Executing PHP CGI Scripts over SSL

Question

Apache 2.4 on Amazon Linux (roughly equivalent to RH 7, I suppose), with various versions of PHP.

I'm having an issue trying to get PHP CGI scripts running on my webserver when SSL is enabled. For example:

http://52.example.com/phpinfo.php 

gives the proper output, but when I enable SSL (i.e, https://52.example.com), I get a 404 error:

The requested URL /php-fcgi/php-cgi-5.2.17/phpinfo.php was not found on this server. 

Here are the contents of the 52.conf file in my /var/www/vhosts directory:

 <VirtualHost *:443> ServerName 52.example.com DocumentRoot /var/www/vhosts/52 <Directory "/var/www/vhosts/52/"> AddHandler php-cgi .php Action php-cgi /php-fcgi/php-cgi-5.2.17 <FilesMatch "\.php$"> Options ExecCGI SetHandler php-cgi </FilesMatch> </Directory> 

where site.conf is a virtual host definition.

And here are the contents of the php-cgi-5.2.17 file:

#!/bin/sh version="5.2.17" PHPRC=/opt/phpfarm/inst/php-${version}/lib/php.ini export PHPRC PHP_FCGI_CHILDREN=3 export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_MAX_REQUESTS # which php-cgi binary to execute exec /opt/phpfarm/inst/php-${version}/bin/php-cgi 

As you can probably tell, I'm using PHPFarm to server different versions of PHP to different subdomains.

Note that I don't know for sure that SSL is the cause of my grief, but it seems awfully suspicious.

If anyone has any thoughts or ideas I would be eternally grateful. Thanks in advance.

Answer 1

Apache by default uses a different host config file for the default ssl server. And I don't see any reference to SSL in the snippets of your config that you posted....

So.. it is probably falling back to whatever default host is defined and is pointing at the wrong DocumentRoot.

Run apache2ctl -S to see what names/aliases, addresses, and ports are in play as it is currently running. It will also tell you what config file defines it and what line the definition starts on.

VirtualHost configuration: 10.99.88.55:443 is a NameVirtualHost default server example.com (/etc/apache2/sites-enabled/example.com.conf:1) port 443 namevhost example.com (/etc/apache2/sites-enabled/example.com.conf:1) alias www.example.com port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/mail.example.com.conf:1) port 443 namevhost ww2.example.com (/etc/apache2/sites-enabled/ww2.example.com.conf:1) *:80 is a NameVirtualHost default server www.example.com (/etc/apache2/sites-enabled/000-default.conf:2) port 80 namevhost www.example.com (/etc/apache2/sites-enabled/000-default.conf:2) alias example.com port 80 namevhost ww2.example.com (/etc/apache2/sites-enabled/000-default.conf:7) port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/000-default.conf:11) 

Edit to include an example of a host definition wtih SSL directives pointing to a letsencrypt certificate with a redirect for the same site on http to bounce them to https -

<VirtualHost 10.99.99.123:443> ServerName example.com ServerAlias www.example.com ServerAdmin [email protected] SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown DocumentRoot /var/www-example.com <directory /var/www-example.com> Options All AllowOverride All Require all granted </directory> ErrorLog ${APACHE_LOG_DIR}/ssl-example.com-error.log CustomLog ${APACHE_LOG_DIR}/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" CustomLog ${APACHE_LOG_DIR}/ssl-example.com-access.log combined </VirtualHost> <VirtualHost *:80> ServerName example.com ServerAlias www.example.com Redirect permanent / https://www.example.com </VirtualHost>