I am using Debian Squeeze and set up PHP-FPM with fastcgi. I have several virtual hosts defined on the same host. I defined chroot for each pool configuration but somehow it is possible to change directory and go above the root directory definition at the pool conf.
disable_functions at the conf file is not working as well. I haven't figured it out the reason.
Sample files are below:
/etc/php5/fpm/pool.d/foo.conf:
[foo]
user = foo
group = foo
listen = 127.0.0.1:9018
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chroot = /var/www/foo
chdir = /
php_admin_value[disable_functions] = dir,chdir,opendir,readdir
php_admin_value[doc_root] = /var/www/foo
php_admin_value[open_basedir] = /var/www/foo
access.log = /var/log/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
/etc/apache2/sites-enables/foo.com:
<VirtualHost 19x.xxx.xxx.xx>
DocumentRoot /var/www/foo
ServerName foo.com
<IfModule mod_fastcgi.c>
FastCgiExternalServer /foocgi/php5-wrapper -host 127.0.0.1:9018 -user foouser -group foogroup
ScriptAlias /foocgi/ /var/www/foo/cgi-bin/
AddHandler php5-fastcgi .php
Action php5-fastcgi /foocgi/php5-wrapper
AddType application/x-httpd-php .php
<Directory /var/www/foo/cgi-bin/>
SetHandler fastcgi-script
Options +ExecCGI
</Directory>
</IfModule>
<Directory /var/www/foo>
allow from all
Options -Indexes SymLinksIfOwnerMatch
</Directory>
</VirtualHost>
/var/www/foo/cgi-bin/php5-wrapper:
#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
#export PHP_FCGI_MAX_REQUESTS=5000
#export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php
/etc/apache2/mods-enabled/fastcgi.conf:
<IfModule mod_fastcgi.c>
FastCgiConfig -autoUpdate -singleThreshold 100 -killInterval 300 -idle-timeout 240 -maxClassProcesses 1 -pass-header HTTP_AUTHORIZATION
FastCgiWrapper /usr/lib/apache2/suexec
<Directory "/var/www/cgi-bin/">
AllowOverride none
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</IfModule>
/var/log/foo.access.log is empty though port 9018 is LISTEN at netstat output. The site is being opened without errors also. Any idea about the chroot problem or how to make the disable_functions work?
Can you show your phpinfo()
?
May you load PHP.ini from /etc/php5/cgi/php.ini and from your php-fpm config, from pool.d/* or from /etc/php5/fpm/php.ini
I say that for:
#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
#export PHP_FCGI_MAX_REQUESTS=5000
#export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php
php5-fpm is usually in /usr/sbin/php5-fpm
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.