Reading Time: 6 minutesWhen it comes to PHP execution, mod_fcgid (also called FCGI) is one of the heavyweight contenders. There are a few rival handlers, like PHP-FPM or mod_lsapi, which come close to matching its execution speed, but they generally leave something to be desired when it comes to fine-tuning and resource consumption. FCGI is built for speed and includes a myriad of Apache directives that can be leveraged for resource regulation.
This article will cover installing mod_fcgid followed by basic configuration in a separate article. The article applies to any cPanel servers running the following operating systems:
The article will not cover EasyApache 3 (EA3). Due to the End-of-Fife (EOL) status of EA3, it is imperative that any systems running EA3 upgrade to EA4 as soon as possible. To avoid conflicts, upgrading to EA4 should be handled as an entirely separate procedure from installing mod_fcgid. If you need assistance with upgrading from EA3 to EA4, please feel free to
contact our support team. If you’re running a Liquid Web Fully Managed cPanel
VPS server, our team will perform the entire upgrade procedure for you.
Expectations: Downtime & Performance
Downtime – Please plan ahead as this operation may cause downtime. While installing an Apache module and enabling a baseline configuration should only require an Apache restart, there may be unforeseen circumstances that require troubleshooting. This can lead to sites becoming unresponsive and/or slow.
Note:
Always plan for more downtime than expected and always have a reversion plan. Allot extra time for troubleshooting, testing, and reverting all changes if necessary.
– While FCGI provides superior PHP execution time, it is not a blanket fix for performance. For server optimization, there will be an adjustment period for configuration tweaking. This period can take hours to weeks as it must account for the unique warnings with the specific server hardware, software, traffic habits, and many other unpredictable variables.
Note:
Optimization is an ongoing, perceptual process. There is no one-size-fits-all optimized configuration. Traffic & resource usages continually change over time on all servers. Periodic evaluation and configuration adjustment are necessary to stay ahead of the curve.
Installation of mod_fcgid
The following steps should be followed as close to the examples as possible. Things will vary slightly depending on CentOS/CloudLinux versions, and a few other factors. The article will denote the differences where they are expected.
Step 1: Liquid Web Servers Only – Disable Mod_Zeus & Other EA3 Modules
Older Liquid Web cPanel servers with EasyApache 3 who upgraded to EA4 may find residual configs on the system that can cause conflicts in the Apache configuration. This step will help make sure these older configs are disabled. The following
sed one-liner will take care of disabling the inclusion line for these modules. These modules are stored in the
/usr/local/lp/configs/httpd/conf.d/ directory. This directory is typically mentioned in the
/etc/apache2/conf.d/includes/post_virtualhost_global.conf config file. The sed code looks for and comments out the specific include statement for this file.
sed -i -e 's/[^#]+\(Include [/]usr[/]local[/]lp[/]configs[/]httpd[/]\)/#\1/g' /etc/apache2/conf.d/includes/post_virtualhost_global.conf
To confirm the change, print the contents of the
post_virtualhost_global.conf file using cat:
cat /etc/apache2/conf.d/includes/post_virtualhost_global.conf
The output should be blank or have a commented out inclusion line like below:
#Include /usr/local/lp/configs/httpd/conf.d/*.conf
Step 2: Disable Litespeed
FCGI is not compatible with Litespeed, which uses its mod_lsapi module to process PHP using lsphp. Disabling Litespeed in this way does not remove it from the server; it merely enables Apache as the default web server.
/usr/local/lsws/admin/misc/cp_switch_ws.sh apache
Step 3: Install mod_fcgid
The following
yum command will install the necessary module:
yum install ea-apache24-mod_fcgid -y
Once completed, confirm Apache has the
fcgid_module loaded:
httpd -M | grep 'expires\|version\|fcgid'
Example output:
fcgid_module (shared)
Step 4: CloudLinux Only – Configure CageFS Map for FCGI
The following snippet will create the necessary directories needed by mod_fcgid to execute correctly. It will then add those directory entries into the
/etc/cagefs/cagefs.mp file, allowing user-level access to said directories from within their caged environment. Finally, it forces cagefs to remount all user directories for access to the new directory on all sites.
mkdir -p /var/run/mod_fcgid /usr/share/cagefs-skeleton/var/run/mod_fcgid /run/mod_fcgid
cp -p /etc/cagefs/cagefs.mp{,.lwbak.$(date +%F_%H%M%S)}
cat <<EOF>>/etc/cagefs/cagefs.mp
/var/run/mod_fcgid
/run/mod_fcgid
/usr/local/cpanel/cgi-sys/
EOF
cagefsctl -M
Step 5: [OPTIONAL] Remove Unnecessary Writable Permission
Due to security restrictions, any website files or directories with group-writable or other-writable permissions will be denied and a
500 Internal Server Error will be displayed. The following
awk one-liner uses the find command to search all
DocumentRoot directories configured on the server. It is advised to run this process in a
screen session as it may take an hour or more depending on the size of the file system in question. The code takes care to use
nice and
ionice commands to run the process as a low priority so there will be minimal impact on server load or disk I/O. All changed files and their previous permissions are recorded in the
/var/log/fixperms.log file.
Step 5a: Create & Attach to a Screen Session
screen -dmS fixperms; screen -x fixperms
Step 5b: Run the One-Liner
nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) {x="find \""e"\" \\( -type f -or -type d \\) -and -perm /g+w,o+w -printf \"%M %y %m %p\\n\" -exec chmod g-w,o-w {} +"; while(x|getline) {print $0;print strftime("%F %T %Z"),$0 >> "/var/log/fixperms.log"} close(x)}}' /etc/apache2/conf/httpd.confExit screen by holding CTRL/CMD then pressing A, then D.
Step 6: [OPTIONAL] Disable mod_php Directives in .htaccess Files
Another common precaution to take when switching to FCGI is that any existing mod_php related directives inside any .htaccess file are not compatible with mod_fcgid and will cause the site to throw a
500 Internal Server Error. So, these entries need to be located and disabled or removed. The following
awk one-liner checks all configured
DocumentRoot directories for .htaccess files, and if they contain a
php_value or
php_admin_value entry, it will disable by commenting the line out. First, an in-place backup is created of the original file. The backup is named
.htaccess.bak.YYYY-MM-DD_HHMMSS. All changed files and their previous permissions are logged in the
/var/log/fixhtaccess.log file.
Step 6a: Create & Attach to a Screen Session
screen -dmS fixhtaccess; screen -x fixhtaccess
Step 6b: Run the One-Liner
nice -n 15 ionice -c2 -n7 awk '/DocumentRoot/{DR[$NF]=$NF}END{for (e in DR) { x="find "e" -name .htaccess -exec grep -iEl \"^([^#]*php_(admin_)?value)\" {} +"; s="sed -i.bak.$(date +%F_%H%M%S) \047s/^\\([^#]*php_\\(admin_\\)\\?value\\)/#\\1/gi\047 2>&1";
while(x|getline) {print $0; print s,$0; print strftime("%F %T %Z"),s,$0 >> "/var/log/fixhtaccess.log"; while(s" "$0|getline y) { print y; print strftime("%F %T %Z"),y >> "/var/log/fixhtaccess.log" } close(s" "$0)} close(x)}}' /etc/apache2/conf/httpd.conf
Step 7: Rebuild the Apache Config (Troubleshoot Any Errors)
The following command checks the system
httpd.conf file for syntax error and if none are found, runs the cPanel httpd.conf rebuild script. Fix any syntax errors, until a clean rebuild is completed without error.
httpd -t && /scripts/rebuildhttpdconf
Step 8: CloudLinux ONLY – Setup PHP Selector
The PHP Selector feature of CloudLinux is only compatible with the inherit PHP versions in the cPanel MultiPHP Manager interface. All sites should be using the inherited version of PHP or PHP Selector will not function for that site. This only applies to CloudLinux servers.
Step 8a: Force All Sites to Use Inherited Version of PHP in MultiPHP Selector
The following command uses cPanel’s
whmapi1 system to force all sites onto the inherited version of PHP in MultiPHP Manager.
/usr/sbin/whmapi1 php_get_vhost_versions | awk -F'[: ]+' '$2~/vhost/{x="/usr/sbin/whmapi1 php_set_vhost_versions version=inherit vhost-0="$3;print x;system(x);close(x)}'
Step 8b: Disable MultiPHP Manager & MultiPHP INI Editor
The following uses the cPanel
whmapi1 system to add MultiPHP Manager/INI Editor to the disabled features list.
/usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp=1 multiphp_ini_editor=1 ; /usr/sbin/whmapi1 update_featurelist featurelist=disabled multiphp_ini_editor=1
Step 9: Switch All PHP Handlers over to FCGI
The following will convert all installed PHP Handlers to using FCGI. These handlers are viewable through the
Handlers tab of WHM’s MultiPHP Manager interface or by running the cPanel
rebuild_phpconf script.
/usr/local/cpanel/bin/rebuild_phpconf --current | awk 'NR>1{x="/usr/local/cpanel/bin/rebuild_phpconf --"$1"=fcgi"; print x; system(x);
close(x)}'
To confirm the changes, run:
/usr/local/cpanel/bin/rebuild_phpconf --current
Example Output:
DEFAULT PHP: ea-php71
ea-php54 SAPI: fcgi
ea-php55 SAPI: fcgi
ea-php56 SAPI: fcgi
ea-php70 SAPI: fcgi
ea-php71 SAPI: fcgi
ea-php72 SAPI: fcgi
Step 10: Perform a Full Stop & Restart of Apache
The following script will stop Apache (gracefully if possible), and kill any unresponsive Apache & PHP processes before starting the Apache service again. It will also verify the Apache configuration syntax and will only perform the restart procedure if the syntax returns ok. This technique is handy as it is common for Apache processes to get stuck from time to time on busy servers. This snippet deals with those scenarios after performing the humane stop request first.
httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.
Note
Toss this snippet into an alias called apache_rescue which you can add to your ~/.bashrc for easy access to this code. Below is a one-liner that will create this alias for you and load the modified profile in your current session. Once this alias is installed, it will always be available on that server by typing apache_rescue.
cat <<'EOF'>>~/.bashrc && source ~/.bashrc
alias apache_rescue='httpd -t && (/scripts/restartsrv_apache stop; sleep 3; killall httpd php lsphp php-cgi; sleep 3; killall -9 httpd php lsphp php-cgi; /scripts/restartsrv_apache start) || echo Fix Apache Config and try again.'
EOF
This concludes our process for installing mod_fcgid onto your cPanel system. It’s recommended to adjust FCGI settings from their default settings. Tune into our next tutorial where we’ll be advising on how to optimize FCGI for various environments.
