I’ve got a complain the other day: for some reason some virtualhosts on dedicated server was not working properly with suExec PHP as configured.
I went to examine the configuration. There was about 17 virtual hosts, manually converted from mod_php configuration into FCGI/suExec. All configuration was absolutely identical. And yet some virtual hosts was falling back to default wrapper /var/www/cgi-bin/php-fcgi executed as apache user.
I couldn’t quite lay may hand on the reason why some virtual hosts was not taking suExec configuration – no trace in /var/log/suexec.log form this virtual hosts either.
Lets take a look at 2 virtual hosts apache configuration:
Not working abc.com.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
<VirtualHost xx.xx.xx.xx:80> ServerName abc.com ServerAlias www.abc.com DocumentRoot /home/abc/public_html ErrorLog /home/abc/logs/error_log CustomLog /home/abc/logs/access_log combined ScriptAlias /cgi-bin/ /home/abc/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <IfModule mod_fcgid.c> Alias /fcgi-bin/ /var/www/cgi-bin/ <Location /fcgi-bin/> SetHandler fcgid-script Options +ExecCGI </Location> SuexecUserGroup "#555" "#555" <Directory /home/abc/public_html> Options -Indexes IncludesNOEXEC FollowSymLinks +ExecCGI AddHandler php-fcgi .php Action php-fcgi /fcgi-bin/abc/php-abc FCGIWrapper /var/www/cgi-bin/abc/php-abc .php allow from all AllowOverride All </Directory> </IfModule> <Directory /home/abc/cgi-bin> Options ExecCGI Allow from all </Directory> </VirtualHost> |
And working xyz.com.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
<VirtualHost xx.xx.xx.xx:80> ServerName xyz.com ServerAlias www.xyz.com DocumentRoot /home/xyz/public_html ErrorLog /home/xyz/logs/error_log CustomLog /home/xyz/logs/access_log combined ScriptAlias /cgi-bin/ /home/xyz/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <IfModule mod_fcgid.c> Alias /fcgi-bin/ /var/www/cgi-bin/ <Location /fcgi-bin/> SetHandler fcgid-script Options +ExecCGI </Location> SuexecUserGroup "#566" "#566" <Directory /home/xyz/public_html> Options -Indexes IncludesNOEXEC FollowSymLinks +ExecCGI AddHandler php-fcgi .php Action php-fcgi /fcgi-bin/xyz/php-xyz FCGIWrapper /var/www/cgi-bin/xyz/php-xyz .php allow from all AllowOverride All </Directory> </IfModule> <Directory /home/xyz/cgi-bin> Options ExecCGI Allow from all </Directory> </VirtualHost> |
It took me some time to recall one very important but seldom noticed rule which caused this problem :
Config files in /etc/httpd/conf.d/ are loaded in ALPHABETICAL order.
So, at the time abc.conf is loaded and virtual host defined mod_fcgid is NOT YET loaded from fcgid.conf and all definitions from within
...
are invalid and ignored. This is also true for all the rest of virtual hosts config files that are loaded before fcgid.conf by alphabetical order.
Let’s fix this problem.
# cd /etc/httpd/conf.d
# mv fcgid.conf 00-fcgid.conf
# service httpd restart
Problem solved.
This rule also useful if you want to control the precedence of virtual host and/or module definitions (e.g. you want some virtual host to be always configured first no matter what).
0 Comments.