Apache + PHP-FPM + chroot results “File not found.” error

StackOverflow https://stackoverflow.com/questions/16265765

  •  13-04-2022
  •  | 
  •  

Question

I want to set chroot to the DocumentRoot using PHP-FPM pools' chroot attribute. With the settings below, whatever I do I get only a "File not found." error:

/etc/php5/fpm/pool.d/example.conf

[example]
user = example
group = example
listen = /var/run/php_fpm_example.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chroot = /opt/jail/example/home/example
php_admin_value[open_basedir]=/opt/jail/example/home/example

/etc/apache2/sites-enabled/example

<VirtualHost *:80>
ServerName example.domain.name
ServerAlias www.example.domain.name
DocumentRoot /opt/jail/example/home/example
<Directory /opt/jail/example/home/example>
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
<IfModule mod_fastcgi.c>
<FilesMatch \.`enter code here`php$>
SetHandler php-script
</FilesMatch>
Action php-script /php5-fpm-handler
Alias /php5-fpm-handler /vhost_example
FastCGIExternalServer /vhost_example -socket /var/run/php_fpm_example.sock
</IfModule>
</VirtualHost>

So the website itself is located in /opt/jail/example/home/example. You may find it strange, but doesn't really matter, it is caused by jailkit.

Thanks for your help.

Était-ce utile?

La solution

Do you have a working version without the chroot in php-fpm?

You should start by that.

Then as soon as you define a chroot in the pool:

chroot = /opt/jail/example/home/example

You will have to remove this path from other settings ein this pool:

  • listen
  • chdir
  • php settings, like php_admin_value[open_basedir] or php_value[include_path] or php_admin_value[upload_tmp_dir] and all settings working with tmp directory.

Some others seems to ignore the chroot like slowlog.

So you have a listen = /var/run/php_fpm_example.sock, it means /opt/jail/example/home/example/var/run/php_fpm_example.sock and this should be the path for apache FastCGIExternalServer.

Configuration of Apache with a chrooted php-fpm and FastCGIExternalServer is quite hard, I once described it with a fake full directory path symlink inside the chroot (ugly), but with the new Apache 2.4 you should try to use mod_proxy_fcgi instead or replace Apache by Nginx.

Autres conseils

You can use doc_root php.ini directive to avoid symbolic link in your chroot dir. In your case add this directive in php-fpm conf file (/etc/php5/fpm/pool.d/example.conf):

php_admin_value[doc_root] = /
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top