Apache listing php file, not executing it

SYSTEM INFORMATION
OS type and version Ubuntu 22.04
Virtualmin version 7.8.4

I’m feeling dopey again. I have transferred several Virtualmin sites from my old server to a new VPS, and almost everything is working fine.

I’m down to my last site, using the same process as for the other sites. When I point my browser to this last site, I see the PHP code, instead of having Apache run the php file.

What’s different from the other sites:

  • The previous ones have all been Wordpress. This is a simple PHP page (Piwik/Matomo).
  • The file that fails is named index.php, and it’s in the proper directory, with owner/group of www-data
  • I have added AddType application/x-httpd-php .php to the site’s directory config file

What else can I check? Many thanks.

could it be in index.php the short tag (or even no tag) <? instead of <?php is being used?
or that you have a .htaccess overriding the <Directory

Interesting thought: There is no .htaccess file in /home/piwik, and I attach the index.php and the apache config file. What other information could I provide? Thanks.

PS I’ll note that a half-dozen Wordpress sites all work fine on this server, so php is installed, etc…

index.php

<?php
/**
 * Matomo - free/libre analytics platform
 *
 * @link https://matomo.org
 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 */

if (!defined('PIWIK_DOCUMENT_ROOT')) {
    define('PIWIK_DOCUMENT_ROOT', dirname(__FILE__) == '/' ? '' : dirname(__FILE__));
}
if (file_exists(PIWIK_DOCUMENT_ROOT . '/bootstrap.php')) {
    require_once PIWIK_DOCUMENT_ROOT . '/bootstrap.php';
}
if (!defined('PIWIK_INCLUDE_PATH')) {
    define('PIWIK_INCLUDE_PATH', PIWIK_DOCUMENT_ROOT);
}

require_once PIWIK_INCLUDE_PATH . '/core/bootstrap.php';

if (!defined('PIWIK_PRINT_ERROR_BACKTRACE')) {
    define('PIWIK_PRINT_ERROR_BACKTRACE', false);
}

require_once PIWIK_INCLUDE_PATH . '/core/dispatch.php';

Apache config file

and the config file with my domain changed to mydomain.org:

ServerName piwik.mydomain.org
ServerAlias www.piwik.mydomain.org
ServerAlias webmail.piwik.mydomain.org
ServerAlias admin.piwik.mydomain.org
DocumentRoot /home/piwik/public_html
ErrorLog /var/log/virtualmin/piwik.mydomain.org_error_log
CustomLog /var/log/virtualmin/piwik.mydomain.org_access_log combined
ScriptAlias /cgi-bin/ /home/piwik/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/piwik/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php8.2 .php8.2
    AddType application/x-httpd-php .php
</Directory>
<Directory /home/piwik/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
</Directory>
ProxyPass /.well-known !
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.piwik.mydomain.org
RewriteRule ^(?!/.well-known)(.*) https://piwik.mydomain.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.piwik.mydomain.org
RewriteRule ^(?!/.well-known)(.*) https://piwik.mydomain.org:7462/ [R]
RewriteCond %{HTTPS} off
RewriteRule ^/(?!.well-known)(.*)$ https://%{HTTP_HOST}/$1 [R]

you don’t have any index.html or index.htm files in there perchance. (in the same dir as index.php)

I’m afraid my php is very rusty (pre year dot) and my apache long forgotten (so I’m not much help beyond basics already suggested - there are others on here who may be able to make a better suggestion. good luck.

Much like @Stegan what little PHP I knew from working with it is decades old. But, what does you php options page show?

and perhaps stick a test index.php file up
<?php phpinfo(); ?> then check the logs. At least that should tell you if it is something in the original index.phpor server/apache related.

I am guessing there is an error in the php config most likely you don’t have the version of php installed that apache is expecting check out the problem domain’s apache config file and make sure it matches your php config for that domain. You may find just switching php execution mode will fix it, then if required switch it back to the correct mode

That means PHP handler isn’t set in web-server config, so it treats it as a normal text file.

The work-around should be is going to Server Configuration ⇾ PHP Options page and first disabling and then re-enabling PHP execution mode.

The most common cause of this problem is installing mod_php, which can lead to breakage of all other execution modes.

You should never install mod_php.

