In our last tutorial, we showed you how to install Apache’s mod_fcgid and provided Linux scripts to assist in transitioning from mod_php. In this next section, we’ll be discussing how to configure a baseline setting for PHP optimization. Continue reading “The Best Settings for Configuring FastCGI (mod_fcgid)”
When it comes to PHP execution, mod_fcgid (also called FCGI) is one of the heavyweight contenders. There are a few rival handlers, like PHP-FPM or mod_lsapi, which come close to matching its execution speed, but they generally leave something to be desired when it comes to fine-tuning and resource consumption. FCGI is built for speed and includes a myriad of Apache directives that can be leveraged for resource regulation.
This article will cover installing mod_fcgid followed by basic configuration in a separate article. The article applies to any cPanel servers running the following operating systems:
The article will not cover EasyApache 3 (EA3). Due to the End-of-Fife (EOL) status of EA3, it is imperative that any systems running EA3 upgrade to EA4 as soon as possible. To avoid conflicts, upgrading to EA4 should be handled as an entirely separate procedure from installing mod_fcgid. If you need assistance with upgrading from EA3 to EA4, please feel free to contact our support team. If you’re running a Liquid Web Fully Managed cPanel server, our team will perform the entire upgrade procedure for you.
Downtime – Please plan ahead of time as this operation may cause downtime. While installing an Apache module and enabling a baseline configuration should only require an Apache restart, there may be unforeseen circumstances that require troubleshooting. This can lead to sites becoming unresponsive and/or slow.
Performance – While FCGI provides superior PHP execution time, it is not a blanket fix for performance. For server optimization there will be an adjustment period for configuration tweaking.This period can take hours to weeks as it must account for the unique caveats with the specific server hardware, software, traffic habits, and many other unpredictable variables.
The following steps should be followed as close to the examples as possible. Things will vary slightly depending on CentOS/CloudLinux versions, and a few other factors. The article will denote the differences where they are expected.
Older Liquid Web cPanel servers with EasyApache 3 who upgraded to EA4 may find residual configs on the system that can cause conflicts in the Apache configuration. This step will help make sure these older configs are disabled. The following sed one-liner will take care of disabling the inclusion line for these modules. These modules are stored in the /usr/local/lp/configs/httpd/conf.d/ directory. This directory is typically mentioned in the /etc/apache2/conf.d/includes/post_virtualhost_global.conf config file. The sed code looks for and comments out the specific include statement for this file.
sed -i -e 's/[^#]+\(Include [/]usr[/]local[/]lp[/]configs[/]httpd[/]\)/#\1/g' /etc/apache2/conf.d/includes/post_virtualhost_global.conf
To confirm the change, print the contents of the post_virtualhost_global.conf file using cat:
cat /etc/apache2/conf.d/includes/post_virtualhost_global.conf
The output should be blank or have a commented out inclusion line like below:
#Include /usr/local/lp/configs/httpd/conf.d/*.conf
FCGI is not compatible with Litespeed, which uses its own mod_lsapi module to process PHP using lsphp. Disabling Litespeed in this way does not remove it from the server; it merely enables Apache as the default web server.
/usr/local/lsws/admin/misc/cp_switch_ws.sh apache
The following yum command will install the necessary module:
yum install ea-apache24-mod_fcgid -y
Once completed, confirm Apache has the fcgid_module loaded:
httpd -M | grep expires\|version\|fcgid
Example output:
fcgid_module (shared)
The following snippet will create the necessary directories needed by mod_fcgid to execute correctly. It will then add those directory entries into the /etc/cagefs/cagefs.mp file, allowing user-level access to said directories from within their caged environment. It finally forces cagefs to remount all user directories for access to the new directory on all sites.
mkdir -p /var/run/mod_fcgid /usr/share/cagefs-skeleton/var/run/mod_fcgid /run/mod_fcgid
cp -p /etc/cagefs/cagefs.mp{,.lwbak.$(date +%F_%H%M%S)}
cat <<EOF>>/etc/cagefs/cagefs.mp
/var/run/mod_fcgid
/run/mod_fcgid
/usr/local/cpanel/cgi-sys/
EOF
cagefsctl -M
Due to security restrictions, any website files or directories with group-writable or other-writable permissions will be denied and a 500 Internal Server Error will be displayed. The following awk one-liner uses the find command to search all DocumentRoot directories configured on the server. It is advised to run this process in a screen session as it may take an hour or more depending on the size of the file system in question. The code takes care to use nice and ionice commands to run the process as a low priority so there will be minimal impact on server load or disk I/O. All changed files and their previous permissions are recorded in the /var/log/fixperms.log file.
screen -dmS fixperms; screen -x fixperms
nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) {x="find \""e"\" \\( -type f -or -type d \\) -and -perm /g+w,o+w -printf \"%M %y %m %p\\n\" -exec chmod g-w,o-w {} +"; while(x|getline) {print $0;print strftime("%F %T %Z"),$0 >> "/var/log/fixperms.log"} close(x)}}' /etc/apache2/conf/httpd.confExit screen by holding CTRL/CMD then pressing A, then D.
