Re: Php5 port and Apache Module
Christopher Hilton wrote: Jonathan Horne wrote: [...] Everyone seems to be misunderstanding my question. I'm aware of how to build mod_php5. I'm curious about why the default configuration builds php5 as a standalone CLI and CGI rather than as an apache module. I'm assuming that there is some good engineering behind this decision but I'd like to know a little more about that engineering. Is there some advantage to running php as a Fast CGI process? I guess that mod_php5 depends on Apache and maintainer don't want this big dependency. The second is - if it will depends on Apache of some version (eg. 1.3) it will be broken with another version (2.0 and 2.2). It apply for binary packages. If somebody is compiling ports himself, then can check option with apache or add WITH_APACHE in to /etc/make.conf Miroslav Lachman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
On Sat, 09 Jun 2007 21:45:03 -0400 Christopher Hilton [EMAIL PROTECTED] wrote: Jonathan Horne wrote: Bob wrote: The php4 php5 port apache module used to be default before FBSD 6.0. Around 6.0 may have been the timeline for this change, but it affected users of 5.4 and 5.5 too; one 5.5-STABLE here. I ran into this updating phpMyAdmin last year, which also enforced upgrading from php4 to php5 - unnecessarily, according to the phpMyAdmin specs - and made it no longer possible to install php5 (thus eg phpMyAdmin) from the packages .. Many people before you on this list have wanted the php4/5 apache module turned back on as default but so far the port maintainer has not done anything in any way of justifying removing the apache module from the default setting or re-enable it as the default. [snip] seems like it was removed from the default config of lang/php5 for security reasons. many people who do build php5 do not need the apache module, so no sense building it if its not needed. I may be wrong of course, but my observation is that the majority of people (who mention) installing php do so for use as an apache module. cd /usr/ports/lang/php5 make config (edit your choices) make deinstall make reinstall its just one of those things that you learn to live with after a while. Mmmm. I don't see how it would hurt people who do want to use PHP as a CLI language, or for CGI, if mod_php5 were to be built by default also, making the php package useful again. libphp5.so is under 3MB. Everyone seems to be misunderstanding my question. I'm aware of how to build mod_php5. I'm curious about why the default configuration builds php5 as a standalone CLI and CGI rather than as an apache module. I'm assuming that there is some good engineering behind this decision but I'd like to know a little more about that engineering. Is there some advantage to running php as a Fast CGI process? -- Chris P.S. Sorry Bob, I've scanned the commit logs for the port and there is no mention of security problems with mod_php5.so. To tell the truth I cannot imagine that there would be any security issues in mod_php5.so that didn't also exist in /usr/local/bin/php-cgi. I could be wrong here though and then I would have the answer to my question. Colour me curious too. It appears more like a personal preference than engineering as such. It might also reflect the relative disrepute that installing from packages has fallen into, as those having leading edge hardware tend to forget the convenience and speed of packages compared to especially large compilations on sub-GHz boxes. And of CDROM sets. That said, I'm thankful to developers that it even exists as a port :) Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ian Smith wrote: Around 6.0 may have been the timeline for this change, but it affected users of 5.4 and 5.5 too; one 5.5-STABLE here. I ran into this updating phpMyAdmin last year, which also enforced upgrading from php4 to php5 - unnecessarily, according to the phpMyAdmin specs - and made it no longer possible to install php5 (thus eg phpMyAdmin) from the packages .. That is incorrect. The phpMyAdmin port works perfectly well with php4. The *default* version of php that the port would cause to be installed as a dependency if there was no previously installed php on the system - -- that changed from 4 to 5 a while back, but that was actually a result of system-wide changes in /usr/ports/Mk/bsd.php.mk Note that there is not a lot of point installing phpMyAdmin from packages. The phpMyAdmin port does not compile anything -- all it does it pull down the dist files and copy them into place. Essentially what the package does, except that the port gives you immensely greater flexibility in fitting in with alternate dependencies. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGa7Zn8Mjk52CukIwRCK2YAJ0ZaUx7KmDopyaLLtb6HeV0A4HlTQCdHEP8 kUKvXN9SrbwxmRFxspGRqhY= =vw6Q -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
On Sun, 10 Jun 2007, Matthew Seaman wrote: Ian Smith wrote: Around 6.0 may have been the timeline for this change, but it affected users of 5.4 and 5.5 too; one 5.5-STABLE here. I ran into this updating phpMyAdmin last year, which also enforced upgrading from php4 to php5 - unnecessarily, according to the phpMyAdmin specs - and made it no longer possible to install php5 (thus eg phpMyAdmin) from the packages .. That is incorrect. The phpMyAdmin port works perfectly well with php4. The *default* version of php that the port would cause to be installed as a dependency if there was no previously installed php on the system - -- that changed from 4 to 5 a while back, but that was actually a result of system-wide changes in /usr/ports/Mk/bsd.php.mk To be fair, that was on a huge portupgrade from 5.4-R to 5-STABLE last December involving most ports including xorg and kde, and upgrading the installed php4 to php5 (as a consequence of the _then_ dependency tree) was the only thing that proved problematic, and that using using every prefetched package that portupgrade -anPP could find first. At the time, after a couple of days' struggle, I relented and went with php5, and after the aforementioned making config then installing the php5 port, all was plain sailing. As I recall it may have been a dependency of phpMyAdmin, pecl-pdflib, that kept insisting on php5? Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon have another big upgrade to do (patiently awaiting xorg 7 packages :) Note that there is not a lot of point installing phpMyAdmin from packages. The phpMyAdmin port does not compile anything -- all it does it pull down the dist files and copy them into place. Essentially what the package does, except that the port gives you immensely greater flexibility in fitting in with alternate dependencies. On a 300MHz laptop with a 'fast' 5400rpm drive, packages are the go wherever possible, but I'll try remembering that. It's a nice port. Thanks Matthew, Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ian Smith wrote: Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon have another big upgrade to do (patiently awaiting xorg 7 packages :) I take it you are aware of: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 and have taken steps to secure your phpMyAdmin installation. Wrapping phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you can also serve it via HTTPS. Upgrading to the latest released version (2.10.1) is certainly recommended. This isn't excessive paranoia -- there are webcrawlers in the wild hunting for phpMyAdmin installations by trying all the common URLs that PMA gets installed as, including what I recommend in the port. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGbAQO8Mjk52CukIwRCDTBAJ0Yt6J0uDfwO8AZQJD2avYSTGjg0ACffbqW YahKpz0N617yWWbANwHsepc= =r04R -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
On Sun, 10 Jun 2007, Matthew Seaman wrote: Ian Smith wrote: Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon have another big upgrade to do (patiently awaiting xorg 7 packages :) I take it you are aware of: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 I am now, thanks. and have taken steps to secure your phpMyAdmin installation. Wrapping phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you can also serve it via HTTPS. Upgrading to the latest released version (2.10.1) is certainly recommended. I'm only running it on localhost currently for local database work, not externally accessible, but your warnings are well appreciated. Frankly I don't have much confidence in PHP's security generally, let alone for complex applications like phpMyAdmin using lots of javascript and such, yet find pma the most useful thing for working with Mysql databases. This isn't excessive paranoia -- there are webcrawlers in the wild hunting for phpMyAdmin installations by trying all the common URLs that PMA gets installed as, including what I recommend in the port. Indeed it's not excessive; noticed here on Saturday on several sites on a public server that's NOT running phpMyAdmin (all from this IP, fwiw): 87.106.25.69 - - [09/Jun/2007:18:05:44 +1000] GET /phpmyadmin/main.php HTTP/1.0 404 287 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:44 +1000] GET /PMA/main.php HTTP/1.0 404 280 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:45 +1000] GET /mysql/main.php HTTP/1.0 404 282 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:45 +1000] GET /admin/main.php HTTP/1.0 401 471 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:46 +1000] GET /db/main.php HTTP/1.0 404 279 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:46 +1000] GET /dbadmin/main.php HTTP/1.0 404 284 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:47 +1000] GET /web/phpMyAdmin/main.php HTTP/1.0 404 291 - pmafind 87.106.25.69 - - [09/Jun/2007:18:05:47 +1000] GET /admin/pma/main.php HTTP/1.0 401 471 - pmafind Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
Miroslav Lachman wrote: I guess that mod_php5 depends on Apache and maintainer don't want this big dependency. The second is - if it will depends on Apache of some version (eg. 1.3) it will be broken with another version (2.0 and 2.2). It apply for binary packages. If somebody is compiling ports himself, then can check option with apache or add WITH_APACHE in to /etc/make.conf That makes sense almost to the point of justifying the existence of a mod_php5 port for those people who want apache+mod_php5. However given the fact that this would double the workload on the maintainer I understand. Thanks -- Chris -- __o All I was doing was trying to get home from work. _`\,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hiltonchris | at | vindaloo.com pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Php5 port and Apache Module
The php4 php5 port apache module used to be default before FBSD 6.0. Many people before you on this list have wanted the php4/5 apache module turned back on as default but so far the port maintainer has not done anything in any way of justifying removing the apache module from the default setting or re-enable it as the default. This has forced all php4/5 users who want to use php in apache to compile it manually with the apache module option selected during the make install of the port. When it was part of the default the php4/5 package was so quick to install and ready to work with apache without any special handling. Hope you have better luck finding the justification for it being removed from the default. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christopher Hilton Sent: Saturday, June 09, 2007 3:51 PM To: [EMAIL PROTECTED]; User Questions Subject: Php5 port and Apache Module I can see that if I build the php5 port it defaults to CLI and CGI mode but the Apache module is not built. Am I wrong when I assume that the Apache Module will have the best performance? I guess that I'd just like to understand the engineering decisions behind the default in the port's configuration. -- Chris -- __o All I was doing was trying to get home from work. _`\,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hiltonchris | at | vindaloo.com pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
