Re: set up mass virtual hosting with apache/nginx and PHP ... best practice 2012?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/25/12 7:50 AM, Duken Marga wrote:
 >From my experience to maintain many virtual host, I prefer use Apache
+ PHP + suPHP. I think this combination will be able to cover your ideal
situation above. But, I usually use authentication via shell user
(/etc/user). You must find tutorial or something that integrate Apache
and Active Directory (there are many out there).

suPHP is designed to replace suExec (default Apache mod). It will run a
PHP file as a user that own the files. There are no problem if you want
to use it for many user, because suPHP is designed for that. For user
who will uploade file, you can always use FTP to access their own file.
Each user can has their own .htaccess in their own directory and all the
websites will have one global rule in httpd.conf.

Using VirtualDocumentRoot, I was able to create a virtual host defined like this:

<VirtualHost *:80>
ServerName student.sampledomain.edu
ServerAlias *.student.sampledomain.edu

DocumentRoot /mnt/web/student.sampledomain.edu/docroot
UseCanonicalName Off
VirtualDocumentRoot /mnt/userwww/%-4+

ErrorLog "|/usr/bin/logger -p local6.notice -t 'error-student'"
CustomLog "|/usr/bin/logger -p local6.notice -t 'access-student'" full
</VirtualHost>

That maps domain names like <username>.student.sampledomain.edu to directories in the /mnt/userwww/<username> directory. That gets me close, but isn't handling PHP yet. I think Apache also runs as 'apache' user when reading all the files, so users must chmod their files world readable still for this to work.

You reference "suPHP" as the way to go. The problem I have with that is this website:
http://www.suphp.org/Home.html

Looks like the last update was back in 2009. That's more than 3 years ago. I think that project has stalled. There must be something newer that has replaced it since then.

-- Dante



On Wed, Aug 22, 2012 at 6:26 AM, D. Dante Lorenso <dante@xxxxxxxxxxx
<mailto:dante@xxxxxxxxxxx>> wrote:

    All,

    I need to set up a server to enable 5,000 students to have web
    hosting provided by the school with PHP and MySQL support.  I'm
    trying to figure out what is the best way to do this.

    We have Active Directory and are using Centrify to authenticate
    usernames and passwords on our Linux servers.  I am imagining it
    would be great if we use something like ExecCGI to ensure that PHP
    runs as the user that owns the files.  We would then provide FTP
    access to the files and FTP would authenticate against Active
    Directory making sure to set the proper user/group on files when
    uploaded.

    I see that PHP-FPM exists: http://php-fpm.org  and it claims
    "Ability to start workers with different uid/gid/chroot/environment
    and different php.ini (replaces safe_mode)" which is exactly what
    I'm looking for.  It also claims "PHP-FPM is now included in PHP
    core as of PHP 5.3.3." so that's good.

    I also read about the greatness that is NGinX: http://nginx.org
    though I don't know if I can use it because I think I also need to
    use .htaccess files.  I need a way for students to be able to
    password protect their directories and files.  If there's another
    way using NGinX or Apache, that's good too.  I know of no other way.

    Here is an interesting article from 2009:
    http://www.howtoforge.com/how-__to-set-up-mass-virtualhosting-__with-apache2-mod_rewrite-mod___userdir-mod_suexec-on-centos-__5.3
    <http://www.howtoforge.com/how-to-set-up-mass-virtualhosting-with-apache2-mod_rewrite-mod_userdir-mod_suexec-on-centos-5.3>

    That uses mod_rewrite to attempt something like what I'm trying to
    do ... and then, Apache has mod_vhost_alias:
    http://httpd.apache.org/docs/__2.2/mod/mod_vhost_alias.html
    <http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html>

    So, I see a lot of information out there.  Apache, NginX, ExecCGI,
    FastCGI, mod_vhost_alias, mod_rewrite, SuExec, mod_userdir.  I
    suspect some of these methods are old and out of date.

    In my ideal situation:

      - users would be created in AD and would exist on the OS

      - student domain names would look like:
             http://<username>.student.__school.edu/
    <http://student.school.edu/> - OR -
    http://student.school.edu/<__username>/

      - file directories would look like:
             /mnt/somedir/<username>/__docroot

      - students would be able to create PHP applications executed with
             their own permissions

      - I would be able to configure all 5,000 accounts with a single
             configuration (1 virtual host rule?)

    Do you know what the "best practices" are for now ... here in 2012?

    -- Dante


    --
    PHP General Mailing List (http://www.php.net/)
    To unsubscribe, visit: http://www.php.net/unsub.php




--
Duken Marga



-- Dante

D. Dante Lorenso


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux