SuPHP

From Leo's Notes
Last edited on 13 January 2016, at 18:38.

Here is a script that will set up suPHP, similar to what cPanel does with Easy Apache. 

yum -y install psmisc net-tools wget

yum -y install bzip2 wget cc gcc make openssl-devel perl

wget http://leo.home.steamr.com/source/httpd-2.4.16.tar.gz
tar -xzf httpd-2.4.16.tar.gz
cd httpd*/srclib
wget http://leo.home.steamr.com/source/apr-1.5.2.tar.bz2
tar -xjf apr-1.5.2.tar.bz2
mv apr-1.5.2 apr
wget http://leo.home.steamr.com/source/apr-util-1.5.4.tar.bz2
tar -xjf apr-util-1.5.4.tar.bz2
mv apr-util-1.5.4 apr-util

./configure \
 --enable-rewrite --enable-suexec --enable-ssl \
 --enable-deflate --enable-expires --enable-headers \
 --with-included-apr \
 --with-ssl=/usr \
 --with-pcre \
 --with-crypto --with-mpm=prefork  \
 --with-suexec-caller=nobody \
 --with-suexec-docroot=/ \
 --with-suexec-gidmin=100 \
 --with-suexec-logfile=/usr/local/apache/logs/suexec_log \
 --with-suexec-uidmin=100 \
 --with-suexec-userdir=public_html

make -j 4
make install
ln -s /usr/local/apache2 /etc/httpd
cp build/rpm/httpd.init  /etc/init.d/httpd
chmod 755  /etc/init.d/httpd

# change perl interpreter from '/replace/with/path/to/perl/interpreter' to '/usr/bin/perl'

echo "HTTPD=/usr/local/apache2/bin/httpd" > /etc/sysconfig/httpd
echo "PIDFILE=/usr/local/apache2/logs/httpd.pid" >> /etc/sysconfig/httpd
# update the init script so that the pidfile: line is set to the path above.



yum -y install gcc-c++
wget http://leo.home.steamr.com/source/pcre-8.37.tar.gz
tar -xzf pcre-8.37.tar.gz
cd pcre-8.37
./configure --prefix=/opt/pcre --enable-unicode-properties
make -j 4
make install
cd /opt/pcre
ln -s lib lib64



cd
wget http://leo.home.steamr.com/source/libmcrypt-2.5.8.tar.gz
tar -xzf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure --prefix=/opt/libmcrypt
make -j 4
make install
cd /opt/libmcrypt
ln -s lib lib64

cd
wget http://leo.home.steamr.com/source/mm-1.4.2.tar.gz
tar -xzf mm-1.4.2.tar.gz
cd mm-1.4.2
./configure --prefix=/opt/mm
make -j 4
make install
cd /opt/mm
ln -s lib lib64


yum -y install libtool
cd
wget http://leo.home.steamr.com/source/tidy.tar.gz
tar -xzf tidy.tar.gz
cd tidy/tidy
sh build/gnuauto/setup.sh
./configure --prefix=/opt/tidy
make -j 4
make install
cd /opt/tidy
ln -s lib lib64



cd
wget http://leo.home.steamr.com/source/libxslt.tar.gz
tar -xzf libxslt.tar.gz
cd libxslt-1.1.28
./configure --prefix=/opt/xslt
make -j 4
make install
cd /opt/xslt
ln -s lib lib64
yum install mariadb-devel mariadb-server



yum -y install libxml2-devel bzip2-devel libcurl-devel \
libjpeg-turbo-devel libpng-devel libXpm-devel  freetype-devel zlib-devel \
libicu-devel aspell-devel expat-devel

cd ~/php*
./configure --with-config-file-path=/etc --disable-opcache --enable-bcmath --enable-calendar --enable-exif --enable-f>

