Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to install SuPHP on CentOS 7.2. the editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

PHP on CentOS 7 runs as apache or nobody by default. In this way, due to the large permissions required to run PHP, there may be security risks and may be affected by other users of the server.

SuPHP is an apache module that allows PHP to be under different Linux users than Apache users. This improves the security of hosted sites because you can run PHP scripts for each site under other users. This tutorial introduces SuPHP on CentOS 7.2 installed from source code, because CentOS 7.2 does not have a SuPHP package available.

precondition

You will install CentOS 7.2 or later servers, and I will use this tutorial as the basis for my setup. In the first chapter, I will install the Apache Web server. If you already have apache installed, start with Chapter 2 immediately.

My server will use the hostname server1.example.com and IP address 192.168.1.100. Replace these values with the hostname and IP address of the server in the following tutorials.

For security reasons, it is recommended to install a firewall, or if you do not already have a firewall, you can install it using the following command:

Yum-y install firewalld

Start the firewall and make it start at startup.

Systemctl start firewalld.service

Systemctl enable firewalld.service

Next, open your SSH port to ensure that you can connect to the server through SSH.

Firewall-cmd-permanent-zone=public-add-service=ssh

Firewall-cmd-reload

1. Install Apache 2.4 and PHP 5

Apache and PHP are available in the CentOS base repository, so we can install them using yum.

Install the Apache and Aapache development packages, which contain the files required for future SuPHP compilation.

Yum-y install httpd httpd-devel

PHP installation (I added some commonly used PHP modules):

Yum-y install php php-mysql php-gd php-pear php-xml php-xmlrpc php-mbstring curl

We must enable Apache to start and start the service at boot time.

Systemctl start httpd.service

Systemctl enable httpd.service

We must open the HTTP (80) and HTTPS (443) ports so that the Web server can be accessed from other computers. Execute the following command to configure the firewall.

Firewall-cmd-permanent-zone=public-add-service=http

Firewall-cmd-permanent-zone=public-add-service=https

Firewall-cmd-reload

2. Install SuPHP

In this step, we will compile SuPHP from the source code. Install the development tools to set up the required build chain.

Yum-y groupinstall 'Development Tools'

And wget can download the source file and the nano editor.

Yum-y install wget nano

Download the SuPHP source tar.gz archive and extract it.

Cd / usr/local/src

Wget http://suphp.org/download/suphp-0.7.2.tar.gz

Tar zxvf suphp-0.7.2.tar.gz

CentOS 7 uses Apache 2.4, so we have to patch suphp, and then we can compile it aganst Apache. The patches are applied as follows:

Wget-O suphp.patch https://lists.marsching.com/pipermail/suphp/attachments/20130520/74f3ac02/attachment.patch

Patch-Np1-d suphp-0.7.2 < suphp.patch

Cd suphp-0.7.2

Autoreconf-if

[root @ server1 suphp-0.7.2] # autoreconf-if

Libtoolize: put the auxiliary files in AC_CONFIG_AUX_DIR, `config'.

Libtoolize: copy the file `config / ltmain.sh'

Libtoolize: consider adding `AC_CONFIG_MACRO_DIR ([M4])'to configure.ac and

Libtoolize: rerun libtoolize to keep the correct libtoolmacro in-tree.

Libtoolize: consider adding `- I m4' to the ACLOCAL_AMFLAGS in Makefile.am.

Configure.ac:9:warning:AM_INIT_AUTOMAKE: two-parameter and three-parameter forms are not supported. For more information, see:

Configure.ac:9: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation

Configure.ac:24: install 'config / config.guess'

Configure.ac:24: install 'config / config.sub'

Configure.ac:9: install 'config / install-sh'

Configure.ac:9: install 'config / missing'

Src / Makefile.am: install 'config / depcomp'

[root @ server1 suphp-0.7.2] #

The autoreconf command applies the patch, and now we can configure the new source as follows. Note: the configure command is one line!

/ configure-- prefix=/usr/-- sysconfdir=/etc/-- with-apr=/usr/bin/apr-1-config-- with-apache-user=apache-- with-setid-mode=owner-- with-logfile=/var/log/httpd/suphp_log

Then compile and install SuPHP.

Make

Make install

Then add the suPHP module to the Apache configuration by adding a new suphp.conf file.

Nano / etc/httpd/conf.d/suphp.conf

Has the following content.

LoadModule suphp_module modules/mod_suphp.so

... And create the file / etc/suphp.conf as follows:

Nano / etc/suphp.conf

[global]

; Path to logfile

Logfile=/var/log/httpd/suphp.log

; Loglevel

Loglevel=info

; User Apache is running as

Webserver_user=apache

; Path all scripts have to be in

Docroot=/

; Path to chroot () to before executing script

; chroot=/mychroot

; Security options

Allow_file_group_writeable=true

Allow_file_others_writeable=false

Allow_directory_group_writeable=true

Allow_directory_others_writeable=false

; Check wheter script is within DOCUMENT_ROOT

Check_vhost_docroot=true

; Send minor error messages to browser

Errors_to_browser=false

; PATH environment variable

Env_path=/bin:/usr/bin

; Umask to set, specify in octal notation

Umask=0077

; Minimum UID

Min_uid=100

; Minimum GID

Min_gid=100

[handlers]

; Handler for php-scripts

XMui httpdMutual suphp = "php:/usr/bin/php-cgi"

; Handler for CGI-scripts

XMuiSuphpMuthcgil = "executeParticipation self"

Finally, we restart Apache:

Systemctl restart httpd.service

3. Use SuPHP to configure Apache Vhost

In this chapter, I'll show you how to add a virtual host to an apache running PHP under a separate user. I will use the domain name www.example.com as the website, PHP will run as the user and group "web1", and the document root of the website is / var/www/example.com

First, add a new user and group "web1".

Useradd web1

Add the site root directory.

Mkdir / var/www/example.com

Chown web1:web1 / var/www/example.com

Now add the virtual host configuration file in the apache conf.d directory.

Nano / etc/httpd/conf.d/example.com.conf

To this end:

DocumentRoot / var/www/example.com ServerName example.com ServerAdmin webmaster@example.com SetHandler None suPHP_Engine on SetHandler x-httpd-suphp suPHP_AddHandler x-httpd-suphp

Replace the domain name with your own domain in the ServerName and ServerAdmin lines.

Then restart apache to apply the configuration changes.

Systemctl restart httpd.service

4. Test SuPHP settings

In this chapter, I'll show you several ways to test PHP on this site. First, I'll create a file that uses the phpinfo () function to show whether PHP is working properly and whether it is now running in CGI mode.

Create an info.php file with nano:

Nano / var/www/example.com/info.php

And add the following line to the new file:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.