I am using AlmaLinux to host websites for others. I want to be able to setup Apache to run as a different user for each client. This article https://cloudkul.com/blog/apache-virtual-hosting-with-different-users/ explains how but AlamaLinux does not have apache2-mpm-itk.
Is there a way to do this on AlmaLinux?
First, remember that Apache appears as “httpd” and not “apache” in both dnf and the running system. Next, it appears that the functionality is no longer an add-on, but inbuilt. See the online manual for more information. I’ve not done this myself, so I’m afraid I can’t really offer more help than that.
i wouldn’t use an ubuntu tutorial for this…
I have looked through your link but do not see how still.
suExec seems to be possible IF Apache is running PHP in cgi mode. Nothing I have found says it is possible for mod_php (fpm).
When searching yesterday I saw an example of
Group within a
</VirtualHost> pair. I can’t find it now, and fear that this might have been a red herring. This section of the manual appears to refute that, but does offer an alternative:
There are two ways of configuring apache to support multiple hosts. Either by running a separate
httpd daemon for each hostname, or by running a single daemon which supports all the virtual hosts.
Use multiple daemons when:
- There are security partitioning issues, such as company1 does not want anyone at company2 to be able to read their data except via the web. In this case you would need two daemons, each running with different
As I said in my initial post I’ve not done it personally. Before I retired I ran a server with multiple VHs, but this was on an internal corporate intranet where security concerns were rather different.
There are requests out for
http-itkto be rebuilt for EPEL-8 (and 9), but according to this bugzilla report there has been no progress yet. It was supported in CentOS-7/EPEL-7, but according to another bugzilla report there were security problems.
- The package name is
http-itk and not
- The package is available on RHEL-7 + clones
- The package has not been rebuilt for RHEL-8 or RHEL-9 yet
- The alternative is to run multiple daemons.
Martin, thank you so much. Too bad you were not closer, I would take you to lunch
I wanted to add a word of warning: http-itk does not support the multi-threaded/multi-process Event MPM that comes with Alma 8+, because itk was something used by the old mod_php module, which has been deprecated and replaced by PHP-FPM.
If you want to host individual virtual hosts under their own Apache and user process, you can do so easily with two separate Apache instances, as supported by
systemd in Alma 8 and Alma 9.
Take a look at the following project: aetolos / aetolos · GitLab
They do this quite easily, by using a front-end Apache that handles TLS negotiation and termination which then does a proxy request to back-end Apache owned by the virtual host user.
PHP-FPM also runs as the virtual host user, thus each website (virtual host) runs securely as a system user, limited by SELinux restrictions.
In my case, I also have PHP-FPM limited by open_basedir, thus PHP scripts can’t access anything out of the /home/vhost directory.
For all this to work, you only need Apache, no extra packages are required. At least for Alma 8 and Alma 9.