I'm currently consulting for a customer running 20,000 customers/domains on a few dozen zeus webservers sharing an nfs nas. The support contract with zeus has lapsed and I am comparing my options for moving over to apache in leu of renewing.
A basic requirement of any webserver for this cluster is secure dynamic mass virtual hosting.
mod_vhost_alias OR mod_rewrite seems to give me the ability to serve up pages from the nfs nas ie /var/www/virtual/d/r/dreamway.com/docs . This is basic mass virtual hosting.
This works great for static content, but breaks down when customers want to run CGI/PHP, now we need suexec (or something) to make this secure. Unfortunately suexec is defined at the <VirtualHost> level and I see no way to incorporate it into a mass virtual hosting setup. I assume this is because suexec has no method of mapping domains to uids.
Way back in apache 1.3 there was a third party addon mod_cgiwrap that did something like this (its now defunct).... and in apache 2.0 there was a partly written MPM 'perchild' that might have helped too .. which brings me to (less important) point # 2.
Zeus has a 'perchild' type feature where the thread that serves up the client pages (the whole server) AND the CGI's SU to the user's uid. In addition to making CGI's secure, this also lets people 'own' their own content away from prying eyes of other users with access to the apache group.
Does this functionality exist in apache and I just cant see it? Is there a better place to ask? Let me know, I'll be elevating this to the dev list shortly.
Thanks in advance,
Matthew Fisch
