PHP-FPM / wrong permissions among other issues.

Submitted by pcmerc on Thu, 03/09/2017 - 18:29

After a fresh OS & Virtualmin install, the following occurs:

Creating a new vhost, enabling php-fpm(yes the php-fpm packages are installed) produces 404 / 503

  1. Looking at the permissions for the sockets in the /var/php-fpm, they are wrong. Owner root?
    The fpm config file needs to contain listen.owner & listen.group so the socket has the correct permissions.

  2. The apache ProxyPass syntax is also incorrect.

WRONG - ProxyPassMatch ^/(..php(/.)?)$ unix:/var/php-fpm/148909493325693.sock|fcgi://localhost/home/test.com/public_html/$

CORRECT - ProxyPassMatch ^/(..php(/.)?)$ unix:/var/php-fpm/148909493325693.sock|fcgi://localhost:9000/home/test.com/public_html

Status: 
Needs work

Comments

Submitted by JamieCameron on Thu, 03/09/2017 - 19:32

Which Virtualmin version are you running there? Because in the 5.07 release, we have switched away from using socket files for FPM for new domains.

Submitted by pcmerc on Fri, 03/10/2017 - 14:05

If it's on the localhost, sockets avoid the network stack overhead. How about an option to use either or, which should be easily doable, it's just config options.

Submitted by JamieCameron on Fri, 03/10/2017 - 17:50

I totally agree - however, in my experience unix domain sockets simply don't work as documented in several popular linux distributions. So we were forced to give up on them :-(

Submitted by pcmerc on Fri, 03/10/2017 - 20:23

All good, thanks Jamie for an awesome product. I'll just mangle in the changes I need etc. :D

Submitted by xorax on Tue, 02/20/2018 - 08:31

Because in the 5.07 release, we have switched away from using socket files for FPM for new domains.

However sockets are faster than network connection, they are also are more secure.

Actualy I see FPM listenning on localhost, that means any user can write in it... and so get the permission of other users through php... right ?