# apt-get install apache2-mpm-worker libapache2-mod-fcgid apache2-suexec-custom php5-cgi
System Site data will be stored in /home/user/public_html. However, this location doesn’t exist by default and it’s just one more step to forget when adding a new user. Every time a new user is created, the contents of /etc/skel/ are copied into his home directory. Therefore, if you create /etc/skel/public_html/ as root, a public_html directory will be placed into each new user’s home directory. You may also want to place a stub index.html file into /etc/skel/public_html/ to provide some placeholder content for new users.
ApacheApache’s out-of-box configuration suitable for our needs as far as the scope of this tutorial is concerned, and therefore, will not be modified. You may wish to change things yourself at a later point, such as the DirectoryIndex directive. However, we do need to enable a few extra modules:
# a2enmod fcgid suexec actions
FastCGIWe will create a configuration file telling FastCGI how to run PHP in /etc/apache2/conf.d/. As any files in /etc/apache2/conf.d/ are automatically included by Apache, it can be named anything you like; this tutorial will use php5-fcgid.conf. Its contents should look something like this:
AddType application/x-httpd-php .php AddHandler php-fcgi .php Action php-fcgi /fcgi-bin/php5-fcgi Alias /fcgi-bin/ /home/www-data/ <Location /fcgi-bin/> SetHandler fcgid-script Options +ExecCGI </Location>
You may also have noticed that the handler inside /fcgi-bin/, php5-fcgi, doesn’t exist either. This file is simply a wrapper for the actual PHP 5 CGI binary (/usr/bin/php5-cgi), but because suEXEC requires all files run through it (including CGI binaries) to be inside its document root, we can’t point directly to the PHP binary. Create the file /home/www-data/php5-fcgi with these contents:
#!/bin/sh exec /usr/bin/php5-cgi
Site Configuration Having finished the global configuration, you should now be able to start adding sites and configuring virtual hosts. As an example, we will set up the server to handle requests for example.com.
System For consistency’s sake, you should determine a scheme for mapping system users to virtual hosts. For the rest of this tutorial, we will use the second-level domain of the virtual host’s fully-qualified domain name as the account username (e.g., example for example.com). Add the system user example with home directory /home/example/.
ApacheWe need to create a virtual host for this user. A basic template has been provided below; however, any configuration will do as long as it has the same Alias and SuexecUserGroup directives.
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org ServerName example.com ServerAlias www.example.com Alias /fcgi-bin/ /home/www-data/example/ SuexecUserGroup example example DocumentRoot /home/example/public_html/ <Directory /home/example/public_html/> Options Indexes FollowSymLinks AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
The Alias directive overrides the alias set in /etc/apache2/conf.d/php5-fcgid to tell FastCGI that the PHP binary is in /home/www-data/example/. We do this for the sake of suEXEC; not only does suEXEC require all files run through it to be inside its document root, but both the file and the parent folder must be owned by the same user as specified in the SuexecUserGroup directive. While neither this directory nor the PHP binary FastCGI expects to find within it currently exist, we’ll create those in the next step.
SuexecUserGroup simply tells suEXEC as what user and group it should execute things.
suEXEC No site-specific configuration is necessary for suEXEC.
FastCGI Now we will create the site-specific PHP wrapper. First, create a subfolder of /home/www-data/ for the site (in this case, /home/www-data/example/), then copy /home/www-data/php5-fcgi into it and chown the folder and the script to your new user.