Lighttpd web server setup custom PHP.INI file for each user or domain

You can provide each user or domain its own php.ini file. There are two basic ways to provide each user a php.ini file:

ADVERTISEMENTS

a) Setup chrooted jail for each domain and user will get /etc/php.ini inside each jail
b) Setup individual fastcgi instance for each domain along with php.ini

Let us say you have two domains as follows

  1. theos.in php.ini location /home/lighttpd/theos.in/php.ini
  2. cyberciti.biz php.ini location /home/lighttpd/cyberciti.biz/php.ini
  3. /etc/php.ini – generic file for the rest of all domains

You need to add following directives to lighttpd.conf file:

$HTTP["host"]  =~ "(^|\.)theos\.in$" {
  server.document-root = "/home/lighttpd/theos.in/http/"
  accesslog.filename         = "/var/log/lighttpd/theos.in/access.log"
  server.error-handler-404 = "/index.php?error=404"
  fastcgi.server    = ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php-cgi -c /home/lighttpd/theos.in/php.ini",
                "socket" => "/home/lighttpd/theos.in/php-cgi.socket",
        ))
)
}

$HTTP["host"]  =~ "(^|\.)cyberciti\.biz$" {
  server.document-root = "/home/lighttpd/cyberciti.biz/http/"
  accesslog.filename         = "/var/log/lighttpd/theos.in/access.log"
  server.error-handler-404 = "/index.php?error=404"
  fastcgi.server    = ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php-cgi -c /home/lighttpd/cyberciti.biz/php.ini",
                "socket" => "/home/lighttpd/cyberciti.biz/php-cgi.socket",
        ))
)
}

Note option -c /path/to/my/custom/php.ini passed to /usr/bin/php-cgi. It will force php to Look for php.ini file in the directory path specified by us.

Now end users can modify php.ini as per requirements.

Pitfalls

  • Although a user can make changes to php.ini file, you still need to restart a web server using root or equivalent privileges
  • This may also open your box to new security issue such as wrong php.ini settings or user can load any custom php modules

You can apply same settings to Apache web server using jail or lighttpd fastcgi as a proxy.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
2 comments… add one
  • PeterSon Jun 4, 2010 @ 6:42

    This trick doesn’t work any more, i ‘ve tested under debian/ubuntu and archlinux.

  • pittss Aug 10, 2011 @ 11:48

    You can custom php.ini just add environment PHPRC in your virtualhost.

    fastcgi.server = ( “.php” => ((
    “bin-path” => “/usr/bin/php-cgi”,
    “socket” => “/tmp/php.socket”,
    “bin-environment” => (
    “PHP_FCGI_CHILDREN” => “3”,
    “PHP_FCGI_MAX_REQUESTS” => “1000”,
    “PHPRC” => “/usr/www/vhost1/php.ini”
    ),
    “bin-copy-environment” => (
    “PATH”, “SHELL”, “USER”
    ),
    “broken-scriptfilename” => “enable”
    )))

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.