php doesn't run in FCGId mode

19 posts / 0 new
Last post
#1 Mon, 12/15/2014 - 13:08
vayira

php doesn't run in FCGId mode

Hi I'm trying to move my drupal sites to a new server administered by Virtualmin.

If I switch the php to FCGId then instead of running the php script, my browser offers to download the php code as it is. The site runs correctly in Apache mod_php execution mode, but I understand that is not as secure.

I checked the apache log to see if I could learn anything. However, there are no errors generated.

I've found a few references to similar problems by searching, but they seem to relate to updates rather than a new Virtualmin installation. Can anyone give me some pointers as to how to get things working?

Thanks

Mon, 12/15/2014 - 15:54
vayira

Well. After hours of playing about with things I have discovered that commenting out the line...

php_admin_value engine Off

runs the php scripts instead of downloading them.

I don't know what this means or why it works so I hope that is a secure solution. Does anybody have any comments?

Tue, 12/16/2014 - 15:25 (Reply to #2)
vayira

Has this not been an issue for anyone else?

Have I found the best way of dealing with it?

Tue, 12/16/2014 - 17:59
andreychek

Howdy,

Hmm, what distro/version is it that you're using there?

And what is the output of "php -v"?

-Eric

Tue, 12/16/2014 - 18:27
vayira

Hi thanks for asking.

CentOS Linux 6.6

Webmin version 1.720 Virtualmin version 4.12.gpl GPL

php -v PHP 5.5.19 (cli) (built: Nov 16 2014 09:53:48) Copyright (c) 1997-2014 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies

Fri, 12/19/2014 - 13:36 (Reply to #5)
vayira

I would just like to check I am doing this right and to see if I can avoid the steps we are currently having to take by editing the template in some way.

To get FCGId mode running we...

  • Create the virtual server in virtualmin
  • Set the FCGId mode in virtualmin
  • Go to Virtual Server Options in Webmin
  • Edit Directives in Webmin to comment out #php_admin_value engine Off (that has been created by virtualmin)

Questions

Why does virtualmin create that line if that breaks the php?

Can I edit the templates so it doesn't happen?

Thanks for any help

Finally I found another reference to this problem here https://www.virtualmin.com/node/28396

They say It is indeed normal that php_admin_value should be disabled... that's a security feature to prevent mod_php from being invoked when FCGID/CGI is being used. That shouldn't be added if mod_php isn't enabled though.

So it is a virtualmin problem. So I'm still interested in in fixing the templates somehow so it doesn't happen.

Fri, 12/19/2014 - 13:37
andreychek

Ah, it looks like you're using a PHP version that came from a third party repository.

Take a peek at the section of the docs here titled "Why does PHP / ProFTPd no longer work after performing updates? (I'm using CentOS, and enabled third party repositories)":

https://www.virtualmin.com/documentation/system/faq

Fri, 12/19/2014 - 14:09 (Reply to #7)
vayira

I went to that page and followed these instructions What you'd want to do is find the SetHandler line in that file which defines what to do with ".php" files... it would look something like this: SetHandler application/x-httpd-php And then comment that out, and restart Apache using the command "/etc/init.d/httpd restart".

It broke one site until I changed the .htaccess file and had no effect at all other than that.

Virtualmin still adds the line

php_admin_value engine Off

to the Virtual Server Directives when the FCGId mode is set in virtualmin

Isn't this just a Virtualmin error?

Edit: Ah, but that line no longer has the efect it had before in terms of downloading php instead of serving it.

Looks like that might be it.

Fri, 12/19/2014 - 15:06
andreychek

Howdy,

The settings that Virtualmin is adding are correct.

The setting "php_admin_value engine" should indeed be "Off" when FCGID or CGI is being used. Using FCGID/CGI implies that you don't want mod_php. That setting ensures that Apache can't be tricked into using mod_php (which is insecure in a multi-user environment).

The issue is that the alternate PHP versions are changing the way PHP works in a non-compatible way. Amongst other things, that alternate PHP version is forcing the use of mod_php, which unfortunately breaks the way things work.

My suggestion would be to use the CentOS packages for PHP, which are known to work properly.

If you need a newer PHP version, you could always install a second PHP version using the instructions here:

https://www.virtualmin.com/documentation/web/multiplephp

Fri, 12/19/2014 - 18:16 (Reply to #9)
vayira

So are you saying when we got errors with php_admin_value engine Off Apache had been using mod_php instead of FCGId?

And conversely if all runs ok with php_admin_value engine Off not commented out it must be running FCGId?

Do you know of a script or something to test that FCGId is being used?

A friend set up the server & he's in Cuba with no internet now so I don't know what he did. Here's some info from yum

 yum list php
 
Installed Packages
php.x86_64                                                             5.5.19-2.el6.remi                                                              @remi-php55
Available Packages
php.x86_64                                                             5.5.20-2.el6.remi                                                              remi-php55 
 
yum repolist
 
repo id                                                   repo name                                                                                        status
base                                                      CentOS-6 - Base                                                                                   6,518
epel                                                      Extra Packages for Enterprise Linux 6 - x86_64                                                   11,178
extras                                                    CentOS-6 - Extras                                                                                    36
remi                                                      Les RPM de remi pour Enterprise Linux 6 - x86_64                                                  2,361
remi-php55                                                Les RPM de remi de PHP 5.5 pour Enterprise Linux 6 - x86_64                                         335
scl                                                       CentOS-6 - SCL                                                                                      664
updates                                                   CentOS-6 - Updates                                                                                  526
virtualmin                                                RHEL/CentOS/Scientific 6 - x86_64 - Virtualmin                                                      124
virtualmin-universal                                      Virtualmin Distribution Neutral Packages                                                            202
repolist: 21,944

So that looks like he set a repository called remi doesn't it? How would get the centos version?

