From owner-freebsd-isp@FreeBSD.ORG Thu Feb 10 10:45:52 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D39CC16A4CE for ; Thu, 10 Feb 2005 10:45:52 +0000 (GMT) Received: from relay.ceti.pl (relay.ceti.pl [62.121.128.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 42E3943D41 for ; Thu, 10 Feb 2005 10:45:52 +0000 (GMT) (envelope-from miki@ceti.pl) Received: from tau.ceti.pl (www.ceti.pl [62.121.128.11]) by relay.ceti.pl (Postfix) with ESMTP id 1F7FF164124 for ; Thu, 10 Feb 2005 11:45:50 +0100 (CET) Received: by tau.ceti.pl (Postfix, from userid 1920) id 282F2202FE8; Thu, 10 Feb 2005 11:45:50 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by tau.ceti.pl (Postfix) with ESMTP id 27A771E70CA for ; Thu, 10 Feb 2005 11:45:50 +0100 (CET) Date: Thu, 10 Feb 2005 11:45:50 +0100 (CET) From: Mikolaj Rydzewski To: freebsd-isp@freebsd.org Message-ID: X-PGP-Fingerprint: B437 FB84 7507 3499 79AE 9DB5 1A2B 8256 8B12 AB02 X-PGP-PublicKey: http://ceti.pl/~miki/pubkey.txt X-Phone: +48(502)502483 X-GG: 4185132 X-nic-hdl: MR3035-RIPE MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Multiple instances of apache+php X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:45:52 -0000 Hello, To 'harden' my apache/php installation I'd like to run something like this: - apache/php without limitations serving trusted web pages (i.e. from /usr/local/www) - requests for users' pages tunneled via mod_rewrite to another apache/php working under different uid on localhost only (with safe_mode, open_basedir, and so on) This would allow me to run trusted applications without limitations of safe_mode, disabled functions, etc, and disallow users i.e. from reading my database passwords from scripts. The problem is I haven't got any idea how to supply different path to php.ini for second instance of apache (its location is defined at compile time). I don't want to install apache/php twice to different locations. I'd rather install it 'the right way' from ports and use two sets of configuration files. I could tweak startup scripts to change php.ini just before starting second instance of apache (this file is read once, just after start), but such hack doesn't sound nice to me ;-) Any ideas? -- Mikolaj Rydzewski http://ceti.pl/~miki/ PGP KeyID: 8b12ab02 There are three kinds of people: men, women, and unix.