different projects, managed over Vhosts.
Is there a way to configure each vhost to use a specific (already installed) PHP version? So for example:
example1.local should use PHP 7.4
example2.local should use PHP 8.0
example3.local should use PHP 8.0
example4.local should use PHP 5.6
Currently, I am always running for example sudo a2enmod php{X} & sudo a2dismod php{Y} & sudo service apache2 restart to switch versions, which is really anoying.
I see you are using Apache. So you can use a .htaccess file and add there
AddHandler application/x-httpd-php74 .php
In this way your vhost uses php version 7.4
or with normal apache configuration
<VirtualHost *:80>
ServerAdmin webmaster#example.com
ServerName example.com
ServerAlias www.example.com
<IfModule mod_fastcgi.c>
AddHandler php74-fcgi .php
</IfModule>
</VirtualHost>
right now I'm installing or new apache2 webserver with PHP-FPM, because the old one is running with mod_php.
I found different Tutorials at the internet, unlikely most of them 1-2 years old. Most of them use:
libapache2-mod-fastcgi in combination with Apache and PHP-FPM.
At the Ubuntu 18.04 Repository this package is not available, just the package:
libapache2-mod-fcgid
Which of them can I use now ? Or what is the difference between both of them ? Unfortunately I cant really find a good explanation at the internet.
Furthermore I often read about
mod_proxy_fcgi
does that mean I dont need the libaapche2-mod-f... packages anymore ? ?
Right now I installed everything like this and it works, but I'm not sure If this is the right way:
a2enmod actions fastcgi alias proxy_fcgi
apt install php-7.2 php7.2-fpm php7.2-gd php7.2-mysql php7.2-curl php7.2-xml php7.2-zip php7.2-intl php7.2-mbstring php7.2-bz2 php7.2-json php7.2-apcu php7.2-imagick
a2enmod actions fastcgi alias proxy_fcgi
vHost:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
PHP-FPM is running (see picture of info.php):
PHP-FPM Working
And what is the difference between:
SetHandler and FastCgiExternalServer and ProxyPassMatch ^/(..php(/.)?)$ fcgi://127.0.0.1:9000/path/to/your/documentroot/$1
?
I've got the feeling, that every tutorial is telling me something different and I cant really figure out what the best practice is in 2018 with Ubuntu2018.
I know this is an old question but I wanted to give an updated response.
As of the release of php5.3.3 (in 2010) a lot has changed.
Some great info can be found on the Apache HTTP Server Wiki
The short answer (Note: replace php7.2 with the version you have installed) as to how to install only PHP-FPM on an Ubuntu apache2 server is:
# Install php-fpm:
apt install php-fpm
# Disable mod_php (Apache Handler API):
a2dismod php*
# Enable Apache Modules/Configs required by fpm:
a2enmod proxy_fcgi setenvif
a2enconf php7.2-fpm.conf
# Restart the services:
systemctl restart php7.2-fpm.service systemctl restart apache2.service
You are also going to need to change from using Pre-fork as your Multi-Processing Module (MPM) if you are going to run PHP-FPM. Here are some instructions.
Detailed Explanation:
There are basically 3 different Server API's that can be installed with PHP: Apache Handler, FPM, or CGI.
Looking at the different config files can help to understand what you may have installed on your system.
Currently on Ubuntu 18.x with php7.x the following php.ini files get created depending on what you have installed:
/etc/php/7.2/cli/php.ini
This is the PHP-CLI program for running php on the command line.
This is included whenever you install FPM, CGI, or the Apache Handler.
You could install it directly with:
apt install php-cli
To find all the config files being used for PHP-CLI you can run:
php --ini
/etc/php/7.2/apache2/php.ini
This is the PHP plugin used by Apache. It will be found in /etc/apache2/mods-available/php7.2
If you have not installed PHP-FPM or PHP-CGI then this is the file that contains your webserver settings.
To find all the config files you need to create a phpinfo() file in the website root directory.
To install you must also enable mod_php from within Apache.
apt install libapache2-mod-php
a2enmod php7.2
/etc/php/7.2/fpm/php.ini
This is the FastCGI Process Manager. It is a wrapper for PHP processing and runs as a standalone process on the system (unlike the Apache PHP plugin).
You will only have this directory if you have installed PHP-FPM.
In this case it will be the place to make config changes for your webserver and takes the place of the apache2/php.ini file.
To find all the config files you need to create a phpinfo() file in the website root directory.
Running PHP as a fastCGI process server with PHP-FPM requires using the apache module mods-enabled/mod_proxy_fcgi it is enabled along with php-fpm.
Installing php-fpm will also configure apache with with conf-enabled/php7.2-fpm.conf that sets up FPM to run as a unix domain socket.
apt install php-fpm
a2enmod mod_proxy_fcgi
/etc/php/7.2/cgi/php.ini
This is a third way PHP could be installed. It is the legacy way of running PHP based applications as opposed to the newer PHP-FPM.
mod_fcgid is a high performance alternative to mod_cgi or mod_cgid
It would also be taking the place of the php.ini in either the Apache Plugin or PHP-FPM.
