Return-Path: 
 <users-return-96236-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 62657 invoked from network); 27 Jul 2010 16:34:36 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 27 Jul 2010 16:34:36 -0000
Received: (qmail 2224 invoked by uid 500); 27 Jul 2010 16:34:33 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 2200 invoked by uid 500); 27 Jul 2010 16:34:32 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 2191 invoked by uid 99); 27 Jul 2010 16:34:32 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Jul 2010 16:34:32 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of lists@itech7.com designates
 209.85.213.173 as permitted sender)
Received: from [209.85.213.173] (HELO mail-yx0-f173.google.com)
 (209.85.213.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Jul 2010 16:34:27 +0000
Received: by yxn35 with SMTP id 35so798249yxn.18
        for <users@httpd.apache.org>; Tue, 27 Jul 2010 09:34:03 -0700 (PDT)
Received: by 10.151.5.12 with SMTP id h12mr2923931ybi.73.1280248443479; Tue,
	27 Jul 2010 09:34:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.15.73 with HTTP; Tue, 27 Jul 2010 09:33:33 -0700 (PDT)
In-Reply-To: <20278ED0BEE840438D1E4EC2C513FB4A@nmm.local>
References: <1280135426.44451.ezmlm@httpd.apache.org>
 <20278ED0BEE840438D1E4EC2C513FB4A@nmm.local>
From: Nilesh Govindarajan <lists@itech7.com>
Date: Tue, 27 Jul 2010 22:03:33 +0530
Message-ID: <AANLkTinD1QWLP9V4pAs_kfGF91OyV+4i1pzU9z5NQZTs@mail.gmail.com>
To: users@httpd.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Re: recommended setup apache/php

On Tue, Jul 27, 2010 at 7:58 PM, Hajo Locke <hajo.locke@gmx.de> wrote:
>>> On 2010-07-27 10:15, Nilesh Govindarajan wrote:
>>>>>
>>>>> If I understood your question properly, you're asking that
>>>>> /htdocs/a.php is one fastcgi app and /htdocs/b.php is another.
>>>>> If you want it this way, then you will have to add the shebang (#!)
>>>>> line to all of your scripts before <?php starts, which is not a viabl=
e
>>>>> solution if you have many php scripts which directly interact with th=
e
>>>>> public.
>>>>>
>>>>> I don't use that method, see my config below. .php is processed
>>>>> without any shebang stuff.
>>>>>
>>>>> FcgidMaxProcesses 100
>>>>> FcgidMaxProcessesPerClass 50
>>>>> FcgidFixPathInfo 1
>>>>> FcgidPassHeader HTTP_AUTHORIZATION
>>>>> FcgidMaxRequestsPerProcess 100
>>>>> FcgidOutputBufferSize 1048576
>>>>> FcgidProcessLifeTime 60
>>>>> FcgidMinProcessesPerClass 0
>>>>> FcgidIOTimeout 120
>>>>>
>>>>> ExpiresActive On
>>>>> ExpiresDefault "access plus 1 month"
>>>>>
>>>>> # This config below ensures that php is processed w/o presence of
>>>>> shebang line
>>>>>
>>>>> DirectoryIndex index.html index.php
>>>>> AddType text/html .php
>>>>> AddHandler php-fastcgi .php
>>>>> Action php-fastcgi /cgi-bin/php.fcgi
>>>>>
>>>>> <FilesMatch "\.php$">>
>>>>> =C2=A0 =C2=A0 =C2=A0 =C2=A0Options +ExecCGI
>>>>> =C2=A0 =C2=A0 =C2=A0 =C2=A0ExpiresActive Off
>>>>> </FilesMatch>>
>>>>>
>>>>> And the source code for /cgi-bin/php.fcgi:
>>>>>
>>>>> #!/bin/bash
>>>>> export PHPRC=3D/usr/local/etc/php PHP_FCGI_CHILDREN=3D0
>>>>> exec /usr/local/bin/php-cgi $@
>>>
>>> I wouldn't put that in your /cgi-bin if I were you, or anywhere it coul=
d
>>> be invoked directly. It looks unsafe.
>
>> Well it doesn't seem to work that way, see this-
>> http://www.itech7.com/cgi-bin/php.fcgi
>
> but may be your users have ftp-access to this file and can change path to
> binary?
>
> btw, thanks for your help above. iam a little bit suprised you are not us=
ing
> directive
> AddHandler fcgid-script .php
> and
> FCGIWrapper
> like shown in the docs.
> action is part of mod_actions. i thought FCGIWrapper is a "must-have"
> directive to point to binary.
> did you also do some tests with prefork vs. worker?
>
> Thanks,
> Hans
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project=
.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> =C2=A0" =C2=A0 from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

I don't know. Actually I got to know about this method of setup by
researching a lot on google. But this seems to be more secure.
Changing the stuff. Previously I was using mod_fastcgi, so I didn't
read the docs, just continued with existing setup. But even
mod_fastcgi has a wrapper directive, but I wasn't knowing about it.
Thanks to you for pointing this out.

--=20
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://www.itech7.com/a/vps

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org