Another common caveat when switching to FCGI is that any existing mod_php related directives inside any .htaccess file are not compatible with mod_fcgid and will cause the site to throw a 500 Internal Server Error. So these entries need to be located and disabled or removed. The following awk one-liner checks all configured DocumentRoot directories for .htaccess files, and if they contain a php_value or php_admin_value entry, it will disable by commentting the line out. First, an in-place backup is created of the original file. The backup is named .htaccess.bak.YYYY-MM-DD_HHMMSS. All changed files and their previous permissions are logged in the /var/log/fixhtaccess.log file.
screen -dmS fixhtaccess; screen -x fixhtaccess
nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) { x="find "e" -name .htaccess -exec grep -iEl \"^([^#]*php_(admin_)?value)\" {} +"; s="sed -i.bak.$(date +%F_%H%M%S) \047s/^\\([^#]*php_\\(admin_\\)\\?value\\)/#\\1/gi\047 2>&1";
while(x|getline) {print $0; print s,$0; print strftime("%F %T %Z"),s,$0 >> "/var/log/fixhtaccess.log"; while(s" "$0|getline y) { print y; print strftime("%F %T %Z"),y >> "/var/log/fixhtaccess.log" } close(s" "$0)} close(x)}}' /etc/apache2/conf/httpd.conf
The following command checks the system httpd.conf file for syntax error and if none are found, runs the cPanel httpd.conf rebuild script. Fix any syntax errors, until a clean rebuild is completed without error.
httpd -t && /scripts/rebuildhttpdconf
The PHP Selector feature of CloudLinux is only compatible with the inherit PHP versions in the cPanel MultiPHP Manager interface. All sites should be using the inherited version of PHP or PHP Selector will not function for that site. This only applies to CloudLinux servers.
The following command uses cPanel’s whmapi1 system to force all sites onto the inherited version of PHP in MultiPHP Manager.
/usr/sbin/whmapi1 php_get_vhost_versions | awk -F'[: ]+' '$2~/vhost/{x="/usr/sbin/whmapi1 php_set_vhost_versions version=inherit vhost-0="$3;print x;system(x);close(x)}'
The following uses the cPanel whmapi1 system to add MultiPHP Manager/INI Editor to the disabled features list.
/usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp=1 multiphp_ini_editor=1 ; /usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp_ini_editor=1
The following will convert all installed PHP Handlers to using FCGI. These handlers are viewalbe through the Handlers tab of WHM’s MultiPHP Manager interface or by running the cPanel rebuild_phpconf script.
/usr/local/cpanel/bin/rebuild_phpconf --current | awk 'NR>1{x="/usr/local/cpanel/bin/rebuild_phpconf --"$1"=fcgi"; print x; system(x);
close(x)}'
To confirm the changes, run:
/usr/local/cpanel/bin/rebuild_phpconf --current
Example Output:
DEFAULT PHP: ea-php71
ea-php54 SAPI: fcgi
ea-php55 SAPI: fcgi
ea-php56 SAPI: fcgi
ea-php70 SAPI: fcgi
ea-php71 SAPI: fcgi
ea-php72 SAPI: fcgi
The following script will stop Apache (gracefully if possible), and kill any unresponsive Apache & PHP processes before starting the Apache service again. It will also verify the Apache configuration syntax and will only perform the restart procedure if the syntax returns ok. This technique is handy as it is common for Apache processes to get stuck from time to time on busy servers. This snippet deals with those scenarios after performing the humane stop request first.
httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.
cat <<'EOF'>>~/.bashrc && source ~/.bashrc
alias apache_rescue='httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.'
EOF
This concludes our ten step process for installing mod_fcgid onto your cPanel system. It’s recommended to adjust FCGI settings from their default settings. Tune into our next tutorial where we’ll be advising on how to optimize FCGI for various environments.
Sometimes you might forget to renew the domain names before they expire. Unfortunately, this can be a time where a domain brokers purchases you domain name. These are agencies who take popular sites and purchase with the intent of holding the domain until their inflated price is met. As unfortunate as this may be, sometimes it is best to purchase a new domain name for cost efficiency.
NoteWhen purchasing domains from Liquid Web you can always select the option to Auto Renew within our portal Domains >> My Domains
It is good practice to use your FQDN “Fully Qualified Domain Name” as your hostname. Following this practice creates more options for securing your hostname with an SSL. This will allow services like email to function using a secured connection. Using a hostname with a registered domain will allow you to add a corresponding DNS entry. This will prevent unpredictable behavior by some services that use the hostname. This would allow you to set up a reverse lookup DNS entry. It can be very important especially with services like email verfication. For example, when an email is sent the receiving server runs a reverse lookup on the sender’s hostname. The reverse lookup allows receivers server to ensure the hostname resolves to the matching IP address. This is just one preventive measure servers now use to reduce email spoofing incidents.
