PHP-FPM is not working as expected

oguzy's picture

Forums: 

I am using Debian Squeeze and set up PHP-FPM with fastcgi. I have several virtual hosts defined on the same host. I defined chroot for each pool configuration but somehow it is possible to change directory and go above the root directory definition at the pool conf.

disable_functions at the conf file is not working as well. I haven't figured it out the reason.

Sample files are below:

/etc/php5/fpm/pool.d/foo.conf:

[foo]

user = foo
group = foo

listen = 127.0.0.1:9018
listen.allowed_clients = 127.0.0.1

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

chroot = /var/www/foo
chdir = /

php_admin_value[disable_functions] = dir,chdir,opendir,readdir
php_admin_value[doc_root] = /var/www/foo
php_admin_value[open_basedir] = /var/www/foo

access.log = /var/log/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

/etc/apache2/sites-enables/foo.com:

<VirtualHost 19x.xxx.xxx.xx>
DocumentRoot /var/www/foo
ServerName foo.com

<IfModule mod_fastcgi.c>

FastCgiExternalServer /foocgi/php5-wrapper -host 127.0.0.1:9018 -user foouser -group foogroup

ScriptAlias /foocgi/ /var/www/foo/cgi-bin/

AddHandler php5-fastcgi .php
Action php5-fastcgi /foocgi/php5-wrapper
AddType application/x-httpd-php .php

<Directory /var/www/foo/cgi-bin/>
SetHandler fastcgi-script
Options +ExecCGI
</Directory>

</IfModule>

<Directory /var/www/foo>
allow from all
Options -Indexes SymLinksIfOwnerMatch
</Directory>
</VirtualHost>

/var/www/foo/cgi-bin/php5-wrapper:

#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
#export PHP_FCGI_MAX_REQUESTS=5000
#export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php

/etc/apache2/mods-enabled/fastcgi.conf:

<IfModule mod_fastcgi.c>
FastCgiConfig -autoUpdate -singleThreshold 100 -killInterval 300 -idle-timeout 240 -maxClassProcesses 1 -pass-header HTTP_AUTHORIZATION
FastCgiWrapper /usr/lib/apache2/suexec

<Directory "/var/www/cgi-bin/">
AllowOverride none
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</IfModule>

/var/log/foo.access.log is empty though port 9018 is LISTEN at netstat output. The site is being opened without errors also. Any idea about the chroot problem or how to make the disable_functions work?

I asked the question here also: http://stackoverflow.com/questions/17251170/hp-fpm-is-not-working-as-expected for the ones who wants to see the conf files in a more formatted way.