# apache2.2, mod_suexec, mod_fcgid+php5 - help, I'm drowning!

## colo

I'm setting up a new server of ours that's meant to provide secure mass hosting with apache2.2 (I've done similar setups with lighty, but that won't fly this time, since a few of my colleagues need apache-specific features). So I bravely went out there yesterday evening, unmasked apache 2.2, merged it, merged php5 and mod_fcgid.

The plan right now is to provide everyone in need of webspace with a dedicated UNIX-user, having the DocumentRoot of her vhost reside on /home/$LOGNAME/$FQDN/htdocs. This is working fine already.

However, as soon as I try to introduce php into the game, the pain begins - I've googled around quite a lot already, tried the official mod_fcgid-recipie for php5+suexec adapted to my situation, tried some other snippets I found on the web, but I just can't get suexec to let my php-scripts execute. Since I've never worked with suexec before, I can't make much sense of the following error, which the very latest of my tries popped up:

```
[2007-04-22 12:19:52]: command not in docroot (/home/zbull/0bull.cn/htdocs/cgi-bin/php.fcgi)
```

(php.fcgi is a bash-wrapper for setting up some environment variables and exec'ing the php-cgi binary subsequently)

Note that said wrapper actually IS in the docroot of the vhost.

In a rush of sudden anger I decided to scrap all the stuff I tried with fcgid already (and therefore cannot provide you with any of my failing config attempts, d'oh!), but as of now I'm cooling down and would like to try again "from scratch" once more. If there's anybody on the forums who could give me advise on how to best tackle the problem, please, feel very welcome to chime in.

the USE-flags I set when merging the affected packages were:

```
[ebuild   R   ] net-www/apache-2.2.4  USE="ldap mpm-worker ssl threads -debug -doc -mpm-event -mpm-peruser -mpm-prefork -no-suexec (-selinux) -static-modules" 0 kB

[ebuild   R   ] dev-lang/php-5.2.1-r3  USE="berkdb cgi cli crypt force-cgi-redirect gd gdbm iconv imap ldap mysqli ncurses pcre posix readline reflection session sockets spl ssl suhosin sysvipc threads tidy truetype unicode zlib -adabas -apache -apache2 -bcmath -birdstep -bzip2 -calendar -cdb -cjk -concurrentmodphp -ctype -curl -curlwrappers -db2 -dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -exif -fastbuild -fdftk -filter -firebird -flatfile -frontbase -ftp -gd-external -gmp -hash -inifile -interbase -iodbc -ipv6 -java-external -json -kerberos -ldap-sasl -libedit -mcve -mhash -msql -mssql -mysql -nls -oci8 -oci8-instant-client -odbc -pcntl -pdo -pdo-external -pic -postgres -qdbm -recode -sapdb -sharedext -sharedmem -simplexml -snmp -soap -solid -spell -sqlite -sybase -sybase-ct -tokenizer -wddx -xml -xmlreader -xmlrpc -xmlwriter -xpm -xsl -yaz -zip -zip-external" 0 kB

[ebuild   R   ] www-apache/mod_fcgid-2.1  0 kB
```

Config for the virtual host I'm trying to get php-support for:

```
<VirtualHost 88.198.55.121:80>

        ServerName 0bull.cn

        ServerAdmin root@0bull.cn

        RedirectMatch permanent (.*) https://0bull.cn$1

</VirtualHost>

<VirtualHost 88.198.55.121:443>

        ServerName 0bull.cn

        ServerAdmin root@0bull.cn

        DocumentRoot "/home/zbull/0bull.cn/htdocs"

        SSLCertificateFile /etc/apache2/ssl/cacert-0bull_cn.cert

        SSLCertificateKeyFile /etc/apache2/ssl/cacert-0bull_cn-private.key

        SSLEngine on

        <Files ~ "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </Files>

        CustomLog /var/log/apache2/0bull.cn/access_log common

        ErrorLog /var/log/apache2/0bull.cn/error_log

        <Directory "/home/zbull/0bull.cn/htdocs">

                Options +ExecCGI

                Order deny,allow

                Allow from all

        </Directory>

</VirtualHost>
```

Any help is much appreciated!

- colo

----------

## colo

Hell yes, got it working two hours ago. I'll post the solution (which I will eventually make into a howto, if there's interest) as soon as I have sufficent time to spare.  :Smile: 

----------

## kaktuspalme

Im interested in a howto, i've got apache-2.2 too, and i would swtich from mod_php to mod_fcgid + php

----------

## bajaguy

The HOWTO would be welcomed!

----------

## colo

I started an article on gentoo-wiki.com and will post its URL once it's in a presentable state. Just to keep you informed  :Wink: 

----------

