1 (edited by ldennison 2016-09-02 09:57:47)

Topic: Updating SCRIPT_FILENAME when using PHP-FPM chroot with Apache

Hey Remi,

This question is not directly related to your repos or packages, but I'm hoping you might have a quick thought on how to solve my problem. I've configured my server with Apache 2.4.23 using Event MPM. I also have PHP-FPM running three different version from your repo: 5.6, 7.0, and 7.1. I recently changed PHP-FPM to chroot for each domain that is hosted on the server. The goal is making sure the PHP process of one site cannot read/write to another site's files. So, here the Proxy part of my Apache virtual host for "example":

<Proxy "unix:/var/www/sites/example/system/php/sockets/example|fcgi://localhost">
    ProxySet timeout=60
</Proxy>

<FilesMatch \.php$>
    SetHandler "proxy:fcgi://localhost"
</FilesMatch>

Re: Updating SCRIPT_FILENAME when using PHP-FPM chroot with Apache

And here's the relevant part of the PHP pool configuration for the same "example" (the forum wouldn't let me post this in the same message for some reason, says "too many links"):

chroot = /var/www/sites/example/docroot
chdir = /

So, my problem is that once I turn on that chroot, I'm getting "File not found" returned from PHP-FPM. I'm pretty sure that's because the SCRIPT_FILENAME that PHP-FPM is looking for is the whole absolute file path to the script. But, PHP is chroot'ed, so the path needs to be adjusted. I can't figure out how to tell Apache to only pass in a certain path of that path. In fact, I cannot get Apache/PHP-FPM to override the "SCRIPT_FILENAME" at all. Do you have any ideas on how I could resolve this?

Re: Updating SCRIPT_FILENAME when using PHP-FPM chroot with Apache

Yes, I'm aware, SetHandler doesn't work when FPM use chroot.

You may try to create symlink in the chroot tree, so FPM will find the full path.

/srv/chroot
/srv/chroot/srv
/srv/chroot/srv/chroot => ../..

I need to work on a upstream solution about this.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi