Components to an Apache + SuExec + FCGI + PHP setup:
First, need some variables to stay the same throughout the setup.
User Apache runs as: daemon User CGI programs run as: steve Parent directory location of CGI binaries, web documents
1. Apache must be configured with specific SuExec command line arguments.
For an OS X user development system, these would be passed to Apache's configure script:
--enable-suexec \
--with-suexec-docroot=/var/www \
--with-suexec-bin=/usr/local/steve/apache2/bin/suexec \
--with-suexec-caller=daemon \
--with-suexec-uidmin=500 \
--with-suexec-logfile=/usr/local/steve/apache2/logs/suexec_log \
--with-suexec-gidmin=20 \
--with-suexec-userdir=Sites \
2. Build mod_fcgid against Apache
./configure-apxs && make && make install
make install should edit httpd.conf so that it loads the module, but if not, add it in there:
LoadModule fcgid_module modules/mod_fcgid.so
3. Build PHP as normal, install as a CGI binary
4. Create a PHP-wrapper script. Because of how SuExec works, both the script and the directory must be owned by this user.
# mkdir /private/var/www/fcgi-bin/ # chown -R steve:
http://nx.beandog.org/php/php-wrapper
5. Add parts to Apache configuration
load fcgid module globally (httpd.conf):
LoadModule fcgid_module modules/mod_fcgid.so
Setup the fcgi-bin directory to contain handlers and allow executable CGI files (httpd.conf):
<Directory /private/var/www/fcgi-bin/>
SetHandler fcgid-script
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>
Setup PHP handler extension globally (httpd.conf):
AddHandler fcgid-script .php FcgidWrapper /private/var/www/fcgi-bin/php-wrapper .php
Turn on SuExec globally (httpd.conf):
SuexecUserGroup steve staff
Add a VirtualHost directive that is under the compiled docroot for SuExec:
<VirtualHost *:80>
ServerName qa.steve.beandog.org
DocumentRoot "/Users/steve/Sites/qa"
</VirtualHost>