Php5 port and Apache Module

Ian Smith smithi at nimnet.asn.au
Sun Jun 10 07:57:38 UTC 2007 

On Sat, 09 Jun 2007 21:45:03 -0400 Christopher Hilton <chris at vindaloo.com> wrote:
 > Jonathan Horne wrote:
 > >> Bob wrote:
 > >>> The php4 & php5 port apache module used to be default before FBSD 6.0.

Around 6.0 may have been the timeline for this change, but it affected
users of 5.4 and 5.5 too; one 5.5-STABLE here.  I ran into this updating
phpMyAdmin last year, which also enforced upgrading from php4 to php5 -
unnecessarily, according to the phpMyAdmin specs - and made it no longer
possible to install php5 (thus eg phpMyAdmin) from the packages ..

 > >>> Many people before you on this list have wanted the php4/5 apache module
 > >>> turned back on as default but so far the port maintainer has not done
 > >>> anything
 > >>> in any way of justifying removing the apache module from the default setting
 > >>> or re-enable it as the default.
 > 
 > [snip]
 > 
 > > 
 > > seems like it was removed from the default config of lang/php5 for security
 > > reasons.  many people who do build php5 do not need the apache module, so no
 > > sense building it if its not needed.

I may be wrong of course, but my observation is that the majority of
people (who mention) installing php do so for use as an apache module.

 > > cd /usr/ports/lang/php5
 > > make config
 > > (edit your choices)
 > > make deinstall
 > > make reinstall
 > > 
 > > its just one of those things that you learn to live with after a while.

Mmmm.  I don't see how it would hurt people who do want to use PHP as a
CLI language, or for CGI, if mod_php5 were to be built by default also,
making the php package useful again.  libphp5.so is under 3MB.

 > Everyone seems to be misunderstanding my question. I'm aware of how to 
 > build mod_php5. I'm curious about why the default configuration builds 
 > php5 as a standalone CLI and CGI rather than as an apache module. I'm 
 > assuming that there is some good engineering behind this decision but 
 > I'd like to know a little more about that engineering. Is there some 
 > advantage to running php as a Fast CGI process?
 >
 > -- Chris
 > 
 > P.S. Sorry Bob, I've scanned the commit logs for the port and there is 
 > no mention of security problems with mod_php5.so. To tell the truth I 
 > cannot imagine that there would be any security issues in mod_php5.so 
 > that didn't also exist in /usr/local/bin/php-cgi. I could be wrong here 
 > though and then I would have the answer to my question.

Colour me curious too.  It appears more like a personal preference than
engineering as such.  It might also reflect the relative disrepute that
installing from packages has fallen into, as those having leading edge
hardware tend to forget the convenience and speed of packages compared
to especially large compilations on sub-GHz boxes.  And of CDROM sets.

That said, I'm thankful to developers that it even exists as a port :)

Cheers, Ian

More information about the freebsd-questions mailing list