Changing my server to eliminate safe mode hack

[david_a]

My site is hosted on a friendly Linux server on which I am essentially able to change whatever I need to change, so I would like to set up my Contao installation in the best way.

Is there a guide that will give some idea of how to reconfigure Apache and PHP so that Contao's safe mode hack will not be needed anymore?

Thanks
David

[david_a]

(I changed this topic and my post, to better explain what I'm looking for.)

[david_a]

Is this a bad question, or have I just asked in the wrong place?

[ramjet]

Yes, an evil question
I don't think too many people are technical (I'm not), so you're probably best to search this forum, the old forum http://contao.org/forum and read this for clues
http://www.contao.org/using-the-safe-mode-hack.html
I don't know of any guide offhand sorry

[david_a]

Thanks!

Do you think I might get more answers if I asked on the German-language forum (auf Deutsch, natürlich!) My German is not very good, but better than nothing...

[ramjet]

Probably, theres twenty times the activity there.

[david_a]

Even just from reading a few posts on the German forum, I'm making good progress with this - I've gotten a test installation to go relatively smoothly, I don't need the safe-mode hack anymore, and hopefully I haven't created any security compromises in the process. I'm still not sure I've got everything correct, but I'm on my way for sure.

First, there is probably more than one good way to do this; I was desperate and tried the first good-sounding solution I read.

The essential item so far in this process has been to change Apache so that it runs using the mpm-itk module (see here for more information) instead of the standard prefork or worker module. I was lucky that my Linux distribution had already installed and set up this module, so all I had to do was turn off Apache (VERY IMPORTANT to STOP Apache and make sure it's not running before making this change - if you don't, Apache will be permanently frozen, unable to shut down or start up), deactivate the prefork (or worker, whichever you had) module, change several options in the Apache config (including which user[s] the itk module should run as), and start Apache again.

I have also changed PHP to run as a CGI process instead of as an Apache module.


Easy.
... except that there were days of swearing and too little sleep, a lot of cups of coffee, some crying, and about thirty-eight ridiculous failures before getting to this point. :roll:

I'm going to try to solidify this information and attempt a more informative "exactly what I did" post - but before that, I'm hoping that if there are any obvious risks or flaws in the general process I've outlined above, somebody will jump on them. The only thing worse than no information is misinformation, and I'm about as far as a person can be from an "Apache guru". :shock: