On 8/25/12 7:50 AM, Duken Marga wrote:
>From my experience to maintain many virtual host, I prefer use Apache
+ PHP + suPHP. I think this combination will be able to cover your ideal
situation above. But, I usually use authentication via shell user
(/etc/user). You must find tutorial or something that integrate Apache
and Active Directory (there are many out there).
suPHP is designed to replace suExec (default Apache mod). It will run a
PHP file as a user that own the files. There are no problem if you want
to use it for many user, because suPHP is designed for that. For user
who will uploade file, you can always use FTP to access their own file.
Each user can has their own .htaccess in their own directory and all the
websites will have one global rule in httpd.conf.
Using VirtualDocumentRoot, I was able to create a virtual host defined
like this:
<VirtualHost *:80>
ServerName student.sampledomain.edu
ServerAlias *.student.sampledomain.edu
DocumentRoot /mnt/web/student.sampledomain.edu/docroot
UseCanonicalName Off
VirtualDocumentRoot /mnt/userwww/%-4+
ErrorLog "|/usr/bin/logger -p local6.notice -t 'error-student'"
CustomLog "|/usr/bin/logger -p local6.notice -t 'access-student'" full
</VirtualHost>
That maps domain names like <username>.student.sampledomain.edu to
directories in the /mnt/userwww/<username> directory. That gets me
close, but isn't handling PHP yet. I think Apache also runs as 'apache'
user when reading all the files, so users must chmod their files world
readable still for this to work.
You reference "suPHP" as the way to go. The problem I have with that is
this website:
http://www.suphp.org/Home.html
Looks like the last update was back in 2009. That's more than 3 years
ago. I think that project has stalled. There must be something newer
that has replaced it since then.
-- Dante
On Wed, Aug 22, 2012 at 6:26 AM, D. Dante Lorenso <dante@xxxxxxxxxxx
<mailto:dante@xxxxxxxxxxx>> wrote:
All,
I need to set up a server to enable 5,000 students to have web
hosting provided by the school with PHP and MySQL support. I'm
trying to figure out what is the best way to do this.
We have Active Directory and are using Centrify to authenticate
usernames and passwords on our Linux servers. I am imagining it
would be great if we use something like ExecCGI to ensure that PHP
runs as the user that owns the files. We would then provide FTP
access to the files and FTP would authenticate against Active
Directory making sure to set the proper user/group on files when
uploaded.
I see that PHP-FPM exists: http://php-fpm.org and it claims
"Ability to start workers with different uid/gid/chroot/environment
and different php.ini (replaces safe_mode)" which is exactly what
I'm looking for. It also claims "PHP-FPM is now included in PHP
core as of PHP 5.3.3." so that's good.
I also read about the greatness that is NGinX: http://nginx.org
though I don't know if I can use it because I think I also need to
use .htaccess files. I need a way for students to be able to
password protect their directories and files. If there's another
way using NGinX or Apache, that's good too. I know of no other way.
Here is an interesting article from 2009:
http://www.howtoforge.com/how-__to-set-up-mass-virtualhosting-__with-apache2-mod_rewrite-mod___userdir-mod_suexec-on-centos-__5.3
<http://www.howtoforge.com/how-to-set-up-mass-virtualhosting-with-apache2-mod_rewrite-mod_userdir-mod_suexec-on-centos-5.3>
That uses mod_rewrite to attempt something like what I'm trying to
do ... and then, Apache has mod_vhost_alias:
http://httpd.apache.org/docs/__2.2/mod/mod_vhost_alias.html
<http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html>
So, I see a lot of information out there. Apache, NginX, ExecCGI,
FastCGI, mod_vhost_alias, mod_rewrite, SuExec, mod_userdir. I
suspect some of these methods are old and out of date.
In my ideal situation:
- users would be created in AD and would exist on the OS
- student domain names would look like:
http://<username>.student.__school.edu/
<http://student.school.edu/> - OR -
http://student.school.edu/<__username>/
- file directories would look like:
/mnt/somedir/<username>/__docroot
- students would be able to create PHP applications executed with
their own permissions
- I would be able to configure all 5,000 accounts with a single
configuration (1 virtual host rule?)
Do you know what the "best practices" are for now ... here in 2012?
-- Dante
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Duken Marga
-- Dante
D. Dante Lorenso
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
