我遵循了 Falco 的教程,现在对于 2 个用户(例如约翰和爱丽丝)及其相关目录(/var/www/john和/var/ww/alice)来说,一切都按预期工作。
现在,我想进入下一个级别:我需要动态配置的大规模虚拟主机,而不是在/etc/apache2/sites-available/<username>定义不同的虚拟主机并重新启动 Apache 。比如说,我的DNS服务器有记录:another.site.example.com,我希望它的主目录在/var/www/another.site/web。
问题在于 suexec 和 mod_fcgid 的所有这些配置设置。我结束了我的httpd.conf草稿(或者我应该创建一个像/etc/apache2/sites-available/mass_virtual这样的文件?
NameVirtualHost *:80
#default virtual host
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster@example.com
DocumentRoot /var/www/root/web/
<IfModule mod_fcgid.c>
SuexecUserGroup web-admin web-admin
<Directory /var/www/root/web/>
Options +ExecCGI
Options -Indexes
AllowOverride All
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/root/php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
</IfModule>
# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
#3rd-level subdomain virtual hosts
<VirtualHost *:80>
UseCanonicalName Off
ServerAlias *.example.com
#problematic email!
ServerAdmin webmaster@example.com
#is this /var/www/another.site/web or /var/www/www.another.site/web for
#a request for www.another.site.example.com ?
VirtualDocumentRoot /var/www/%-3+/web
<IfModule mod_fcgid.c>
#problematic group and user!
SuexecUserGroup web1 web1
<Directory /var/www/*/web/>
Options +ExecCGI
Options -Indexes
AllowOverride All
AddHandler fcgid-script .php
FCGIWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
</IfModule>
# ErrorLog /var/log/apache2/error.log
# CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
正如您从评论中看到的那样,我有一个有问题的
ServerAdmin webmaster@example.com,一个SuexecUserGroup web1 web1和一个VirtualDocumentRoot /var/www/%-3+/web配置!此外,为了确保安全性,我认为
IfModule不应该存在 - 如果mod_fcgid无法加载,那么服务器也不应加载,而不是
Alow from all,我想我应该Deny from all并打开一个php库目录代替!
谢谢。
,因为我没有回复,我将尝试我提出的解决方案的一半(?):使用mod_userdir强制执行 suexec
让我们创建以下/etc/apache2/httpd.conf
########################################## ### mod_fcgid configuration directives ### ########################################## #values should be tuned depending on server memory FcgidMaxProcesses 1000 FcgidMaxProcessesPerClass 100 FcgidMinProcessesPerClass 3 #see 'export PHP_FCGI_MAX_REQUESTS=5000' at '/var/www/php-fcgi-scripts/<user>/php-fcgi-starter' FcgidMaxRequestsPerProcess 5000 FcgidIOTimeout 40 FcgidProcessLifeTime 3600 FcgidMaxRequestInMem 65536 FcgidMaxRequestLen 131072 FcgidOutputBufferSize 65536让我们在
/etc/apache2/sites-available/创建一个mass_virtual#NameVirtualHost *:80 #default virtual host <VirtualHost *:80> ServerName www.example.com ServerAlias example.com ServerAdmin webmaster@example.com DocumentRoot /var/www/web-admin/web/ SuexecUserGroup web-admin web-admin <Directory /var/www/web-admin/web/> Options +ExecCGI Options -Indexes AllowOverride All AddHandler fcgid-script .php #FCGIWrapper /var/www/php-fcgi-scripts/web-admin/php-fcgi-starter .php FcgidWrapper /var/www/php-fcgi-scripts/web-admin/php-fcgi-starter .php Order allow,deny Allow from all </Directory> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off </VirtualHost> #3rd-level subdomain virtual hosts <VirtualHost *:80> ServerAlias *.example.com ServerAdmin webmaster@example.com ################## ### solution 1 ### ################## #mod_vhost_alias directives: needs parameterized SuexecUserGroup(?) #UseCanonicalName Off #VirtualDocumentRoot /var/www/%-3+/web ################## ### solution 2 ### ################## #mod_userdir directives for requests: http://www.example.com/~user UserDir disabled root UserDir /var/www/*/public_html #reduntant if using requests: http://www.example.com/~user #SuexecUserGroup web1 web1 <Directory /var/www/*/public_html> Options +ExecCGI Options -Indexes AllowOverride All AddHandler fcgid-script .php #move to .htaccess #FCGIWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php #FcgidWrapper /var/www/php-fcgi-scripts/*/php-fcgi-starter .php Order allow,deny Allow from all </Directory> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off </VirtualHost>问题:如果我取消注释第一行,我会在服务器重新启动时收到警告,指出没有虚拟主机!!
让我们创建我的用户鲍勃
让我们在
/var/www/bob/public_html创建一个 .htaccessFcgidWrapper /var/www/php-fcgi-scripts/bob/php-fcgi-starter .php让我们点击我的浏览器
www.example.com/info.php或example.com/info.phpweb-admin。正如预期的那样,
让我们转到
www.example.com/~bob/info.php...trying to open info.php!!!让我们看看错误
<root># cat /var/log/apache2/error.log [notice] caught SIGTERM, shutting down [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [notice] Apache/2.2.20 (Ubuntu) mod_fcgid/2.3.6 configured -- resuming normal operations如您所见,没有错误,但
mod_fcgid未启用以运行.php文件,并且 apache 尝试将其作为普通文件发送!!有什么想法可以解决这个问题吗?