The Best Settings for Configuring FastCGI (mod_fcgid)

Reading Time: 5 minutes

In our last tutorial, we showed you how to install Apache’s mod_fcgid and provided Linux scripts to assist in transitioning from mod_php. In this next section, we’ll be discussing how to configure a baseline setting for PHP optimization. Continue reading “The Best Settings for Configuring FastCGI (mod_fcgid)”

How to Install mod_fcgid on cPanel’s EasyApache 4 with CloudLinux

Reading Time: 6 minutes

When it comes to PHP execution, mod_fcgid (also called FCGI) is one of the heavyweight contenders. There are a few rival handlers, like PHP-FPM or mod_lsapi, which come close to matching its execution speed, but they generally leave something to be desired when it comes to fine-tuning and resource consumption. FCGI is built for speed and includes a myriad of Apache directives that can be leveraged for resource regulation.

This article will cover installing mod_fcgid followed by basic configuration in a separate article. The article applies to any cPanel servers running the following operating systems:

The article will not cover EasyApache 3 (EA3). Due to the End-of-Fife (EOL) status of EA3, it is imperative that any systems running EA3 upgrade to EA4 as soon as possible. To avoid conflicts, upgrading to EA4 should be handled as an entirely separate procedure from installing mod_fcgid. If you need assistance with upgrading from EA3 to EA4, please feel free to contact our support team. If you’re running a Liquid Web Fully Managed cPanel server, our team will perform the entire upgrade procedure for you.

Expectations: Downtime & Performance

Downtime – Please plan ahead of time as this operation may cause downtime. While installing an Apache module and enabling a baseline configuration should only require an Apache restart, there may be unforeseen circumstances that require troubleshooting. This can lead to sites becoming unresponsive and/or slow.

Note
Always plan for more downtime than expected and always have a reversion plan. Allot extra time for troubleshooting, testing, and reverting all changes if necessary.

Performance – While FCGI provides superior PHP execution time, it is not a blanket fix for performance. For server optimization there will be an adjustment period for configuration tweaking.This period can take hours to weeks as it must account for the unique caveats with the specific server hardware, software, traffic habits, and many other unpredictable variables.

Note
Optimization is an ongoing, perceptual process. There is no one-size-fits-all optimized configuration. Traffic & resource usages continually change over time on all servers. Periodic evaluation and configuration adjustment are necessary to stay ahead of the curve.

 

Installation of mod_fcgid

The following steps should be followed as close to the examples as possible. Things will vary slightly depending on CentOS/CloudLinux versions, and a few other factors. The article will denote the differences where they are expected.

Step 1) [su_highlight background="#3ac6eb"]Liquid Web Servers Only[/su_highlight] Disable Mod_Zeus & Other EA3 Modules

Older Liquid Web cPanel servers with EasyApache 3 who upgraded to EA4 may find residual configs on the system that can cause conflicts in the Apache configuration. This step will help make sure these older configs are disabled. The following sed one-liner will take care of disabling the inclusion line for these modules. These modules are stored in the /usr/local/lp/configs/httpd/conf.d/ directory. This directory is typically mentioned in the /etc/apache2/conf.d/includes/post_virtualhost_global.conf config file. The sed code looks for and comments out the specific include statement for this file.

sed -i -e 's/[^#]+\(Include [/]usr[/]local[/]lp[/]configs[/]httpd[/]\)/#\1/g' /etc/apache2/conf.d/includes/post_virtualhost_global.conf

To confirm the change, print the contents of the post_virtualhost_global.conf file using cat:

cat /etc/apache2/conf.d/includes/post_virtualhost_global.conf

The output should be blank or have a commented out inclusion line like below:

#Include /usr/local/lp/configs/httpd/conf.d/*.conf

Step 2) Disable Litespeed

FCGI is not compatible with Litespeed, which uses its own mod_lsapi module to process PHP using lsphp. Disabling Litespeed in this way does not remove it from the server; it merely enables Apache as the default web server.

/usr/local/lsws/admin/misc/cp_switch_ws.sh apache

Step 3) Install mod_fcgid

The following yum command will install the necessary module:

yum install ea-apache24-mod_fcgid -y

Once completed, confirm Apache has the fcgid_module loaded:

httpd -M | grep expires\|version\|fcgid

Example output:

fcgid_module (shared)

Step 4) [su_highlight background="#3ac6eb"]CloudLinux Only[/su_highlight] Configure CageFS Map for FCGI

The following snippet will create the necessary directories needed by mod_fcgid to execute correctly. It will then add those directory entries into the /etc/cagefs/cagefs.mp file, allowing user-level access to said directories from within their caged environment. It finally forces cagefs to remount all user directories for access to the new directory on all sites.

mkdir -p /var/run/mod_fcgid /usr/share/cagefs-skeleton/var/run/mod_fcgid /run/mod_fcgid
cp -p /etc/cagefs/cagefs.mp{,.lwbak.$(date +%F_%H%M%S)}
cat <<EOF>>/etc/cagefs/cagefs.mp
/var/run/mod_fcgid
/run/mod_fcgid
/usr/local/cpanel/cgi-sys/
EOF
cagefsctl -M

Step 5) [OPTIONAL] Remove Unnecessary Writable Permission

Due to security restrictions, any website files or directories with group-writable or other-writable permissions will be denied and a 500 Internal Server Error will be displayed. The following awk one-liner uses the find command to search all DocumentRoot directories configured on the server. It is advised to run this process in a screen session as it may take an hour or more depending on the size of the file system in question. The code takes care to use nice and ionice commands to run the process as a low priority so there will be minimal impact on server load or disk I/O. All changed files and their previous permissions are recorded in the /var/log/fixperms.log file.

Step 5a) Create & Attach to a Screen Session

screen -dmS fixperms; screen -x fixperms

Step 5b) Run the One-Liner

nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) {x="find \""e"\" \\( -type f -or -type d \\) -and -perm /g+w,o+w -printf \"%M %y %m %p\\n\" -exec chmod g-w,o-w {} +"; while(x|getline) {print $0;print strftime("%F %T %Z"),$0 >> "/var/log/fixperms.log"} close(x)}}' /etc/apache2/conf/httpd.confExit screen by holding CTRL/CMD then pressing A, then D.

 

Step 6) [OPTIONAL] Disable mod_php Directives in .htaccess Files

Another common caveat when switching to FCGI is that any existing mod_php related directives inside any .htaccess file are not compatible with mod_fcgid and will cause the site to throw a 500 Internal Server Error. So these entries need to be located and disabled or removed.  The following awk one-liner checks all configured DocumentRoot directories for .htaccess files, and if they contain a php_value or php_admin_value entry, it will disable by commentting the line out. First, an in-place backup is created of the original file. The backup is named .htaccess.bak.YYYY-MM-DD_HHMMSS. All changed files and their previous permissions are logged in the /var/log/fixhtaccess.log file.

Step 6a) Create & Attach to a Screen Session

screen -dmS fixhtaccess; screen -x fixhtaccess

Step 6b) Run the One-Liner

nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) { x="find "e" -name .htaccess -exec grep -iEl \"^([^#]*php_(admin_)?value)\" {} +"; s="sed -i.bak.$(date +%F_%H%M%S) \047s/^\\([^#]*php_\\(admin_\\)\\?value\\)/#\\1/gi\047 2>&1";
while(x|getline) {print $0; print s,$0; print strftime("%F %T %Z"),s,$0 >> "/var/log/fixhtaccess.log"; while(s" "$0|getline y) { print y; print strftime("%F %T %Z"),y >> "/var/log/fixhtaccess.log" } close(s" "$0)} close(x)}}' /etc/apache2/conf/httpd.conf

Step 7) Rebuild Apache Config (Troubleshoot Any Errors)

The following command checks the system httpd.conf file for syntax error and if none are found, runs the cPanel httpd.conf rebuild script. Fix any syntax errors, until a clean rebuild is completed without error.

httpd -t && /scripts/rebuildhttpdconf

Step 8) [su_highlight background="#3ac6eb"]CloudLinux ONLY[/su_highlight] Setup PHP Selector

The PHP Selector feature of CloudLinux is only compatible with the inherit PHP versions in the cPanel MultiPHP Manager interface. All sites should be using the inherited version of PHP or PHP Selector will not function for that site. This only applies to CloudLinux servers.

