我已经配置好了PHP,Apache以便PHP-FPM在多主机系统里为每个用户创建一个单独的池。
网络面板在自己的池中运行,具有不同的权限。
管理部门-WebPanel
<VirtualHost *:80>
# CONFIG
Define DOMAIN my.fruit
Define SOCKET /run/php/panel.sock
Define ROOT /etc/fruithost/panel/
# DO NOT EDIT
ServerAdmin support@${DOMAIN}
DocumentRoot ${ROOT}
ServerName ${DOMAIN}
ErrorLog "/var/fruithost/logs/panel_error.log"
CustomLog "/var/fruithost/logs/panel_access.log" combined
CustomLog "/var/fruithost/logs/panel_bandwidth.log" common
# Security
<IfModule mpm_itk_module>
AssignUserId www-data www-data
</IfModule>
# Debug-Mode
#ProxyErrorOverride Off
#ServerSignature On
#LogLevel debug
<IfModule headers>
Header set X-Frame-Options: "SAMEORIGIN"
</IfModule>
<IfModule mod_alias.c>
# Define Error Pages
Alias /errors/100.html /etc/fruithost/placeholder/errors/100.html
Alias /errors/101.html /etc/fruithost/placeholder/errors/101.html
Alias /errors/401.html /etc/fruithost/placeholder/errors/401.html
Alias /errors/403.html /etc/fruithost/placeholder/errors/403.html
Alias /errors/404.html /etc/fruithost/placeholder/errors/404.html
Alias /errors/405.html /etc/fruithost/placeholder/errors/405.html
Alias /errors/408.html /etc/fruithost/placeholder/errors/408.html
Alias /errors/410.html /etc/fruithost/placeholder/errors/410.html
Alias /errors/411.html /etc/fruithost/placeholder/errors/411.html
Alias /errors/412.html /etc/fruithost/placeholder/errors/412.html
Alias /errors/413.html /etc/fruithost/placeholder/errors/413.html
Alias /errors/414.html /etc/fruithost/placeholder/errors/414.html
Alias /errors/415.html /etc/fruithost/placeholder/errors/415.html
Alias /errors/500.html /etc/fruithost/placeholder/errors/500.html
Alias /errors/501.html /etc/fruithost/placeholder/errors/501.html
Alias /errors/502.html /etc/fruithost/placeholder/errors/502.html
Alias /errors/503.html /etc/fruithost/placeholder/errors/503.html
Alias /errors/504.html /etc/fruithost/placeholder/errors/504.html
Alias /errors/505.html /etc/fruithost/placeholder/errors/505.html
Alias /errors/506.html /etc/fruithost/placeholder/errors/506.html
# Define Modules-URL
Alias /app /etc/fruithost/modules
# Define Theme-URL
Alias /theme /etc/fruithost/themes
</IfModule>
# PHP-FPM
<IfModule !mod_php8.c>
<IfModule proxy_fcgi_module>
# Forward Auth-Header
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
# Define Proxy
<Proxy "unix:${SOCKET}|fcgi://panel">
ProxySet disablereuse=on
</Proxy>
# When .php-Files will be visited
<FilesMatch "\.php$">
# Remove old handlers (if exists)
RemoveHandler .php
ProxyFCGIBackendType FPM
ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"
ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"
ProxyFCGISetEnvIf "true" PATH_INFO "%{PATH_INFO}"
ProxyFCGISetEnvIf "true" PATH_TRANSLATED "%{reqenv:DOCUMENT_ROOT}%{reqenv:PATH_INFO}%{reqenv:SCRIPT_NAME}"
#ProxyFCGISetEnvIf "true" REQUEST_URI "${REQUEST_URI}"
ProxyFCGISetEnvIf "true" SCRIPT_NAME "%{reqenv:SCRIPT_NAME}"
ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:SCRIPT_FILENAME}"
SetHandler proxy:fcgi://panel
</FilesMatch>
# Debug Status
<LocationMatch "/fh-panel-status">
ProxyPass "unix:${SOCKET}|fcgi://panel/fh-panel-status"
</LocationMatch>
</IfModule>
</IfModule>
# Accessibility
<Directory /etc/fruithost/panel>
Options +FollowSymLinks -Indexes +IncludesNoExec
AllowOverride All
Require all granted
</Directory>
<Directory /etc/fruithost/themes>
Options +FollowSymLinks -Indexes +IncludesNoExec
AllowOverride All
Require all granted
</Directory>
<Directory /etc/fruithost/modules>
Options +FollowSymLinks -Indexes +IncludesNoExec
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
[panel]
user = www-data
group = www-data
listen = /run/php/$pool.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0770
listen.allowed_clients = 127.0.0.1
process.dumpable = yes
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /fh-panel-status
slowlog = /var/fruithost/logs/$pool_slow.log
request_slowlog_timeout = 1m
;request_slowlog_trace_depth = 20
decorate_workers_output = yes
catch_workers_output = yes
php_flag[display_errors] = on
php_admin_value[error_log] = /var/fruithost/logs/php_error.log
php_admin_flag[log_errors] = on
用户
# Generated by fruithost
<VirtualHost *:80>
