Re: [PHP] set up mass virtual hosting with apache/nginx and PHP ... best practice 2012?
From my experience to maintain many virtual host, I prefer use Apache + PHP + suPHP. I think this combination will be able to cover your ideal situation above. But, I usually use authentication via shell user (/etc/user). You must find tutorial or something that integrate Apache and Active Directory (there are many out there). suPHP is designed to replace suExec (default Apache mod). It will run a PHP file as a user that own the files. There are no problem if you want to use it for many user, because suPHP is designed for that. For user who will uploade file, you can always use FTP to access their own file. Each user can has their own .htaccess in their own directory and all the websites will have one global rule in httpd.conf. On Wed, Aug 22, 2012 at 6:26 AM, D. Dante Lorenso da...@lorenso.com wrote: All, I need to set up a server to enable 5,000 students to have web hosting provided by the school with PHP and MySQL support. I'm trying to figure out what is the best way to do this. We have Active Directory and are using Centrify to authenticate usernames and passwords on our Linux servers. I am imagining it would be great if we use something like ExecCGI to ensure that PHP runs as the user that owns the files. We would then provide FTP access to the files and FTP would authenticate against Active Directory making sure to set the proper user/group on files when uploaded. I see that PHP-FPM exists: http://php-fpm.org and it claims Ability to start workers with different uid/gid/chroot/environment and different php.ini (replaces safe_mode) which is exactly what I'm looking for. It also claims PHP-FPM is now included in PHP core as of PHP 5.3.3. so that's good. I also read about the greatness that is NGinX: http://nginx.org though I don't know if I can use it because I think I also need to use .htaccess files. I need a way for students to be able to password protect their directories and files. If there's another way using NGinX or Apache, that's good too. I know of no other way. Here is an interesting article from 2009: http://www.howtoforge.com/how-**to-set-up-mass-virtualhosting-** with-apache2-mod_rewrite-mod_**userdir-mod_suexec-on-centos-**5.3http://www.howtoforge.com/how-to-set-up-mass-virtualhosting-with-apache2-mod_rewrite-mod_userdir-mod_suexec-on-centos-5.3 That uses mod_rewrite to attempt something like what I'm trying to do ... and then, Apache has mod_vhost_alias: http://httpd.apache.org/docs/**2.2/mod/mod_vhost_alias.htmlhttp://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html So, I see a lot of information out there. Apache, NginX, ExecCGI, FastCGI, mod_vhost_alias, mod_rewrite, SuExec, mod_userdir. I suspect some of these methods are old and out of date. In my ideal situation: - users would be created in AD and would exist on the OS - student domain names would look like: http://username.student.**school.edu/http://student.school.edu/- OR - http://student.school.edu/**username/ - file directories would look like: /mnt/somedir/username/**docroot - students would be able to create PHP applications executed with their own permissions - I would be able to configure all 5,000 accounts with a single configuration (1 virtual host rule?) Do you know what the best practices are for now ... here in 2012? -- Dante -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Duken Marga
Re: [PHP] set up mass virtual hosting with apache/nginx and PHP ... best practice 2012?
On 8/25/12 7:50 AM, Duken Marga wrote: From my experience to maintain many virtual host, I prefer use Apache + PHP + suPHP. I think this combination will be able to cover your ideal situation above. But, I usually use authentication via shell user (/etc/user). You must find tutorial or something that integrate Apache and Active Directory (there are many out there). suPHP is designed to replace suExec (default Apache mod). It will run a PHP file as a user that own the files. There are no problem if you want to use it for many user, because suPHP is designed for that. For user who will uploade file, you can always use FTP to access their own file. Each user can has their own .htaccess in their own directory and all the websites will have one global rule in httpd.conf. Using VirtualDocumentRoot, I was able to create a virtual host defined like this: VirtualHost *:80 ServerName student.sampledomain.edu ServerAlias *.student.sampledomain.edu DocumentRoot /mnt/web/student.sampledomain.edu/docroot UseCanonicalName Off VirtualDocumentRoot /mnt/userwww/%-4+ ErrorLog |/usr/bin/logger -p local6.notice -t 'error-student' CustomLog |/usr/bin/logger -p local6.notice -t 'access-student' full /VirtualHost That maps domain names like username.student.sampledomain.edu to directories in the /mnt/userwww/username directory. That gets me close, but isn't handling PHP yet. I think Apache also runs as 'apache' user when reading all the files, so users must chmod their files world readable still for this to work. You reference suPHP as the way to go. The problem I have with that is this website: http://www.suphp.org/Home.html Looks like the last update was back in 2009. That's more than 3 years ago. I think that project has stalled. There must be something newer that has replaced it since then. -- Dante On Wed, Aug 22, 2012 at 6:26 AM, D. Dante Lorenso da...@lorenso.com mailto:da...@lorenso.com wrote: All, I need to set up a server to enable 5,000 students to have web hosting provided by the school with PHP and MySQL support. I'm trying to figure out what is the best way to do this. We have Active Directory and are using Centrify to authenticate usernames and passwords on our Linux servers. I am imagining it would be great if we use something like ExecCGI to ensure that PHP runs as the user that owns the files. We would then provide FTP access to the files and FTP would authenticate against Active Directory making sure to set the proper user/group on files when uploaded. I see that PHP-FPM exists: http://php-fpm.org and it claims Ability to start workers with different uid/gid/chroot/environment and different php.ini (replaces safe_mode) which is exactly what I'm looking for. It also claims PHP-FPM is now included in PHP core as of PHP 5.3.3. so that's good. I also read about the greatness that is NGinX: http://nginx.org though I don't know if I can use it because I think I also need to use .htaccess files. I need a way for students to be able to password protect their directories and files. If there's another way using NGinX or Apache, that's good too. I know of no other way. Here is an interesting article from 2009: http://www.howtoforge.com/how-__to-set-up-mass-virtualhosting-__with-apache2-mod_rewrite-mod___userdir-mod_suexec-on-centos-__5.3 http://www.howtoforge.com/how-to-set-up-mass-virtualhosting-with-apache2-mod_rewrite-mod_userdir-mod_suexec-on-centos-5.3 That uses mod_rewrite to attempt something like what I'm trying to do ... and then, Apache has mod_vhost_alias: http://httpd.apache.org/docs/__2.2/mod/mod_vhost_alias.html http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html So, I see a lot of information out there. Apache, NginX, ExecCGI, FastCGI, mod_vhost_alias, mod_rewrite, SuExec, mod_userdir. I suspect some of these methods are old and out of date. In my ideal situation: - users would be created in AD and would exist on the OS - student domain names would look like: http://username.student.__school.edu/ http://student.school.edu/ - OR - http://student.school.edu/__username/ - file directories would look like: /mnt/somedir/username/__docroot - students would be able to create PHP applications executed with their own permissions - I would be able to configure all 5,000 accounts with a single configuration (1 virtual host rule?) Do you know what the best practices are for now ... here in 2012? -- Dante -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Duken Marga -- Dante D. Dante Lorenso -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] set up mass virtual hosting with apache/nginx and PHP ... best practice 2012?
