Install CutyCapt – CentOS 7.2
CutyCapt is a CLI utility to capture Webkit renderings of a webpage and the resulting…
Mod Security isn’t ready for NGINX yet, even though the ModSec website says a stable version for NGINX is available it still lacks important features. Because of this I’ve had to stick to Apache, but why not then make use if PHP-FPM. PHP-FPM, if configured accordingly, allows you to setup account specific limits.
To get this done start by install the epel-release repo:
1 | yum install epel-release |
Install Apache 2.4 and for good measure, install the devel package as well.
1 | yum install httpd httpd-devel |
Next up install php-fpm. Note: Previously you needed to install mod_fastcgi but since Apache 2.4 we use mod_proxy_fcgi
1 2 3 4 5 6 | Starting from release 5.3.3 in early 2010, PHP has merged the php-fpm fastCGI process manager into its codebase, and it is now (as of 5.4.1) quite stable. php-fpm was previously found at http://php-fpm.org/ This means that we can now run secure, fast, and dependable PHP code using only the stock apache httpd and php.net releases; no more messing around with suphp or suexec - or, indeed, mod_php. Source: https://wiki.apache.org/httpd/PHP-FPM |
Install:
1 | yum install php-fpm |
Enable Apache and PHP-FPM to start at startup
1 2 | chkconfig httpd on chkconfig php-fpm on |
Start both services:
1 2 | service httpd start service php-fpm start |
As of now, you’ve installed both Apache 2.4 and PHP-FPM but Apache doesn’t know how to call PHP-FPM, let’s do that below:
Create two folders inside /etc/httpd/
1 2 | /etc/httpd/sites-available /etc/httpd/sites-enabled |
Create a file inside /etc/httpd/sites-available named test.com.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | # File: /etc/httpd/sites-available/test.com.conf <VirtualHost *:80> ServerName test.com ServerAlias www.test.com DocumentRoot /var/www/vhosts/test.com/httpdocs ErrorLog /var/www/vhosts/test.com/logs/error_log CustomLog /var/www/vhosts/test.com/logs/access.log combined <FilesMatch \.php$> SetHandler "proxy:unix:/var/run/php-fpm/php5-fpm_test.com.sock|fcgi://test.com/" </FilesMatch> <Proxy fcgi://test.com> ProxySet connectiontimeout=5 timeout=240 </Proxy> <Directory "/var/www/vhosts/test.com/httpdocs"> Order allow,deny Allow from all AllowOverride FileInfo All # New directive needed in Apache 2.4.3: Require all granted </Directory> </VirtualHost> |
Create the required folders
1 2 3 | mkdir /var/www/vhosts/test.com mkdir /var/www/vhosts/test.com/httpdocs mkdir /var/www/vhosts/test.com/logs |
Create a symlink of this file to /etc/httpd/sites-enabled
1 | ln -s /etc/httpd/sites-available/test.com/conf /etc/httpd/sites-enabled/test.com/conf |
Configure Apache to read the conf files from the /etc/httpd/sites-enabled folder. Add the following line at the end of /etc/httpd/conf/httpd.conf
1 | IncludeOptional sites-enabled/*.conf |
Now, navigate to /etc/php-fpm.d and either duplicate the www.conf or create a new file test.com.conf and add the following to it
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | ; Start a new pool named 'www'. [test.com] listen = /var/run/php-fpm/php5-fpm_test.com.sock listen.allowed_clients = 127.0.0.1 user = test.com group = test.com pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 php_admin_value[error_log] = /var/www/vhosts/test.com/logs/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session |
Now add a user to the system
1 | useradd -d /var/www/vhosts/test.com/ test.com |
The user in this case is test.com. Issue the following to change ownership of it’s home directory and give it to the user test.com
1 | chown -R test.com:test.com /var/www/vhosts/test.com |
Make sure the folder permissions are set to 0755 and file permissions to 0644. With the setup above, you won’t need to set the permission 777 to files and folders to write to them.
Restart Apache and PHP-FPM
1 2 | service httpd restart service php-fpm restart |
Throw a file in /var/www/vhosts/test.com/httpdocs/ to verify things work
1 2 3 4 5 | # File test.php <?php phpinfo(); ?> |
If everything goes fine, you should something like below