Thanks for the many responses. I’m not clear what to do here… Some observations:

  • Several Wordpress sites work properly on this VPS. This leads me to believe PHP must be installed correctly.
  • Some Wordpress sites show this in Server Configuration → PHP Options
    image
  • Other Wordpress sites show this:
  • Creating an info.php as suggested <?php phpinfo(); ?> resulted in the file being displayed as the PHP code. I see an entry in the access_log (status 200) and no entry in error_log
  • Here’s the current Servers → Apache Webserver → Global Configuration → Apache Modules

What other information could I provide? Many thanks.

You installed mod_php (php8.1 is listed as a module in Apache…that’s mod_php), as I guessed above. You shouldn’t have done that, and you should uninstall it.

Is it as simple as un-checking the mod_php box and saving (and restarting Apache)?

Or is it something from the command line? (I’m comfortable with it - tell me the command.) Thanks.

No, the problem is with a config file that ships with mod_php. Merely disabling it does not fix it.

You need to uninstall the package. I don’t know the exact command as I don’t know the exact package name. It is probably libapache-mod-php8.1 or libapache-mod-php81, but you probably installed a package that depended on it, which is likely named php8.1-php. You’ll want to remove that one, too.

And, because it is the config file that’s the primary problem, you probably want to use dpkg --purge instead of merely dpkg -r to uninstall the package.

OK. Here’s what I learned about removing mod_php from StackOverflow/Ubuntu They recommend the command dpkg -l | grep php| awk '{print $2}' |tr "\n" " " to liist packages that have to do with PHP. There are a zillion - libapache2-mod-php8.1 is one of them.

I removed that one with this command: sudo apt-get purge libapache2-mod-php8.1

I then checked Servers → Apache Webserver → Global Configuration → Apache Modules and sure enough php8.1 is GONE (not simply disabled). I then restarted apache.

BUT… Those two sites (including the one listed at the top of the page) still display the PHP code, not execute it.

What other information could I provide? Thanks again.

System Settings->Re-check Configuration

Also check for any php files in /etc/apache2. There’s a conf.d dir or similar. You’ll want to find the mod_php garbage (SetHandlers, and the like) and comment it out. I don’t know the exact path on Ubuntu, but it’s somewhere in the Apache config directory.

Note you may also have to switch execution mode to something other than FPM and then back again. Virtualmin tries to address mod_php being enabled when it sees it, which leads to some extra mod_php config directives in the Apache config (which are syntax errors when you don’t have mod_php), but because updates overwrite some configs and re-enable handlers and such, Virtualmin gets out of sync with the actual Apache configuration. (The way to avoid this is to not install mod_php in the first place.)

dumb question here - how can you run a WordPress site with PHP disabled?

mod_php always applies, which is why it’s bad to have it installed. When you install the package that provides mod_php on most Linux distributions, it drops a config file into the Apache config dir that enables the module and sets up handlers to send PHP requests to mod_php.

That’s why it is so destructive to install mod_php and no one should ever do it. It breaks all the security features Virtualmin sets up, it runs PHP in the slowest, least secure, and most memory-wasting way (and you pay a big memory price even if you don’t use PHP!).

Which is why I continue to beg people to stop following random guides on the internet about PHP, because it almost always results in installing mod_php, because most random people on the internet have no idea what they’re talking about.

@Joe Hi! Thanks for following up on my query. I’m just about to post a follow-up, but I wanted to address your concern about mod_php.

Here’s what I know about my brand-new shiny VPS:

  • I created a new VPS using Ubuntu 22.04 from https://hetzner.com. I don’t know whether that comes with mod_php installed by default or not.
  • I immediately installed Virtualmin Pro (because I know that this is strongly recommended.)
  • I tried the virtualmin backup ... on old-host.com and virtualmin restore... on new-host.com, but had a lot of problems with the sites not working. (See the original post in this thread.)
  • I have subsequently installed Wordpress multiple times using Virtualmin’s built-in script and they work fine.
  • But at no point did I explicitly install mod_php.

My next message will detail the state of play. Thanks again for your curiosity.

The image of Apache modules you posted here Apache listing php file, not executing it - #10 by richb-hanover

Shows mod_php installed.

If you backed up domains on a system configured for mod_php, it would include mod_php directives in the VirtualHosts, and possibly in other places. mod_php is poison.

We’ll need to see the VirtualHost configuration and relevant error_log entries for the problem domains if the problem persists after you’ve done what I recommended above (uninstall mod_php, purge the config files for mod_php, Re-check Virtualmin Configuration, and switch execution modes away from PHP-FPM and back).