Apache Worker MPM PHP CGI Suexec Setup

Components to an Apache + SuExec + FCGI + PHP setup:

First, need some variables to stay the same throughout the setup.

User Apache runs as: daemon User CGI programs run as: steve Parent directory location of CGI binaries, web documents

1. Apache must be configured with specific SuExec command line arguments.

For an OS X user development system, these would be passed to Apache's configure script:

        --enable-suexec \
        --with-suexec-docroot=/var/www \
        --with-suexec-bin=/usr/local/steve/apache2/bin/suexec \
        --with-suexec-caller=daemon \
        --with-suexec-uidmin=500 \
        --with-suexec-logfile=/usr/local/steve/apache2/logs/suexec_log \
        --with-suexec-gidmin=20 \
        --with-suexec-userdir=Sites \

2. Build mod_fcgid against Apache

./configure-apxs && make && make install

make install should edit httpd.conf so that it loads the module, but if not, add it in there:

LoadModule fcgid_module modules/mod_fcgid.so

3. Build PHP as normal, install as a CGI binary

4. Create a PHP-wrapper script. Because of how SuExec works, both the script and the directory must be owned by this user.

# mkdir /private/var/www/fcgi-bin/
# chown -R steve:

http://nx.beandog.org/php/php-wrapper

5. Add parts to Apache configuration

load fcgid module globally (httpd.conf):

LoadModule fcgid_module modules/mod_fcgid.so

Setup the fcgi-bin directory to contain handlers and allow executable CGI files (httpd.conf):

<Directory /private/var/www/fcgi-bin/>
        SetHandler fcgid-script
        Options +ExecCGI
        Order allow,deny
        Allow from all
</Directory>

Setup PHP handler extension globally (httpd.conf):

AddHandler fcgid-script .php
FcgidWrapper /private/var/www/fcgi-bin/php-wrapper .php

Turn on SuExec globally (httpd.conf):

SuexecUserGroup steve staff

Add a VirtualHost directive that is under the compiled docroot for SuExec:

<VirtualHost *:80>
        ServerName qa.steve.beandog.org
        DocumentRoot "/Users/steve/Sites/qa"
</VirtualHost>