# apache + fastcgi + fpm  Why is suexec required? [Solved]

## KWhat

So I have the following *WORKING* virtualhost:

```

<VirtualHost 192.168.128.20:80>

        ServerName euclid.domain.tld

        #LogLevel debug

        ErrorLog /var/www/euclid/logs/error_log

        SuexecUserGroup fastcgi www_euclid

        FastCgiExternalServer /var/www/euclid/htdocs/cgi-bin -socket /var/run/php-fpm/euclid.sock -user fastcgi -group www_euclid

        AddHandler php-fastcgi .php

        Action php-fastcgi /cgi-bin

        Alias /cgi-bin /var/www/euclid/htdocs/cgi-bin

        <Location /cgi-bin>

                Order Deny,Allow

                Deny from All

                # Prevent accessing this path directly

                Allow from env=REDIRECT_STATUS

                Options +ExecCGI +FollowSymLInks +SymLinksIfOwnerMatch

        </Location>

        DocumentRoot /var/www/euclid/htdocs

        <Directory /var/www/euclid/htdocs>

                AllowOverride all

                Order allow,deny

                Allow from all

        </Directory>

</VirtualHost>

```

What I cant seem to figure out is why I need to have either/both SuexecUserGroup fastcgi www_euclid and FastCgiExternalServer with the -user fastcgi -group www_euclid flags.  FPM has pooling enabled and each pool is running under its own user/group.  This works correctly, no issue.  If i remove SuexecUserGroup and/or the -user fastcgi -group www_euclid arguments, I get the following error and I have no idea why.  Additionally what uid and gid is used to access the socket file by fastcgi?  Its certainly not fastcgi:ww_euclid.

```
(13)Permission denied: FastCGI: failed to connect to server "/var/www/euclid/htdocs/cgi-bin": connect() failed

FastCGI: incomplete headers (0 bytes) received from server "/var/www/euclid/htdocs/cgi-bin"
```

Last edited by KWhat on Fri Sep 07, 2012 10:37 pm; edited 1 time in total

----------

## KWhat

Ok I believe I have figured out what the problem was.  The simple answer is; mod_fastcgi sucks.  Its old, unmaintained and poorly documented.  Why it keeps coming up when looking up how to run php-fpm is beyond me.  Save your self the headache and just don't use it!

The real solution is rather simple:

```

<VirtualHost 192.168.128.20:80> 

            ServerName euclid.domain.tld 

    

            #LogLevel debug 

            ErrorLog /var/www/euclid/logs/error_log 

    

            <IfDefine PROXY>

                    #If you want to use mod_proxy (Probably the best option)

                    ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://localhost:9000/var/www/euclid/htdocs/$1

            </IfDefine>

            <IfDefine FASTCGI_HANDLER>

                    #If you want to use mod_fastcgi_handler (3rd party)

                    AddHandler fcgi:/var/run/php-fpm-euclid.sock .php

            </IfDefine>

    

            DocumentRoot /var/www/euclid/htdocs 

            <Directory /var/www/euclid/htdocs> 

                    AllowOverride all 

                    Order allow,deny 

                    Allow from all 

            </Directory> 

</VirtualHost>

```

----------