To find all the config files you need to create a phpinfo() file in the website root directory.
Again, it comes with it's own apache module and configuration: mods-enabled/fcgid.conf mods-enabled/fcgid
apt install libapache2-mod-fcgid
a2enmod fcgid
Here's my vhost for Apache connecting to FPM using mod_proxy_fcgi (apparently the recommended setup, although don't ask me for specifics!):
<VirtualHost *:80>
ServerName awesome.scot
ServerAlias localhost
DocumentRoot /var/www/html/public
<Directory "/var/www/html">
DirectoryIndex index.php
FallbackResource /index.php
Options -Indexes +FollowSymLinks
AllowOverride FileInfo All
Require all granted
</Directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://php:9000/var/www/html/public/$1
</VirtualHost>
in the conf, I also have these on:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
If you use XDebug, you'll need to change it's port to 9001 since 9000 is now taken.
If you need to see more config, check out my Docker LAMP stack config here https://github.com/delboy1978uk/lamp
I bought VPS and installed on it Laravel, main page working normal and I getting subtitle "Laravel 5" but when I created test page, in route file:
Route::get('/test', function() {
return 'test' ;
});
I getting this:
Not Found
The requested URL /test was not found on this server.
Apache/2.4.7 (Ubuntu) Server at plerp.net.pl Port 80`
I chmod storage folder on 777.
`
ServerName www.plerp.net.pl
DocumentRoot /var/www/laravel/public
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/laravel>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
`
I think your web server does not have the rewrite module activated. Try this (beware, Apache only instructions below):
sudo a2enmod rewrite (for Debian/Ubuntu family)
sudo ln -s /etc/httpd/mods-available/rewrite.load /etc/httpd/mods-enabled/ (for Red Hat / CentOS family)
It might not be installed, in which case you'll need to search for it in the distribution's repositories:
sudo apt search apache rewrite for deb-based distros
sudo yum search httpd rewrite for rpm-based or sudo dnf search httpd rewrite for Fedora 21+
then install it with
sudo apt install <name-of-package> for deb-based
sudo yum install <name-of-package> for rpm-based (replace yum with dnf for Fedora 21+)
You might want to double check on file and folder permissions, most probably all you need to do is to chown the respective folder under the web server's user.
Okay, going slightly crazy trying to figure this out. (I have read hundreds of questions/answers, and google articles, but none have answered it)
I have just changed from using mod_php to using PHP through FastCGI and fpm, using the method described in this question, purely because I was under the impression it was 'easy' to specify php.ini files for individual vhosts using this set-up.
What I'm pulling my hair out over, is how can I specify a custom PHP ini file each vhost uses?
Luckily, It's only on my test rig so far ... But I am hoping to do the same on my production server if I can ever figure this out
I thought I may as-well post the whole process I took to configure fpm with pools, as #ChristianM mentioned, because I've not yet found a full explanation on how to do it.
The first part of this is mostly a copy of an AskUbuntu post:
https://askubuntu.com/questions/378734/how-to-configure-apache-to-run-php-as-fastcgi-on-ubuntu-12-04-via-terminal/527227#comment905702_527227
The last part is how to configure pools, and get the vhost to use the relevent pool settings
Here it goes:
Install the apache mpm worker (Explanation of prefork/wroker and event at http://www.vps.net/blog/2013/04/08/apache-mpms-prefork-worker-and-event/):
sudo apt-get install apache2-mpm-worker
Install fastcgi and php5-fpm:
sudo apt-get install libapache2-mod-fastcgi php5-fpm
Now enable mods you need, and disable those you don't:
sudo a2dismod php5 mpm_prefork
sudo a2enmod actions fastcgi alias mpm_worker
Create the php5.fcgi file and give the webserver permission to use it.
sudo touch /usr/lib/cgi-bin/php5.fcgi
sudo chown -R www-data:www-data /usr/lib/cgi-bin
Create a global config for php5-fpm
sudo nano /etc/apache2/conf-available/php5-fpm.conf
paste in the following (we'll use a socket instead of IP address)
<IfModule mod_fastcgi.c>
AddHandler php5.fcgi .php
Action php5.fcgi /php5.fcgi
Alias /php5.fcgi /usr/lib/cgi-bin/php5.fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5.fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization -idle-timeout 3600
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
Note: Ensure all configs follow the same new 'Require all granted'/'Require all denied' syntax ... Otherwise you'll feel the pain after restarting ...
Enable the php5-fpm conf
sudo a2enconf php5-fpm
Restart apache and fpm
sudo service apache2 restart && sudo service php5-fpm restart
This setup essentially creates a global fastcgi configuration for php, which uses the file /etc/php5/fpm/php.ini file.
If you have multiple vhosts, that are going to need different php configurations, continue with the example below
First, within the /etc/php5/fpm/pool.d dir, you will find the default www.conf file. Copy this, naming it something relevent:
sudo cp /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/domain2.conf
Edit this file, changing the pool name:
[...]
[domain2]
[...]
And change name of the listen socket to something relevent:
[...]
listen = /var/run/php5-fpm-domain2.sock
[...]
