Possibility to use also php4 along default php5 with mod_fcgid and suexec

Php4 is still very much needed by some customers and sometimes its not trivial to migrate them to php5. Providing client switchable php5 or php4 option would be a nice thing. We are currently trying to implement it manually but I would rather see it in iworx-CP than a separate hack. After looking around for a proper solution we did choose custom php4 centos 5.x rpm (based on iworx php4-4.4.8 src rpm with some minor mods) + mod_fcgid + suexec combination - as supposedly it should be nearly as fast as mod_php. suPHP is told to be too slow. mod_fcgid + php supports also properly apache multithreading - so maybe using also php5 with mod_fcgid would be better solution overall than using mod_php.

Some references - http://typo3.org/development/articles/using-php-with-mod-fcgid/?tx_rlmpofficedocuments_pi1[view]=single&cHash=45a565e1de
http://www.interworx.com/forums/showthread.php?t=1354
http://www.felix-schwarz.name/Secure_PHP_environments_with_PHP,suexec_and_FastCGI(mod_fcgid)_(en)

I did this several months ago using suPHP. In my case, I built the PHP 5 binaries from source and put them in /usr/local/bin. I also switched the PHP 4 config so that it too uses suPHP, mainly so that all php script are run under the owner’s UID for security purposes. I haven’t noticed any speed issues with my scripts.

FWIW, cPanel is using a similar solution, based on suPHP, and my host–which uses cPanel on all of their shared servers–doesn’t seem to be having any issues.

–Jason

We have this setup working - mod_fcgi + php4-cgi or php5-cgi. I’ll post my remarks how we did it but following directions are not maybe generally suiteable for everyone - or simply put you may need to make changes to make it suit for you.

The trickiest part was to build php4 rpm - that would support fastcgi api and would install without conflict besides php5 which is default on RHEL/CentOS 5 - os that we use. PHP4 rpm spec file hack is a dirty and quick one - and currently rpm install location is hard coded (/usr/local/activesys) - feel free to change it and clean it.

General steps:

1. Install mod_fcgid.so for apache
2. Install php4 rpms
3. Configure desired vhost(s)

Step 1 - install mod_fcgid

Setup activesys yum repository for binary rpms (x86_64 only atm)

 nano -w /etc/yum.repos.d/activesys.repo
--- cut here ---
[activesys]
name=CentOS-$releasever - activesys packages for $basearch
baseurl=http://code.active.ee/CentOS/$releasever/activesys/$basearch/RPMS
enabled=1
gpgcheck=0
protect=1
--- cut here ---
 
yum install mod_fcgid
service httpd restart
#following is required to correctly enable mod_fcid for apache
nano -w  /etc/httpd/conf.d/fcgid.conf
--- MODIFY ---
#LoadModule fcgid_module modules/mod_fcgid.so
--- MODIFY ---
 
nano -w  /etc/httpd/conf/httpd.conf
--- MODIFY ---
LoadModule fcgid_module /usr/lib64/httpd/modules/mod_fcgid.so
--- MODIFY ---
 
service httpd restart

Step 2 - install php4-cgi under /usr/local/activesys/

 yum install php4 php4-mysql php4-pgsql php4-gd php4-mbstring
#as previous line removes php5 package - so reinstall it
yum install php
#make symlink for php libs
ln -s /usr/local/activesys/usr/lib64/php4 /usr/lib64/php4
 
nano -w /usr/local/activesys/etc/php.ini
--- MODIFY ---
max_execution_time = 60
memory_limit = 32M
post_max_size = 10M
upload_max_filesize=10M
--- MODIFY ---

Step 3 - configure vhost

#INSIDE DOMAIN HTML ROOT
nano -w /home/username/domain.ee/html/php.fcgi
--- PHP4 ADD ---
#!/bin/sh
PHPRC="/usr/local/activesys/etc"
export PHPRC
PHP_FCGI_CHILDREN=8
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/local/activesys/usr/bin/php4-cgi
--- PHP4 ADD ---
 
--- PHP5 ADD ---
#!/bin/sh
PHPRC="/etc"
export PHPRC
PHP_FCGI_CHILDREN=8
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi
--- PHP5 ADD ---
 
chmod 500 /home/username/domain.ee/html/php.fcgi
chown username:username /home/username/domain.ee/html/php.fcgi
 
nano -w /etc/httpd/conf.d/domain.ee.conf
#INSIDE DOMAIN VHOST CONF
--- ADD ---
AddHandler fcgid-script .php
<Directory /home/username/domain.ee/html>
    AllowOverride  All
    FCGIWrapper /home/username/domain.ee/html/php.fcgi .php
</Directory>
--- ADD ---

NB! IF error 500 messages then there might be a need for user shell account to be enabled first time - unverified atm.
service httpd reload

Here is transcript for rpm rebuilders - we have rpmbuilder account for source rpm rebuilding.

mod_fcgid

#Go to rpmbuilder host
yum install httpd-devel
su - rpmbuilder
cd src_rpms
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/5/SRPMS/mod_fcgid-2.2-4.el5.src.rpm
cd ..
rpmbuild --rebuild src_rpms/mod_fcgid-2.2-4.el5.src.rpm

php4

Get php4-4.4.8 src rpm

• http://www.labcoding.com/generic/php4-rpm-448-for-centos-5/
• http://www.labcoding.com/linux/php-448-and-eaccelerator-0952-srpms-for-centos-5/

