Should I use SuEXEC or non-SuEXEC?

If you run shared hosting services with a control panel, it is necessary to use SuEXEC mode for security reasons. In SuEXEC mode, each PHP process will run as the owner of the virtual host's document root. If you only host your own domains, you can use SuEXEC but doing so may not be necessary.

To enable SuEXEC for cPanel, Plesk, or another control panel, Admin Console → Server → Server General → Using Apache Configuration File → PHP suEXEC should be set to Yes.

Which PHP setup am I using?

LiteSpeed Web Server comes with a number of PHP setups. Less experienced users may be confused as to which PHP setup they are using. Follow the steps in this wiki to determine which PHP setup you're using.

Prerequisites

This wiki is for LSWS users using LSAPI (the default and recommended SAPI for PHP).

suEXEC or non-suEXEC?

  • Is the PHP suEXEC setting set to Yes or User's Home Directory Only? If so, then you are using suEXEC. If not, then you are not using suEXEC.

Which suEXEC mode am I using?

PHP suEXEC Setups

LiteSpeed Web Server offers a number of different PHP suEXEC setups for the various needs and goals of shared hosting providers: suEXEC Worker mode, suEXEC Daemon mode, and suEXEC ProcessGroup mode.

suEXEC Worker mode

suEXEC Worker: Standard suEXEC PHP with LSAPI. Creates new processes when needed. PHP suEXEC Worker is compatible with custom php.ini files, including CloudLinux’s CageFS php.ini files, and thus allows the use of CloudLinux's PHP Selector. suEXEC Worker is incompatible with opcode caching. suEXEC Worker is enabled by default when PHP suEXEC is configured in your Apache configs.

suEXEC Daemon mode

suEXEC Daemon mode is automatically set up to run processes as the site owner, makes great use of opcode caching, and spawns processes dynamically, using resources when and where you need them. suEXEC Daemon mode does not allow a customized per-user php.ini. If a user has a customized php.ini, LiteSpeed WebServer will automatically switch to suEXEC Worker mode (LiteSpeed's default suEXEC setup) at the server level. Because of the incompatibility with custom php.ini's, suEXEC Daemon mode is not compatible with CloudLinux's PHP Selector.

To set up suEXEC Daemon mode, just adjust your server-level LSPHP external application settings. WebAdmin console > Configuration > External App > your LSPHP external application: Set Auto Start to Yes and Run On Start Up to suEXEC Daemon.

suEXEC ProcessGroup mode

suEXEC ProcessGroup mode allows for LiteSpeed's most powerful suEXEC opcode caching. Each process group has its own parent process which makes PHP suEXEC ProcessGroup compatible with custom php.ini files. A custom php.ini allows the use of CloudLinux’s PHP Selector. ProcessGroup is set through a directive in your httpd.conf files at either the server or virtual host level. (See the Configuration section.) Using this directive at the virtual host level allows you to decide which users get a personal opcode cache.

Prerequisites:

Auto Start (in WebAdmin console > Configuration > External App > your external application) must be set to Yes or Through CGI Daemon. Setting Auto Start to Through CGI Daemon may save resources by not starting parent processes for idle process groups at startup. If you wish to use suEXEC Daemon mode for some users while using ProcessGroup for others, change Run On Start Up (in WebAdmin console > Configuration > External App > your external application) to suEXEC Daemon. If Run On Start Up is set to suEXEC Daemon, ProcessGroup will override Daemon mode wherever ProcessGroup is enabled. If Run On Start Up (in WebAdmin console > Configuration > External App > your external application) is set to No, LSWS will start a parent process for each process group only when a user receives traffic. This is recommended. Setting Run On Start Up to Yes may result in errors. When Run on Start Up is set to yes or suEXEC Daemon, Max Idle Time default value is 10. You can even set it to a very large number like 3600 so that PHP will not be stopped by the server in short time. Don't set “Max Idle time” to “-1”, since it will be converted to default 30 seconds for process group.

In control panel environment, processGroup is enabled by placing the directive LSPHP_ProcessGroup in an httpd.conf file. This can be done at the server or virtual host level. If done at the server level, all virtual hosts will use ProcessGroup. If done at the virtual host level, only that virtual host will use ProcessGroup. While in LSWS native environment, processGroup can be enabled by setting Instances to 1 and setting LSAPI_CHILDREN to a number greater than 1, such as 15.

Example configuration for control panel environment:

<IfModule LiteSpeed>
LSPHP_ProcessGroup on
LSPHP_Workers 15
</IfModule>

Note the <IfModule LiteSpeed>. The two directives, LSPHP_ProcessGroup and LSPHP_Workers, are LiteSpeed-specific directives. Apache will not understand them and may crash if they are not protected.

Additional configurations:

LSPHP_Workers sets the maximum number of child processes that the parent process can spawn. This is optional. If set, it will override the PHP suEXEC Max Conn setting (in WebAdmin console > Configuration > Server > General > Using Apache Configuration File). Per-user opcode cache size is set in your php.ini file. The steps to set this depends on which opcode cache you’re using. The Max Idle Time setting (in WebAdmin console > Configuration > External App > your external application) will control how long before idle parent processes are killed.

Special notes for use with cPanel:

The ProcessGroup directive should be put in an include file, otherwise it will be overwritten when you upgrade WHM. When configuring ProcessGroup at the server level, the directive should be placed in /usr/local/apache/conf/includes/pre_virtualhost_global.conf. When configuring ProcessGroup at the virtual host level, the directive should be placed in a virtual host-level include file. Guides for adding include files can be found on this page from cPanel's site.

References:

https://www.litespeedtech.com/products/litespeed-sapi/php/guide-to-suexec-setups

https://www.litespeedtech.com/products/litespeed-sapi/php/suexec-worker

https://www.litespeedtech.com/products/litespeed-sapi/php/suexec-daemon-mode

https://www.litespeedtech.com/products/litespeed-sapi/php/suexec-processgroup

Config PHP and suEXEC in Cpanel

 
litespeed_wiki/php/which_php_setup_am_i_using.txt · Last modified: 2017/11/13 16:21 by Jackson Zhang