# DO NOT EDIT
ServerAdmin abuse@domain.com
DocumentRoot /var/fruithost/users/admin/domain.com/
ServerName domain.com
ErrorLog /var/fruithost/users/admin/logs/domain.com_error.log
CustomLog /var/fruithost/users/admin/logs/domain.com_access.log combined
CustomLog /var/fruithost/users/admin/logs/domain.com_bandwidth.log common
# Security
<IfModule mpm_itk_module>
AssignUserId admin www-data
</IfModule>
<IfModule mod_alias.c>
# Define Error Pages
Alias /errors/100.html /etc/fruithost/placeholder/errors/100.html
Alias /errors/101.html /etc/fruithost/placeholder/errors/101.html
Alias /errors/400.html /etc/fruithost/placeholder/errors/400.html
Alias /errors/401.html /etc/fruithost/placeholder/errors/401.html
Alias /errors/403.html /etc/fruithost/placeholder/errors/403.html
Alias /errors/404.html /etc/fruithost/placeholder/errors/404.html
Alias /errors/405.html /etc/fruithost/placeholder/errors/405.html
Alias /errors/408.html /etc/fruithost/placeholder/errors/408.html
Alias /errors/410.html /etc/fruithost/placeholder/errors/410.html
Alias /errors/411.html /etc/fruithost/placeholder/errors/411.html
Alias /errors/412.html /etc/fruithost/placeholder/errors/412.html
Alias /errors/413.html /etc/fruithost/placeholder/errors/413.html
Alias /errors/414.html /etc/fruithost/placeholder/errors/414.html
Alias /errors/415.html /etc/fruithost/placeholder/errors/415.html
Alias /errors/500.html /etc/fruithost/placeholder/errors/500.html
Alias /errors/501.html /etc/fruithost/placeholder/errors/501.html
Alias /errors/502.html /etc/fruithost/placeholder/errors/502.html
Alias /errors/503.html /etc/fruithost/placeholder/errors/503.html
Alias /errors/504.html /etc/fruithost/placeholder/errors/504.html
Alias /errors/505.html /etc/fruithost/placeholder/errors/505.html
Alias /errors/506.html /etc/fruithost/placeholder/errors/506.html
</IfModule>
# PHP-FPM
<IfModule !mod_php8.c>
<IfModule proxy_fcgi_module>
# Forward Auth-Header
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
# Define Proxy
<Proxy "unix:/var/fruithost/users/.sockets/admin.sock|fcgi://user-admin">
ProxySet disablereuse=on
</Proxy>
# When .php-Files will be visited
<FilesMatch "\.php$">
# Remove old handlers (if exists)
RemoveHandler .php
ProxyFCGIBackendType FPM
ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"
ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"
ProxyFCGISetEnvIf "true" PATH_INFO "%{PATH_INFO}"
ProxyFCGISetEnvIf "true" PATH_TRANSLATED "%{reqenv:DOCUMENT_ROOT}%{reqenv:PATH_INFO}%{reqenv:SCRIPT_NAME}"
#ProxyFCGISetEnvIf "true" REQUEST_URI "${REQUEST_URI}"
ProxyFCGISetEnvIf "true" SCRIPT_NAME "%{reqenv:SCRIPT_NAME}"
ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:SCRIPT_FILENAME}"
SetHandler proxy:fcgi://user-admin
</FilesMatch>
</IfModule>
</IfModule>
# Accessibility
<Directory /var/fruithost/users/admin/domain.com/>
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
<Files ~ "(^(?!\.fruithost)\.|php\.ini)">
Require all denied
</Files>
</VirtualHost>
[admin]
prefix = /var/fruithost/users/$pool
user = $pool
group = www-data
listen = /var/fruithost/users/.sockets/$pool.sock
listen.owner = $pool
listen.group = www-data
listen.mode = 0660
process.dumpable = yes
decorate_workers_output = yes
catch_workers_output = yes
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
;chroot = /
chdir = /
;access.log = log/$pool.access.log
decorate_workers_output = yes
catch_workers_output = yes
php_flag[display_errors] = on
php_admin_value[error_log] = logs/php_error.log
php_admin_flag[log_errors] = on
php_value[session.save_path] = temp/
php_admin_value[open_basedir] = /var/fruithost/users/$pool
问题是什么?
所有用户/域配置始终具有相同的方案。
当我重新启动PHP-FPM服务时,调用域时所有内容都正确显示(PHP-Info 正常并且 openbasedir 限制也正确使用)。
但是,当我现在调用 webpanel ( my.fruit) 时,Apache会选择配置中指定的PHP-FPM池panel。尝试调用域 (例如example.com) 后,Apache不再使用定义的PHP-FPM池,而是使用面板的池,因此不再具有任何 openbasedir 注册。
我做错什么了?
为什么突然使用不同的 PHP-FPM 池?
最佳答案
1
问题不在于PHP-FPM或Apache2。问题在于Opcache。
PHP-Flags我们可以通过以下附加指令(或-Directives)来修复该问题php.ini:
; Opcache
php_admin_flag[opcache.enable] = 1
php_admin_flag[opcache.validate_permission] = 1
php_admin_value[opcache.restrict_api] = /var/fruithost/users/$pool
|
|