After several security concerns, I decided to completely redo my server configuration on shared hosting because I need some vhosts to be able to use functions like exec and some running Wordpress to be totally isolated to a single directory with bunch of disabled functions.
I decided to go with php7.0-fpm with FastCGI and I would love some pointers what to do next.
I already managed to get FPM/FastCGI running this way:
sudo apt-get remove libapache2-mod-php7.0
sudo apt install php7.0-fpm
sudo a2enconf php7.0-fpm
sudo a2dismod php7.0
sudo a2dismod mpm_prefork
sudo a2enmod mpm_event alias
sudo apt install libapache2-mod-fastcgi
sudo a2enmod fastcgi proxy_fcgi
Restart apache sudo systemctl restart apache2.service
Restart php-fpm sudo systemctl restart php7.0-fpm.service
So far this works well, phpinfo() shows API: FPM/FastCGI, my scripts are served, now comes the hard part where documentation lacks or I do not know what to Google:
- How do I chroot individual virtual hosts into their
/var/www/example.comdirectory so I use most of the FPM configuration? I am looking for clean stanard way so I can script it then without major hacks. - What is the procedure to run each virtual host under it's own user? Can I automate that with some clever module or do I have to manually create the user, insert him into configuration file and chown his files the right way? I am not even sure if I am asking this right.
- How can I create separate .ini files for each virtual host? What is your strategy? Where are these files meant to be to be maintainable for backup and what naming conventions do you use in production?
Any other pointers are welcome, also links to recent up to date documentation with php version 7 withotut Nginx, I know about apache.org documantations and their old wiki, but FastCGI and official FPM documentation on php.net are not enough for me at this time, only Google is my friend in this time of despair.
0 Answers