httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nilesh Govindarajan <li...@itech7.com>
Subject Re: [users@httpd] Re: recommended setup apache/php
Date Tue, 27 Jul 2010 16:33:33 GMT
On Tue, Jul 27, 2010 at 7:58 PM, Hajo Locke <hajo.locke@gmx.de> wrote:
>>> On 2010-07-27 10:15, Nilesh Govindarajan wrote:
>>>>>
>>>>> If I understood your question properly, you're asking that
>>>>> /htdocs/a.php is one fastcgi app and /htdocs/b.php is another.
>>>>> If you want it this way, then you will have to add the shebang (#!)
>>>>> line to all of your scripts before <?php starts, which is not a viable
>>>>> solution if you have many php scripts which directly interact with the
>>>>> public.
>>>>>
>>>>> I don't use that method, see my config below. .php is processed
>>>>> without any shebang stuff.
>>>>>
>>>>> FcgidMaxProcesses 100
>>>>> FcgidMaxProcessesPerClass 50
>>>>> FcgidFixPathInfo 1
>>>>> FcgidPassHeader HTTP_AUTHORIZATION
>>>>> FcgidMaxRequestsPerProcess 100
>>>>> FcgidOutputBufferSize 1048576
>>>>> FcgidProcessLifeTime 60
>>>>> FcgidMinProcessesPerClass 0
>>>>> FcgidIOTimeout 120
>>>>>
>>>>> ExpiresActive On
>>>>> ExpiresDefault "access plus 1 month"
>>>>>
>>>>> # This config below ensures that php is processed w/o presence of
>>>>> shebang line
>>>>>
>>>>> DirectoryIndex index.html index.php
>>>>> AddType text/html .php
>>>>> AddHandler php-fastcgi .php
>>>>> Action php-fastcgi /cgi-bin/php.fcgi
>>>>>
>>>>> <FilesMatch "\.php$">>
>>>>>        Options +ExecCGI
>>>>>        ExpiresActive Off
>>>>> </FilesMatch>>
>>>>>
>>>>> And the source code for /cgi-bin/php.fcgi:
>>>>>
>>>>> #!/bin/bash
>>>>> export PHPRC=/usr/local/etc/php PHP_FCGI_CHILDREN=0
>>>>> exec /usr/local/bin/php-cgi $@
>>>
>>> I wouldn't put that in your /cgi-bin if I were you, or anywhere it could
>>> be invoked directly. It looks unsafe.
>
>> Well it doesn't seem to work that way, see this-
>> http://www.itech7.com/cgi-bin/php.fcgi
>
> but may be your users have ftp-access to this file and can change path to
> binary?
>
> btw, thanks for your help above. iam a little bit suprised you are not using
> directive
> AddHandler fcgid-script .php
> and
> FCGIWrapper
> like shown in the docs.
> action is part of mod_actions. i thought FCGIWrapper is a "must-have"
> directive to point to binary.
> did you also do some tests with prefork vs. worker?
>
> Thanks,
> Hans
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

I don't know. Actually I got to know about this method of setup by
researching a lot on google. But this seems to be more secure.
Changing the stuff. Previously I was using mod_fastcgi, so I didn't
read the docs, just continued with existing setup. But even
mod_fastcgi has a wrapper directive, but I wasn't knowing about it.
Thanks to you for pointing this out.

-- 
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message