Running PHP securely under apache
The equipel Virtual Host Definition File
This is the actual, full virtual host file from my server /etc/apache2/sites-enabled/equipel.co.uk.conf
<VirtualHost *:80>
ServerAdmin webmaster@everiware.co.uk
ServerName equipel.co.uk
ServerAlias www.equipel.co.uk
ErrorLog /var/log/apache2/equipel.co.uk-error_log
CustomLog /var/log/apache2/equipel.co.uk-error_log combined
ServerSignature Email
RewriteEngine On
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
AddHandler php7-fcgi-equipel.co.uk .php
Action php7-fcgi-equipel.co.uk /php7-fcgi-equipel.co.uk virtual
Alias /php7-fcgi-equipel.co.uk /usr/lib/cgi-bin/php7-fcgi-equipel.co.uk
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-equipel.co.uk -socket /run/php/php7.0-fpm.equipel.co.uk.sock -pass-header Authorization -flush
DocumentRoot /var/www/equipel.co.uk/htdocs
<Directory /var/www/equipel.co.uk/htdocs>
<FilesMatch “.+\.ph(p[345]?|t|tml)$”>
SetHandler php7-fcgi-equipel.co.uk
</FilesMatch>
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Just asfter the RewriteEngine On normally I’d also have
RewriteCond %{HTTP_HOST} ^www\.equipel\.co\.uk
RewriteRule ^(.*)$ http://equipel.co.uk/$1 [R=301,L]
To change any www.equipel.co.uk queries from a browser to plain equipel.co.uk ones, but this is a WordPress site with a complicated .htaccess to do its own rewriting, so I just had to enable Apache rewrites and left it at that.
It’s a shame that you can’t simple put comments into an virtual host file, except by “cheating”, which is another article.
Does the use of AddHandler php7-fcgi-equipel.co.uk .php mean that the FilesMatch “.+\.ph(p[345]?|t|tml)$ is pvrkill? I think it does and I should find out and I’ll revise this article.
