Running Vhosts With Apache2 mpm-itk On Debian

apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing Module) for the Apache 2 web server. mpm-itk allows you to run each of your vhost under a separate uid and gid — in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.

Requirements

Apache2 installation with PHP support

Install apache2 with PHP4 or PHP5 support in debian etch

#aptitude install apache2

This will complete the installation

Now you need to install php4 or php5 for apache2 server

For php4 users the following command

#aptitude install php4

For php5 users the following command

#aptitude install php5

Enable mod_php for apache2 server in etch

Use the following commands

For php4 users the following command

#aptitude install libapache2-mod-php4

For php5 users the following command

#aptitude install libapache2-mod-php5

If you install the PHP4 or PHP5 modules for Apache2 then they will automatically enable themselves.If you have any problem you can use the following commands to enable php modules manually.

For php4 users the following command

# a2enmod php4

For php5 users the following command

# a2enmod php5

Install apache2-mpm-itk on Debian

aptitude install apache2-mpm-itk

This will complete the installation.

Configure apache2-mpm-itk in Debain

apache2-mpm-itk is configured on a per-vhost basis, i.e., we don’t have to set any global options, and there’s only one directive we need to set in a vhost, AssignUserId, which takes two parameters, the user name and the group that the vhost will run as.

In this example we will use the default Debian Apache vhost (you can find its configuration in /etc/apache2/sites-available/default) with the document root /var/www (if you have different vhosts, please adjust this to your situation), and we want this vhost to run as the user web_test and group web.

If the user and group don’t already exist, we can create them as follows:

#groupadd web

#useradd -s /bin/false -d /home/web_test -m -g web web_test

Then we open our vhost configuration and add the following lines to it:

<IfModule mpm_itk_module>
AssignUserId web_test web
</IfModule>

For Example

#vi /etc/apache2/sites-available/default

NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2’s default start page
# in /apache2-default/, but still have / go to the right place
RedirectMatch ^/$ /apache2-default/
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ “/usr/share/doc/”
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

<IfModule mpm_itk_module>
AssignUserId web_test web
</IfModule>
</VirtualHost>

Restart Apache server using the following commands

#/etc/init.d/apache2 restart

Sponsored Link

6 thoughts on “Running Vhosts With Apache2 mpm-itk On Debian

  1. Very interesting. Is this the method of setting up vhosts that shared hosting providers use?

    Any why do the right click disable on your site? It’s super irritating (and easily evaded by anyone of the level reading your site) since I can’t use my spell check that uses a right click.

  2. Thanks.

    So this is very similar to SuPHP which is available for this purpose? Have always looked for something like this. Works like a charm.

  3. can u explain how to use this i mean where to create directories for each user , how to acces them, can you please explain oe to deploy an simple PHP project

    sorry if it is an silly question!! 🙁
    Thanx in advance

  4. Hi,

    When people come in to my vhost, they are web_guest (thanks to mpm-itk)

    When user logs in he must be : Michael
    I need to be able to change this vhost directive from my php-application

    So my vhost directive has to change only for the logged in user Michael (remain the same for the rest)

    From:

    AssignUserId guest_user guest_group

    To:

    AssignUserId Michael user_group

    I’d appreciate if you could give some directions…
    Thanks,
    D

  5. ################
    a2enmod mpm_itk
    ################

    Needs to be applied at then end. Module no longer automatically enabled at the end of the apt-get or aptitude install.

    Or the process will appear no to work and Apache2 will default to www-data

Leave a comment

Your email address will not be published. Required fields are marked *