I recently set up a web server using the virtualmin script. I had some problems discussed here.
Now that the installation is almost finished, I noticed two weird problems with the server’s PHP. It is supposedly set up to work in Fcgid mode.
When I create a new virtual host, PHP is not working. The browser returns “File not found” and the error log says. [proxy_fcgi:error] [pid 3243:tid 3273] [remote xx.xx.xx.xx:62293] AH01071: Got error 'Primary script unknown'
I works only if a restart php8.3-fpm service.
Even then, it seems to have weird permissions issues. Like the scripts are executed with owner the Apache service and not the virtual server owner. I really don’t know any way to test that properly but it can’t write in 755 directories so it’s definitely not normal.
More info about the setup:
System came with PHP 8.2 installed. I added PHP 8.3 from sury php repository. I have an older Ubuntu server with exactly the same settings and it works as intended.
auth_digest (enabled by unknown)
deflate (enabled by maintainer script)
alias (enabled by maintainer script)
access_compat (enabled by maintainer script)
fcgid (enabled by maintainer script)
suexec (enabled by unknown)
proxy_balancer (enabled by unknown)
actions (enabled by unknown)
http2 (enabled by unknown)
socache_shmcb (enabled by site administrator)
proxy_connect (enabled by unknown)
mpm_event (enabled by maintainer script)
rewrite (enabled by unknown)
auth_basic (enabled by maintainer script)
cgi (enabled by unknown)
proxy_http (enabled by unknown)
dir (enabled by maintainer script)
negotiation (enabled by maintainer script)
lbmethod_byrequests (enabled by unknown)
reqtimeout (enabled by maintainer script)
mime (enabled by maintainer script)
filter (enabled by maintainer script)
setenvif (enabled by maintainer script)
status (enabled by maintainer script)
proxy (enabled by unknown)
proxy_fcgi (enabled by unknown)
authz_host (enabled by maintainer script)
autoindex (enabled by maintainer script)
include (enabled by unknown)
slotmem_shm (enabled by unknown)
authz_user (enabled by maintainer script)
env (enabled by maintainer script)
authn_file (enabled by maintainer script)
ssl (enabled by site administrator)
authn_core (enabled by maintainer script)
authz_core (enabled by maintainer script)
Template for new site configuration:
ServerName ${DOM}
ServerAlias www.${DOM}
ServerAdmin ${EMAIL}
DocumentRoot ${HOME}/htdocs
ScriptLog ${HOME}/logs/error_log
ErrorLog ${HOME}/logs/error_log
CustomLog ${HOME}/logs/access_log common
ScriptAlias /cgi-bin/ ${HOME}/cgi-bin/
DirectoryIndex index.php index.html index.htm index.php4 index.php5 default.htm
<Directory ${HOME}/htdocs>
Options -Indexes +IncludesNOEXEC +SymLinksifOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory ${HOME}/cgi-bin>
AllowOverride None Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Options None
Order allow,deny
Allow from all
</Directory>
I use Debian 12 as my preferred distro and current version without any issues. If you’d like we can setup a support session (for a reasonable fee) and I can help you address the issue directly.
All sessions are completed over a “screen sharing session” so you can learn, watch how things are done and ask ultimately remain in control.
Most sessions for simple stuff are addressed within an hour as long as the connection is stable.
That means either mod_php has been installed (you should never install mod_php), or the “default” PHP-FPM service is running the application. In Virtualmin every domain gets their own PHP-FPM instance, which runs as the domain owner user.
I notice you are using FCGI execution mode. You almost certainly shouldn’t do that. PHP-FPM is the recommended execution mode, and is the one you should use in almost all circumstances.
So, switch to that first.
You’ve only shown us Server Template pages and nothing about the actual domain that is having problems, so I’m guessing you’re using what you showed in the Server Templates, but it may be different in the domain (Server Templates apply during creation, but changes can be made to the domains at any time).
Thank you for your answer!
So, you are saying that selecting “FPM” in Server Templates activates some non-standard version of PHP-FPM that runs separately for every virtual host? I prefer Fcgid because (other than it’s simple) it gives absolute separation between vhosts. I’ ll do some testing about that.
Meanwhile, here’s a configuration with the settings mentioned in the opening post:
The server is not yet put in production so I create and delete virtual hosts all the time, trying to minimize manual config editing in the future. So the above config should be pretty the same as the template.
There is nothing more “standard” than PHP-FPM for executing PHP code today, and the way Virtualmin configures it is the recommended way to configure PHP-FPM in a shared hosting environment (with every user getting their own instance that runs as their user, so they cannot interact with other users data).
Changing this option in a Server Template does not change any of your existing domains. Server Templates are for building Virtual Servers (mostly, though there are a few sneaky options that apply universally). But, new Virtual Servers should get the new configuration.
There is pretty much no reason to use fcgid today. PHP-FPM is the execution mode and application server recommended by and maintained by core PHP developers.
It might be good for you to accept the @tpnsolutions proposal. There are several things you describe which doesn’t seem right.
It works only if I restart php8.3-fpm service
Which seems normal. FPM being the Default
It seems to have weird permissions issues. Like the scripts are executed with owner the Apache service and not the virtual server owner.
It’s Apache which runs the server. So It’s completely normal. (You shall also check if everything is fine there: Webmin > Servers > Apache Webserver > Global configuration > Configure Apache Module )
but it can’t write in 755 directories so it’s definitely not normal.
From where can’t you write ? If it’s from the application, hopefully you can’t. If you could everyone could.
so I create and delete virtual hosts all the time
Please could you say what are you trying to test here ?
PHP is not run by Apache in any modern system. mod_php is deprecated and strongly discouraged by everyone.
PHP-FPM is not part of Apache. Apache merely proxies requests to PHP-FPM, which runs as the domain owner user (or should). Files should be owned by the domain owner user, if they show up owned by Apache, it means something is wrong.