Step 8a) Force All Sites to Use Inherited Version of PHP in MultiPHP Selector

The following command uses cPanel’s whmapi1 system to force all sites onto the inherited version of PHP in MultiPHP Manager.

/usr/sbin/whmapi1 php_get_vhost_versions | awk  -F'[: ]+' '$2~/vhost/{x="/usr/sbin/whmapi1 php_set_vhost_versions version=inherit vhost-0="$3;print x;system(x);close(x)}'

Step 8b) Disable MultiPHP Manager & MultiPHP INI Editor

The following uses the cPanel whmapi1 system to add MultiPHP Manager/INI Editor to the disabled features list.

/usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp=1 multiphp_ini_editor=1 ; /usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp_ini_editor=1

Step 9) Switch All PHP Handlers over to FCGI

The following will convert all installed PHP Handlers to using FCGI. These handlers are viewalbe through the Handlers tab of WHM’s MultiPHP Manager interface or by running the cPanel rebuild_phpconf script.

/usr/local/cpanel/bin/rebuild_phpconf --current | awk 'NR>1{x="/usr/local/cpanel/bin/rebuild_phpconf --"$1"=fcgi"; print x; system(x);
close(x)}'

To confirm the changes, run:

/usr/local/cpanel/bin/rebuild_phpconf --current

Example Output:

DEFAULT PHP: ea-php71
ea-php54 SAPI: fcgi
ea-php55 SAPI: fcgi
ea-php56 SAPI: fcgi
ea-php70 SAPI: fcgi
ea-php71 SAPI: fcgi
ea-php72 SAPI: fcgi

Step 10) Perform a Full Stop & Restart of Apache

The following script will stop Apache (gracefully if possible), and kill any unresponsive Apache & PHP processes before starting the Apache service again. It will also verify the Apache configuration syntax and will only perform the restart procedure if the syntax returns ok. This technique is handy as it is common for Apache processes to get stuck from time to time on busy servers.  This snippet deals with those scenarios after performing the humane stop request first.

httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.

Note
Toss this snippet into an alias called apache_rescue which you can add to your ~/.bashrc for easy access to this code. Below is a one-liner that will create this alias for you and load the modified profile in your current session. Once this alias is installed, it will always be available on that  server by typing apache_rescue.

cat <<'EOF'>>~/.bashrc && source ~/.bashrc
alias apache_rescue='httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.'
EOF

This concludes our ten step process for installing mod_fcgid onto your cPanel system.  It’s recommended to adjust FCGI settings from their default settings. Tune into our next tutorial where we’ll be advising on how to optimize FCGI for various environments.

Install Multiple PHP Versions Using EasyApache 4

Reading Time: 8 minutes

EasyApache 4 installs, configures, updates, and validates your Apache, PHP and other services on your server. EasyApache 4 also supports multiple versions of PHP.  This allows you to assign different versions of PHP to each of your domains. There are great tools that have been implemented with EasyApache 4 that makes managing PHP versions simple. Two of these are the MultiPHP Manager and MultiPHP INI Editor. These can be found within the Web Host Manager, or “WHM” for short.  With the addition of these tools in cPanel/WHM, users can now complete most of these tasks from the Graphical User Interface. However, it is worth mentioning, attempting these tasks from the command line is recommended as we have seen better performance when compiling Apache builds.  

Note:
If you are still using EasyApache 3, please contact our support for assistance upgrading your server to EasyApache 4. EasyApache 3 is no longer being supported as of December 31st, 2018. This means there will be no further updates for this service. This can create security risks and should be addressed. Also, cPanel will not allow you to update to version 78 or newer using EasyApache 3. Before considering upgrading, please be sure you meet the following requirements.

