Question

How to configure Apache and PHP-FPM to support multiple subdomains?

Posted June 10, 2021 81 views
ApachePHPUbuntu 20.04

I have an Apache server that will have several subdomains running inside it, eg:

  • www.example.com
  • api.example.com
  • dashboard.example.com
  • customer.example.com

I installed Apache 2.4.41 and PHP-FPM 7.4 on Ubuntu 20.04 by following the commands below:

sudo apt install apache2
sudo apt install php libapache2-mod-php
sudo a2dismod php7.4
sudo a2dismod mpm_prefork
sudo a2enmod mpm_event
sudo apt install php-fpm
sudo apt install libapache2-mod-fcgid
sudo a2enconf php7.4-fpm
sudo a2enmod proxy
sudo a2enmod proxy_fcgi

I just did that, nothing more, PHP-FPM is running normally according to phpinfo().

By default the 000-default site is enabled on Apache and I can access it via IP. When creating a PHP and HTML file in the /var/www/html directory, I can access these files (PHP and HTML) normally, for example: http://EXAMPLE-IP/file.php

But when creating a subdomain and trying to access any PHP file, the error No input file specified. is always displayed. In the apache log, the message below is displayed:

AH01071: Got error 'Unable to open primary script: /var/www/html/subdomain.example.com/index.php (No such file or directory)'

AH01071: Got error 'Unable to open primary script: /var/www/html/subdomain.example.com/index-2.php (No such file or directory)'

But HTML files within the subdomain are always displayed correctly.

These are my configured VirtualHost:

000-default.conf

<VirtualHost *:80>
    ServerAdmin example@example.com
    DocumentRoot /var/www/html

    LogLevel notice core:info
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ErrorLog syslog:local1

    Header append X-FRAME-OPTIONS "SAMEORIGIN"

</VirtualHost>

<VirtualHost *:80>
    ServerName MY-PUBLIC-IP
    Redirect 403 /
    ErrorDocument 403 "The operation had an error."
    DocumentRoot /var/www/html
</VirtualHost>

This is a subdomain (one of several):

subdomain.example.com

<VirtualHost *:80>
    ServerAdmin example@example.com
    ServerName subdomain.example.com
    ServerAlias subdomain.example.com
    DocumentRoot /var/www/html/subdomain.example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Header append X-FRAME-OPTIONS "SAMEORIGIN"

    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on

    SSLCertificateFile      /ssl-location/my-cert.crt
    SSLCertificateKeyFile   /ssl-location/my-cert.key
    SSLCertificateChainFile /ssl-location/my-cert-intermediary.crt

    Protocols h2 http/1.1

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=31536000"

    Header append X-FRAME-OPTIONS "SAMEORIGIN"

    <Directory /var/www/subdomain.example.com>
        Options None
        AllowOverride None
        Require all granted
    </Directory>

    ServerAdmin example@example.com
    ServerName subdomain.example.com
    ServerAlias subdomain.example.com
    DocumentRoot /var/www/html/subdomain.example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

For security reasons, recommended by the OWASP documentation, I set in php.ini the value doc_root = /var/www/html/, but if I change it to doc_root = /var/www/html/subdomain.example.com, PHP files work on my subdomain, and /var/www/html files no longer.

How do I configure doc_root dynamically for these subdomains in PHP-FPM, without needing to have a dedicated physical server for each subdomain?

Note: This is my Apache FPM configuration file:

conf-enabled/php7.4-fpm.conf

# Redirect to local php-fpm if mod_php is not available
<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there @ElTommy,

The configuration actually looks all good. The error indicates that the path might not be correct.

Do you see the index.php file when running an ls command:

ls -lah /var/www/html/subdomain.example.com

Feel free to share the output here.
Regards,
Bobby