Fri, 04/29/2016 - 06:23
gyorgy.chityil@...

I just experienced this issue as well.

Would be great if Virtualmin would check if a 3rd party php repo is used. For example, I am using php 7 and my sites crashed because of this issue.

Fri, 04/29/2016 - 06:26
gyorgy.chityil@...

Raised this issue as a bug here https://www.virtualmin.com/node/40560 IMHO Virtualmin should check if php is from 3rd party repo, or the setup is incompatible.

Wed, 02/15/2017 - 04:44
EhsanCh

I installed php56 from remo repository. there was 2 package there : php56-php php56

i removed "php56-php" and problem solved. i think it was for mod_php and it have to be removed for cgi/fcgi.

Thu, 06/08/2017 - 21:37
sidou

Sorry to revive this topic again but I'm using Apache with mod_php under Ubuntu 16.04 with the php7 that comes with the distro. Does it mean that my configuration is "in a way" not compatible with Virtualmin's standards?

I'm saying that because I still have all of my websites breaking down over and over again everytime I update Virtualmin because of that "php_admin_value engine Off" that keeps coming back in all the apache conf files!

It started from a certain version update of Virtualmin, I don't remember which one but I do remember the couple of sleepless nights I spent investigating the issue of all my websites having their php scripts being downloaded to the browser until I found out the culprit. I haven't changed a thing since I installed my system. Just using the default php7 that came with that Ubuntu version and running the default installation of apache with mod_php and happy with it (since I'm the only admin of all virtualservers).

Isn't Virtualmin supposed to adapt to such default situation or at least, is there a way to set up my Virtualmin's behavior somewhere in the templates in order to avoid this annoyance once and for all?

Mon, 09/11/2017 - 02:58
dyvel

Facing this issue as well - any news on this?

Sat, 09/16/2017 - 14:00 (Reply to #15)
Joe
Joe's picture

"this" issue actually seems to be at least two issues, so I'm not sure which one you're seeing.

Are you using both mod_php and fcgid or PHP-FPM execution modes in different virtual hosts?

Are these lines appearing in virtual hosts that should be using mod_php or only in virtual hosts that should be using fcgid or PHP-FPM (and which one)?

I'm trying to narrow down when the lines are appearing when they shouldn't. At the top of the thread there is an assumption that they should never be added, but that's not correct. They must be added under some circumstances. We just need to figure out when it's adding them that is wrong, so we can fix it.

Edit: And to be clear, the lines will never appear if mod_php is not being loaded into Apache. We default to having it loaded, because people complain if we don't, but I wish we could disable it by default (and maybe will eventually). You can remove this problem for ever by disabling mod_php completely. Just uninstall the php package (on CentOS, mod_php is in a package just called php, which is a bit misleading, since you do not need it to run php apps via fcgi, PHP-FPM, or on the command line), or whatever the php package is for the php version you're using (SCL would be rh-php70-php, I think).

--

Check out the forum guidelines!

Sat, 09/16/2017 - 17:40 (Reply to #16)
sidou

Thanks for the reply Joe but I'm a bit confused here, I don't quite understand what you mean by disabling mod_php completely? I am actually using and relying on mod_php for all my virtual hosts and I'm not using fcgid or php-fpm at all but the lines "php_admin_value engine Off" are being added anyway. Isn't this line supposed to be added by Virtualmin only when fcgid mode is set to avoid invoking mod_php? I mean isn't Virtualmin supposed to ignore that "line adding" behavior when detecting that mod_php is indeed being used?

By the way, as explained earlier, I'm not using CentOS but under Ubuntu 16.04 with the php7 that comes with the distro using mod_php without any change to the default installation.

Regards

Sat, 09/16/2017 - 18:38 (Reply to #17)
Joe
Joe's picture

So, yes, that line should only ever be added when you are not using mod_php, but mod_php is loaded into Apache.

Are you sure the execution mode for your virtual servers is set to mod_php? Check that in Server Configuration->Website Options for the virtual server.

If it's adding them for a server that is configured to use mod_php, it's a bug, and we'll need to figure out how to reproduce it so Jamie can fix it.

Edit: Also, though it's a bug and we definitely want to fix it, I still think mod_php is a bad idea. Why not use PHP-FPM or fcgid? ;-)

--

Check out the forum guidelines!

Sat, 09/16/2017 - 19:11 (Reply to #18)
sidou

Thanks for your quick reply,

I just checked the Website Options of all of my virtual hosts one by one and found out that almost half of them were set up on CGI wrapper instead of the first checkbox (mod_php) and these were exactly the virtual hosts where the directive line was being added. Thanks for pointing me to the right direction but I still don't understand how they got set up that way without any intervention from me!

I first thought they were newly added virtual hosts and that starting from a certain point in time my default configuration or template has changed to use CGI wrapper for any new vhost but I don't think that's the explanation because many of the misconfigured vhosts are old ones.

I have changed them back to mod_php and will see what happens after the next update.

Thanks again

Topic locked