I am setting up php-fpm with chrooting enabled. Now I see that there are two options, and I want to know what the exact difference is.
The setup has:
chroot = /var/www/domains/domain.tld/
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
chdir = /docroot/
Why are there two different locations here, and which path is php allowed to access. Can the php website access /var/www/domains/domain.tld/, or can it only access files withing the docroot directory.
===
Maybe there is some concrete advice for me. I want to have a setup like this:
webroot location: /var/www/
domain.com/
|---conf/
| |--nginx.conf
| |--php-fpm.conf
|
|---ssl/
|---logs/
|---session/
|---domains/
|---www/
|---app/
|---dev/
Now here the php-fpm settings would be:
chroot = /var/www/domain.com/
chdir = /domains/www
Now the main question here is, will the application located in the www subdomain be able to access the files in dev or app. Or even the files located in session, which is the session save path, or the other folders such as ssl and logs.
The settings you have proposed seem quite fine.
As a side note - your php-application will also have access to your nginx.conf and php-fpm.conf based on the document structure you have shown - which seems like something you may want to change (at least making the files read-only to that user).