Wednesday, May 4, 2011

apache2 with suPHP and php 5.3 along side php 5.2

Category: , SkyHi @ Wednesday, May 04, 2011
The idea is this one: Stay up2date with Ubuntu’s packages (currently they stick with the latest php version available) but still provide old php as a standalone with suPHP – both increasing security and compatibility.
So the software that i’ve got: Ubuntu 10.04.2 (lucid), apache2 (v.2.2.14), php 5.3 (v.5.3.2-1ubuntu4.7), suPHP 0.7.1,  php 5.2 (v.5.2.17).
let’s start.

1st step – get and configure apache2, php, phpmyadmin normally on your Ubuntu box (i have mine already setup so i’ll be skiping this step – you could check howtoforge for tutorials).

2nd step – get suPHP and configure it – i did it manually thus sticking to the latest available release:

./configure --disable-checkpath --disable-check-docroot --prefix=/usr --sysconfdir=/etc/apache2 --with-apache-user=www-data --with-setid-mode=paranoid --with-apxs=/usr/bin/apxs2 --with-php=/usr/bin/php-cgi -with-logfile=/var/log/suphp.log --with-apr=/usr/bin/apr-1-config --enable-SUPHP_USE_USERGROUP=yes


make;make install


rm -rf /etc/apache2/mods-available/php5.load /etc/apache2/mods-enabled/php5.load

(removed the php5.load’s because in my case apache would ignore suPHP)

edit /etc/apache2/httpd.conf and add

LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so
I’ve choosed to load php5_module also so that if i ever forget to config suPHP .php’s sould still work.
now here’s my suPHP config:

suphp.conf

now you will face a certain suPHP issue with phpmyadmin as it’s owned by root (when installed with apt-get) thus

chown -R www-data:www-data /usr/share/phpmyadmin

and now i’ve setup it as a subdomain and suPHPed it (at a hoster level this can be a issue as users need to access the phpmyadmin via they’r domain – a fix would be to skip suPHP for phpmyadmin and alias it):


DocumentRoot /usr/share/phpmyadmin
ServerName phpmyadmin.pvp.ro
#Alias /phpmyadmin /usr/share/phpmyadmin
suPHP_Engine on
suPHP_UserGroup www-data www-data
AddHandler x-httpd-suphp .phpsu
PHP_AddHandler x-httpd-suphp

Options Indexes FollowSymLinks
DirectoryIndex index.php

AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_value include_path .


# Disallow web access to directories that don't need it

Order Deny,Allow
Deny from All


Order Deny,Allow
Deny from All



step 3 – get php 5.2 configure it and enjoy

./configure --prefix=/usr/local/php5.2 --enable-fastcgi --enable-force-cgi-redirect --disable-cli --enable-discard-path --with-config-file-path=/usr/local/php5.2/config --without-pear --with-openssl=/usr --with-iconv --with-curl --with-mysql --with-mysqli --enable-mbstring --enable-exif --with-jpeg-dir --with-zlib --with-zlib-dir --with-png-dir --with-gd --with-gettext --enable-gd-native-ttf --with-mhash --with-mcrypt --enable-bcmath --with-mime-magic --with-pdo-mysql --enable-sockets --enable-xml --enable-libxml --enable-dom --enable-simplexml --enable-xmlreader --enable-xmlwriter

i’ve found some missing libs regarding jpg, png, mcrypt and mhash thus -

apt-get install libcurl3-dev
with
libjpeg8-devlibjpeg62-dev libpng3-dev libmcrypt-dev libmhash-dev

before continuing you might want to keep a copy of libphp5.so (the php5.3 one) before it get’s replaced by php5.2′s make install

cp /usr/lib/apache2/modules/libphp5.so /usr/lib/apache2/modules/libphp5.3.so

so if you decide to keep php5.3 for the non-configured virtual hosts you could always load that in apache LoadModule

make; make install

go to /etc/apache2/suphp.conf and edit it to use php5.2 to
find x-httpd-suphp and after it add:

x-httpd-suphp52="php:/usr/local/php5.2/bin/php-cgi"

so here’s a apache virtual host that uses both php5.3 and php5.2 in the same time:

DocumentRoot /home/bogdan/sites/phps.pvp.roServerName phps.pvp.ro
CustomLog     /var/log/apache2/phps.pvp.ro-access.log combined
ErrorLog      /var/log/apache2/phps.pvp.ro-error.log
LogLevel warn

suPHP_Engine on
suPHP_UserGroup bogdan bogdan
AddHandler x-httpd-suphp .php
suPHP_AddHandler x-httpd-suphp
AddHandler x-httpd-suphp52 .php52
suPHP_AddHandler x-httpd-suphp52


you will probably need only one handler for .php so assign the .php to x-httpd-suphp52
now it’s suhosin’s turn to be configured with php5.2 (this step i will go fast)

wget http://download.suhosin.org/suhosin-0.9.32.1.tar.gz
mv  /etc/alternatives/php /etc/alternatives/php5.3
mv  /etc/alternatives/phpize /etc/alternatives/phpize5.3
mv   /etc/alternatives/php-config /etc/alternatives/php-config5.3
ln -s /usr/local/php5.2/bin/php-cgi  /etc/alternatives/php
ln -s /usr/local/php5.2/bin/php-config  /etc/alternatives/php-config
ln -s /usr/local/php5.2/bin/phpize /etc/alternatives/phpize
tar xzvf  suhosin-0.9.32.1.tar.gz
cd suhosin-0.9.32.1
phpize
./configure
make
mv ./modules/suhosin.so /usr/local/php5.2/lib/php/extensions
~add to /usr/local/php5.2/config/php.ini : ~
extension_dir="/usr/local/php5.2/lib/php/extensions"
extension=suhosin.so

attention! i’ve moved the original  /etc/alternatives/phpize to /etc/alternatives/phpize5.3 and and php-config so that when i phpize and configure the suhosin it would be setup for php5.2 (/usr/bin/phpize beeing linked to /etc/alternatives/phpize) you might want to move them back, or not…
hope this post helps!
sources: howtoforge.com, apache, php.net, suphpJakub SuchĂ˝
p.s. watch the phpinfo’s as they provide interesting security options for suhosin


REFERENCES
http://www.pvp.ro/apache2-suphp-php53-n-php52.html