Need advice in setting up server. fastCGI, suExec, speed, security, etc

Question

I am running my own dedicated server with centOS 5 and WHM/cPanel. I would like to configure my server to meet my needs but I need a little help. It will only be my own websites being run on this server. I'm still a little green when it comes to server administration so please forgive my ignorance.

What I Would Like to Have:

• I need some public directories to be writable (for user image uploads and things like that) but I don't want those directories to have 777 permissions.
• I need individual accounts to have the ability to set custom php settings for their own account without affecting other accounts, whether through a php.ini file or through .htaccess or any other method.
• I would like things to run as fast as possible, whether that means using a php optimizer or cacher, such as eaccelerator or xcache or anything else.
• I need things to be as secure as possible.

Here Are My Questions

• What should I use for my php handler? DSO? CGI? fastCGI? suPHP? Other?
• Should I be using suEXEC? What are the benefits or downfalls of this?
• What php optimizer/cacher is best to use?
• Are there any other security tips I need to know about all of this?

I'd appreciate any advice or direction that can be offered.

Thanks!

Answer 1

You should choose between performance and easy configuration, which provided by DSO and improved virtual host isolation which provided by FastCGI

In my mind, if you plan to host only own sites you should mod_php(DSO) Pros:

• Best performance and easy configuration
• You can use any cacher/optimizer
• Almost all php settings can be configured per site via php_admin_value in webserver config or htaccess

Contras:

• All of your php scripts will under apache user - you should carefully set up open_basedir and other php security directives.
• You cannot specify php extension set per site