使用suexec和mod_fcgid进行apache mass虚拟主机托管

Question

我关注了Falco's tutorial，现在所有内容都按预期为2位用户（例如john和alice）及其相关目录（/var/www/john和/var/ww/alice）工作。

现在，我想进入下一个级别：不是在/etc/apache2/sites-available/<username>定义不同的vhost并重新启动Apache，我需要dynamically configured mass virtual hosting。 比如，我的DNS服务器有以下记录：another.site.example.com，我希望它的主目录位于/var/www/another.site/web。

问题是suexec和mod_fcgid的所有这些配置设置。 我结束了httpd.conf的草稿（或者我应该创建像/etc/apache2/sites-available/mass_virtual这样的文件？）：

NameVirtualHost *:80

#default virtual host
<VirtualHost *:80>
  ServerName www.example.com
  ServerAlias example.com
  ServerAdmin webmaster@example.com
  DocumentRoot /var/www/root/web/

  <IfModule mod_fcgid.c>
    SuexecUserGroup web-admin web-admin
    <Directory /var/www/root/web/>
      Options +ExecCGI
      Options -Indexes
      AllowOverride All
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/root/php-fcgi-starter .php
      Order allow,deny
      Allow from all
    </Directory>
  </IfModule>

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

</VirtualHost>

#3rd-level subdomain virtual hosts
<VirtualHost *:80>
  UseCanonicalName Off
  ServerAlias *.example.com
  #problematic email!
  ServerAdmin webmaster@example.com
  #is this /var/www/another.site/web or /var/www/www.another.site/web for
  #a request for www.another.site.example.com ?
  VirtualDocumentRoot /var/www/%-3+/web

  <IfModule mod_fcgid.c>
    #problematic group and user!
    SuexecUserGroup web1 web1
    <Directory /var/www/*/web/>
      Options +ExecCGI
      Options -Indexes
      AllowOverride All
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php
      Order allow,deny
      Allow from all
    </Directory>
  </IfModule>

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

</VirtualHost>

1. 正如您从评论中看到的那样，我有一个有问题的ServerAdmin webmaster@example.com，一个SuexecUserGroup web1 web1和一个VirtualDocumentRoot /var/www/%-3+/web配置！

2. 此外，为了确保安全，我认为IfModule不应该存在 - 如果 mod_fcgid无法加载服务器和

3. 而不是Alow from all，我想我应该Deny from all并打开一个 改为php-library目录！

感谢。

Answer 1

好的，因为我没有回复，我会尝试我提出的解决方案的一半（？）：使用mod_userdir强制执行suexec

1. 让我们创建以下/etc/apache2/httpd.conf

   ##########################################
   ### mod_fcgid configuration directives ###
   ##########################################
   #values should be tuned depending on server memory
   FcgidMaxProcesses 1000
   FcgidMaxProcessesPerClass 100
   FcgidMinProcessesPerClass 3
   #see 'export PHP_FCGI_MAX_REQUESTS=5000' at '/var/www/php-fcgi-scripts/<user>/php-fcgi-starter'
   FcgidMaxRequestsPerProcess 5000
   FcgidIOTimeout 40
   FcgidProcessLifeTime 3600
   FcgidMaxRequestInMem 65536
   FcgidMaxRequestLen 131072
   FcgidOutputBufferSize 65536
   

2. 让我们在mass_virtual

   创建一个/etc/apache2/sites-available/

   #NameVirtualHost *:80
   
   #default virtual host
   <VirtualHost *:80>
     ServerName www.example.com
     ServerAlias example.com
     ServerAdmin webmaster@example.com
     DocumentRoot /var/www/web-admin/web/
   
     SuexecUserGroup web-admin web-admin
     <Directory /var/www/web-admin/web/>
       Options +ExecCGI
       Options -Indexes
       AllowOverride All
       AddHandler fcgid-script .php
       #FCGIWrapper /var/www/php-fcgi-scripts/web-admin/php-fcgi-starter .php
       FcgidWrapper /var/www/php-fcgi-scripts/web-admin/php-fcgi-starter .php
       Order allow,deny
       Allow from all
     </Directory>
   
     # ErrorLog /var/log/apache2/error.log
     # CustomLog /var/log/apache2/access.log combined
     ServerSignature Off
   
   </VirtualHost>
   
   #3rd-level subdomain virtual hosts
   <VirtualHost *:80>
     ServerAlias *.example.com
     ServerAdmin webmaster@example.com
     ##################
     ### solution 1 ###
     ##################
     #mod_vhost_alias directives: needs parameterized SuexecUserGroup(?)
     #UseCanonicalName Off
     #VirtualDocumentRoot /var/www/%-3+/web
     ##################
     ### solution 2 ###
     ##################
     #mod_userdir directives for requests: http://www.example.com/~user
     UserDir disabled root
     UserDir /var/www/*/public_html
   
     #reduntant if using requests: http://www.example.com/~user
     #SuexecUserGroup web1 web1
     <Directory /var/www/*/public_html>
       Options +ExecCGI
       Options -Indexes
       AllowOverride All
       AddHandler fcgid-script .php
       #move to .htaccess
       #FCGIWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php
       #FcgidWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php
       Order allow,deny
       Allow from all
     </Directory>
   
     # ErrorLog /var/log/apache2/error.log
     # CustomLog /var/log/apache2/access.log combined
     ServerSignature Off
   
   </VirtualHost>
   

   问题：如果我取消注释第一行，我会在服务器重启时收到警告，表示没有虚拟主机!!

3. 让我们创建我的用户bob

4. 让我们在/var/www/bob/public_html

   创建一个.htaccess

   FcgidWrapper /var/www/php-fcgi-scripts/bob/php-fcgi-starter .php
   

5. 让我的浏览器点击www.example.com/info.php或example.com/info.php

   web-admin
   

   ......正如所料，但

6. 让我们转到www.example.com/~bob/info.php

   ...trying to open info.php!!!
   

   让我们看看错误

   <root># cat /var/log/apache2/error.log
   [notice] caught SIGTERM, shutting down
   [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
   [notice] Apache/2.2.20 (Ubuntu) mod_fcgid/2.3.6 configured -- resuming normal operations
   

   正如您所看到的，没有错误但是mod_fcgid未启用运行.php文件，而apache尝试将其作为普通文件发送！ 有任何想法如何解决这个问题？