Vesta 2.0 is coming soon! See our progress update: https://vestacp.com/docs/vesta-2-update
Nginx + php-fpm needs open_basedir
-
thebuilder
- Posts: 3
- Joined: Sun Sep 04, 2016 7:11 pm
Nginx + php-fpm needs open_basedir
Missing open_basedir in /etc/php-fpm.d/*.conf files. How to structurally fix this in the php-fpm template? The vestacp version I'm using is 0.9.8-16
I noticed by running this php file which successfully dumps the system file:
After investigating I do see that the Apache template files add this to the apache configuration file. However I'm using Nginx.
The best location to add the open_basedir configuration are the /etc/php-fpm.d/*.conf files. Technically the open_basedir configuration can also be configured in the nginx conf file. This would then look like how vestacp did it for Apache. However then this needs to be done for all fastcgi_pass sections which can easily be forgotten. When you forget one instance then it wil expose your server. Apache normally use one entry to pass to php-fpm and uses .htaccess. Nginx doesn't use .htaccess and often uses multiple fastcgi_pass sections. E.g. Magento delivers it's own nginx conf.
For that reason I really think that the open_basedir configuration should be done in the /etc/php-fpm.d/*.conf files and I think Apache can also benefit from this approach.
I noticed by running this php file which successfully dumps the system file:
Code: Select all
<?php
echo file_get_contents('/etc/passwd');
The best location to add the open_basedir configuration are the /etc/php-fpm.d/*.conf files. Technically the open_basedir configuration can also be configured in the nginx conf file. This would then look like how vestacp did it for Apache. However then this needs to be done for all fastcgi_pass sections which can easily be forgotten. When you forget one instance then it wil expose your server. Apache normally use one entry to pass to php-fpm and uses .htaccess. Nginx doesn't use .htaccess and often uses multiple fastcgi_pass sections. E.g. Magento delivers it's own nginx conf.
For that reason I really think that the open_basedir configuration should be done in the /etc/php-fpm.d/*.conf files and I think Apache can also benefit from this approach.
-
mehargags
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: Nginx + php-fpm needs open_basedir
I had a similar problem and member DPeca helped me with this.
Though I use apache + nginx (rev. Proxy). The solution to install Magento was to "relax" openbasedir restriction at the time of install. Once everything is set, you may impose the restriction again.
in my
This would let me install magento and then I can revert the line to what it was before.
Hope this helps
Though I use apache + nginx (rev. Proxy). The solution to install Magento was to "relax" openbasedir restriction at the time of install. Once everything is set, you may impose the restriction again.
in my
I use/home/nnn/conf/web/apache2.conf
Code: Select all
php_admin_value open_basedir /home/nnn:/tmp:/etcHope this helps