PHP FastCGI with suexec
Installing
Create a directory for hosting the FCGI script and config files, for instance in /var/www/fcgi-bin. Make sure this directory is owned by root.
sudo mkdir /var/www/fcgi-bin
sudo chown root:root /var/www/fcgi-binFor each tenant, create a directory for the site and ensure that the directory is owned by the website owner.
sudo mkdir /var/www/fcgi-bin/my-website
sudo chown websiteowner:websiteowner /var/www/fcgi-binAt a minimum create a php.fcgi file with the following content;
#!/bin/bash
exec /usr/bin/php-cgi
Ensure that the exec command point to the correct PHP version for the server.
|
Set the following additional configuration within the Apache site configuration;
Use FastCGI with suexec for PHP
SuexecUserGroup cyclingsa cyclingsa AddHandler fcgid-script .php FcgidWrapper /var/www/fcgi-bin/cyclingsa/php.fcgi .php <FilesMatch "\.php$"> SetHandler fcgid-script </FilesMatch>
This will ensure that each PHP file is served using the FastCGI handler reserved for that site.
Individual PHP configuration
It is possible to have separate PHP configurations per user, so for instance, different memory limits can be set.
Edit the PHP wrapper script to include the php.ini configuration file as a parameter to PHP, if the configuration file exists.
#!/bin/bash
[[ -f ~/php.ini ]] && exec /usr/bin/php-cgi -c ~/php.ini
exec /usr/bin/php-cgiThis uses the Bash syntax for seeing if a file exists [[ -f ]] and in this case it is looking for the file ~/public_html/php.ini. The ~ symbol represent the current user calling the script, so this would be the same as entering in either /home/user1/public_html/php.ini or /home/user2/public_html/php.ini as the full path.
The rest of the code simply executes the PHP binary at /usr/bin/php-cgi with the -c flag which sets the location where the php.ini file should be loaded from from. In this case the php.ini file inside the user’s /public_html/ directory if one exists, instead of /usr/local/lib/php.ini which would be the server’s default.