Facebook
TwitterEnvironment:
Plesk Obsidian 18.0.33
Ubuntu 18.04.5 LTS
Kernel: 4.15.0-130-generic
PHP does not work if executed with FastCGI.
I get always the same error (500 Internal Server Error), setting up any website with FastCGI-PHP (any version fron 7.0 to 8.0)
or accessing the webmail (both Roundcube and Horde).
The problem seems to be related to suexec, cgi_wrapper and permissions ("failed to setgid").
apache2 -V | grep SUEXEC
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
ls /usr/lib/apache2/suexec
4510 -r-s--x--- 1 root www-data 27904 Dec 21 09:51 /usr/lib/apache2/suexec
ls /var/www/cgi-bin/cgi_wrapper/cgi_wrapper
0755 -rwxr-xr-x 1 root root 22896 Jan 4 12:22 /var/www/cgi-bin/cgi_wrapper/cgi_wrapper
(/var/www is a real folder, not a soft link)
For example, accessing the webmail configured with roundcube
tail /var/log/apache2/error.log
[Wed Feb 17 11:05:25.814793 2021] [fcgid:warn] [pid 23408] (104)Connection reset by peer: [client 78.134.99.7:49966] mod_fcgid: error reading data from FastCGI server
[Wed Feb 17 11:05:25.814821 2021] [core:error] [pid 23408] [client 78.134.99.7:49966] End of script output before headers: index.php
tail /var/log/apache2/suexec.log
[2021-02-17 11:05:25]: uid: (995/roundcube_sysuser) gid: (1007/1007) cmd: cgi_wrapper
[2021-02-17 11:05:25]: failed to setgid (1007: cgi_wrapper)
On a virtual machine with the same environment, FastCGI-PHP works normally,
so I tried to swap the suexec and cgi_wrapper executables.
virtual machine using remote server suexec and cgi_wrapper: WORKS
remote server using virtual machine suexec and cgi_wrapper: DOES NOT WORK
Though for websites I can workaround the problem using FPM, the webmail can only use FastCGI-PHP.
/etc/apache2/plesk.conf.d/webmails/domain.com.conf
...
<IfModule mod_suexec.c>
SuexecUserGroup roundcube_sysuser roundcube_sysgroup
</IfModule>
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX plesk-php73-fastcgi
FcgidInitialEnv PP_CUSTOM_PHP_INI "/etc/psa-webmail/roundcube/php.ini"
FcgidMaxRequestLen 134217728
<Directory "/usr/share/psa-roundcube">
Options -Indexes +FollowSymLinks
AllowOverride FileInfo AuthConfig Limit
Require all granted
Include "/etc/apache2/plesk.conf.d/roundcube.htaccess.inc"
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</Directory>
</IfModule>
...
So ALL my websites cannot use their webmail, that's a huge problem.
Can you help me?
Thank you
Plesk Obsidian 18.0.33
Ubuntu 18.04.5 LTS
Kernel: 4.15.0-130-generic
PHP does not work if executed with FastCGI.
I get always the same error (500 Internal Server Error), setting up any website with FastCGI-PHP (any version fron 7.0 to 8.0)
or accessing the webmail (both Roundcube and Horde).
The problem seems to be related to suexec, cgi_wrapper and permissions ("failed to setgid").
apache2 -V | grep SUEXEC
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
ls /usr/lib/apache2/suexec
4510 -r-s--x--- 1 root www-data 27904 Dec 21 09:51 /usr/lib/apache2/suexec
ls /var/www/cgi-bin/cgi_wrapper/cgi_wrapper
0755 -rwxr-xr-x 1 root root 22896 Jan 4 12:22 /var/www/cgi-bin/cgi_wrapper/cgi_wrapper
(/var/www is a real folder, not a soft link)
For example, accessing the webmail configured with roundcube
tail /var/log/apache2/error.log
[Wed Feb 17 11:05:25.814793 2021] [fcgid:warn] [pid 23408] (104)Connection reset by peer: [client 78.134.99.7:49966] mod_fcgid: error reading data from FastCGI server
[Wed Feb 17 11:05:25.814821 2021] [core:error] [pid 23408] [client 78.134.99.7:49966] End of script output before headers: index.php
tail /var/log/apache2/suexec.log
[2021-02-17 11:05:25]: uid: (995/roundcube_sysuser) gid: (1007/1007) cmd: cgi_wrapper
[2021-02-17 11:05:25]: failed to setgid (1007: cgi_wrapper)
On a virtual machine with the same environment, FastCGI-PHP works normally,
so I tried to swap the suexec and cgi_wrapper executables.
virtual machine using remote server suexec and cgi_wrapper: WORKS
remote server using virtual machine suexec and cgi_wrapper: DOES NOT WORK
Though for websites I can workaround the problem using FPM, the webmail can only use FastCGI-PHP.
/etc/apache2/plesk.conf.d/webmails/domain.com.conf
...
<IfModule mod_suexec.c>
SuexecUserGroup roundcube_sysuser roundcube_sysgroup
</IfModule>
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX plesk-php73-fastcgi
FcgidInitialEnv PP_CUSTOM_PHP_INI "/etc/psa-webmail/roundcube/php.ini"
FcgidMaxRequestLen 134217728
<Directory "/usr/share/psa-roundcube">
Options -Indexes +FollowSymLinks
AllowOverride FileInfo AuthConfig Limit
Require all granted
Include "/etc/apache2/plesk.conf.d/roundcube.htaccess.inc"
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</Directory>
</IfModule>
...
So ALL my websites cannot use their webmail, that's a huge problem.
Can you help me?
Thank you
Last edited:
