Running Apache+FastCGI+Suexec in Ubuntu 10.04 without /var/www

For the last few weeks getting fastcgi and suexec to run on apache without having our sites in /var/www has been something of my holy grail. Here’s how I did it.

  1. I downgraded PHP to 5.2 using this procedure. While this might not be necessary I cannot say for certain that the rest will work with PHP 5.3
  2. Install the required packages
    sudo apt-get install apache2-suexec-common libapache2-mod-fcgid php5-cgi
  3. Enable the necessary modules
    sudo a2enmod fcgid suexec alias
  4. Disable the old php module
    sudo a2dismod php5
  5. Change the suexec configuration file to correspond to your sites
    cd /etc/apache2/suexec
    sudo nano www-data

    change the first line to the root of your sites (i.e. /home)
  6. navigate to the user’s home directory and create the php-fastcgi directory
    cd /home/[username]
    sudo -u [username] mkdir php-fastcgi
  7. Create the wrapper file
    cd php-fastcgi
    sudo -u [username] nano wrapper

    Enter the following lines:
    #!/bin/sh
    #PHPRC="/usr/local/etc"
    #export PHPRC
    #PHP_FCGI_CHILDREN=8
    #export PHP_FCGI_CHILDREN
    #PHP_FCGI_MAX_REQUESTS=5000
    #export PHP_FCGI_MAX_REQUESTS
    exec /usr/lib/cgi-bin/php5
  8. Make sure the file is executable
    sudo chmod +x wrapper
  9. Edit the sites’ configuration file
    cd /etc/apache2/sites-available
    sudo nano [sitefile]

    Add the following lines
    SuexecUserGroup [username] [username]ScriptAlias /php-fastcgi/ /home/[username]/php-fastcgi/
    FCGIWrapper /home/[username]/php-fastcgi/wrapper .php
    AddHandler fcgid-script .php
    Options ExecCGI Indexes
  10. Restart Apache
    sudo /etc/init.d/apache2 restart

This should take care of it. You should now have fastcgi and suexec processing your php files for both better speed and better security than the alternatives. In addition, you can repeat this process for any sites you have located on the server.

About Chris Wiegman

Chris is a developer for iThemes where he works on the iThemes Security and iThemes Security Pro WordPress plugins. In past roles he has served as a teacher, blogger, manager and even an airline captain. He resides in Austin, TX with his wife Joy and their four-legged children.

Find Chris on Facebook, , LinkedIn, and Twitter.

Comments

  1. CB says

    I think this is what I’ve been looking for, but what do you mean “without /var/www/” in your title? That is all your virtual domains will still be in /var/www right? Like /var/www/html/example1.com and /var/www/html/example/2.com right?

    And will this still work if you using nginx as a reverse proxy with apache? Thanks!

  2. says

    Hi CB, you can put the root in ANY folder. On most of my servers I user /home/[username]/public_html. This should work fine using any reverse proxy as long as apache is the primary web server.

  3. Doug Smart says

    Thank you for the instructions. They really helped out a lot!

    Not sure if it was intentional or not, but your instructions say to create a file called “wrapper” but your directive has it specified as a PHP file with an extra space:

    FCGIWrapper /home/[username]/php-fastcgi/wrapper .php

    it still seemed to work, but I updated my wrapper file to be wrapper.php and updated the directive to have no space.

    FCGIWrapper /home/[username]/php-fastcgi/wrapper.php