Hey Jamie,
I've got all of the FastCGI stuff packaged and wrapper scripts mostly written. Now we're down to needing Virtualmin support for some of this stuff.
Here's the way it works:
mod_php4/mod_php5 goes away (one can remain, if some changes are made to either the fastcgi.conf or the php4/php5.conf file).
mod_fastcgi gets pulled into apache with the followin conf file:
LoadModule fastcgi_module modules/mod_fastcgi.so
<IfModule mod_fastcgi.c>
FastCgiConfig -singleThreshold 1 -pass-header HTTP_AUTHORIZATION
AddHandler fastcgi-script .fcgi .fcg .fpl
Action application/x-httpd-php4 ${HOME}/bin/php4.fcgi
Action application/x-httpd-php5 ${HOME}/bin/php5.fcgi
AddType application/x-httpd-php5 .php5
AddType application/x-httpd-php4 .php .php4
</IfModule>
As you can see, we're now calling a wrapper in the users home directory, which looks something like:
[joe@delilah SOURCES]$ cat php4.fcgi
#!/bin/sh
# To use your own php.ini, comment the next line and uncomment the following one
PHPRC="/etc/php4"
#PHPRC="$HOME/etc/php4"
export PHPRC
PHP_FCGI_CHILDREN=4
export PHP_FCGI_CHILDREN
exec /usr/bin/php4
Or:
[joe@delilah SOURCES]$ cat php5.fcgi
#!/bin/sh
# To use your own php.ini, comment the next line and uncomment the following one
PHPRC="/etc"
#PHPRC="$HOME/etc/php5"
export PHPRC
PHP_FCGI_CHILDREN=4
export PHP_FCGI_CHILDREN
exec /usr/bin/php-cgi
With this, php processes execute as the user rather than apache. Another nice side effect is that the user can have their on php.ini (without introducing security issues).
Now, here's where it gets tricky:
php/php4/php5 are named something different and the php.ini file is located somewhere different depending on whether php4 or php5 is the system default version. For example, on Fedora Core 3, php4 is the default, and the binary is "/usr/bin/php" and the php.ini is in "/etc", whereas on FC4 it is laid out as indicated by the above. I believe we need some new configuration variables in Virtualmin (or maybe in the PEAR module, assuming it can handle two different versions--if it can't, it'll need to), as this stuff has to get set based on the locations of the php binary and the php.ini.
I could also wrap this up into a fcgi-wrappers package, per OS, if that seems easier?
Also worth noting, I don't think (but I'm not sure yet) that the $HOME variable is actually usable in the context of the wrapper so it might be necessary to have variable replacement when copying the files from the skel to /home/domain/bin. I don't believe the users environment will be available. I'll know more in a few hours when I begin testing this on a spanking new Fedora Core 5 installation.
Also, you may note that we now won't have mod_php loaded in Apache (at least, I doubt anyone will), so the Script Installers need to check for php in a different way. Probably just check for the presence of mod_fastcgi and the right php binary. You can select which php binary to use for the script by converting the suffix to the appropriate one (.php for php4, .php5 for php5).
Comments welcome. My end will be in the repository for all systems by tonight. Once Virtualmin knows how to deal with it, we can roll it out to customers in a few days.