May 14, 2012

Apache httpd, mod_{fcgid,fastcgi} and PHP plus FPM on Webfaction


I love WebFaction. It is a great, incredibily cheap hosting provider that provides nearly-VPS hosting accounts.
Why “nearly-VPS”? Because you have the possibility (to some extents) to compile your own applications and use them. Add a 24/7 great and lovely support service, lots of storage and bandwidth and you will surely find in love.

It is not news that WebFactioners are able to compile libraries, servers, and tools to be used in our memory slots. We often have the need to have our personal Apache httpd server and PHP stack, to fine tune the configuration and suit our needs.

A script to build Apache httpd, mod_fcgi, mod_fastcgi, mod_php, PHP, and PHP-FPM on WebFaction

I created a bash script, called build_httpd_php-fpm.sh. It is based on the one by Christopher Sebastian, WebFaction Support. That script was probably not written for x86_64. The majority of WebFaction users are now on Centos 6.0 x86_64. The current, updated Webfaction servers no more let the originary script build the libraries and the programs. Many compilation errors arise (example).

In order to simplify and speed up the compilation of software, I stripped down the originary script a lot. The following are the main strategies that I followed when I created the script:

  • Minimize the compilation of libraries and software
  • Maximize the features provided
  • Maximize the use of WebFaction’s already installed libraries
  • Provide updated software
  • Let the user define configuration files

The script build_http_php-fpm.sh builds Apache httpd 2.22.2 with MPM worker mode and the most common modules. In addition, it installs mod_fcgid, and mod_fastcgi. I also have the need to have PHP compiled with imap and secure imap. Therefore, build_http_php-fpm.sh builds the latest openssl and libc-client to be used with PHP. PHP-FPM is enabled and used per default.

As of today (2012-05-14), my modified script compiles the software and installs fine on my Webfaction account.
I personally use it to build Apache httpd for some of my websites.
I heavily tested the script before publishing it.

Software Provided

The following is the software downloaded and installed by the script:

Compile chain and patches

The following is the order of compilation. For each item, I include details about particular fixes that I adopted.

  1. OpenSSL
  2. httpd against OpenSSL
  3. mod_fcgid against httpd
  4. mod_fastcgi against httpd
  5. cURL against OpenSSL
  6. libtidy
    • sed -i "s@runinst_prefix=/usr/local@runinst_prefix=$INSTALL_DIR@" Makefile
    • sed -i "s@devinst_prefix=/usr/local@devinst_prefix=$INSTALL_DIR@" Makefile (both taken from the originary build_php_worker.sh)
    • sed -i "97 s/.*/CFLAGS += -fPIC/" Makefile to enable position independent code as shared library
  7. libc-client
    • Creation of $INSTALL_DIR/ssl/include and $INSTALL_DIR/ssl/include to make it see OpenSSL
    • sed -i "s@SSLDIR=/usr/local/ssl@SSLDIR=$INSTALL_DIR/ssl@" src/osdep/unix/Makefile (taken from the originary script)
    • sed -i '57 s/.*/#define FD_SETSIZE 32768/' src/osdep/unix/os_art.c
    • sed -i '57 s/.*/#define FD_SETSIZE 32768/' src/osdep/unix/os_sv2.c
    • EXTRACFLAGS=-fPIC to enable position independent code as shared library
    • I would like to thank sloop for his beautiful post, which helped me to compile this library
  8. PHP against OpenSSL, cURL, libtidy

Enabled Features


Apache httpd:


You can see the script here: build_httpd_php-fpm.sh.
You can download the script here: build_httpd_php-fpm.sh.


Before running the script, create a “Custom app (listening on port)”. Take note of the port and the name of the app.
Suppose that you call the application custom_apache and that it listens at port 12345.
Then, you will run the script using

I encourage you to run the script by pre-pending KEEP_SRC=1. This will let you keep the downloaded source code and speed up things if you need to run the script again.
You can append MPM=prefork to build A MPM prefork, but I have not tested it. It should work, by the way.


