Debian 9 Stretch LAMP Setup With Sandboxed Users using FPM
I'm trying to set up Apache and FPM on Debian 9 the way we had previously done with Debian 7 and 8. Due to, I believe, the deprecation of mod_fastcgi in favor of mod_proxy_fcgi in Apache 2.4 and the subsequent removal of it from the Debian 9 apt repos, I have been unable to accomplish our previous setup. Basically, we were using FPM to sandbox multiple sites on a single server (a staging/dev server). The end result was that each site was owned and grouped to one user each and FPM ran the site under processes for that particular user.
Here is an example Apache vhost we were using:
FastCgiExternalServer /home/siteusername/www/php5-fcgi -socket /tmp/php5-fpm-siteusername.sock -pass-header Authorization
<VirtualHost *:80>
DocumentRoot /home/username/www/domain.com/public_html/
ServerName www.domain.com
<Directory /home/siteusername/www/domain.com/public_html/>
AllowOverride all
</Directory>
<Directory /home/siteusername/www/>
Require all granted
AllowOverride all
</Directory>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /home/siteusername/www/php5-fcgi
<ifModule mod_headers.c>
Header set X-Robots-Tag "noindex"
</ifModule>
</VirtualHost>
Here is an example FPM config we were using:
[siteusername]
listen = /tmp/php5-fpm-siteusername.sock
listen.allowed_clients = 127.0.0.1
listen.owner = www-data
listen.group = www-data
user = siteusername
group = siteusername
pm = ondemand
pm.max_children = 50
php_admin_value[upload_tmp_dir] = /home/siteusername/tmp/upload
php_admin_value[session.save_path] = /home/siteusername/tmp/session
That exact setup on Debian 9 with Apache 2.4, PHP 7.0, FPM 7.0, with mod_proxy_fcgi (and updated version numbers) results in an error when starting Apache:
Invalid command 'FastCgiExternalServer', perhaps misspelled or defined by a module not included in the server configuration
I'm assuming that command was part of mod_fastcgi and without it, I seem unable to run the sites under their own users. Instead, they run under www-data as any normally configured Apache site would.
I have so far been unable to find the documentation on how to accomplish this configuration. Does anyone have any idea what the updated configs for mod_proxy_fcgi is?
Я был в той же ситуации, что и вы, и я нашел это решение.
https://www.devops.zone/webserver/installing-php7-fpm-with-apache2-worker -on-ubuntu /
У меня работает.
Удачи
Попробуйте это.
В вашем определении FPM АДАПТИРУЙТЕ имя сокета, чтобы оно соответствовало правильной версии php
[siteusername]
listen = /tmp/php7-fpm-siteusername.sock
(в Debian 9 это уже не php5, а php7)
В вашем Определение виртуального хоста УДАЛИТЕ следующее
FastCgiExternalServer /home/siteusername/www/php5-fcgi -socket /tmp/php5-fpm-siteusername.sock -pass-header Authorization
...
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /home/siteusername/www/php5-fcgi
В том же определении виртуального хоста ДОБАВИТЕ следующее
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php7-fpm-siteusername.sock|fcgi://localhost"
</FilesMatch>
В качестве альтернативы вы можете ДОБАВИТЬ следующее в своем определении виртуального хоста
ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/tmp/php7-fpm-siteusername.sock|fcgi://localhost/home/siteusername/www/"
. Убедитесь, что модули mod_proxy и mod_proxy_fcgi включены
a2enmod proxy proxy_fcgi