今天安装了cPanel/WHM 11.38.2(下文简称cp),用了后,我只能说,cPanel管理员后台的功能真的不是一般的强大,简直是把DirectAdmin甩到十万九千七亿千米去了。 但世上没有十全十美的东西,不出我的预料,cPanel使用的是suPHP,PHP执行方式是FastCGI。 前面文章我曾经提到过suPHP的缺点,这里就不再重复。 既然APACHE2HANDLER(下文简称A2R)模式的安全性,性能等多方面都比FastCGI好,怎能不对cPanel进行改造改造呢? 首先,要切换PHP的执行方式。以root身份登录cPanel的后台,在“Service Configuration […]
Tag: DirectAdmin
解决添加Zend Guard Loader后探针检测仍然显示小红叉
可能有些人会用到SHOPNC这类用Zend加密的程序,因此需要添加Zend Guard Loader,不过安装好后用探针检测,可能会出现以下情况——Zend Guard Loader旁边显示小红叉。例如安装DirectAdmin时选择PHP5.3并且选择添加Zend时,就会出现这种情况: 我们来看看Zend的官方说明文档:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
Zend Guard Loader installation instructions ------------------------------------------- 1. Extract the Zend Loader package. 2. Locate and extract the ZendGuardLoader.so (Linux) or ZendLoader.dll (Windows) that corresponds to your php version. 3. Add the following line to your php.ini file for loading the ZendGuardLoader: Linux and Mac OS X: zend_extension=<full_path_to_ZendGuardLoader.so> Windows non-thread safe: zend_extension=<full_path_to_ZendLoader.dll> 4. Add an aditional line to your php.ini for enabling ZendGuardLoader ; Enables loading encoded scripts. The default value is On zend_loader.enable=1 5. Optional: following lines can be added your php.ini file for ZendGuardLoader configuration: ; Disable license checks (for performance reasons) zend_loader.disable_licensing=0 ; The Obfuscation level supported by Zend Guard Loader. The levels are detailed in the official Zend Guard Documentation. 0 - no obfuscation is enabled zend_loader.obfuscation_level_support=3 ; Path to where licensed Zend products should look for the product license. For more information on how to create a license file, see the Zend Guard User Guide zend_loader.license_path= 6. If you use Zend debugger as well, please make sure to load it after the Zend guard Loader 7. If you use ioncube loader, please make sure to load it before Zend guard Loader 8. Restart your Web server. |
明文说明需要添加zend_loader.enable=1,执行此命令可以检查php.ini有没有这一行代码(仅仅适合PHP-CLI/CGI,FPM的用find命令找出来后手动检查): [crayon-66e3 […]
APC3.1.9自动安装脚本For DirectAdmin with PHP-CLI
前面发过一个APC Shell Script For PHP-CGI,经过Zeraba的指导,使用apc.php看了下APC的命中率,发现无论怎样,命中数只有“1”,明显APC并没有发挥它应有的用途。同时也发现,不管是什么opcode的PHP组件,都是只能在探针那看个版本…… 既然PHP-CGI有问题,那就换PHP-CLI,但是DirectAdmin的PHP-CLI模式也有问题,那就是无法以特定身份去创建执行PHP程序,这就使得用户的网站某些目录需要设置rwxrwxrwx,非常麻烦,而且也不安全。 要解决DirectAdmin的PHP-CLI的问题,大家可以参考:实现DirectAdmin使用 […]
实现DirectAdmin使用PHP-CLI模式的站点独立用户与查看各用户资源占用情况
用过DirectAdmin的都知道,CLI是个坑爹货:网站目录非rwxrwxrwx(777)权限无法写入,无法查看是哪个用户占用较多的资源,甚至无法正常使用opcode cache的PHP组件。 我们来研究下DirectAdmin的站点的配置文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# Auto generated apache config file by DirectAdmin version 1.42.1 # Modifying this file is not recommended as any changes you make will be # overwritten when the user makes any changes to his/her website # For global config changes that affect all Users, see this guide: # http://help.directadmin.com/item.php?id=2 # For local config changes that only affect one User, see this guide: # http://help.directadmin.com/item.php?id=3 # Frontpage requires these parameters in every httpd.conf file or else # it won't work. ServerRoot /etc/httpd <VirtualHost HIDE:80 > ServerName www.360buy.com ServerAlias www.360buy.com 360buy.com ServerAdmin webmaster@360buy.com DocumentRoot /home/admin/domains/360buy.com/public_html ScriptAlias /cgi-bin/ /home/admin/domains/360buy.com/public_html/cgi-bin/ UseCanonicalName OFF <IfModule !mod_ruid2.c> SuexecUserGroup admin admin </IfModule> <IfModule mod_ruid2.c> RMode config RUidGid admin admin RGroups apache access </IfModule> CustomLog /var/log/httpd/domains/360buy.com.bytes bytes CustomLog /var/log/httpd/domains/360buy.com.log combined ErrorLog /var/log/httpd/domains/360buy.com.error.log <Directory /home/admin/domains/360buy.com/public_html> Options +Includes -Indexes php_admin_flag safe_mode OFF php_admin_flag engine ON php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin@360buy.com' </Directory> </VirtualHost> |
关键,就在SuexecUserGroup这里,这里定义了站点的执行PHP脚本时所使用的用户身份,这样可以给不同网站的目录不同的所有者,且无需再特意给某些文件设置rwxrwxrwx(777)权限。 然而,这个东西在CGI模式下工作正常,而CLI却不正常。貌似mod_ruid2.c是Su […]
解决PHP加载组件提示:PHP Warning: PHP Startup: Unable to load dynamic library ‘./apc.so’ – ./apc.so: cannot open shared object file: No such file or directory in Unknown on line 0
前面发表了一篇文章:APC3.1.9自动安装脚本For DirectAdmin 给另一台PHP版本为5.2.17的服务器使用时,发现APC组件没有成功加载,PHP探针里面无法检测到, 起初以为路径的问题,于是把php.ini里面的:
1 |
extension="apc.so" |
更改为:
1 |
extension=/usr/local/php5/lib/php/extensions/no-debug-non-zts-20060613/apc.so |
但是很可惜,仍然不行。 尝试重新编译安装APC,依然是那样。想起有错误日志,于是打开看了下,果然,N行同样的错误记录:
1 2 3 |
…… [Fri Jun 07 12:03:24 2013] [error] [client 113.78.38.90] PHP Warning: PHP Startup: Unable to load dynamic library './apc.so' - ./apc.so: cannot open shared object file: No such file or directory in Unknown on line 0, referer: http://test.com/tz.php …… |
貌似是./有问题,使得PHP在./,也 […]