maugustyniak

The goal is to install syscp and run share hosting on fcgid and suexec.

This article will be recently updated

1. Emerge syscp from my overlay http://www.maugustyniak.com/2010/07/02/my-gentoo-overlay-misiek303/ . The ebuild for the last 1.4.2.2 version

Add the package to package.keywords

echo 'www-apps/syscp' >> /etc/portage/package.keywords

Add below flags to /etc/portage/package/use

mail-mta/postfix sasl
dev-lang/php bcmath ctype filter simplexml tokenizer xsl
dev-util/subversion apache2 bash-completion berkdb nls perl python  vim-syntax webdav-serf
net-ftp/proftpd ipv6

www-apps/syscp ssl aps autoresponder billing bind domainkey dovecot fcgid -lighttpd log mailquota tickets
www-servers/apache suexec
net-mail/dovecot pop3d
mail-mta/postfix vda
dev-lang/php cgi force-cgi-redirect spl
mail-mta/postfix dovecot-sasl

Sync and emerging ...

emerge --sync
emerge syscp

2. Install syscp

don't run installation from the browser, use emerge --config =www-apps/syscp-1.4.2.2

emerge --config =www-apps/syscp-1.4.2.2

3. Configure apache and php/cgi

Add php5cgi module, lets say to /etc/apache2/modules/70-php5_cgi.conf

<IfDefine PHP5CGI>

ScriptAlias /php5-cgi /usr/bin/php-cgi
Action php5-cgi /php5-cgi
AddHandler php5-cgi .php .phtml
DirectoryIndex index.php index.html index.htm

<Directory "/var/customers">
Options MultiViews +ExecCGI FollowSymLinks Indexes
AllowOverride AuthConfig Indexes Options FileInfo Limit
AllowOverride All
Order allow,deny
Allow from all
</Directory>

</IfDefine>

4. Next install required packages, apache modules etc..

emerge mod_log_sql

emerge mod_auth_mysql

5. edit /etc/conf.d/apache2

APACHE2_OPTS="-D FCGID -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PROXY -D SSL -D LOG_SQL -D SUEXEC -D PHP5CGI"

-D PHP5 must be removed

6. Run commands

touch /etc/apache2/vhosts.d/99_syscp-vhosts.conf
chown root:0 /etc/apache2/vhosts.d/99_syscp-vhosts.conf
chmod 0600 /etc/apache2/vhosts.d/99_syscp-vhosts.conf
touch /etc/apache2/diroptions.conf
chown root:0 /etc/apache2/diroptions.conf
chmod 0600 /etc/apache2/diroptions.conf
mkdir -p /var/customers/webs/
mkdir -p /var/customers/logs/
mkdir -p /var/customers/tmp
chmod 1777 /var/customers/tmp

Add apache to start up

rc-update add apache2 default

7. Edit /etc/apache2/vhosts.d/99_syscp-vhosts.conf. Pay attention on configuration I have included here php5_module only for syscp.

<IfDefine SSL>
<IfModule mod_ssl.c>
<VirtualHost 192.168.254.65:443>
# Load the module first
<IfModule !mod_php5.c>
LoadModule php5_module    modules/libphp5.so
</IfModule>

# Set it to handle the files
<FilesMatch "\.ph(p5?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>

<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>

DocumentRoot "/var/www/syscp"
ServerName testing
ErrorLog /var/log/apache2/syscp_ssl_error_log
<IfModule mod_log_config.c>
TransferLog /var/log/apache2/syscp_ssl_access_log
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/server/testing.crt
SSLCertificateKeyFile /etc/ssl/server/testing.key
<Files ~ "\.(cgi|shtml|phtml|php?)$">
SSLOptions +StdEnvVars
</Files>
<IfModule mod_setenvif.c>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule mod_log_config.c>
CustomLog /var/log/apache2/syscp_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>

SuexecUserGroup "syscp" "syscp"

<Directory "/var/www/syscp">
AddHandler fcgid-script .php
FCGIWrapper /var/www/syscp/php-fcgi-script/php-fcgi-starter .php
Options +ExecCGI
Options MultiViews +ExecCGI FollowSymLinks Indexes
AllowOverride AuthConfig Indexes Options FileInfo Limit
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</IfModule>
</IfDefine>

# Redirect to the SSL-enabled Gentoo-SysCP vhost
<VirtualHost 192.168.254.65:80>
RedirectPermanent / https://testing/index.php
</VirtualHost>

8. check permissions for php-cgi and suexec

-rwxrwx--x 1 root root 4559764 Jun 28 15:43 /usr/lib/php5/bin/php-cgi

I am not sure but "others" must have executable permissions, otherwise does not work

-rwsr-xr-x 1 root root 13484 Jun 25 12:56 /usr/sbin/suexec

9.  Go to syscp and enaable FCGIWrapper. Also don't forget to run the cron job which actually reconfigure your configs

php /var/www/syscp/scripts/cron_tasks.php

References

• http://wiki.apisnetworks.com/index.php/Suexec
• http://blog.stuartherbert.com/php/?s=fcgid
• http://blog.stuartherbert.com/php/2007/12/18/using-suexec-to-secure-a-shared-server/
• http://wiki.osuosl.org/display/howto/apache2+suexec+fastcgi+php
• http://wiki.syscp.org/faq