EasyApache 4 requirements

  • Utilize Apache 2.4 or newer, updating Apache from 2.2 to 2.4 can be done from WHM using EasyApache 3, but it is recommended to run from the command line.  You can read more about this here.
  • It is recommended for the system to use suPHP as the default PHP handler.  More information on handlers can be found here.
  • CentOS 6, CloudLinux 6, Red Hat Linux 6 or higher

          

Note:
If you are still running CentOS 5 or older “due to the security risks” we would highly recommend migrating to a newer operating system as soon as possible. More than likely your current server’s hardware is also obsolete. Due to the complexities of our packages, we would recommend migrating to a new server. If you need any assistance choosing a new server, please reach out to us. Our team will gladly assist you in selecting the perfect package that will provide you with the best performance possible.

  • PHP versions 5.4 or higher. If your site is using PHP 5.3 or older, you will need to update and confirm your site is compatible with PHP Versions 5.4 or higher.  
  • MySQL/MariaDB are using updated hashes. The older versions of MySQL use an incompatible hashing algorithm.  Mysql 5.6 and later use an updated secured hash.  Since EasyApache 4 uses mysqlnd “the MySQL Native Driver” this will need to be addressed before upgrading since mysqlnd does not support older hash.  

Once you have met these requirements, your server is ready to upgrade EasyApache 3 to EasyApache 4.  When upgrading EasyApache we would recommend beginning this task at a time your server is not expecting much traffic as the process can take 20 minutes to a few hours.  This depends on your specific server’s performance and overhead. If you require any assistance with meeting the requirements needed to upgrade or would like to schedule an upgrade.  Please call, start a chat or submit a ticket with our support team.

Other than the requirements there are a few other obstacles you may need to check.

  1. Be sure the suPHP_ConfigPath directive is not being used in any .htaccess file as unexpected behavior may occur. You can correct this by removing or commenting this directive out within the .htaccess file. (The .htaccess can be found in /home/$cpaneluser/public_html  or /home/$cpaneluser/)
  1. Find any php.ini or .user.ini that will try to reference the old environment variable,  extension_dir, either the line will need to be removed or corrected. (The .php.ini/.user.ini can be found in /home/$cpaneluser/public_html  or /home/$cpaneluser/)

Upgrading EasyApache 3 to EasyApache 4 Script

Access your server via SSH and insert the following command:  

/scripts/migrate_ea3_to_ea4 –run 

To revert back to EasyApache 3

/scripts/migrate_ea3_to_ea4 –revert –run

Once EasyApache 4 is installed, please be sure to test your sites for any errors and confirm that WHM/cPanel is up to date.

 

Configuring Apache and PHP Using EasyApache 4 

1. Login to WHM and access EasyApache 4 by using the search bar.

       WHM >> Software >> EasyApache 4

2. Once you have navigated to EasyApache 4 you can view, customize and provision available EasyApache profiles.  Click the  button under Currently Installed Packages.

Note:
By default EasyApache 4 comes with additional profiles that help minimize setup up time as there are a few options tailored to the end users’ needs. If needed you still have the ability to create your own profiles for even further customization. For more information on EasyApache 4 profiles, you can view this documentation from cPanel.

3. From the “Apache MPMmenu you can select which MultiProcessing Module, or “MPM” you would like to use.  This will determine how Apache will handle incoming requests and how it processes them. You can select which MPM you would like to use by clicking the toggle button to the right of the module. If you are unsure on which MPM to use, check our tutorial to help you decide. Once selected click Next.

4. The “Apache Modules” section will allow you to select and install needed Apache Modules.  Once the needed modules are selected, click Next. Apache Modules can add extra functionality to Apache.  For example, the mod_ssl module can be selected from this interface.  This allows Apache to process traffic using the Secure Sockets Layer “SSL v2/3” and TLS “Transport Layer Security”. For more Information on Apache Modules visit this link, which details more specific information on Apache Modules.

5. From the PHP Versions menu, you can select which versions of PHP you wish to install.  WHM will automatically check for extensions currently being used by other versions of PHP on your server.  More than likely these extensions are currently being used by one of your domains, and because of this, we recommend selecting the PHP X.X and Extensions button when selecting a version.  After you have selected the versions you want to install, click Next.

