Hello,

I am currently evaluating CloudLinux as a replacement of our Ubuntu shared hosting platform. So far everything is running smoothly, except one thing :

I am using ISPConfig 3 with Apache2 + fcgid and i want to use cagefs. Everything is ok if i dont use SuExec, but if i do, i am getting internal server error :

> [2012-10-31 09:35:02]: command not in docroot (//.php-fcgi-starter)
>
> [2012-10-31 09:40:02]: uid: (5004/web1) gid: (5005/client1) cmd: .php-fcgi-starter
>
> [2012-10-31 09:40:02]: command not in docroot (//.php-fcgi-starter)

Here are some config snippets :

mod_fcgid :

> # This is the Apache server configuration file for providing FastCGI support
>
> # through mod_fcgid
>
> #
>
> # Documentation is available at
>
> # http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
>
> LoadModule fcgid_module modules/mod_fcgid.so
>
> # Use FastCGI to process .fcg .fcgi & .fpl scripts
>
> AddHandler fcgid-script fcg fcgi fpl
>
> # Sane place to put sockets and shared memory file
>
> FcgidIPCDir /var/run/mod_fcgid
>
> FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm
>
> PHP_Fix_Pathinfo_Enable 1
>
> DirectoryIndex index.php

Virtual Host in question :

> AllowOverride None
>
> Order Deny,Allow
>
> Deny from all
>
> DocumentRoot /var/www/bgserivce1.net/web
>
> ServerName bgserivce1.net
>
> ServerAlias www.bgserivce1.net
>
> ServerAdmin webmaster@bgserivce1.net
>
> ErrorLog /var/log/ispconfig/httpd/bgserivce1.net/error.log
>
> Alias /error/ "/var/www/bgserivce1.net/web/error/"
>
> ErrorDocument 400 /error/400.html
>
> ErrorDocument 401 /error/401.html
>
> ErrorDocument 403 /error/403.html
>
> ErrorDocument 404 /error/404.html
>
> ErrorDocument 405 /error/405.html
>
> ErrorDocument 500 /error/500.html
>
> ErrorDocument 502 /error/502.html
>
> ErrorDocument 503 /error/503.html
>
> Options FollowSymLinks
>
> AllowOverride All
>
> Order allow,deny
>
> Allow from all
>
> Options FollowSymLinks
>
> AllowOverride All
>
> Order allow,deny
>
> Allow from all
>
> # suexec enabled
>
> SuexecUserGroup web1 client1
>
> # Clear PHP settings of this website
>
> SetHandler None
>
> # php as fast-cgi enabled
>
> # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
>
> FcgidIdleTimeout 300
>
> FcgidProcessLifeTime 3600
>
> # FcgidMaxProcesses 1000
>
> FcgidMinProcessesPerClass 0
>
> FcgidMaxProcessesPerClass 100
>
> FcgidConnectTimeout 3
>
> FcgidIOTimeout 360
>
> FcgidBusyTimeout 300
>
> FcgidMaxRequestLen 1073741824
>
> AddHandler fcgid-script .php .php3 .php4 .php5
>
> FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
>
> Options +ExecCGI
>
> AllowOverride All
>
> Order allow,deny
>
> Allow from all
>
> AddHandler fcgid-script .php .php3 .php4 .php5
>
> FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
>
> Options +ExecCGI
>
> AllowOverride All
>
> Order allow,deny
>
> Allow from all
>
> # add support for apache mpm_itk
>
> AssignUserId web1 client1
>
> # Do not execute PHP files in webdav directory
>
> SetHandler None
>
> DavLockDB /var/www/clients/client1/web1/tmp/DavLock
>
> # DO NOT REMOVE THE COMMENTS!
>
> # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
>
> # WEBDAV BEGIN
>
> # WEBDAV END

The contents of /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php :

> #!/bin/sh
>
> PHPRC="/etc/"
>
> export PHPRC
>
> PHP_DOCUMENT_ROOT="/var/www/clients/client1/web1"
>
> export PHP_DOCUMENT_ROOT
>
> # The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
>
> # mod_fcgi will control the number of childs themself and never use the additional processes.
>
> # PHP_FCGI_CHILDREN=8
>
> # export PHP_FCGI_CHILDREN
>
> PHP_FCGI_MAX_REQUESTS=5000
>
> export PHP_FCGI_MAX_REQUESTS
>
> exec /usr/bin/php-cgi
>
> -d open_basedir="/var/www/clients/client1/web1/web:/var/www/clients/client1/web1/tmp:/var/www/bgserivce1.net/web:/srv/www/bgserivce1.net/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/share/php"
>
> -d upload_tmp_dir=/var/www/clients/client1/web1/tmp
>
> -d session.save_path=/var/www/clients/client1/web1/tmp

If i remove the "SuExec" directive it all works fine, but everything is done with the apache:apache user:group. If i turn off cagefs, it all works fine with and without suexec.

From the documentation also didnt became clear if i need to cagefsctl --addrpm httpd or not, but if i do it also copies all the websites.

Any help or advice ?

Regards

Ok i managed to figure it out.
I had to add /var/www/php-fcgi-scripts/ into cagefs.mp . Then i had to modify the website symlink creation function in ispconfig to create a symlink to the website in /usr/share/cagefs/var/www/[website_domain] as it is where the httpd is configured to look for them. It all works now, without the need to cagefsctl --add-rpm httpd.