As soon as it finishes to compile and install the software, build_httpd_php-fpm.sh will tell you which files to modify. Here are some hints:

  • Look in conf/httpd.conf for additional modules to enable. You will probably need to disable many modules as well. For example, if you are happy with PHP-FPM, you should disable mod_php (php5_module).
  • The default directory to serve files is htdocs/
  • PHP-FPM creates a socket called php5-fpm.socket in sockets/
  • PHP-FPM configuration is in etc/php-fpm.conf
  • The default php.ini is in conf/php.ini
  • Edit conf/extra/httpd-mpm.conf to suit your needs

This is how PHP-FPM is used in conf/httpd.conf. Credits: this serverfault answer by user regilero


I license build_httpd_php-fpm.sh under the WTFPL license.


I would be happy to hear some feedback from you or see that somebody extends it. ImageMagick would be a great inclusion.

If you’ve never heard of Webfaction and if you want to try it out, you can use my referral to buy an account.

(Featured Image credits: Metztli IT’s blog)

written by dgraziotin

Dr. Daniel Graziotin received his PhD in computer science, software engineering at the Free University of Bozen-Bolzano, Italy. His research interests include human aspects in empirical software engineering with psychological measurements, Web engineering, and open science. He researches, publishes, and reviews for venues in software engineering, human-computer interaction, and psychology. Daniel is the founder of the psychoempirical software engineering discipline and guidelines. He is associate editor at the Journal of Open Research Software, academic editor at the Research Ideas and Outcomes (RIO) journal, and academic editor at the Open Communications in Computer Science journal. He is the local coordinator of the Italian Open science local group for the Open Knowledge Foundation. He is a member of ACM, SIGSOFT, and IEEE.

  • Resende Sep 12, 2012 Reply

    Awesome post, Daniel. I have successfully installed your script, but cannot manage to find a working VirtualHost configuration. I’m getting a ‘403 forbidden’ error when trying to add a VirtualHost config (based on the httpd-vhosts.conf ones) to httpd.conf.

    Any help is appreciated. Thanks!

    • dgraziotin Sep 12, 2012 Reply

      Hello Resende and thank you for your comment.
      I am using virtualhosts on Webfaction with this bundle of software.

      There are no particular settings required besides the following:

      NameVirtualHost must be defined with the same port of your WF custom application.
      DocumentRoot should not be a problem at all but I am using a previously created PHP app just to have it under webapps/
      ServerName must be configured in WF control panel.

      Maybe start with an index.html file to test these settings, to bypass PHP. If it works without PHP, then the problem is probably related to mod_fastcgi.

      • Resende Sep 12, 2012 Reply

        Daniel, I was getting a ‘client denied by server configuration:’ error on my logs and – I’m not sure if that’s secure action -, but an initial solution was actually commenting out some restrictive rules for denying connections:

        <Directory />    Options FollowSymLinks#    AllowOverride None#    Order deny,allow#    Deny from all</Directory>

        Btw, what are the safe modules to disable? I want to have a very stripped down stack, with the basic set of features and an attention to performance.

        Also, do you use any cron jobs to wake up the server (and also PHP-FPM?) if they are down?


        • dgraziotin Sep 12, 2012 Reply

          I am not an expert in httpd configuration. However, I think that “/” refers to the root of the filesystem. You should keep these restrictive rules as they are.

          Instead, try to add something like

          You can be less permissive than this, of course.

          Regarding the modules, this depends on what you need. Try to strip down the configuration. Even the it-doesn’t-break-so-I-don’t-need-it method is fine.

          I am not using any cron jobs at all. Php-fpm seems very stable and (apparently) good to self-manage the spawned processes. Probably because of this separation between httpd and php, the web server is stable as well. You will need some time to fine-tune php-fpm.conf file.

          I only had to restart everything when I compiled some php-extensions.

          • Resende Sep 12, 2012

            Great! That worked just fine for me. Thanks!

            Would you mind me to send me your fine-tuned php-fpm.conf or suggest me the optimal settings? I’m not very experienced with that.

  • dgraziotin Sep 12, 2012 Reply

    Glad that it helped you, Resende.
    I am sharing my development, minimal settings for php-fpm.conf and httpd-vhosts.conf here. The files also contain a bare mod_fastcgi configuration.
    DISCLAIMER: those contained in the gist are development settings to reduce memory usage.

