You need mod_fcgid and suexec enabled.
<VirtualHost *:80>
ServerName drupal
DocumentRoot /home/steph/webapps/drupal/
<Directory "/home/steph/webapps/drupal/">
Order allow,deny
Allow from all
AllowOverride All
Options ExecCGI FollowSymLinks
</Directory>
SuexecUserGroup steph steph
AddHandler fcgid-script .php
FCGIWrapper /home/steph/webapps/drupal/php5-fcgi .php
</VirtualHost>
The important config is:
- Options … which must be in the Directory block if the Directory block exists (though it seems to work on a server of mine where there’s no Directory block).
- SuexecUserGroup …
- AddHandler …
- FCGIWrapper …
I’ve also seen it achieved with the following two lines instead of the AddHandler and FCGIWrapper given above:
AddHandler php-fcgi .php
Action php-fcgi /home/steph/webapps/drupal/php5-fcgi
Where /home/steph/webapps/drupal/php5-fcgi is the following:
#!/bin/sh
PHPRC=/etc/php/cgi-php5/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
# See http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
export PHP_FCGI_CHILDREN=0
exec /usr/bin/php-cgi
Where /etc/php/cgi-php5/ holds the php config (presumably in php.ini) and /usr/bin/php-cgi is your PHP CGI executable.
/home/steph/webapps/drupal/php5-fcgi must be executable by the user steph, as given by the SuexecUserGroup line in the vhost config.
Gotchas
error reading data
Without suexec running, mod_fastcgi shows errors like the following in apache error log:
[Thu Oct 21 15:53:02 2010] [debug] fcgid_proc_unix.c(354): mod_fcgid: call /home/steph/webapps/drupal/index.php with wrapper /home/steph/webapps/drupal/php5-fcgi
[Thu Oct 21 15:53:02 2010] [info] mod_fcgid: server drupal:/home/steph/webapps/drupal/index.php(10270) started
[Thu Oct 21 15:53:02 2010] [warn] [client 127.0.0.1] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Thu Oct 21 15:53:02 2010] [error] [client 127.0.0.1] Premature end of script headers: index.php
[Thu Oct 21 15:53:05 2010] [info] mod_fcgid: process /home/steph/webapps/drupal/php5-fcgi(10270) exit(communication error), terminated by calling exit(), return code: 255
This could be due to file permissions.
target uid/gid mismatch
If you get an error like the following, make sure the directory that contains php5-fcgi has the correct ownership. That includes symlinks.
[2011-10-09 15:44:06]: uid: (1004/f3) gid: (1004/f3) cmd: php5-fcgi
[2011-10-09 15:44:06]: target uid/gid (1004/1004) mismatch with directory (1004/0) or program (1004/1004)
Increase timeout
If you get an error message in the apache error log similar to the following…
mod_fcgid: read data timeout in 40 seconds
…you can increase the timeout.
For gentoo, add the following to /etc/apache2/modules.d/20_mod_fcgid.conf:
IPCConnectTimeout 20
IPCCommTimeout 300
Or put them in your general apache config.
Note: I’m not sure of the best values to use.