By using a unique domain name, you can reduce editing time. You may have a script that calls to the servers IP, instead of the hostname, to correctly function. Best practice is to use the hostname because future migrations may change IP addresses/ranges. Using the hostname can save you a lot of time in the long run, depending on your infrastructure and coding.
We’ll need to connect to your server. For this article, we will be using SSH “Secure Shell” to access the server and issues commands. SSH is a powerful tool that will allow us to establish a secure connection with your server, diagnose, and issue remote commands. For more information on the SSH protocol, you can visit the following links.
There are a few ways to use SSH depending on your operating system. We’ve have included some examples below followed by links with more information.
Using SSH client in Windows 10
NoteNote: Because the OpenSSH client was introduced in the Windows 10 Fall Creators Update, you’ll need to first update to at least that version of the operating system.
Unfortunately, for older versions of Windows, it is not exactly possible to set up an SSH natively to connect to your server. Thankfully, applications were created to assist. We like to use MobaXterm, but Putty is a safe choice as well. Both of these applications are free to use and simple to set up. We’ve included links below with more information on these applications.
Newer Mac operating systems come with an excellent utility to access SSH called Terminal. To access Terminal navigate to your Applications folder >> Utilities folder >> Terminal.
In case Terminal is inefficient for your preference, there are other options available in the App store or through a quick search on Google . Putty is also available on Mac!
At this point, you should be able to access your server using SSH. Once you have accessed your server, you will want to either switch to the root user or run these commands using sudo. The files you will be accessing are owned by root. Because of this, you will need root privileges.
To start things off, we will want to edit /etc/hostname and the /etc/hosts files. You can do so by using a text editor of your choice. We will demonstrate how to accomplish this task using the text editor called VIM. Some of these command line text editors can seem complicated, we will include the “sed” command to make things even easier.
Switching to root user:
# su – root
Editing the hostname and hosts file:
# vim /etc/hostname
# vim /etc/hosts
Once you have opened these files, you will need to change your hostname as follows:
As we mentioned earlier, the command line text editors can appear to be overly complicated, especially when you’re used to programs like Word and the Window’s text editor. Because of this, we have included the command below.
# sed -i 's/host.example.com/host.newhostname.com/g' /etc/hosts
# sed -i 's/host.example.com/host.newhostname.com/g' /etc/hostname
After editing these files, you’ll need to reboot the server. If you wish to reboot at a later time but still want your new hostname to take immediate effect click on this sentence to skip ahead. Otherwise, you can do so by running
# reboot
Your SSH session should be terminated. Depending on your server it can take a few minutes to boot back up. Once the server is back online you can check your changes by running the following command:
# hostname
If all went well, the terminal should output your new hostname.
If you wish to reboot at a later time but still want your new hostname to take immediate effect, you can use the hostname command to temporarily set the hostname until the next reboot. From there, the changes in /etc/hosts and /etc/hostname will take permanent effect.
# hostname host.newhostname.com
There is also an alternative available. The hostnamectl command is default for both Desktop and Server versions. They combine setting the hostname via the hostname command, editing /etc/hostname and setting the static hostname. Unfortunately, editing /etc/hosts still has to be done separately.
Example:
# hostnamectl set-hostname host.newhostname.com
The “Failed to start hostname.service: Unit hostname.service is masked” error can happen when there is a syntax error within the /etc/hostname, or /etc/hosts file, or when the hostname does not match between these two files. Be sure to check both of these files for mistakes and correct them as needed. In newer versions of Ubuntu, you will also want to use the hostnamectl command mentioned earlier.
# hostnamectl set-hostname host.newhostname.com
Once corrected, be sure to start the hostname service to see if the issue has been corrected. You can do so by running the command that we have included below. Afterward, we would recommend rebooting your server. This is not always necessary, but in some cases, it is required.
# systemctl restart hostname
As always, Liquid Web customer’s enjoy 24/7 technical support with changing your hostname. Reach out to our sales team to see how you can get into our lightening fast servers today!
When using phpMyAdmin, it’s essential to have the correct user permissions to create edits/writes to the database. Otherwise insufficent permissions can lead to errors like the ones pictured below “#1044 – Access denied for user …[using password: YES]” and “#1045 – Access denied for user…[using password: YES]”. In our tutorial, we’ll show you how to correct this issue using the command line terminal. Let’s get started! Continue reading “Troubleshooting: MySQL/MariaDB Error #1044 & #1045 Access Denied for User”
Cloudflare is an excellent and well-known content delivery network. A CDN can increase site speed by utilizing Cloudflare’s global caching network to deliver content closer to a visitor’s location.