Note:
If possible we would highly recommend using the most recent version of PHP as PHP version 5.6 and 7.0 will no longer have security updates as of January 1, 2019. For more information on supported PHP versions visit this link.

6. From the next menu, the PHP Extensions menu, you can select all PHP extensions you require.  PHP extensions enable particular functions used in your PHP code, an example of this would be if your PHP code communicates with MySQL you will need to utilize the mysqlnd extension.  EasyApache 4 has already selected recommended extensions that existed on previously installed versions of PHP on your server by default.   A good tip is to limit the selection view to only the version of PHP you are installing.  You can do so at the top of this page by deselecting the boxes next to Filter by PHP Version.  Once you have selected your PHP extensions click Next.

7.  The next two sections are not commonly used, however, they are included for those that require these functions.  Ruby via Passenger allows you to integrate Ruby, Node.js, and Python applications on your server.  Within this menu, you can install/select which Ruby modules you would like to use.  More information on this can be found in this link

Within the Additional Packages menu, you can select custom packages to be installed on your server.  Currently, by default, the only option available is Tomcat 8.5.  Tomcat is a Java Servlet Container that allows you to run Javabased application on your server. You can save the profile to be used for later by clicking Save as profile button on the bottom-right corner of the page.

Once you have finished your selections, click Next or Review.   You should see a notification like the one we have included below.  This can take a few minutes to complete so allow it some time to poll your results.

8.  Please be sure to review this next page to make sure you have selected the desired configuration. If you notice anything is missing or should be changed, you may return to the relevant menu to adjust the selections. Once reviewed, scroll down to the bottom of the page and click the Provision” button.Once you have begun provisioning, please allow EasyApache some time to finish.  You will be prompted once the process has finished.

Congratulations, you have selected an MPM, installed additional Apache Modules, PHP versions, and PHP extensions using EasyApache 4.

 

Using the MultiPHP Manager from WHM

cPanel’s MultiPHP Manager allows users to manage cPanel accounts PHP configuration on a per domain basis.  This feature is only available on EasyApache 4.  You can also set the systems default global PHP version for all accounts, enable PHP-FPM globally or per domain, and adjust PHP-FPM pool options.

Selecting System default PHP Version 

  1. Navigate to the MultiPHP Manager (WHM >> Software >> MultiPHP Manager)
    Note:
    Setting the system default PHP version will not change the PHP version for all domains. Your cPanel account “if not defined” is set to inherit by default. If the inherit option is enabled, the account will use the system’s default PHP version.
  1. Click Edit under System PHP Versions.
  1. Select the desired PHP version and click Apply. You should see a Success notification at the top right of the page if the change was successful.  It will also display any errors that may have occurred. 

Define PHP Versions per Domain

Within the MultiPHP Manager, you also can set the desired PHP version on a per domain basis.  

  1. Select the domain or accounts you wish to alter.
  2. Click the dropdown menu located in the PHP column.
  3. Select your desired PHP version. The interface will prompt you once the change has completed.

 

Changing PHP Versions on Multiple Accounts

  1. Select which accounts you would like to alter by clicking the check boxes next to the domain.
  2. Click the dropdown located in the type right.
  3. Select the desired PHP version and click Apply The interface will prompt you once the change has completed.

 

MultiPHP INI Editor

MultiPHP INI Editor is a great tool that allows you to manage PHP settings per version.  You can quickly edit the most commonly adjusted PHP directives from within the Basic Mode or for more advanced users you can edit the configuration files directly using the Editor Mode.   For information on directives, please read PHP’s documentation which can be found here.

To access the MultiPHP INI Editor login into WHM. (WHM >> Home >> Software >> MultiPHP INI Editor)

Basic Mode allows you to view and edit directive values for your selected PHP version.  WHM will save changes to the PHP configuration file.  Also, directives will only show if the version of PHP you are editing supports that directive. With WHM assistance this greatly helps minimize errors as the syntax within these files are sensitive.  