    • Resende Sep 13, 2012 Reply

      Many thanks, Daniel. I’m tweaking php-fpm.conf right now.

      A couple last questions:

      – On which file the DefaultMinClassProcessCount and KeepAlive instructions shuld be inserted?
      – Some tutorials also mention a conf.d directory?

      – Would be safe to disable the mod_fcgid and mod_cgid extensions since we are using mod_fastcgi?


      • dgraziotin Sep 14, 2012 Reply

        DefaultMinClassProcessCount is an old name for a mod_fcgid instruction, not for mod_fastcgi. I would insert it in httpd.conf. KeepAlive would also be good in httpd.conf.
        I do not know how to enable a conf.d style configuration. However, if you use the extra directory, you can define configurations there and include them in httpd.conf.
        It is safe to disable mod_fcgid, mod_cgid, and php5_module extensions.

  • Benjamin Wheeler Oct 17, 2012 Reply

    This is great. I used this on my server to enable mod_xsendfile. I ran into some trouble with my php.ini but figured out that php-fpm was not started. Php was still running, but when I restarted apache it would not load any of my custom php.ini files. When I started php-fpm, it then worked. I don’t understand this. Can you explain?

    I’m also wondering if you have a cronjob set up to restart apache if it crashes.

    • dgraziotin Oct 17, 2012 Reply

      Hello Benjamin. Glad to hear this is helping other people. I am not sure if I understand your issue, but I will try.
      When using PHP-FPM, PHP and Apache become two completely separate entities. Therefore, you can choose whether to restart only PHP or only Apache or both. You have to be sure that both of them are running, otherwise things will not work.
      I am currently using this setup to serve two websites using the same php.ini (the “default” one)
      I start PHP-FPM using

      And just forget about it. If I make changes to php.ini, I send a SIGUSR2 signal to gracefully reload.
      I am not using any cronjobs to restart Apache and PHP-FPM, everything is running fine since months.

      Regarding per-site php.ini files, have you tried the classical

      PHPINIDir /path/to/website

      Otherwise, you may try to use .user.ini file as name, instead of php.ini

  • Benjamin Wheeler Oct 17, 2012 Reply

    Ah, ok that makes sense. I’m used to restarting apache and having it reload both apache conf and php.ini. Thanks for the explanation.

  • Noel Jul 5, 2014 Reply

    No go for me. Script failed to connect to download apache file. Is it possible to fix it? Thanks. Below is the error:

    chmod 644 /usr/local/webapps/custom_apache/lib/pkgconfig/libcrypto.pc
    cp libssl.pc /usr/local/webapps/custom_apache/lib/pkgconfig
    chmod 644 /usr/local/webapps/custom_apache/lib/pkgconfig/libssl.pc
    cp openssl.pc /usr/local/webapps/custom_apache/lib/pkgconfig
    chmod 644 /usr/local/webapps/custom_apache/lib/pkgconfig/openssl.pc
    Building Apache in MPM worker mode…
    ls: cannot access httpd-2.2.22.tar.bz2: No such file or directory
    wget: /usr/local/webapps/custom_apache/lib/libcrypto.so.1.0.0: no version information available (required by wget)
    wget: /usr/local/webapps/custom_apache/lib/libssl.so.1.0.0: no version information available (required by wget)
    –2014-07-05 17:02:46– http://apache.panu.it//httpd/httpd-2.2.22.tar.bz2
    Resolving apache.panu.it (apache.panu.it)…
    Connecting to apache.panu.it (apache.panu.it)||:80… failed: Connection timed out.

    –2014-07-05 17:03:51– (try: 2) http://apache.panu.it//httpd/httpd-2.2.22.tar.bz2
    Connecting to apache.panu.it (apache.panu.it)||:80…

    • dgraziotin Jul 7, 2014 Reply

      Hello. This is because the link http://apache.panu.it//httpd/httpd-2.2.22.tar.bz2 does not exist anymore. Search and replace w/ the latest 2.2.x release listed here: http://apache.panu.it/httpd/.

      • Audry Aug 11, 2014 Reply

        I see you share interesting stuff here, you can earn some additional cash,
        your website has huge potential, for the monetizing method, just type in google
        – K2 advices how to monetize a website

Leave a comment