You can also easily attach Cloudflare as an add-on product to your existing Liquid Web server, but there are some configurations to consider.
Login errors with Microsoft SQL Server (MSSQL) are a fairly common issue and can be easily solved with some basic troubleshooting steps. Before we dig in, let’s take a look at the details of the error to try and determine the cause.
Sometimes, the error presents as “login failed for user ‘<username>’,” this information will help us as we identify the user we need to troubleshoot. From the message, we’ll know the error number as a reference to search for next steps. In this case, it is Microsoft SQL Server, Error: 18456.
Other times, we may only see “Microsoft SQL Server Error 18456” along with the severity and state number. On its own, a state number might not mean much, yet it can offer more details as to what is wrong and where to look next.
These states of the error, 18456, are the most common. The descriptions and potential solutions offer a quick explanation and potential troubleshooting guide.
The troubleshooting and solutions require you to login to the server or at least be able to make a Windows Authentication connection to MSSQL using Microsoft SQL Server Management Studio. The most common and easiest method is to connect directly to the server with a Remote Desktop Connection. If you need more information about Remote Desktop Connection, these Knowledge Base articles will help you get connected:
Once you are logged into the server, you’ll want to run Microsoft SQL Server Management Studio (SSMS). SSMS is the tool best suited to configure, manage, and administer MSSQL.
When you start SSMS, you will be asked to log in to the server. By default, most MSSQL servers have Windows Authentication enabled, meaning you must log in with the Windows Administrator or the account specified as the SQL Administrator when MSSQL was installed and configured.
In addition to Windows Authentication, MSSQL supports SQL Server Authentication. Depending on the version of MSSQL and how it was installed and configured, you may or may not have SQL Server Authentication enabled by default.
Once we login to SSMS using Windows Authentication, we need to check the security settings to confirm whether MSSQL is set up to allow both Windows and SQL Authentication.
In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Properties.
Next, click the Security page.
If you find Windows Authentication is the only mode configured, this is the likely cause of Error 18456, Login failed for user ‘<username>’.
Setting the Server authentication mode to allow SQL Server and Windows Authentication, you will be able to login to MS-SQL with a SQL user and password or a Windows user and password. After making this change, you will need to restart the SQL Server service.
In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Restart to apply the new authentication mode settings.
In the above example, Windows Authentication mode was the only mode configured, and the Error 18456 occurred because the user ‘sa’ is a SQL user and SQL Server Authentication was not permitted.
As we check the SQL user permissions, we need to answer the following questions:
In SSMS Object Explorer, expand Security, Logins. Locate the user that was failing to log in. A red x on the user indicates this user has login disabled.
To allow the user to login, right-click the user and choose Properties, then click the Status page. Enabling login for the user and click OK.
After refreshing the list user logins, we can confirm the user no longer has a red x present. This should allow the user to log in. In this example, the SQL user ‘sa’ failed to log in because there was no permission to log in.
Continuing with user troubleshooting, right-click the user and choose Properties, then click the General page. Here you can enter a new password and then enter the confirmation password. Click OK to save the new password. We set a new password for the user so that we are certain of the password when we attempt to log in.
Our last step in troubleshooting a user is to check user mapping to verify the user has access to the desired database and to set or verify their role for the database. Right-click the user and choose Properties, then click the User Mapping page. Select the Database from the list of databases. From the database role memberships, select the desired/required memberships. Click OK.
In this example, we mapped the user ‘ProdX709’ to the database Production X709.2019 and granted them database role db_owner. In many cases, you only need a user to have db_datareader and db_datawriter roles to be able to read and write to the database.
In this troubleshooting article, we learned how to identify specifics of Error 18456 to help us track down the root cause of the issue. Still looking for support? Our MSSQL database solutions come with assistance from our technical support team. Find out how our high-availability database can work for you!
Let’s face it. At some point, while running your WordPress site, you will run into issues and errors and may ultimately have to ask yourself…
This tutorial assumes you’ve already logged in to cPanel, and are starting on the home screen. Now let’s learn how to check a database for errors.
This error relates to logging into phpMyAdmin, an open source tool used for the administration of MySQL.
Once in awhile, perhaps on a Development server, MySQL won’t be setup with a root password. The aforementioned configuration is generally thought of as against best practices however, if it is what you’re dealing with, then it could also interfere with phpMyAdmin.
The error will read “Login without a password is forbidden by configuration (see AllowNoPassword)” as shown below.
![Error Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]](https://lwstatic-a.akamaihd.net/kb/wp-content/uploads/2015/07/Error-Login-without-a-password-is-forbidden-by-configuration-see-AllowNoPassword-SOLVED-01.png)