Edit PHP Configuration Using MultiPHP INI Editor in Basic Mode

  1. Select a PHP version from the dropdown menu.
  2. Adjust directives as needed.  For example, you can increase upload_max_filesize by editing the field to the right of the directive.
  3.  Click Apply to submit changes.  If the edit was submitted successfully WHM will notify you at the top right of the page.  It will also inform you if any errors have occurred.
  4. Adjust directives as needed.  For example, you can increase upload_max_filesize by editing the field to the right of the directive. 
  5.  Click Apply to submit changes.  If the edit was submitted successfully WHM will notify you at the top right of the page.  It will also inform you if any errors have occurred.

 

Edit PHP Configuration Using MultiPHP INI Editor in Editor Mode

Editor Mode allows you to modify additional directives and PHP configurations that are not available in Basic Mode.  Please note, errors within this interface can result in errors causing PHP scripts not to function correctly.  Unlike Basic Mode which loads directives available to that version of PHP, Editor Mode loads the contents from the .ini file for the selected PHP version.  If the file does not exist then, the interface will load a blank editor.  When saving values or configurations to a blank editor, the systems will create a new file. 

  1. From within MultiPHP INI Editor click the Editor Mode tab. 
  2. Click the dropdown menu to select PHP Version.
  3. The Editor will open the file as a text document. From here you can simply edit the configuration to your needs.
  1. Click Save to submit your changes.  If the changes were successful WHM will display a success notification in the top right of the screen as well as any errors that may have occurred.  

EasyApache 4 makes adjustments and server tuning a breeze.  However, there is still a chance the end user can make a fatal mistake.  A quick call to our support staff could bring a quick resolution to your issue.  There are some cases where the best solution possible, is the fastest the end user can apply themselves.  For cases such as these, we would highly recommend utilizing our Cloud Backups.  Cloud Backups offer an extra layer of protection as your backups are stored on a remote device we manage here at Liquid Web.  This ensures full restoration in the unlikely event of a total system failure. The end user can manage and restore easily from our manage page.  For more information on how Cloud Backups can work for you visit products page

Whitelisting in ModSecurity

Reading Time: 6 minutes

Broken down into two parts our article’s first section hits on “how to whitelist IPs or URIs,” for people who are somewhat familiar with ModSecurity but want to know further about the process. Our second section examines why we configure ModSecurity and how to prevent the security of the server from getting in the way of our work. If you have a Fully Managed Liquid Web server reach out to our Heroic Support team for assistance with whitelisting! Continue reading “Whitelisting in ModSecurity”

What is mod_deflate?

Reading Time: 3 minutes

How mod_deflate works

When a visitor accesses a website, a request is made to the web server for a specific kind of data. An example might be a home page of a site. Next, the web server locates that data and delivers it to the client who is requesting that data – basically back to the web browser.

In this example, the speed at which the home page loads can depend on a variety of factors. One of them could be how long it takes to find and deliver the data for that page. This is just one example.

Some of that data – such as javascript files, css files, and php files – can actually be compressed into smaller sizes before they are delivered back to the visiting client or browser at the smaller size. The visitor can now have a more optimized browsing experience.

This is where mod_deflate comes in.

Continue reading “What is mod_deflate?”

Using Passenger with cPanel on CentOS 7

Reading Time: 3 minutes

Phusion Passenger is a web application server that can run Ruby, Node.js, and Python applications on your webserver. It integrates with both Apache and Nginx to serve content to your visitors. Historically, this application was difficult to integrate with cPanel servers, which would combine the power of Ruby applications with the ease of management that cPanel provides, but recent advancements make setting up your Passenger module very simple. This easy walkthrough will show you how to add Passenger, Apache mod_passenger, and the supporting Ruby installation to cPanel. Continue reading “Using Passenger with cPanel on CentOS 7”

EasyApache 4 & CLI based PHP utilities

Reading Time: 3 minutes

With the release of EasyApache 4 in WHM 58 there are various changes to how PHP is managed. The most obvious being that EasyApache 4 brings support for installing multiple PHP versions alongside each other. However with multiple versions of PHP being installed on the server it’s easy to lose track of your command-line based PHP utilities and their PHP requirements. Continue reading “EasyApache 4 & CLI based PHP utilities”