Monday, 14 October 2013

Using FastCGI instead of ModPHP

(Updated for Apache 2.4)

On a test server, I wouldn't normally care in too much detail about things like php modules and the like. Apache works out of the box with mod-php, so why bother?

One thing that can be annoying is that by default, the user www-data owns the web root so if I need to write any files to it, I have to use sudo, at which point they become owned by root and not accessible by the web server. Every file write is followed by sudo chown.... to change ownership to www-data.

A way round this is to use fast-cgi which allows the files to be run as their owner and which means I can write files into the web root without using sudo and without running chown after I make every addition. It also makes it much easier to use FTP/WinSCP to copy files to the server when connected as a user other than www-data (i.e. every time).

So how do we change Apache to run fast-cgi instead of mod-php?

Install fastcgi

sudo apt-get install libapache2-mod-fastcgi

Note that if this is not found, you might have to un-comment the multiverse repository in /etc/apt/sources.list and run apt-get update. Once installed, create a file named php-fastcgi.conf inside /etc/apache2/conf.d (<= Apache 2.2) or in /etc/apache2/conf-available (>= Apache 2.4) and put the following contents into it:

<ifmodule mod_fastcgi.c>
DirectoryIndex index.php index.html
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock  -idle-timeout 900 -pass-header Authorization

<directory /usr/lib/cgi-bin>
Options ExecCGI FollowSymLinks
SetHandler fastcgi-script
Order allow,deny
allow from all

Apache 2.4 only: In the above config, replace the older config lines "Order allow,deny" and "allow from all" with the newer config "Require all granted". Once this has been done, you should enable the use of this new config file by typing: sudo a2enconf php-fastcgi.conf

Then ensure that the actions module is enabled:
sudo a2enmod actions
and finally restart apache
sudo service apache2 restart

 Disable mod-php

The installation will automatically enable fastcgi but you need to disable mod-php:

sudo a2dismod php5

Install FPM

The fast cgi process manager is a "nice to have" when coupled with fast-cgi. I am including it here because it is part of the instructions I have!

sudo apt-get install php5-fpm 

Now edit the file /etc/php5/fpm/pool.d/www.conf and add the following lines:

user = <your username>
group = <your username>
listen = /var/run/php5-fpm.sock
listen.owner = <your username> = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on

Now restart php5-fpm and apache2:

sudo service php5-fpm restart && sudo service apache2 restart

Change Directory Permissions

Once this has all been done, you need to set the correct permissions on the files in the web root.

sudo chown yourusername:yourusername -R /path/to/webroot
sudo chown yourusername:www-data /path/to/webroot
sudo chmod 710 /path/to/webroot
Post a Comment