Setting up Debian and essentials

Installing EverythingAssuming a Debian 5- or 6-based system with no existing webserver installed, we need to install Apache 2.2 in worker mode (apache2-mpm-worker). Additionally, we will need some form of FastCGI for Apache (libapache2-mod-fcgid), the suEXEC wrapper (apache2-suexec-custom), and PHP itself (php5-cgi).

 

Code:
# apt-get install apache2-mpm-worker libapache2-mod-fcgid apache2-suexec-custom php5-cgi
suEXEC can be a bit fiddly in that the document root (the parent folder for all web content) is generally set at compile-time. This has led to numerous guides giving instructions for retrieving the Apache source and reconfiguring and recompiling the suEXEC module to set /home as the document root instead of /var/www. Fortunately for us, Debian provides a custom suEXEC package, apache2-suexec-custom, which has been modified to permit post-compilation reconfiguration by way of a simple configuration file.
Global Configuration
System Site data will be stored in /home/user/public_html. However, this location doesn’t exist by default and it’s just one more step to forget when adding a new user. Every time a new user is created, the contents of /etc/skel/ are copied into his home directory. Therefore, if you create /etc/skel/public_html/ as root, a public_html directory will be placed into each new user’s home directory. You may also want to place a stub index.html file into /etc/skel/public_html/ to provide some placeholder content for new users.
ApacheApache’s out-of-box configuration suitable for our needs as far as the scope of this tutorial is concerned, and therefore, will not be modified. You may wish to change things yourself at a later point, such as the DirectoryIndex directive. However, we do need to enable a few extra modules:

 

Code:
# a2enmod fcgid suexec actions
suEXEC The default configuration file for apache2-suexec-custom is /etc/apache2/suexec/www-data. The first line of the file must be changed to reflect the non-default document root.
FastCGIWe will create a configuration file telling FastCGI how to run PHP in /etc/apache2/conf.d/. As any files in /etc/apache2/conf.d/ are automatically included by Apache, it can be named anything you like; this tutorial will use php5-fcgid.conf. Its contents should look something like this:

 

Code:
AddType application/x-httpd-php .php

AddHandler php-fcgi .php
Action php-fcgi /fcgi-bin/php5-fcgi

Alias /fcgi-bin/ /home/www-data/

<Location /fcgi-bin/>
        SetHandler fcgid-script
        Options +ExecCGI
</Location>
The first line simply tells Apache what MIME type to send for PHP files. Lines two and three establish that PHP files should be handled by an executable at /fcgi-bin/php5-fcgi, a location which is aliased in line four. Lines five through eight then configure everything in the aliased /fcgi-bin/ to be treated as a FastCGI script and to allow those scripts to execute. You may have noticed that /fcgi-bin/ points to a location that probably doesn’t exist on your system – /home/www-data/. While this location will be overridden by individual virtual hosts, it should still be defined here as a fallback. You should also create the folder and chown it to www-data.
You may also have noticed that the handler inside /fcgi-bin/, php5-fcgi, doesn’t exist either. This file is simply a wrapper for the actual PHP 5 CGI binary (/usr/bin/php5-cgi), but because suEXEC requires all files run through it (including CGI binaries) to be inside its document root, we can’t point directly to the PHP binary. Create the file /home/www-data/php5-fcgi with these contents:

 

Code:
#!/bin/sh
exec /usr/bin/php5-cgi
As you can see, it’s just a simple wrapper for the actual PHP binary. Set the executable bit on the file and chown it to www-data.
Site Configuration Having finished the global configuration, you should now be able to start adding sites and configuring virtual hosts. As an example, we will set up the server to handle requests for example.com.
System For consistency’s sake, you should determine a scheme for mapping system users to virtual hosts. For the rest of this tutorial, we will use the second-level domain of the virtual host’s fully-qualified domain name as the account username (e.g., example for example.com). Add the system user example with home directory /home/example/.
ApacheWe need to create a virtual host for this user. A basic template has been provided below; however, any configuration will do as long as it has the same Alias and SuexecUserGroup directives.

 

Code:
<VirtualHost *:80>
        ServerAdmin admin@example.com
        ServerName example.com
        ServerAlias www.example.com

        Alias /fcgi-bin/ /home/www-data/example/
        SuexecUserGroup example example

        DocumentRoot /home/example/public_html/
        <Directory /home/example/public_html/>
                Options Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
</VirtualHost>

The Alias directive overrides the alias set in /etc/apache2/conf.d/php5-fcgid to tell FastCGI that the PHP binary is in /home/www-data/example/. We do this for the sake of suEXEC; not only does suEXEC require all files run through it to be inside its document root, but both the file and the parent folder must be owned by the same user as specified in the SuexecUserGroup directive. While neither this directory nor the PHP binary FastCGI expects to find within it currently exist, we’ll create those in the next step.
SuexecUserGroup simply tells suEXEC as what user and group it should execute things.

suEXEC
No site-specific configuration is necessary for suEXEC.

FastCGI
Now we will create the site-specific PHP wrapper. First, create a subfolder of /home/www-data/ for the site (in this case, /home/www-data/example/), then copy /home/www-data/php5-fcgi into it and chown the folder and the script to your new user.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

A Few Steps to Securing your Dedicated / VPS Server

Here are a few things to do. First and most important keep your server software updated and...

Running Arch Linux on a VPS

This tutorial is aimed at the more advanced users of Linux who wish to use/install Arch Linux on...

Setting Up a ShoutCast Server on a VPS

This tutorial will help you install a ShoutCast Server on your VPS. ShoutCast Servers are used to...