Bob wrote: The php4 php5 port apache module used to be default before FBSD 6.0. Many people before you on this list have wanted the php4/5 apache module turned back on as default but so far the port maintainer has not done anything in any way of justifying removing the apache module from the default setting or re-enable it as the default. This has forced all php4/5 users who want to use php in apache to compile it manually with the apache module option selected during the make install of the port. When it was part of the default the php4/5 package was so quick to install and ready to work with apache without any special handling. Hope you have better luck finding the justification for it being removed from the default. I've been operating under the assumption that: There is some configuration you can do in /usr/local/etc/apache*/httpd.conf to get apache to use the CGI version of php; That this can be done without requiring a shebang (#! ...) line at the beginning of every php script; And that using php as a CGI script offers better performance than running it as an apache module. Looking on the internet though I cannot seem to find a set of instructions for configuring php-cgi in apache2. And once I do find the configuration I'll have to have a shebang at the start of every php module. Further all the performance comparisons that I've seen seem show that the performance of php as a FastCGI script and as an Apache Module are about equal. I don't want to get into a war. I'm still assuming that the port maintainer knows something that I don't. If I cannot get this running soon I guess that I will go back to mod_php5 and revisit this later. -- Chris -- __o All I was doing was trying to get home from work. _`\,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hiltonchris | at | vindaloo.com pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
Bob wrote: The php4 php5 port apache module used to be default before FBSD 6.0. Many people before you on this list have wanted the php4/5 apache module turned back on as default but so far the port maintainer has not done anything in any way of justifying removing the apache module from the default setting or re-enable it as the default. This has forced all php4/5 users who want to use php in apache to compile it manually with the apache module option selected during the make install of the port. When it was part of the default the php4/5 package was so quick to install and ready to work with apache without any special handling. Hope you have better luck finding the justification for it being removed from the default. I've been operating under the assumption that: There is some configuration you can do in /usr/local/etc/apache*/httpd.conf to get apache to use the CGI version of php; That this can be done without requiring a shebang (#! ...) line at the beginning of every php script; And that using php as a CGI script offers better performance than running it as an apache module. Looking on the internet though I cannot seem to find a set of instructions for configuring php-cgi in apache2. And once I do find the configuration I'll have to have a shebang at the start of every php module. Further all the performance comparisons that I've seen seem show that the performance of php as a FastCGI script and as an Apache Module are about equal. I don't want to get into a war. I'm still assuming that the port maintainer knows something that I don't. If I cannot get this running soon I guess that I will go back to mod_php5 and revisit this later. -- Chris -- __o All I was doing was trying to get home from work. _`\,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hiltonchris | at | vindaloo.com pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ seems like it was removed from the default config of lang/php5 for security reasons. many people who do build php5 do not need the apache module, so no sense building it if its not needed. cd /usr/ports/lang/php5 make config (edit your choices) make deinstall make reinstall its just one of those things that you learn to live with after a while. cheers, -- Jonathan Horne [EMAIL PROTECTED] http://dfwlpiki.dfwlp.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Php5 port and Apache Module
Jonathan Horne wrote: Bob wrote: The php4 php5 port apache module used to be default before FBSD 6.0. Many people before you on this list have wanted the php4/5 apache module turned back on as default but so far the port maintainer has not done anything in any way of justifying removing the apache module from the default setting or re-enable it as the default. [snip] seems like it was removed from the default config of lang/php5 for security reasons. many people who do build php5 do not need the apache module, so no sense building it if its not needed. cd /usr/ports/lang/php5 make config (edit your choices) make deinstall make reinstall its just one of those things that you learn to live with after a while. Everyone seems to be misunderstanding my question. I'm aware of how to build mod_php5. I'm curious about why the default configuration builds php5 as a standalone CLI and CGI rather than as an apache module. I'm assuming that there is some good engineering behind this decision but I'd like to know a little more about that engineering. Is there some advantage to running php as a Fast CGI process? -- Chris P.S. Sorry Bob, I've scanned the commit logs for the port and there is no mention of security problems with mod_php5.so. To tell the truth I cannot imagine that there would be any security issues in mod_php5.so that didn't also exist in /usr/local/bin/php-cgi. I could be wrong here though and then I would have the answer to my question. -- __o All I was doing was trying to get home from work. _`\,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hiltonchris | at | vindaloo.com pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