# Excluded
# --with-kerberos --with-imap=/opt/php_with_imap_client/ --with-imap-ssl=/usr

make -j 4
make install




cd
wget http://leo.home.steamr.com/source/suphp-patches.tar.gz
tar -xzf suphp-patches.tar.gz

wget http://leo.home.steamr.com/source/suphp-0.7.2.tar.gz
tar -xzf suphp-0.7.2.tar.gz
cd suphp-0.7.2
for i in `ls ../patch` ; do patch -Np1 -d . < ../patch/$i ; done
autoreconf -if
./configure --prefix=/opt/suphp --with-apxs=/usr/local/apache2/bin/apxs --with-logfile=/usr/local/apache2/logs/suphp_>
make -j 4
make install

# Ensure that libphp is not loaded by apache.

cat <<EOF  >> /etc/httpd/conf/httpd.conf
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php5 .php5 .php
<Directory />
    suPHP_AddHandler application/x-httpd-php5
</Directory>
EOF

mkdir /opt/suphp/etc
chmod 755 /opt/suphp/etc
# Configure suphp. Ensure that the apache user (in webserver_user) matches the user running apache.

cat <<EOF > /opt/suphp/etc/suphp.conf
; This file is parse anew by suPHP for each request
; rather than being loaded once.

[global]
;Path to logfile
logfile=/usr/local/apache2/logs/suphp_log

;Loglevel
loglevel=info

;User Apache is running as
; MANDATORY
webserver_user=nobody

; Path all scripts have to be in
; This works as a prefix when a trailing slash is not specified.
; e.g. /home will match /home /home2 /home3 etc While /home/ will only match /home/
;
; Changing this to a more specific path will improve security
docroot=/

;Path to chroot() to before executing script
;chroot=/home

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

; Check whether script is within DOCUMENT_ROOT
; Does NOT perform this check on included scripts.
; i.e. include_once("/test3.php"); works even though it's in the root directory
;
; Changing this to true will improve security but make all php userdir requests fail
check_vhost_docroot=false

; Allow the user and group specified by a ~userdir request to override the
; suPHP_UserGroup directive inside the source virtualhost
;
; Changing this to false will improve security but make some types of php userdir
; requests fail
userdir_overrides_usergroup=true

; suPHP Paranoid mode checks that the target script UID and GID match
; the UID and GID of the user running the script.  To disable these
; checks change the following values to false.  Without these checks, mod_suphp
; is effectively running in "Force" mode.
paranoid_uid_check=true
paranoid_gid_check=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path="/bin:/usr/bin"

;Umask to set, specify in octal notation
umask=0022

; Minimum UID
;min_uid=100

; Minimum GID
;min_gid=100

; Normally suPHP only displays the PHP binary in process lists (ps aux).
; Setting this option to 'true' will cause suPHP to display both the
; PHP binary and the script filename.
full_php_process_display=true


[handlers]
;Handler for php-scripts
application/x-httpd-php="php:/usr/local/bin/php-cgi"
application/x-httpd-php5="php:/usr/local/bin/php-cgi"

;Handler for CGI-scripts
;x-suphp-cgi="execute:!self"

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php5=/usr/local/lib/

EOF

echo "<?php phpinfo(); " > /usr/local/apache2/htdocs/phpinfo.php
chown nobody:nobody /usr/local/apache2/htdocs/phpinfo.php
chmod 644 /usr/local/apache2/htdocs/phpinfo.php

# Files must be 644
# Dirs must be 711




# Adding hosts for hidden services
# They go on individual ports like so:

Listen 81
<VirtualHost *:81>
    ServerName webhost01.onion
    DocumentRoot /home/bob/public_html
    ServerAdmin support@webhost.onion
    <IfModule mod_suphp.c>
    ¦   suPHP_UserGroup bob bob
    </IfModule>
</VirtualHost>

Recent Changes

Recent Changes under Linux

Recent Changes under Guides

Ad-Free + Tracker-Free

I respect your privacy. This site does not serve ads, use trackers/analytics, or load resources from 3rd party websites.

Cookies may be created by MediaWiki but will contain no user identifiable information.


Back to top