On Sun, Aug 26, 2012 at 2:30 AM, D. Dante Lorenso da...@lorenso.com wrote: Using VirtualDocumentRoot, I was able to create a virtual host defined like this: VirtualHost *:80 ServerName student.sampledomain.edu ServerAlias *.student.sampledomain.edu DocumentRoot /mnt/web/student.sampledomain.**edu/docroothttp://student.sampledomain.edu/docroot UseCanonicalName Off VirtualDocumentRoot /mnt/userwww/%-4+ ErrorLog |/usr/bin/logger -p local6.notice -t 'error-student' CustomLog |/usr/bin/logger -p local6.notice -t 'access-student' full /VirtualHost That maps domain names like username.student.**sampledomain.eduhttp://student.sampledomain.eduto directories in the /mnt/userwww/username directory. That gets me close, but isn't handling PHP yet. I think Apache also runs as 'apache' user when reading all the files, so users must chmod their files world readable still for this to work. I don't know what you means isn't handling PHP yet. If you want Apache handling a PHP program, you must integrate PHP and Apache, in FreeBSD and Apache, these lines must be written in httpd.conf: # Apache 2.x LoadModule php5_modulelibexec/apache/libphp5.so AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps The above lines will tell apache to execute php file as a PHP program. For your latest statement, Yes, default Apache will handling program as 'apache' user. But, if you use suPHP, suExec, or other similiar program, the file will be execute as a user that own the files. So, in other words, you must use 'chown' program to assure the php files is own by the right user. The files still readable with that program if you use secure and right mode with 'chmod' program. For security reason, you must always use 755 for directory and mode 644 for files. You reference suPHP as the way to go. The problem I have with that is this website: http://www.suphp.org/Home.html Looks like the last update was back in 2009. That's more than 3 years ago. I think that project has stalled. There must be something newer that has replaced it since then. I think the suPHP project is not dead yet. It's because the program is small and just doing a simple task and if the suPHP program still work for the latest Apache today, why do we must question it? Even small notepad from 10 years ago can still be used today, right? If you want advanced and simple task to manage files for each user, you must buy commercial program like cPanel or Plesk. -- Duken Marga
[PHP] set up mass virtual hosting with apache/nginx and PHP ... best practice 2012?
All, I need to set up a server to enable 5,000 students to have web hosting provided by the school with PHP and MySQL support. I'm trying to figure out what is the best way to do this. We have Active Directory and are using Centrify to authenticate usernames and passwords on our Linux servers. I am imagining it would be great if we use something like ExecCGI to ensure that PHP runs as the user that owns the files. We would then provide FTP access to the files and FTP would authenticate against Active Directory making sure to set the proper user/group on files when uploaded. I see that PHP-FPM exists: http://php-fpm.org and it claims Ability to start workers with different uid/gid/chroot/environment and different php.ini (replaces safe_mode) which is exactly what I'm looking for. It also claims PHP-FPM is now included in PHP core as of PHP 5.3.3. so that's good. I also read about the greatness that is NGinX: http://nginx.org though I don't know if I can use it because I think I also need to use .htaccess files. I need a way for students to be able to password protect their directories and files. If there's another way using NGinX or Apache, that's good too. I know of no other way. Here is an interesting article from 2009: http://www.howtoforge.com/how-to-set-up-mass-virtualhosting-with-apache2-mod_rewrite-mod_userdir-mod_suexec-on-centos-5.3 That uses mod_rewrite to attempt something like what I'm trying to do ... and then, Apache has mod_vhost_alias: http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html So, I see a lot of information out there. Apache, NginX, ExecCGI, FastCGI, mod_vhost_alias, mod_rewrite, SuExec, mod_userdir. I suspect some of these methods are old and out of date. In my ideal situation: - users would be created in AD and would exist on the OS - student domain names would look like: http://username.student.school.edu/ - OR - http://student.school.edu/username/ - file directories would look like: /mnt/somedir/username/docroot - students would be able to create PHP applications executed with their own permissions - I would be able to configure all 5,000 accounts with a single configuration (1 virtual host rule?) Do you know what the best practices are for now ... here in 2012? -- Dante -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php