The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EasyApache with mpm-itk

Discussion in 'EasyApache' started by xanubi, Feb 27, 2009.

  1. xanubi

    xanubi Well-Known Member

    Joined:
    Jun 28, 2006
    Messages:
    86
    Likes Received:
    1
    Trophy Points:
    8
    I would like to add the mpm-itk ( http://mpm-itk.sesse.net/ ) to EasyApache, using php as DSO.

    Does anyone knows what steps should i take for that kind of configuration?
     
  2. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
  3. xanubi

    xanubi Well-Known Member

    Joined:
    Jun 28, 2006
    Messages:
    86
    Likes Received:
    1
    Trophy Points:
    8
  4. fujipadam

    fujipadam Member

    Joined:
    Jun 25, 2009
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    mpm-itk easyapache module - where is it?

    Hi,

    I am looking for the mpm-itk module. Looks like Cpanel changed its website structure and non of my old links work and for the life of me I cant seem to find where mpm-itk easyapache module is. (yes I googled and searhed :D )

    Any help in pointing me to that link will be greatttttlly appreciated

    Fujipadam
     
  5. AlanH

    AlanH Active Member

    Joined:
    Mar 25, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Is the custom option module for mpm-itk still available? I'd like to give it a try but the links provided don't work.
     
  6. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    The custom option module we did was removed because, aside from threading issues w/ PHP, there is a huge root security issue that the module site itself outlines:

    apache2-mpm-itk under "Quirks" oddly enough :)

    "Since mpm-itk has to be able to setuid(), it runs as root (although restricted with POSIX capabilities where possible) until the request is parsed and the vhost determined. This means that any security hole before the request is parsed will be a root security hole. (The most likely place is probably in mod_ssl.)"

    That being the case it is not very likely that we'll provide one in any form.
     
  7. AlanH

    AlanH Active Member

    Joined:
    Mar 25, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Many thanks for the update. Crystal clear - message received and understood :D
     
  8. JamesTorq

    JamesTorq Member

    Joined:
    Apr 13, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    mpm-itk w/cpanel easyapache: Very strange that Cpanel is not supporting it.

    We have been using it for almost 2 years and most of that with easyapache. you are completely wrong about mpm-itk. MPM-itk has the best possible speed in comparison to any other method and it is by far the most secure highest speed choice available, much more secure then prefork(which is supported by cpanel) which also doesn't support threads(none of the multi-processor modules do) mpm is a far faster and more efficient use of cpu resources than threaded methods. The only problem occurs during the handing off phase which is for a tiny fraction of a second and can be illuminated as a problem by standard measures.

    It is extremely safe and reliable and super fast way to go compared to anything out there, the fact that cpanel is not supporting it is a very strange choice that has no footing in reality. This is one of the main reasons to bother using Cpanel and if they abandon it then Cpanel reduces it's usefulness as a product.
     
  9. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    4
    Trophy Points:
    18
    Thank you, I've opened an internal case for re-review.

    In the meantime, do you have any hard data that exemplifies those assertions and address the concerns of the root security issue and PHP threading problems?

    If so it'd be very useful in our re-examination, thanks
     
  10. JamesTorq

    JamesTorq Member

    Joined:
    Apr 13, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Well I think we live in a world where we should all help one another. I couldn't care less only because you must first have a dedication to know the truth of things to make such decisions and to allow yourself to exist in an advisory capacity. I have sat and argued with techs who don't know the first thing about tying shoelaces, perhaps that should be the first priorty.

    No threading problems. Mpm-itk and mpm-prefork(fully supported by Cpanel and in easyapache as an example although it has the same basic underlying structure) are non-threaded. This is a good thing but I'd have to teach a course in it to bring you up to speed. In short. you don't need the extremely slow and faulty approach of suphp and suexec to run a vhosts(websites) php scripts as a separate user. It is not the same thing as saying not thread safe for instance. The MPM's are much faster and take advantage of things as they are. There is no danger in the way itk branches off into a special instance of Apache for a fraction of millisecond as root, much less so than the perpetual root state of fork or worker as an example. One can only see a potential for a non-harmful coincidence event which would because of all the factors do nothing but crash(the intrusive event attempt) without harming or breaching anything. Of course this necessitates a properly run server with all the basic security points in place but remember the nature of itk allows for a default security state of an elevated condition over mod_php; suexec or suphp or even other mpm's but I degress... specifically the file permissions needed to allow for properly written php code to be able to say store data securely and disallow such storing by unauthorized elements on proximate data devices. lastly you can't just read from one article and make conclusions as you will end up with a false picture of what is going on. However that is entirely your code to write for yourself as an organisation.
     
  11. larwilliams

    larwilliams Active Member

    Joined:
    Apr 14, 2008
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    We use mpm-itk with Xcache and it works beautifully. Of course, we are using the latest source version, not the outdated one that was being provided by cPanel officially.
     
  12. lystor

    lystor Registered

    Joined:
    May 1, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
  13. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
  14. WebGraf

    WebGraf Member

    Joined:
    Feb 13, 2010
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    How can I install apache with mpm-itk now?
     
  15. JamesTorq

    JamesTorq Member

    Joined:
    Apr 13, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    the file name is custom_opt_mod-apache_2.2_mpm_itk.tar.gz It works perfectly with easyapache and has for years on many of my servers and very securely with speeds on par or better than high speed web servers. There is no php thread problem as the cpanel tried to say and there is no security problem with the way it runs. Many server level processes are launched as root, this doesn't give any person with non-root or wheel access to the server any possible pathway to use php as root. In fact it is an extremely secure way to run a web server because you can set all of the files and folders to the most secure permissions, even folders that are designed to allow users to upload files can be set with secure default permissions rather than the standard world read/write which is used on all other php systems.

    Plesk supports mpm-itk fully and is not ashamed of it; I too have cpanel on most of my servers so all I can say is you should get them to repost the above mentioned tar file . you just have to upload it to your web server and place it in the proper folder that way you can keep using cpanel and take advantage of apache running at up to 50 + times the speed of suphp with fantastic security.
     
    #15 JamesTorq, Jul 27, 2010
    Last edited: Jul 27, 2010
  16. RACKSET

    RACKSET Active Member

    Joined:
    Apr 28, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    localhost
    It would be nice if you update us with the re-review results.

    I think at least you can give access to custom-build mpm_itk for EA, with "USE AT YOUR OWN RISK" policy.
     
  17. as_pavlov

    as_pavlov Member

    Joined:
    Dec 10, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I need module mpm-itk
     
  18. dobrohost

    dobrohost Registered

    Joined:
    Dec 15, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    tell me please where you can take this file, or can share it?

    P.S. Maybe the administration will lay out this archive of this topic and users who want the MPM-ITK will supply it?
     
    #18 dobrohost, Dec 15, 2010
    Last edited: Dec 15, 2010
  19. WebJIVE

    WebJIVE Well-Known Member

    Joined:
    Sep 30, 2007
    Messages:
    53
    Likes Received:
    3
    Trophy Points:
    8
    @JamesTorq

    I would also like to get my hands on the file you mention for easyapache!
     
  20. Arxik

    Arxik Registered

    Joined:
    Jan 9, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Me too - @JamesTorq or anyone else(?), could you please give us the link to the easyapache module?

    Thank you!
     
Loading...

Share This Page