Apache options wrong on new sites or switching php mode

Operating system: Ubuntu
OS version: 14.04

This is part of my preparation to update this server to newer Ubuntu.

I have fastcgi installed along side mod_php since all my sites are currently still in mod_php. The existing sites are working well using mod_php and no changes to their configurations. But the goal is to switch them to fastcgi using the UI for Website Options. Those options currently show:

Apache mod_php (run as Apache’s user)
CGI wrapper (run as virtual server owner)

Here is an unchanged apache config for a new subdomain I created, set to CGI wrapper. It generates a 500 Internal Server Error, and the apache error log says:

[cgi:error] [pid 17630] [client 70.191.91.6:63835] End of script output before headers: php5.cgi
(I know this is likely some sort of permission error)

Here’s the apache config (domains obscured):
ServerName testfcgi.###conference.org
ServerAlias www.testfcgi.###conference.org
ServerAlias webmail.testfcgi.###conference.org
ServerAlias admin.testfcgi.###conference.org
ServerAlias testfcgi.archives.###conference.org
ServerAlias www.testfcgi.archives.###conference.org
ServerAlias testfcgi.svn.###.org
ServerAlias www.testfcgi.svn.###.org
DocumentRoot /home/scientific-conference/domains/testfcgi.###conference.org/public_html
ErrorLog /var/log/virtualmin/testfcgi.###conference.org_error_log
CustomLog /var/log/virtualmin/testfcgi.###conference.org_access_log combined
ScriptAlias /cgi-bin/ /home/scientific-conference/domains/testfcgi.###conference.org/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/scientific-conference/domains/testfcgi.###conference.org/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksifOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddType application/x-httpd-php5 .php5
AddType application/x-httpd-php5 .php
Action application/x-httpd-php5 /cgi-bin/php5.cgi

<Directory /home/scientific-conference/domains/testfcgi.###conference.org/cgi-bin>
allow from all
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.testfcgi.###conference.org
RewriteRule ^(.) http://testfcgi.###conference.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.testfcgi.###conference.org
RewriteRule ^(.
) https://testfcgi.###conference.org:10000/ [R]
<Location /svn>
DAV svn
SVNParentPath /home/scientific-conference/domains/testfcgi.###conference.org/svn
AuthType Basic
AuthName testfcgi.###conference.org
AuthUserFile /home/scientific-conference/domains/testfcgi.###conference.org/etc/svn.basic.passwd
Require valid-user
AuthzSVNAccessFile /home/scientific-conference/domains/testfcgi.###conference.org/etc/svn-access.conf
Satisfy Any
RewriteEngine off
ErrorDocument 404 default

RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
SuexecUserGroup “#1006” “#1003

Switching to mod_php also fails, but differently. After about 5 seconds the browser times out without showing any errors or feedback of any kind. There are no entries in the apache error log. Here’s the configuration file for that setting:

ServerName testfcgi.###conference.org
ServerAlias www.testfcgi.###conference.org
ServerAlias webmail.testfcgi.###conference.org
ServerAlias admin.testfcgi.###conference.org
ServerAlias testfcgi.archives.###conference.org
ServerAlias www.testfcgi.archives.###conference.org
ServerAlias testfcgi.svn.###.org
ServerAlias www.testfcgi.svn.###.org
DocumentRoot /home/scientific-conference/domains/testfcgi.###conference.org/public_html
ErrorLog /var/log/virtualmin/testfcgi.###conference.org_error_log
CustomLog /var/log/virtualmin/testfcgi.###conference.org_access_log combined
ScriptAlias /cgi-bin/ /home/scientific-conference/domains/testfcgi.###conference.org/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/scientific-conference/domains/testfcgi.###conference.org/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksifOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddType application/x-httpd-php5.5 .php5.5

<Directory /home/scientific-conference/domains/testfcgi.###conference.org/cgi-bin>
allow from all
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.testfcgi.###conference.org
RewriteRule ^(.) http://testfcgi.###conference.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.testfcgi.###conference.org
RewriteRule ^(.
) https://testfcgi.###conference.org:10000/ [R]
<Location /svn>
DAV svn
SVNParentPath /home/scientific-conference/domains/testfcgi.###conference.org/svn
AuthType Basic
AuthName testfcgi.###conference.org
AuthUserFile /home/scientific-conference/domains/testfcgi.###conference.org/etc/svn.basic.passwd
Require valid-user
AuthzSVNAccessFile /home/scientific-conference/domains/testfcgi.###conference.org/etc/svn-access.conf
Satisfy Any
RewriteEngine off
ErrorDocument 404 default

So, what’s causing the issue, and how do I configure Virtualmin to do it correctly automatically? There must be a template somewhere…

Thanks.

Re-run the config check for virtualmin.
If you think it’S a permission issue, then check them before doing something else because that’s the easiest and fastest thing to do.

Did you set the domain/server fo fastcgi via virtualmin directly? And is that config generated by virtualmin or from you?

Thanks. The only thing I did was install the fastcgi binaries, restart webmin (for good measure) and then create a test subdomain. The configs pasted above were automatically created.

I just reran check config, here’s the results:

The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active …

Your system has 3.49 GiB of memory, which is at or above the Virtualmin recommended minimum of 256 MiB.

Apache is installed.

The following PHP versions are available : 5.5.9 (/usr/bin/php5), 5.5 (mod_php)

PHP-FPM support was not detected : Apache module mod_fcgid is missing or not enabled

Webalizer is installed.

Apache is configured to host SSL websites.

MySQL is installed and running.

Logrotate is installed.

Plugin Subversion repositories is installed OK.

Using network interface eth0 for virtual IPs.

IPv6 addresses are available, using interface eth0.

Default IPv4 address for virtual servers is xxx.xxx.xxx.218.

Default IPv6 address for virtual servers is fe80::2000:aff:fe09:d3da.

Default IP address is set to xxx.xxx.xxx.218, but the detected external address is actually xxx.xxx.xx.96. This is typically the result of being behind a NAT firewall, and should be corrected on the module configuration page.

Quotas are not enabled on the filesystem / which contains home directories under /home and email files under /home. Quota editing has been disabled.

Shell /bin/false for FTP users is not included in /etc/shells, which may prevent FTP access.

All commands needed to create and restore backups are installed.

The selected package management and update systems are installed OK.

Chroot jails are not available : The Jailkit command jk_init was not found on your system - maybe the jailkit package is not installed?

… your system is ready for use by Virtualmin.

What permissions specifically should I check? What files/folders, and permission level, what ownership?

The folders/files in the account space are currently owned by the domain user, public_html is 0750, and a test index.php I put in there is 0644.

If that paste is correct, then the issue is that the php fcgid exec mode isn’t recognized.
Meaning that should be the issue.

Edit:
File and folders should be the domain user. Folders should be at least 0750 if I recall it correctly.

OK that helps. I was confused about FPM vs CGI vs fastcgi. I have been using the wrong terminology, sorry for the confusion. I was told in another recent thread that FPM doesn’t support multiple php versions, so apparently fastcgi is not what I want. Apparently what I DO want is plain old CGI Wrapper, and that’s the option that presents itself in the Web Options page and was selected for my test site.

Do I need to install other software to correctly support CGI Wrapper?

You need to install the matching php-cgi version.

That fixes CGI Wrapper mode, thanks.

I was also able to narrow down the issue with the mod_php version. I found that if I removed the line:

AddType application/x-httpd-php .php

From the public_html Directory tag, it worked fine.

AddType application/x-httpd-php5.5 .php5.5

remains.

Why is this, what I can do to make the existing line functional. Or, how can I alter Virtualmin’s behavior so that it isn’t added when I switch to mod_php mode?

I think I need to ask “what does Virtualmin actually do when you switch php modes?”.

I had imagined that there’s a template of settings that need to be included/removed from the conf file, but it seems that’s not the case. I have a very old site (2010) that has minimal directives in it, and when I switch to CGI wrapper mode, I get an error about not having permissions to access /cgi-bin/. I checked the Directory settings of the old site, vs the new test site, and noted that the new site had:

allow from all
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

while the old one, after switching to CGI Wrapper, only had:

allow from all

So I added the other lines and now it works.

So apparently old sites don’t get settings that new sites DO get?

Because those options are related to cgi and not mod_php. I am not 100% certain about it, but if I recall it correctly than thats the reason why it doesn’t get added by default.

Regarding that, that line is needed for the mod_php mode. The number after the php indicates the used version of it. mod_php works a bit different than newer php versions in terms of names in configuration files.

Yes, that’s my question specifically. I would think that switching to cgi would add the lines that cgi needs. But it doesn’t.

I’ve made much progress on this and am working through the issues. One I do not know the answer for:

Since this a to be a multi-php server for legacy sites, I need to keep php5.5. How do I do that? It seems to be removed after upgrade.
(I say “seems” because in my early tests it was still there, but I had a mysql upgrade failure, and once I fixed that it proceeded to remove php5. So I am guessing that once I get a clean upgrade it will remove php5 as part of the complete upgrade)

Thanks

It is possible that some processes require certain versions of the dependencies.
Meaning it is possible that a program wants php5 to be removed. If you provide more information about what precisely we are talking, then I might be able to provide more information.

I’ve researched this pretty thoroughly since posting that question. It seems “you only get one” php. Like any other library, when you upgrade Ubuntu and there’s a newer version of what you’ve got, you get the new one and the old one goes away.

This is NOT the case when you use a PPA though. So that’s what I’ve had to do. After the upgrade is done and the php5 that came with Ubuntu 14.04 is removed, I install it again from a PPA.

So it’s not as easy an upgrade as I’d hoped for, but it works.