Then copy the /usr/lib/cgi-bin/php5.fcgi file, again naming it something relevent:
cp /usr/lib/cgi-bin/php5.fcgi /usr/lib/cgi-bin/php5-domain2.fcgi
Now you're ready to add the mod_fastcgi module to the domain2 vhost. It's almost the same as the one described above, but notice the changes for 'Alias','FastCgiServer' and '-socket'
<VirtualHost *:80>
ServerName domain2.com
[...]
<IfModule mod_fastcgi.c>
AddHandler php5.fcgi .php
Action php5.fcgi /php5.fcgi
Alias /php5.fcgi /usr/lib/cgi-bin/php5-domain2.fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-domain2.fcgi -socket /var/run/php5-fpm-domain2.sock -pass-header Authorization -idle-timeout 3600
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
[...]
</VirtualHost>
Restart apache and fpm
sudo service apache2 restart && sudo service php5-fpm restart
Now to test changes.
In your new /etc/php5/fpm/pool.d/domain2.conf file, add a php value change (I've chosen the session.name value):
[...]
php_admin_value[session.name] = 'DOMAIN2'
[...]
Now test the configuration before restarting fpm:
sudo php5-fpm -t
It will tell you if the configuration fails, but more importantly will tell you if your configuration is fine. Then you can go ahead and restart fpm:
sudo service php5-fpm restart
And finally, if you want to be super sure the php value has been set, create info.php within your site, and just add:
<?php
phpinfo();
?>
Unfortunately it is not possible to set a php.ini file per vhost. What you can do is configure different php-fpm pools and give each a set of php configuration values that set/override something from the (shared) default config. See fpm configuration on how to do that.
Example config with different pools
Moved a php / xml program that submits online forms that sends email of the results to designated recipients as pdf attachment.
System WORKS FINE on Amazon EC2 (and other basic hosting accounts), but breaks on Google's GCE.
Moved to Google Compute Engine GCE and cannot figure out or get past this error.
No email is sent. It makes it to the thank you page with the php error in the page head of:
Could not access file: /var/www/html/temp/98r34prqp98ipjqoipe9898jo.pdf
All paths and config paths are correct and have been looked at a million times.
All users, including apache, root, my user have been assigned to group www who has -R 775 permissions in the /var/www.
/temp has been 777'd.
Also:
sudo su
chown -R root:www /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} +
find /var/www -type f -exec chmod 0664 {} +
Have also tried the above where I chown'd every user and then tested, root:www, apache:www, myuser:www ... no luck.
Other things done:
Installed apache, php, postfix, php-gd, php-pear, mod_ssl
(no database is used)
Apache has been restarted a million times.
httpd_can_sendmail --> on
Edits made to php.ini
Using PHPMailer Lite version 5.1
error_log shows no errors except a warning about time zone:
[error] [client 0x0x0x0x] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. .... blaa, blaaa ....
Possibilities/differences:
EC2 has php version 5.3.28 and GCE has php version 5.3.3
Different java versions on EC2 vs. GCE?? The system uses a .jar file.
There is some httpd.conf virtualhosts configuration that is supposed to be different on GCE?? (I've pasted some of the httpd.conf info below.
Some missing module? Here's the modules ...
[PHP Modules]
bz2
calendar
Core
ctype
curl
date
dom
ereg
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
json
libxml
openssl
pcntl
pcre
Phar
readline
Reflection
session
shmop
SimpleXML
sockets
SPL
standard
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zip
zlib
Here's some of the httpd.conf info:
The system has a forced ssl in the htaccess files.
Port 443 is enabled in the firewall with 80 also via Google Developer Console
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName www.MYDOMAIN.com
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /var/www/html/
ServerName www.MYDOMAIN.com
ServerAlias MYDOMAIN.com www.MYDOMAIN.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /var/www/SSL/MYDOMAIN.cert
SSLCertificateKeyFile /var/www/SSL/MYDOMAIN.key
SSLCertificateChainFile /var/www/SSL/MYDOMAIN_intermediate.cert
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
</VirtualHost>
VERY FRUSTRATING :(
SOLVED! Evidently, on Google Compute Engine CentOS, by default, Apache is not allowed to run Java.
I had to run:
sudo setsebool httpd_execmem=1
sudo service httpd restart
Bingo!
Other side notes:
Be sure you are running the version of java that you want. Find java version via java -version. I had 1.5 running and had to run:
yum search java
to get the list of 1.6 versions to then:
sudo yum install java-1.6.0-openjdk.x86_64
In conclusion, there are three major points:
You have to allow postfix/httpd to send mail: setsebool -P httpd_can_sendmail 1
You have to use sendgrid to send mail from the GCE instance. Google Compute Engine instances are not allowed to send email :( See instructions on how to set this up.
Be sure you have the correct version of Java installed because if you just yum install java, you may end up like I did; installing 1.5 when you need 1.6. PLUS, but default, GCE doesn't allow Apache to use java. So you need to configure java it to be so with setsebool httpd_execmem=1
Hope this helps someone.