>From my experience to maintain many virtual host, I prefer use Apache + PHP + suPHP. I think this combination will be able to cover your ideal situation above. But, I usually use authentication via shell user (/etc/user). You must find tutorial or something that integrate Apache and Active Directory (there are many out there).
suPHP is designed to replace suExec (default Apache mod). It will run a PHP file as a user that own the files. There are no problem if you want to use it for many user, because suPHP is designed for that. For user who will uploade file, you can always use FTP to access their own file. Each user can has their own .htaccess in their own directory and all the websites will have one global rule in httpd.conf. On Wed, Aug 22, 2012 at 6:26 AM, D. Dante Lorenso <da...@lorenso.com> wrote: > All, > > I need to set up a server to enable 5,000 students to have web hosting > provided by the school with PHP and MySQL support. I'm trying to figure > out what is the best way to do this. > > We have Active Directory and are using Centrify to authenticate usernames > and passwords on our Linux servers. I am imagining it would be great if we > use something like ExecCGI to ensure that PHP runs as the user that owns > the files. We would then provide FTP access to the files and FTP would > authenticate against Active Directory making sure to set the proper > user/group on files when uploaded. > > I see that PHP-FPM exists: http://php-fpm.org and it claims "Ability to > start workers with different uid/gid/chroot/environment and different > php.ini (replaces safe_mode)" which is exactly what I'm looking for. It > also claims "PHP-FPM is now included in PHP core as of PHP 5.3.3." so > that's good. > > I also read about the greatness that is NGinX: http://nginx.org though I > don't know if I can use it because I think I also need to use .htaccess > files. I need a way for students to be able to password protect their > directories and files. If there's another way using NGinX or Apache, > that's good too. I know of no other way. > > Here is an interesting article from 2009: > http://www.howtoforge.com/how-**to-set-up-mass-virtualhosting-** > with-apache2-mod_rewrite-mod_**userdir-mod_suexec-on-centos-**5.3<http://www.howtoforge.com/how-to-set-up-mass-virtualhosting-with-apache2-mod_rewrite-mod_userdir-mod_suexec-on-centos-5.3> > > That uses mod_rewrite to attempt something like what I'm trying to do ... > and then, Apache has mod_vhost_alias: > http://httpd.apache.org/docs/**2.2/mod/mod_vhost_alias.html<http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html> > > So, I see a lot of information out there. Apache, NginX, ExecCGI, > FastCGI, mod_vhost_alias, mod_rewrite, SuExec, mod_userdir. I suspect some > of these methods are old and out of date. > > In my ideal situation: > > - users would be created in AD and would exist on the OS > > - student domain names would look like: > http://<username>.student.**school.edu/<http://student.school.edu/>- > OR - > http://student.school.edu/<**username>/ > > - file directories would look like: > /mnt/somedir/<username>/**docroot > > - students would be able to create PHP applications executed with > their own permissions > > - I would be able to configure all 5,000 accounts with a single > configuration (1 virtual host rule?) > > Do you know what the "best practices" are for now ... here in 2012? > > -- Dante > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Duken Marga