#on rpmbuilder host
yum install curl-devel gmp-devel aspell-devel pcre-devel libc-client-devel unixODBC-devel net-snmp-devel elfutils-devel libxslt-devel libxml2-devel ncurses-devel krb5-devel mysql-devel expat-devel
mkdir /usr/lib64/rpm
ln -sf /usr/lib/rpm/magic.mime /usr/lib64/rpm/magic.mime
 
su - rpmbuilder
#unpack src rpm for modification
rpm -Uvh src_rpms/php4-4.4.8-LAB4.src.rpm
 
nano -w redhat/SPECS/php4-4.4.8_LAB3.spec
---------------------------------------------
#modify line nr. 9
Release: asys
 
#modify line nr. 133
Conflicts: php4-apache
 
#add after line nr. 473
# Remove more failed tests on x86_64 (ActiveSys)
rm -f ext/standard/tests/file/bug26938.phpt
rm -f ext/standard/tests/file/proc_open01.phpt
rm -f ext/standard/tests/file/userstreams.phpt
 
#modify lines nr. 506, 507, 539, 555
--with-config-file-path=/usr/local/activesys%{_sysconfdir} \
--with-config-file-scan-dir=/usr/local/activesys%{_sysconfdir}/php.d \
--enable-fastcgi \
--with-mysql=shared \
 
modify lines starting from nr. 609
make install INSTALL_ROOT=$RPM_BUILD_ROOT/usr/local/activesys
mv $RPM_BUILD_ROOT/usr/local/activesys%{_bindir}/php $RPM_BUILD_ROOT/usr/local/activesys%{_bindir}/php4-cgi
make install-cli INSTALL_ROOT=$RPM_BUILD_ROOT/usr/local/activesys
mv $RPM_BUILD_ROOT/usr/local/activesys%{_bindir}/php $RPM_BUILD_ROOT/usr/local/activesys%{_bindir}/php4
 
618
make install-sapi INSTALL_ROOT=$RPM_BUILD_ROOT/usr/local/activesys
 
621
# Install the default configuration file and icons
install -m 755 -d $RPM_BUILD_ROOT/usr/local/activesys%{_sysconfdir}/
install -m 644    php.ini-recommended $RPM_BUILD_ROOT/usr/local/activesys%{_sysconfdir}/php.ini
install -m 755 -d $RPM_BUILD_ROOT/usr/local/activesys%{contentdir}/icons
install -m 644    *.gif $RPM_BUILD_ROOT/usr/local/activesys%{contentdir}/icons/
 
 
# install the DSO
install -m 755 -d $RPM_BUILD_ROOT/usr/local/activesys%{_libdir}/httpd/modules
install -m 755 build-apache/libs/libphp4.so $RPM_BUILD_ROOT/usr/local/activesys%{_libdir}/httpd/modules
 
# Apache config fragment
install -m 755 -d $RPM_BUILD_ROOT/usr/local/activesys/etc/httpd/conf.d
install -m 644 $RPM_SOURCE_DIR/php.conf $RPM_BUILD_ROOT/usr/local/activesys/etc/httpd/conf.d
 
install -m 755 -d $RPM_BUILD_ROOT/usr/local/activesys%{_sysconfdir}/php.d
install -m 755 -d $RPM_BUILD_ROOT/usr/local/activesys%{_localstatedir}/lib/php4
install -m 700 -d $RPM_BUILD_ROOT/usr/local/activesys%{_localstatedir}/lib/php4/session
 
643
cat > $RPM_BUILD_ROOT/usr/local/activesys%{_sysconfdir}/php.d/${mod}.ini <<EOF
 
648, 649
%attr(755,root,root) /usr/local/activesys%{_libdir}/php4/${mod}.so
%config(noreplace) %attr(644,root,root) /usr/local/activesys%{_sysconfdir}/php.d/${mod}.ini
 
656
# Remove unpackaged files
rm -f  $RPM_BUILD_ROOT/usr/local/activesys%{_libdir}/php4/*.a \
       $RPM_BUILD_ROOT/usr/local/activesys%{_bindir}/{phptar,pearize,peardev,pecl}
rm -rf $RPM_BUILD_ROOT/usr/local/activesys/.channels \
       $RPM_BUILD_ROOT/usr/local/activesys%{_libdir}/build \
       $RPM_BUILD_ROOT/usr/local/activesys%{_mandir}/man1/
rm -f  $RPM_BUILD_ROOT/usr/local/activesys/{.depdb,.depdblock,.filemap,.lock} \
 
678
%config(noreplace) /usr/local/activesys%{_sysconfdir}/php.ini
%config /usr/local/activesys%{_sysconfdir}/pear.conf
/usr/local/activesys%{_bindir}/php4
/usr/local/activesys%{_bindir}/php4-cgi
%dir /usr/local/activesys%{_libdir}/php4
/usr/local/activesys%{_includedir}/php
%dir /usr/local/activesys%{_localstatedir}/lib/php4
%attr(0770,root,apache) %dir /usr/local/activesys%{_localstatedir}/lib/php4/session
/usr/local/activesys%{_libdir}/httpd/modules/libphp4.so
%config /usr/local/activesys%{_sysconfdir}/httpd/conf.d/php.conf
%dir /usr/local/activesys%{_sysconfdir}/php.d
/usr/local/activesys%{contentdir}/icons/php.gif
 
693
/usr/local/activesys%{_bindir}/pear
/usr/local/activesys%{_datadir}/pear
 
698
/usr/local/activesys%{_bindir}/php-config
/usr/local/activesys%{_bindir}/phpize
 
701
/usr/local/activesys%{_libdir}/php4
----------------------------------------------
 
rpmbuild -ba redhat/SPECS/php4-4.4.8_LAB3.spec