FastCGI+suexec如何配置?
stuhack
|
1#
stuhack 发表于 2007-05-28 09:33
FastCGI+suexec如何配置?
mod_fcgid mod_suexec都已经安装好了.
SetHandler fcgid-script FCGIWrapper /usr/local/bin/php .php Options ExecCGI 也加了.可惜访问的时候出错. [Sat May 26 03:10:41 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/local/sbin/suexec) [Sat May 26 03:10:43 2007] [notice] Apache/2.0.59 (FreeBSD) PHP/5.2.2 with Suhosin-Patch configured -- resuming normal operations [Sat May 26 03:14:20 2007] [notice] SIGHUP received. Attempting to restart [Sat May 26 03:14:22 2007] [notice] Apache/2.0.59 (FreeBSD) PHP/5.2.2 with Suhosin-Patch configured -- resuming normal operations [Sat May 26 03:16:56 2007] [notice] SIGHUP received. Attempting to restart [Sat May 26 03:16:58 2007] [notice] Apache/2.0.59 (FreeBSD) PHP/5.2.2 with Suhosin-Patch configured -- resuming normal operations [Sat May 26 03:16:58 2007] [error] [client 192.168.1.55] Symbolic link not allowed: /usr/local/www/data [Sat May 26 03:20:13 2007] [notice] SIGHUP received. Attempting to restart [Sat May 26 03:20:15 2007] [notice] Apache/2.0.59 (FreeBSD) PHP/5.2.2 with Suhosin-Patch configured -- resuming normal operations [Sat May 26 03:23:24 2007] [notice] SIGHUP received. Attempting to restart [Sat May 26 03:23:26 2007] [notice] Apache/2.0.59 (FreeBSD) PHP/5.2.2 with Suhosin-Patch configured -- resuming normal operations [Sat May 26 03:30:17 2007] [notice] SIGHUP received. Attempting to restart [Sat May 26 03:30:19 2007] [notice] Apache/2.0.59 (FreeBSD) PHP/5.2.2 with Suhosin-Patch configured -- resuming normal operations 不知道如何配置FastCGI和Suexec ServerRoot "/usr/local" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # <IfModule !mpm_winnt.c> <IfModule !mpm_netware.c> #LockFile /var/log/accept.lock </IfModule> </IfModule> <IfModule !mpm_netware.c> <IfModule !perchild.c> #ScoreBoardFile /var/run/apache_runtime_status </IfModule> </IfModule> # # PidFile: The file in which the server should record its process # identification number when it starts. # <IfModule !mpm_netware.c> PidFile /var/run/httpd.pid </IfModule> # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM <IfModule prefork.c> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # worker MPM <IfModule worker.c> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> # perchild MPM <IfModule perchild.c> NumServers 5 StartThreads 5 MinSpareThreads 5 MaxSpareThreads 10 MaxThreadsPerChild 20 MaxRequestsPerChild 0 </IfModule> # WinNT MPM # ThreadsPerChild: constant number of worker threads in the server process # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_winnt.c> ThreadsPerChild 250 MaxRequestsPerChild 0 </IfModule> # BeOS MPM # StartThreads: how many threads do we initially spawn? # MaxClients: max number of threads we can have (1 thread == 1 client) # MaxRequestsPerThread: maximum number of requests each thread will process <IfModule beos.c> StartThreads 10 MaxClients 50 MaxRequestsPerThread 10000 </IfModule> # NetWare MPM <IfModule mpm_netware.c> ThreadStackSize 65536 StartThreads 250 MinSpareThreads 25 MaxSpareThreads 250 MaxThreads 1000 MaxRequestsPerChild 0 MaxMemFree 100 </IfModule> # OS/2 MPM # StartServers: Number of server processes to maintain # MinSpareThreads: Minimum number of idle threads per process, # to handle request spikes # MaxSpareThreads: Maximum number of idle threads per process # MaxRequestsPerChild: Maximum number of connections per server process <IfModule mpmt_os2.c> StartServers 2 MinSpareThreads 5 MaxSpareThreads 10 MaxRequestsPerChild 0 </IfModule> # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 Listen 80 LoadModule access_module libexec/apache2/mod_access.so LoadModule auth_module libexec/apache2/mod_auth.so LoadModule auth_anon_module libexec/apache2/mod_auth_anon.so LoadModule auth_dbm_module libexec/apache2/mod_auth_dbm.so #LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so #LoadModule file_cache_module libexec/apache2/mod_file_cache.so LoadModule charset_lite_module libexec/apache2/mod_charset_lite.so #LoadModule cache_module libexec/apache2/mod_cache.so #LoadModule disk_cache_module libexec/apache2/mod_disk_cache.so LoadModule include_module libexec/apache2/mod_include.so LoadModule deflate_module libexec/apache2/mod_deflate.so LoadModule log_config_module libexec/apache2/mod_log_config.so LoadModule logio_module libexec/apache2/mod_logio.so LoadModule env_module libexec/apache2/mod_env.so LoadModule mime_magic_module libexec/apache2/mod_mime_magic.so LoadModule cern_meta_module libexec/apache2/mod_cern_meta.so LoadModule expires_module libexec/apache2/mod_expires.so LoadModule headers_module libexec/apache2/mod_headers.so LoadModule usertrack_module libexec/apache2/mod_usertrack.so LoadModule unique_id_module libexec/apache2/mod_unique_id.so LoadModule setenvif_module libexec/apache2/mod_setenvif.so LoadModule mime_module libexec/apache2/mod_mime.so #LoadModule dav_module libexec/apache2/mod_dav.so LoadModule status_module libexec/apache2/mod_status.so LoadModule autoindex_module libexec/apache2/mod_autoindex.so LoadModule asis_module libexec/apache2/mod_asis.so LoadModule info_module libexec/apache2/mod_info.so LoadModule suexec_module libexec/apache2/mod_suexec.so #LoadModule cgid_module libexec/apache2/mod_cgid.so #LoadModule dav_fs_module libexec/apache2/mod_dav_fs.so LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so LoadModule negotiation_module libexec/apache2/mod_negotiation.so LoadModule dir_module libexec/apache2/mod_dir.so LoadModule imap_module libexec/apache2/mod_imap.so LoadModule actions_module libexec/apache2/mod_actions.so LoadModule speling_module libexec/apache2/mod_speling.so LoadModule userdir_module libexec/apache2/mod_userdir.so LoadModule alias_module libexec/apache2/mod_alias.so LoadModule rewrite_module libexec/apache2/mod_rewrite.so LoadModule fcgid_module libexec/apache2/mod_fcgid.so LoadModule php5_module libexec/apache2/libphp5.so # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStatus # Off) when the "server-status" handler is called. The default is Off. # #ExtendedStatus On <IfModule !mpm_winnt.c> <IfModule !mpm_netware.c> User www Group www </IfModule> </IfModule> # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com # ServerAdmin you@example.com #ServerName www.example.com:80 UseCanonicalName Off DocumentRoot "/usr/local/www/data" <Directory /> AllowOverride None Order Deny,Allow Deny from all </Directory> <Directory "/usr/local/www"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> UserDir public_html UserDir disabled root toor daemon operator bin tty kmem games news man sshd bind proxy _pflogd _dhcp uucp pop www nobody mailnull smmsp # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS PROPFIND> Order deny,allow Deny from all </LimitExcept> </Directory> </IfModule> DirectoryIndex index.html index.html.var AccessFileName .htaccess <FilesMatch "^\.ht"> Order allow,deny Deny from all </FilesMatch> # # TypesConfig describes where the mime.types file (or equivalent) is # to be found. # TypesConfig etc/apache2/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile etc/apache2/magic </IfModule> HostnameLookups Off ErrorLog /var/log/httpd-error.log ServerTokens Full # Alias /icons/ "/usr/local/www/icons/" <Directory "/usr/local/www/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> # # This should be changed to the ServerRoot/manual/. The alias provides # the manual, even if you choose to move your DocumentRoot. You may comment # this out if you do not care for the documentation. # AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/local/share/doc/apache2$1" <Directory "/usr/local/share/doc/apache2"> Options Indexes AllowOverride None Order allow,deny Allow from all <Files *.html> SetHandler type-map </Files> SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 </Directory> ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" <IfModule mod_cgid.c> # # Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> # for setting UNIX socket for communicating with cgid. # #Scriptsock /var/run/cgisock </IfModule> <IfModule mod_fcgid.c> AddHandler fcgid-script .fcgi </IfModule> # # "/usr/local/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/usr/local/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> # # Redirect allows you to tell clients about documents which used to exist in # your server's namespace, but do not anymore. This allows you to tell the # clients where to look for the relocated document. # Example: # Redirect permanent /foo http://www.example.com/bar # # Directives controlling the display of server-generated directory listings. # # # IndexOptions: Controls the appearance of server-generated directory # listings. # IndexOptions FancyIndexing VersionSort # # AddIcon* directives tell the server which icon to show for different # files or filename extensions. These are only displayed for # FancyIndexed directories. # AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ # AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw # # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # # ForceLanguagePriority allows you to serve a result page rather than # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) # [in case no accepted languages matched the available variants] # ForceLanguagePriority Prefer Fallback # # Commonly used filename extensions to character sets. You probably # want to avoid clashes with the language extensions, unless you # are good at carefully testing your setup after each change. # See http://www.iana.org/assignments/character-sets for the # official list of charset names and their respective RFCs. # AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen AddCharset ISO-8859-3 .iso8859-3 .latin3 AddCharset ISO-8859-4 .iso8859-4 .latin4 AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5 .Big5 .big5 # For russian, more than one charset is used (depends on client, mostly): AddCharset WINDOWS-1251 .cp-1251 .win-1251 AddCharset CP866 .cp866 AddCharset KOI8-r .koi8-r .koi8-ru AddCharset KOI8-ru .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-8 .utf8 # The set below does not map to a specific (iso) standard # but works on a fairly wide range of browsers. Note that # capitalization actually matters (it should not, but it # does for some browsers). # # See http://www.iana.org/assignments/character-sets # for a list of sorts. But browsers support few. # AddCharset GB2312 .gb2312 .gb AddCharset utf-7 .utf7 AddCharset utf-8 .utf8 AddCharset big5 .big5 .b5 AddCharset EUC-TW .euc-tw AddCharset EUC-JP .euc-jp AddCharset EUC-KR .euc-kr AddCharset shift_jis .sjis #AddHandler cgi-script .cgi AddHandler cgi-script .cgi .pl AddHandler fastcgi-script .fcg .fcgi .fpl # # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully BrowserMatch "^gnome-vfs" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Change the ".example.com" to match your domain to enable. # #<Location /server-status> # SetHandler server-status # Order deny,allow # Deny from all # Allow from .example.com #</Location> # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # Change the ".example.com" to match your domain to enable. # #<Location /server-info> # SetHandler server-info # Order deny,allow # Deny from all # Allow from .example.com #</Location> # # Bring in additional module-specific configurations # <IfModule mod_ssl.c> Include etc/apache2/ssl.conf </IfModule> ### Section 3: Virtual Hosts # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs/2.0/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # # Use name-based virtual hosting. # #NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # #<VirtualHost *:80> # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog /var/log/dummy-host.example.com-error_log # CustomLog /var/log/dummy-host.example.com-access_log common #</VirtualHost> Include etc/apache2/Includes/*.conf |