| View previous topic :: View next topic |
| Author |
Message |
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
 Posted: Fri Sep 07, 2012 5:24 pm Post subject: apache + fastcgi + fpm Why is suexec required? [Solved] |
 |
|
So I have the following *WORKING* virtualhost:
| Code: |
<VirtualHost 192.168.128.20:80>
ServerName euclid.domain.tld
#LogLevel debug
ErrorLog /var/www/euclid/logs/error_log
SuexecUserGroup fastcgi www_euclid
FastCgiExternalServer /var/www/euclid/htdocs/cgi-bin -socket /var/run/php-fpm/euclid.sock -user fastcgi -group www_euclid
AddHandler php-fastcgi .php
Action php-fastcgi /cgi-bin
Alias /cgi-bin /var/www/euclid/htdocs/cgi-bin
<Location /cgi-bin>
Order Deny,Allow
Deny from All
# Prevent accessing this path directly
Allow from env=REDIRECT_STATUS
Options +ExecCGI +FollowSymLInks +SymLinksIfOwnerMatch
</Location>
DocumentRoot /var/www/euclid/htdocs
<Directory /var/www/euclid/htdocs>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
|
What I cant seem to figure out is why I need to have either/both SuexecUserGroup fastcgi www_euclid and FastCgiExternalServer with the -user fastcgi -group www_euclid flags. FPM has pooling enabled and each pool is running under its own user/group. This works correctly, no issue. If i remove SuexecUserGroup and/or the -user fastcgi -group www_euclid arguments, I get the following error and I have no idea why. Additionally what uid and gid is used to access the socket file by fastcgi? Its certainly not fastcgi:ww_euclid.
| Code: | (13)Permission denied: FastCGI: failed to connect to server "/var/www/euclid/htdocs/cgi-bin": connect() failed
FastCGI: incomplete headers (0 bytes) received from server "/var/www/euclid/htdocs/cgi-bin" |
Last edited by KWhat on Fri Sep 07, 2012 10:37 pm; edited 1 time in total |
|
| Back to top |
|
 |
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
| Posted: Fri Sep 07, 2012 10:37 pm Post subject: |
|
|
Ok I believe I have figured out what the problem was. The simple answer is; mod_fastcgi sucks. Its old, unmaintained and poorly documented. Why it keeps coming up when looking up how to run php-fpm is beyond me. Save your self the headache and just don't use it!
The real solution is rather simple:
| Code: |
<VirtualHost 192.168.128.20:80>
ServerName euclid.domain.tld
#LogLevel debug
ErrorLog /var/www/euclid/logs/error_log
<IfDefine PROXY>
#If you want to use mod_proxy (Probably the best option)
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://localhost:9000/var/www/euclid/htdocs/$1
</IfDefine>
<IfDefine FASTCGI_HANDLER>
#If you want to use mod_fastcgi_handler (3rd party)
AddHandler fcgi:/var/run/php-fpm-euclid.sock .php
</IfDefine>
DocumentRoot /var/www/euclid/htdocs
<Directory /var/www/euclid/htdocs>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
