Enabling Apache’s PHP execution in User Directories on Ubuntu Lucid

Ubuntu Lucid ships with PHP disabled for user directories. That’s a sensible security default, but it won’t allow your developers to get their work done. And if you’re working with Drupal, you’ll need all the steps listed here.

First, you’ll need to install Apache:
sudo apt-get install apache2

Then the compiled PHP binary (or “shared object” in Apache lingo):
sudo apt-get install php5

You may need to do sudo /etc/init.d/apache2 restart or sudo service apache2 restart to have it pick up the updated configuration file that loads the PHP5 module. Try visiting your own box at “localhost” to see if you get a nice “welcome” page. You can put an “info.php” file in /var/www to test if PHP is working (the contents of your info.php file are simply <?php phpinfo(); ?>), and visit that in your browser.

Once you’ve gotten PHP running under Apache, edit /etc/apache2/mods-available/php5.conf and comment out the lines as instructed:

<IfModule mod_php5.c>
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    # To re-enable php in user directories comment the following lines
    # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
    # prevents .htaccess files from disabling it.
#    <IfModule mod_userdir.c>
#        <Directory /home/*/public_html>
#            php_admin_value engine Off
#        </Directory>
#    </IfModule>
</IfModule>

If you’re developing with Drupal, the following step may also be necessary: In /etc/apache2/mods-available/userdir.conf, you should allow Drupal’s local .htaccess file to override the Apache-wide configuration file, with:

(...)
        <Directory /home/*/public_html>
                AllowOverride All
                #AllowOverride FileInfo AuthConfig Limit Indexes
                #Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
(...)

Restart Apache with sudo /etc/init.d/apache2 restart and you might be done!


Apache custom logging

Aren’t you interested in seeing what requests users, bots, or script kiddies make of your site, especially those things that client-side JavaScript-based analytics packages don’t tell you?

Under Apache, custom logging can give you lots of information you might not have seen otherwise. I’ll let the documentation for Apache’s mod_log_config say most of this, but as a quick preview, you could try defining a custom log format up near the top of your httpd.conf with

LogFormat "%a %t %{Host}i \"%r\"" hostlog

for example, then in all of your Directory containers, you could do

CustomLog logs/forest-monsen-site-host-log hostlog

Then, in my case, /var/log/httpd/forest-monsen-site-host-log would contain lines like
192.168.0.3 [31/Aug/2010:08:53:24 -0500] http://www.forestmonsen.com "GET /aggregator/sources/2 HTTP/1.0"
192.168.0.5 [31/Aug/2010:08:53:24 -0500] http://www.forestmonsen.org "GET /images/house.gif HTTP/1.1"

And I’d be able to tell which hostname was originally requested by the user — before any of my mod_rewrite rules got to it. Good stuff.