Forum

I am looking at setting up Hiawatha with PHP on Ubuntu LTS to use wiith Squirrelmail. I have a few questions regarding the setup.

First, is it possible to use Hiawatha with PHP without CGI or FastCGI? On Ubuntu, can I just install Hiawatha from a .deb and install php5 from the repositories and use them together?

Second, do I need to enable EnableAlter and change the MaxUploadSize in order to allow attachment uploads in Squirrelmail?

Below is a potential configuration. Will this work for Squirrelmail? I have also included a few questions in comments about parameters I have seen in other examples, but that I do not completely understand.

Thank you.

#I will set this to a user:group (with disabled login) created to
#   handle /home/username (which is where I will store website files)
ServerId = user:group

#How do I remove the server string? Do I leave this empty?
#   Or, do I actually type 'none' like the manual pages say?
ServerString = Web Server

MinSSLversion = TLS1.0

#Do I need this?
BanlistMask = deny 192.168.0.0/24, deny 127.0.0.1

BanOnFlooding = 30/1:300
BanOnGarbage = 300
BanOnMaxPerIP = 300
BanOnMaxReqSize = 300

KickOnBan = yes
RebanDuringBan = yes
ReconnectDelay = 3

MaxServerLoad = 0.8

#Why would I use this?
HideProxy = 127.0.0.1

Binding {
    Port = 80
}

Binding {
    Port = 443
    SSLcertFile = /etc/path-to-cert/servername.pem

#Do I need these settings to enable attachment uploads in Squirrelmail?
    EnableAlter = yes
    MaxUploadSize = 25
}

Hostname = IP address of server
WebsiteRoot = /home/username/dummy/www
StartFile = index.html

VirtualHost {
    Hostname = www.website.org
    WebsiteRoot = /home/username/website.org/www
    RequireSSL = yes
    SSLcertFile = /etc/path-to-cert/servername.pem
    StartFile = index.php
    PreventCSRF = yes
    PreventXSS = yes

#I might use these settings to make these logs different from the default
#    AccessLogfile = /home/username/website.org/log/access.log
#    ErrorLogfile = /home/username/website.org/log/error.log
}

PHP is a CGI script. So, so you need CGI? Well, PHP uses CGI to communicate with the webserver. Read the HOWTO pages to learn how to configure Hiawatha.
You need to set MaxRequestSize to enable large uploads via Squirrelmail.

ServerId: If you use Ubuntu, set it to 'www-data'.
ServerString: Ignore it. This setting is not important for now.
BanlistMask: If you don't know what it is, you don't need it.
HideProxy: If you don't access your webserver via a reverse proxy, you don't need it.
EnableAlter: This is to enable PUT and DELETE HTTP requests, which you don't need for Squirrelmail.

Hugo, thanks for the help and the clarification on using PHP.

If I setup PHP with FastCGI using php5-fpm as shown on the HOWTO page, do I need to setup any of the "Normal CGI" and specify a CGIhandler or can I skip that and just follow the the setup for "FastCGI" on the second half of the page?

Is there a reason why it is necessary to use the ServerID = www-data, rather than choosing my own user name and group? And, if using www-data as the user and group, can I still create the user and /home/username/ directory with that name to serve as the website root, as shown in the above sample?

Thanks also for clarifying the MaxRequestSize and EnableAlter (good to know I don't need it for Squirrelmail) parameters. Do I have the MaxRequestSize in the correct place in the above sample, in the 443 TLS binding (if that is the binding I plan to require for Squirrelmail)?

Thanks also for the comments on the ServerString, BanlistMask, and HideProxy -- it doesn't sound like I will need them right now.

When using PHP via FastCGI you don't need the CGIhandler option. That one is for using CGI's that can be execute directly (like compiled C programs) instead of via a parser.

The reason for using www-data is because many webapp packages in Ubuntu expect the webserver to run as user www-data.

I don't see a MaxRequestSize in the example above. I guess you refer to the MaxUploadSize? The MaxUploadSize is for PUT requests and can therefor be removed. Replace it with the MaxRequestSize setting.

Thanks again for the help. Ah, yes, I did not read closely enough on your first response to notice MaxRequestSize instead of MaxUploadSize. Does it create any sort of security vulnerability to set a high value like MaxRequestSize = 25600 (to enable 25 MB attachment uploads in Squirrelmail), because it is so much higher than your default value or example value?

It allows everybody to make your webserver use a lot of memory. I'm sure the risk of somebody actually doing that is very low, but it's up to you to decide whether it's an acceptable risk or not.

Thanks again for the help. I appreciate it. I guess I will have to consider a balance point between limiting risk and providing functionality, in this particular setup. I am looking forward to setting this up and trying out Hiawatha.

One more question... when considering attachment uploads in Squirrelmail, does the TimeForRequest parameter mean the time necessary for the attachment file(s) to upload? Or, simply the time necessary for the client to request that an attachment upload occur? In other words, would this TimeForRequest need to be increased for larger file uploads or is the default (or lower) value fine? Thanks again.

Sorry for the late response. The TimeForRequest is the time Hiawatha allows a client to send a HTTP request. An attachement is also send via a HTTP request, so it affects the time a client has to upload an attachement. The larger the attachement, the higher the value of this option should be.

Thanks for the explanation. The default is TimeForRequest = 5, 30. Should both times be increased on only one of them?

The first value is for the first request within a connection, the last value for the second and following requests within the connection. Best is to use one value, which then will be used for all requests within a connection.

Okay, that does simplify it, to use just one value. Thanks again for your help. I really appreciate it.