Facebook
TwitterAndrew Penry
New Pleskian
I read a lot of random help pages trying to find how to do this, and I thought I'd share my findings here so maybe future people won't have to search as hard.
So you have some PHP code that needs to be shared across multiple domains. Maybe you're doing some SAAS, or have some shared libraries, or whatever. You want to share the directory using Alias in your Apache configuration, and you need the PHP to execute.
Real-world use case: this is how the SimpleSAMLphp documentation tells you to set it up.
Because you are using PHP-FPM instead of mod_php you can't just use "php_admin_flag engine on" like you may have in the past.
Instead, you need to set the php handler in the <Directory> portion of the config. On your destination domain, if you want to be able to go to http://myexample.com/saml/index.php and have index.php run instead of just downloading as plain text, set it up like so:
This will tell apache to forward whatever.php to the PHP-FPM handler for the myexample.com domain. Which means it will execute as the correct user.
Next, add /usr/local/simplesamlphp/ to your PHP open_basedir setting.
If you see "AH01071: Got error 'Primary script unknown\n'" in the logs, this is a permission error. You need to set the executable bit on your shared folder and all parent folders. Using the example paths above:
Then make sure that the files are owned by the psacln group and set to be readable and executable by that group.
Something like
Alternatively, you could just set them as readable and executable by everyone.
Important Note: If you just want to be able to include php files using include(), you don't need to do the alias stuff. You just need to use open_basedir and check the permissions.
So you have some PHP code that needs to be shared across multiple domains. Maybe you're doing some SAAS, or have some shared libraries, or whatever. You want to share the directory using Alias in your Apache configuration, and you need the PHP to execute.
Real-world use case: this is how the SimpleSAMLphp documentation tells you to set it up.
Because you are using PHP-FPM instead of mod_php you can't just use "php_admin_flag engine on" like you may have in the past.
Instead, you need to set the php handler in the <Directory> portion of the config. On your destination domain, if you want to be able to go to http://myexample.com/saml/index.php and have index.php run instead of just downloading as plain text, set it up like so:
Code:
Alias /saml /usr/local/simplesamlphp/www
<Directory /usr/local/simplesamlphp/www>
<IfModule mod_proxy_fcgi.c>
<Files ~ (\.php$)>
SetHandler proxy:unix:///var/www/vhosts/system/myexample.com/php-fpm.sock|fcgi://127.0.0.1:9000
</Files>
</IfModule>
Options -Includes -ExecCGI
</Directory>This will tell apache to forward whatever.php to the PHP-FPM handler for the myexample.com domain. Which means it will execute as the correct user.
Next, add /usr/local/simplesamlphp/ to your PHP open_basedir setting.
If you see "AH01071: Got error 'Primary script unknown\n'" in the logs, this is a permission error. You need to set the executable bit on your shared folder and all parent folders. Using the example paths above:
Code:
chmod +x /usr/local/simplesamlphp/www
chmod +x /usr/local/simplesamlphpThen make sure that the files are owned by the psacln group and set to be readable and executable by that group.
Something like
Code:
chown -R root:psacln /usr/local/simplesamlphp
chmod -R 751 /usr/local/simplesamlphpAlternatively, you could just set them as readable and executable by everyone.
Code:
chown -R root:root /usr/local/simplesamlphp
chmod -R 755 /usr/local/simplesamlphpImportant Note: If you just want to be able to include php files using include(), you don't need to do the alias stuff. You just need to use open_basedir and check the permissions.
