Apache PHP DSO to LSWS migrating

[bloodyman]

Hi

I would like to migrate cPanel Apache + PHP as DSO server to LSWS.

The main reason is that I would like to allow users to run their PHP scripts as user:user (instead of nobody:nobody) to have Wordpress and other sites working properly. I would like to know if anyone experienced issues during changing Apache + PHP as DSO to LSWS on cPanel dedicated server with users?

 

[webizen]

should be ok. you can run LSWS (on port 2080) in paralell and enable PHP suEXEC to test.

 

[bloodyman]

Thanks for reply.

LSWS has many, many, many new settings for me, as *maybe* new user.

I read some part of documetation, but I would like to know if there are any security settings that should be setup after default installation of LSWS on cPanel shared server? I know how to manage and secure Apache, but I don't have any experience with LSWS. Of course after few months of running LSWS I would be able to tell something about LSWS, but I'm looking for any security tutorial for beginers.

 

[webizen]

LSWS default settings (install from cPanel plugin) should suit for shared hosting need.

here is more details:
http://www.litespeedtech.com/suppor...speed_wiki:security:shared_hosting_securities

 

[bloodyman]

Hi

You refer to:

http://www.litespeedtech.com/suppor...speed_wiki:security:shared_hosting_securities

There is information, that home user directories should be 770 or 750, while using EasyApache with Fileprotect on I have all user directories set to 711. Or article you have provided is not for cPanel Apache migration to Litespeed?

Another question - I have custom settings in httpd.conf:

<Directory "/">
Options -ExecCGI -FollowSymLinks +Includes +IncludesNOEXEC -Indexes -MultiViews +SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Indexes,MultiViews,FollowSymLinks,ExecCGI
</Directory>

<Directory "/usr/local/apache/htdocs">
Options IncludesNOEXEC -Indexes -FollowSymLinks +SymLinksIfOwnerMatch -ExecCGI
AllowOverride None
Order allow,deny
Allow from all
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>

</Directory>

Are they automatically migrated into Litespeed during cpanel apache migration (via WHM plugin)?

 

[webizen]

The document is not for migrating your server in particular but for how shared hosting environment should be in general since you asked for security tutorial. It does *NOT* mean yours (711 permission) will fail under LSWS.

Your custom settings in httpd.conf should be supported in LSWS.

Please note that LSWS reads Apache httpd.conf and behaves the same way as Apache (LSWS is Apache drop-in replacement). LSWS will not modify or create anything for Apache.

As pointed out earlier, you can take 15-day trial and have LSWS run in paralell with Apache and see if there is any issue for your environment.

 

[bloodyman]

Hi

It means that LSWS uses easyapache/apache httpd.conf file , it does not build its own config file?

I forget to ask about httpd restart service - how can I restart LSWS from command line? Do I use 'service httpd restart' as for apache? How cPanel restarts httpd server when LSWS is used instead of apache? chkservd cover LSWS as separate service or it restarts LSWS by apache restart?

Acording to your previous answer, if I will edit for example Apache Global Configuration (like Directory “/” Options) or Apache Directory Index Priority in WHM and then I will rebuild Apache conf and restart Apache as normal in WHM - those changes will be automatically taken by LSWS because it use the same httpd.conf file for configuration? What else configuration options for Apache in WHM are automatically taken by LSWS?

If I will put entires in Pre VirtualHost Include in WHM - will they be also included into LSWS configuration? What if I will put entries that are not accepted by LSWS - for example "SetEnvIf Range"? Are they ignored or there will be an error after I will start LSWS that will prevent it from running?

And another question - I've mentioned that I will migrate from cPanel Apache running as DSO (PHP 5 Handler: dso) to Litespeed PHP 5 because I would like to run PHP with my users group/ID. Is it enough to setup Apache suEXEC to ON to have LSWS PHP running as user/group? Or I need to set PHP 5 Handler to for example CGI in Configure PHP and SuExec in WHM?

I know about 15-days trial, but there are still questions that I need to have answered before I will try LSWS. And I didn't find answers for my questions in your WIKI or Forum.

 

[webizen]

Hi

It means that LSWS uses easyapache/apache httpd.conf file , it does not build its own config file?

LSWS comes with its own standard httpd_config.xml file to get LSWS up and running AND reads Apache httpd.conf for vhost account setup, etc. It does NOT re-create vhost config in LSWS.

I forget to ask about httpd restart service - how can I restart LSWS from command line? Do I use 'service httpd restart' as for apache? How cPanel restarts httpd server when LSWS is used instead of apache? chkservd cover LSWS as separate service or it restarts LSWS by apache restart?

Once LSWS takes over Apache, 'service httpd restart' will restart LSWS.

Acording to your previous answer, if I will edit for example Apache Global Configuration (like Directory “/” Options) or Apache Directory Index Priority in WHM and then I will rebuild Apache conf and restart Apache as normal in WHM - those changes will be automatically taken by LSWS because it use the same httpd.conf file for configuration? What else configuration options for Apache in WHM are automatically taken by LSWS?

If I will put entires in Pre VirtualHost Include in WHM - will they be also included into LSWS configuration? What if I will put entries that are not accepted by LSWS - for example "SetEnvIf Range"? Are they ignored or there will be an error after I will start LSWS that will prevent it from running?

Everything in Apache httpd.conf (including those Includes) will be automatically taken by LSWS.

For mod_setenvif that LSWS does not support, you can workaround it (http://www.litespeedtech.com/support/forum/showthread.php?t=5259)

And another question - I've mentioned that I will migrate from cPanel Apache running as DSO (PHP 5 Handler: dso) to Litespeed PHP 5 because I would like to run PHP with my users group/ID. Is it enough to setup Apache suEXEC to ON to have LSWS PHP running as user/group? Or I need to set PHP 5 Handler to for example CGI in Configure PHP and SuExec in WHM?

You need to make sure PHP suEXEC set to Yes in LSWS and build matching PHP in LSWS (LSPHP or aka LSAPI + PHP). That should be it.

I know about 15-days trial, but there are still questions that I need to have answered before I will try LSWS. And I didn't find answers for my questions in your WIKI or Forum.

The reason we point out 15-day trial is that you will likely find answers to your questions yourself when you experience it. Plus, it is more efficient that way.

 

[bloodyman]

Everything in Apache httpd.conf (including those Includes) will be automatically taken by LSWS.

For mod_setenvif that LSWS does not support, you can workaround it (http://www.litespeedtech.com/support/forum/showthread.php?t=5259)

If I will try to run LSWS on server where mod_setenvif are used in users .htaccess or /usr/local/apache/conf/includes/pre_virtualhost_2.conf, would it be ignored by LSWS or LSWS will stop running and produce errors on every page (when there is entrie in /usr/local/apache/conf/includes/pre_virtualhost_2.conf)?

 

[webizen]

unsupported mod_setenvif will be ignored.

please refer to following docs to get you started.

http://www.litespeedtech.com/support/wiki/doku.php#apache_web_hosting_control_panel_migration