![]() ![]() To enable suEXEC mode, in the virtual host configuration level in the Basic tab, Security group, you must specify External App Set UID Mode to Doc Root UID and you control the user the application runs as by modifying the user that owns the file you are executing (PHP or CGI script).īesides the normal requirement of doing a restart of LiteSpeed after a configuration change, if your application uses PHP, you will need to configure a virtual host level PHP handler and kill any running lsphp instances after any configuration change. You must also run your virtual host in suEXEC mode. It is required that it be configured at the virtual host level to give you fine control of the domains that are being affected. LSWS Native Virtual Host ¶Įnable Bubblewrap at the virtual host configuration level in the Security tab, Bubblewrap Container group. This particular default is intended to give you a very secure environment to run your CGI or PHP scripts from. bin/bwrap -ro-bind /usr /usr -ro-bind /lib /lib -ro-bind-try /lib64 /lib64 -ro-bind /bin /bin -ro-bind /sbin /sbin -dir /var -ro-bind-try /var/var/tmp -dev /dev -ro-bind-try /etc/localtime /etc/localtime -ro-bind-try /etc/ld.so.cache /etc/ld.so.cache -ro-bind-try /etc/nf /etc/nf -ro-bind-try /etc/ssl /etc/ssl -ro-bind-try /etc/pki /etc/pki -ro-bind-try /etc/man_db.conf /etc/man_db.conf -ro-bind-try /usr/local/bin/msmtp /etc/alternatives/mta -ro-bind-try /usr/local/bin/msmtp /usr/sbin/exim -bind-try $HOMEDIR $HOMEDIR -bind-try /var/lib/mysql/mysql.sock /var/lib/mysql/mysql.sock -bind-try /home/mysql/mysql.sock /home/mysql/mysql.sock -bind-try /tmp/mysql.sock /tmp/mysql.sock -bind-try /run/mysqld/mysqld.sock /run/mysqld/mysqld.sock -bind-try /var/run/mysqld/mysqld.sock /var/run/mysqld/mysqld.sock '$COPY-TRY /etc/exim.jail/$nf $HOMEDIR/.msmtprc' -unshare-all -share-net -die-with-parent -dir /run/user/$UID '$PASSWD 65534' '$GROUP 65534' If you set Bubblewrap Container On and then do not set Bubblewrap Command it will use the default of: Lets you set the full bubblewrap command line used to start the CGI or PHP program. Server Level Off + Virtual Host Level On = On.Server Level On + Virtual Host Level Off = Off.Server Level Disabled + Virtual Host Level On = Off.It is required that bubblewrap be enabled at the virtual host level (and set to Off here) In the LiteSpeed Web Server Server Configuration > Security tab, Bubblewrap Container group there are two fields: Once installed you must configure LiteSpeed Web Server to use it. Sudo ln -s /usr/local/bin/bwrap /usr/bin/bwrapĬonfigure LiteSpeed Web Server for bubblewrap ¶ Sudo mv /usr/bin/bwrap /usr/bin/bwrap.dist Sudo ln -s /usr/local/bin/bwrap /bin/bwrap Sudo apt install pkg-config libcap-dev automake LiteSpeed Memcached LiteSpeed Memcached.LSCache Developers Guide LSCache Developers Guide. ![]() LSCache Without a Plugin LSCache Without a Plugin.WHM LiteSpeed Plugin WHM LiteSpeed Plugin.External Applications External Applications.Configure LiteSpeed Web Server for bubblewrap.Ubuntu 16.04 and 18.04 and Similar Releases.Bubblewrap Bubblewrap Table of contents. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |