Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Setting up Apache with PHP-FPM, per-vhost pools, UIDs and chroots
- --------
- # Install apache
- cd /usr/ports/www/apache22
- make install clean
- # Enable SUExec
- # Add apache22_enable="YES" to /etc/rc.conf and start it up
- service apache22 start
- # Install PHP-fpm
- cd /usr/ports/lang/php5
- make install clean
- # Do NOT build the apache module.
- # DO build the FPM verison
- # Building the CGI and CLI versions is fine as well
- # I add the mailhead patch too
- # Install the PHP extensions
- cd /usr/ports/lang/php5-extensions
- make install clean
- # Add php_fpm_enable="YES" to /etc/rc.conf and start it up
- service php-fpm start
- # install fastcgi
- cd /usr/ports/www/mod_fastcgi/
- make install clean
- # edit httpd.conf, inserting:
- LoadModule fastcgi_module libexec/apache22/mod_fastcgi.so
- LoadModule suexec_module libexec/apache22/mod_suexec.so
- # and setting:
- ServerAdmin webaster@internal.org
- ServerName server_ip_address_or_working_hostname
- # And uncomment the Include directives that make sense for me
- # And appending:
- NameVirtualHost *:80
- Include etc/apache22/Includes/*.conf
- #and comment out this block:
- #<Directory />
- # AllowOverride None
- # Order deny,allow
- # Deny from all
- #</Directory>
- # I like to keep each vhosts configuration in its own file,
- # in a "vhosts/" directory, so I append:
- Include etc/apache22/vhosts/*.conf
- # and
- mkdir vhosts disabled-vhosts
- # Now restart and see if that works
- service apache22 restart
- # You may get a warning like "NameVirtualHost *:80 has no
- # VirtualHosts" because we haven't added any yet. Nothing to
- # worry about
- # Next create a Includes/php-fpm.conf for global fpm configs.
- # Mine looks like:
- FastCgiIpcDir /usr/local/etc/php-fpm/
- FastCgiConfig -autoUpdate -singleThreshold 100 -killInterval 300 -idle-timeout 240 -maxClassProcesses 1 -pass-header HTTP_AUTHORIZATION
- FastCgiWrapper /usr/local/sbin/suexec
- <FilesMatch \.php$>
- SetHandler php5-fcgi
- </FilesMatch>
- Action php5-fcgi /fcgi-bin
- <Directory /usr/local/sbin>
- Options ExecCGI FollowSymLinks
- SetHandler fastcgi-script
- Order allow,deny
- Allow from all
- </Directory>
- # See if apache like that:
- service apache22 restart
- # now FPM needs some configuration.
- # Create a dir to store per-vhost fpm configs:
- mkdir /usr/local/etc/fpm.d
- # Then edit the global php-fpm.conf, uncommenting:
- include=etc/fpm.d/*.conf
- # switching the listen statement from a tcp port to:
- listen = /tmp/php-fpm.sock
- # changing the pm to:
- pm = ondemand
- # Now lets create a vhost. Given a site named "example.com"
- # owned by user "luser", here's my template:
- EOF<<
- <VirtualHost *:80>
- ServerName www.example.com
- DocumentRoot /home/luser/example.com/htdocs
- SuexecUserGroup luser luser
- ServerAlias example.com
- ErrorLog /home/luser/example.com/logs/example.com.error_log
- CustomLog /home/luser/example.com/logs/example.com.access_log combined
- <Directory /home/luser/example.com/htdocs">
- Order allow,deny
- Allow from all
- Options +Indexes +FollowSymLinks +ExecCGI +Includes +MultiViews
- AllowOverride All
- </Directory>
- FastCgiExternalServer /tmp/fpm-example.com -socket /tmp/php-fpm-example.com.sock -user luser -group luser
- Alias /fcgi-bin /tmp/fpm-example.com
- <Location /fcgi-bin>
- Options +ExecCGI
- Order allow,deny
- Allow from all
- </Location>
- Alias /stats /home/luser/example.com/stats
- <Directory /home/luser/example.com/stats>
- Order allow,deny
- Allow from all
- </Directory>
- </VirtualHost>
- EOF;
- # create the FPM pool config:
- EOF<<
- [example.com]
- user = luser
- group = luser
- listen = /tmp/php-fpm-example.com.sock
- chroot = /home/luser
- pm = ondemand
- pm.max_children = 50
- pm.status_path = /fpm-status
- php_admin_value[doc_root] = /example.com/htdocs
- php_admin_value[cgi.fix_pathinfo] = 0
- php_admin_value[sendmail_path] = /bin/mini_sendmail -t
- EOF
- # Living with in chroot
- # Install mini_sendmail
- cd /usr/ports/mail/mini_sendmail
- make install clean
- # create a chroot environment for the vhost
- mkdir ~luser/tmp ~luser/bin
- ln /tmp/mysql.sock ~luser/tmp/
- cp /rescue/sh ~luser/bin/sh
- ln /usr/local/bin/mini_sendmail ~luser/bin/mini_sendmail
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement