From 8522073bb6e14b2e77889d206a45c9fd7c1a1d76 Mon Sep 17 00:00:00 2001 From: "dave@tiredofit.ca" Date: Sat, 25 Nov 2023 11:59:35 -0800 Subject: [PATCH] Release 7.7.0 - See CHANGELOG.md --- CHANGELOG.md | 8 ++ README.md | 83 ++++++++++--------- examples/{docker-compose.yml => compose.yml} | 5 +- install/assets/defaults/20-php-fpm | 37 ++++++++- install/assets/functions/20-php-fpm | 61 ++++++++++---- install/assets/php-fpm/fpm/php-fpm.conf | 8 +- install/etc/services.available/20-php-fpm/run | 2 +- 7 files changed, 139 insertions(+), 65 deletions(-) rename examples/{docker-compose.yml => compose.yml} (90%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9cff4f5..cf053d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## 7.7.0 2023-11-25 + + ### Added + - Allow listening on Unix Socket or TCP Socket (default Unix Socket) + - Add host/ip restrictions for TCP listening + - Add PHP_FPM_USER and PHP_FPM_GROUP variables to create isolation from upstream image (default NGINX_ or UNIT_ USER|GROUP) + + ## 7.6.16 2023-11-22 ### Added diff --git a/README.md b/README.md index 79ffc29..363f3e8 100644 --- a/README.md +++ b/README.md @@ -189,44 +189,51 @@ When `PHP_FPM_CONTAINER_MODE` set to `nginx` the `PHP_FPM_LISTEN_PORT` environme *You can also pass arguments to each server as defined in the [Nginx Upstream Documentation](https://nginx.org/en/docs/http/ngx_http_upstream_module.html)* -| Parameter | Description | Default | -| ------------------------------------- | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | -| `PHP_APC_SHM_SIZE` | APC Cache Memory size - `0` to disable | `128M` | -| `PHP_APC_TTL` | APC Time to live in seconds | `7200` | -| `PHP_FPM_HOST` | Default PHP-FPM Host, seperate multiple by commas | `127.0.0.1:9000` - See above Container options | -| `PHP_FPM_LISTEN_PORT` | PHP-FPM Listening Port - Ignored with above container options | `9000` | -| `PHP_FPM_MAX_CHILDREN` | Maximum Children | `75` | -| `PHP_FPM_MAX_REQUESTS` | How many requests before spawning new server | `500` | -| `PHP_FPM_MAX_SPARE_SERVERS` | Maximum Spare Servers available | `3` | -| `PHP_FPM_MIN_SPARE_SERVERS` | Minium Spare Servers avaialble | `1` | -| `PHP_FPM_OUTPUT_BUFFER_SIZE` | Output buffer size in bytes | `0` | -| `PHP_FPM_POST_INIT_COMMAND` | If you wish to execute a command before php-fpm executes, enter it here and seperate multiples by comma. | | -| `PHP_FPM_POST_INIT_SCRIPT` | If you wish to execute a script before php-fpm executes, enter it here and seperate multiples by comma. | | -| `PHP_FPM_PROCESS_MANAGER` | How to handle processes `static`, `ondemand`, `dynamic` | `dynamic` | -| `PHP_FPM_START_SERVERS` | How many FPM servers to start initially | `2` | -| `PHP_HIDE_X_POWERED_BY` | Hide X-Powered by response | `TRUE` | -| `PHP_LOG_ACCESS_FILE` | PHP Access Logfile Name | `access.log` | -| `PHP_LOG_ERROR_FILE` | Logfile name | `error.log` | -| `PHP_LOG_LEVEL` | PHP Log Level `alert` `error` `warning` `notice` `debug` | `notice` | -| `PHP_LOG_ACCESS_FORMAT` | Log format - `default` or `json` | `default` | -| `PHP_LOG_LIMIT` | Characters to log | `2048` | -| `PHP_LOG_LOCATION` | Log Location for PHP Logs | `/www/logs/php-fpm` | -| `PHP_MEMORY_LIMIT` | How much memory should PHP use | `128M` | -| `PHP_OPCACHE_INTERNED_STRINGS_BUFFER` | OPCache interned strings buffer | `8` | -| `PHP_OPCACHE_JIT_BUFFER_SIZE` | JIT Buffer Size `0` to disable | `50M` | -| `PHP_OPCACHE_JIT_MODE` | JIT [CRTO](https://wiki.php.net/rfc/jit) Mode - > PHP 8.x | `1255` | -| `PHP_OPCACHE_MAX_ACCELERATED_FILES` | OPCache Max accelerated files | `10000` | -| `PHP_OPCACHE_MEM_SIZE` | OPCache Memory Size - Set `0` to disable or via other env vars | `128` | -| `PHP_OPCACHE_REVALIDATE_FREQ` | OPCache revalidate frequency in seconds | `2` | -| `PHP_OPCACHE_MAX_WASTED_PERCENTAGE` | Max wasted percentage cache | `5` | -| `PHP_OPCACHE_VALIDATE_TIMESTAMPS` | Validate timestamps `1` or `0` | `1` | -| `PHP_OPCACHE_SAVE_COMMENTS` | Opcache Save Comments `0` or `1` | `1` | -| `PHP_OPCACHE_MAX_FILE_SIZE` | Opcache maximum file size | `0` | -| `PHP_OPCACHE_OPTIMIZATION_LEVEL` | Opcache optimization level | `0x7FFFBFF` | -| `PHP_POST_MAX_SIZE` | Maximum Input Size for POST | `2G` | -| `PHP_TIMEOUT` | Maximum Script execution Time | `180` | -| `PHP_UPLOAD_MAX_SIZE` | Maximum Input Size for Uploads | `2G` | -| `PHP_WEBROOT` | Used with `CONTAINER_MODE=php-fpm` | `/www/html` | +| Parameter | Description | Default | +| ------------------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------- | +| `PHP_APC_SHM_SIZE` | APC Cache Memory size - `0` to disable | `128M` | +| `PHP_APC_TTL` | APC Time to live in seconds | `7200` | +| `PHP_FPM_HOST` | PHP-FPM Host, dependenent on PHP_FPM_LISTEN_TYPE, add multiple with commas | `127.0.0.1:9000` or `/var/run/php-fpm.sock` | +| `PHP_FPM_LISTEN_TYPE` | PHP-FPM listen type `UNIX` sockets or `TCP` sockets or `BOTH` | `unix` | +| `PHP_FPM_LISTEN_TCP_IP` | PHP-FPM Listening IP if `PHP_LISTEN_TYPE=TCP` | `0.0.0.0` | +| `PHP_FPM_LISTEN_TCP_IP_ALLOWED` | PHP-FPM allow only these hosts if `PHP_LISTEN_TYPE=TCP` | `127.0.0.1` | +| `PHP_FPM_LISTEN_TCP_PORT` | PHP-FPM Listening Port - Ignored with above container options | `9000` | +| `PHP_FPM_LISTEN_UNIX_SOCKET` | PHP-FPM Listen Socket if `PHP_LISTEN_TYPE=UNIX` | `/var/run/php-fpm.sock` | +| `PHP_FPM_LISTEN_UNIX_SOCKET_USER` | PHP-FPM Listen Socket user `PHP_LISTEN_TYPE=UNIX` | `${NGINX_USER}` or `${UNIT_USER}` | +| `PHP_FPM_LISTEN_UNIX_SOCKET_GROUP` | PHP-FPM Listen Socket group `PHP_LISTEN_TYPE=UNIX` | `${NGINX_GROUP}` or `${UNIT_GROUP}` | +| `PHP_FPM_MAX_CHILDREN` | Maximum Children | `75` | +| `PHP_FPM_MAX_REQUESTS` | How many requests before spawning new server | `500` | +| `PHP_FPM_MAX_SPARE_SERVERS` | Maximum Spare Servers available | `3` | +| `PHP_FPM_MIN_SPARE_SERVERS` | Minium Spare Servers avaialble | `1` | +| `PHP_FPM_OUTPUT_BUFFER_SIZE` | Output buffer size in bytes | `0` | +| `PHP_FPM_POST_INIT_COMMAND` | If you wish to execute a command before php-fpm executes, enter it here and seperate multiples by comma. | | +| `PHP_FPM_POST_INIT_SCRIPT` | If you wish to execute a script before php-fpm executes, enter it here and seperate multiples by comma. | | +| `PHP_FPM_PROCESS_MANAGER` | How to handle processes `static`, `ondemand`, `dynamic` | `dynamic` | +| `PHP_FPM_START_SERVERS` | How many FPM servers to start initially | `2` | +| `PHP_FPM_USER` | User to run PHP-FPM master process as | `${NGINX_USER}` or `${UNIT_USER}` | +| `PHP_HIDE_X_POWERED_BY` | Hide X-Powered by response | `TRUE` | +| `PHP_LOG_ACCESS_FILE` | PHP Access Logfile Name | `access.log` | +| `PHP_LOG_ERROR_FILE` | Logfile name | `error.log` | +| `PHP_LOG_LEVEL` | PHP Log Level `alert` `error` `warning` `notice` `debug` | `notice` | +| `PHP_LOG_ACCESS_FORMAT` | Log format - `default` or `json` | `default` | +| `PHP_LOG_LIMIT` | Characters to log | `2048` | +| `PHP_LOG_LOCATION` | Log Location for PHP Logs | `/www/logs/php-fpm` | +| `PHP_MEMORY_LIMIT` | How much memory should PHP use | `128M` | +| `PHP_OPCACHE_INTERNED_STRINGS_BUFFER` | OPCache interned strings buffer | `8` | +| `PHP_OPCACHE_JIT_BUFFER_SIZE` | JIT Buffer Size `0` to disable | `50M` | +| `PHP_OPCACHE_JIT_MODE` | JIT [CRTO](https://wiki.php.net/rfc/jit) Mode - > PHP 8.x | `1255` | +| `PHP_OPCACHE_MAX_ACCELERATED_FILES` | OPCache Max accelerated files | `10000` | +| `PHP_OPCACHE_MEM_SIZE` | OPCache Memory Size - Set `0` to disable or via other env vars | `128` | +| `PHP_OPCACHE_REVALIDATE_FREQ` | OPCache revalidate frequency in seconds | `2` | +| `PHP_OPCACHE_MAX_WASTED_PERCENTAGE` | Max wasted percentage cache | `5` | +| `PHP_OPCACHE_VALIDATE_TIMESTAMPS` | Validate timestamps `1` or `0` | `1` | +| `PHP_OPCACHE_SAVE_COMMENTS` | Opcache Save Comments `0` or `1` | `1` | +| `PHP_OPCACHE_MAX_FILE_SIZE` | Opcache maximum file size | `0` | +| `PHP_OPCACHE_OPTIMIZATION_LEVEL` | Opcache optimization level | `0x7FFFBFF` | +| `PHP_POST_MAX_SIZE` | Maximum Input Size for POST | `2G` | +| `PHP_TIMEOUT` | Maximum Script execution Time | `180` | +| `PHP_UPLOAD_MAX_SIZE` | Maximum Input Size for Uploads | `2G` | +| `PHP_WEBROOT` | Used with `CONTAINER_MODE=php-fpm` | `/www/html` | #### Enabling / Disabling Specific Extensions diff --git a/examples/docker-compose.yml b/examples/compose.yml similarity index 90% rename from examples/docker-compose.yml rename to examples/compose.yml index 847e448..d572da2 100644 --- a/examples/docker-compose.yml +++ b/examples/compose.yml @@ -1,8 +1,6 @@ -version: '3.7' - services: nginx-php-fpm-app: - image: tiredofit/nginx-php-fpm/8.1 + image: tiredofit/nginx-php-fpm/8.3-alpine container_name: nginx-php-fpm-app labels: - traefik.enable=true @@ -14,7 +12,6 @@ services: environment: - TIMEZONE=America/Vancouver - CONTAINER_NAME=nginx-php-fpm-app-app - networks: - services - proxy diff --git a/install/assets/defaults/20-php-fpm b/install/assets/defaults/20-php-fpm index 5fa265a..512fe1f 100755 --- a/install/assets/defaults/20-php-fpm +++ b/install/assets/defaults/20-php-fpm @@ -9,8 +9,13 @@ PHP_DISPLAY_ERRORS=${PHP_DISPLAY_ERRORS:-"TRUE"} PHP_ENABLE_CREATE_SAMPLE_PHP=${PHP_ENABLE_CREATE_SAMPLE_PHP:-"TRUE"} PHP_HIDE_X_POWERED_BY=${PHP_HIDE_X_POWERED_BY:-"TRUE"} PHP_KITCHENSINK=${PHP_KITCHENSINK:-"FALSE"} -PHP_FPM_HOST=${PHP_FPM_HOST:-"127.0.0.1"} +PHP_FPM_LISTEN_IP=${PHP_FPM_LISTEN_IP:-"0.0.0.0"} +PHP_FPM_LISTEN_TYPE=${PHP_FPM_LISTEN_TYPE:-"both"} PHP_FPM_LISTEN_PORT=${PHP_FPM_LISTEN_PORT:-"9000"} +PHP_FPM_LISTEN_TCP_IP=${PHP_FPM_LISTEN_TCP_IP:-"${PHP_FPM_LISTEN_IP}"} +PHP_FPM_LISTEN_TCP_IP_ALLOWED=${PHP_FPM_LISTEN_TCP_IP_ALLOWED:-"127.0.0.1"} +PHP_FPM_LISTEN_TCP_PORT=${PHP_FPM_LISTEN_TCP_PORT:-"${PHP_FPM_LISTEN_PORT}"} +PHP_FPM_LISTEN_UNIX_SOCKET=${PHP_FPM_LISTEN_UNIX_SOCKET:-"/var/lib/php-fpm/run/php-fpm.sock"} PHP_FPM_MAX_CHILDREN=${PHP_FPM_MAX_CHILDREN:-"75"} PHP_FPM_MAX_REQUESTS=${PHP_FPM_MAX_REQUESTS:-"500"} PHP_FPM_MAX_SPARE_SERVERS=${PHP_FPM_MAX_SPARE_SERVERS:-"3"} @@ -37,7 +42,6 @@ PHP_OPCACHE_REVALIDATE_FREQ=${PHP_OPCACHE_REVALIDATE_FREQ:-"2"} PHP_OPCACHE_SAVE_COMMENTS=${PHP_OPCACHE_SAVE_COMMENTS:-"1"} PHP_OPCACHE_VALIDATE_TIMESTAMPS=${PHP_OPCACHE_VALIDATE_TIMESTAMPS:-"1"} PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-"2G"} - PHP_TIMEOUT=${PHP_TIMEOUT:-"180"} PHP_UPLOAD_MAX_SIZE=${PHP_UPLOAD_MAX_SIZE:-"2G"} PHP_VERSION=${PHP_VERSION:-$(php -v 2>/dev/null | grep "^PHP " | head -n 1 | awk '{print $2}')} @@ -62,6 +66,34 @@ PHP_XDEBUG_DISCOVER_CLIENT_HOST=${PHP_XDEBUG_DISCOVER_CLIENT_HOST:-"default"} PHP_XDEBUG_CLIENT_HOST=${PHP_XDEBUG_CLIENT_HOST:-"127.0.0.1"} PHP_XDEBUG_CLIENT_PORT=${PHP_XDEBUG_CLIENT_PORT:-"9003"} +if [ -f "/usr/sbin/unitd" ] ; then + PHP_FPM_LISTEN_UNIX_GROUP=${PHP_FPM_LISTEN_UNIX_GROUP:-"${UNIT_GROUP}"} + PHP_FPM_LISTEN_UNIX_USER=${PHP_FPM_LISTEN_UNIX_USER:-"${UNIT_USER}"} + PHP_FPM_USER=${PHP_FPM_USER:-"${UNIT_USER}"} + PHP_FPM_GROUP=${PHP_FPM_GROUP:-"${UNIT_GROUP}"} +fi + +if [ -f "/usr/sbin/nginx" ] ; then + PHP_FPM_LISTEN_UNIX_GROUP=${PHP_FPM_LISTEN_UNIX_GROUP:-"${NGINX_GROUP}"} + PHP_FPM_LISTEN_UNIX_USER=${PHP_FPM_LISTEN_UNIX_USER:-"${NGINX_USER}"} + PHP_FPM_USER=${PHP_FPM_USER:-"${NGINX_USER}"} + PHP_FPM_GROUP=${PHP_FPM_GROUP:-"${NGINX_GROUP}"} +fi + +if [ -z "${PHP_FPM_HOST}" ]; then + case "${PHP_FPM_LISTEN_TYPE,,}" in + both ) + PHP_FPM_HOST=${PHP_FPM_LISTEN_UNIX_SOCKET} + ;; + tcp ) + PHP_FPM_HOST=127.0.0.1:${PHP_FPM_LISTEN_TCP_PORT} + ;; + unix ) + PHP_FPM_HOST=${PHP_FPM_LISTEN_UNIX_SOCKET} + ;; + esac +fi + if [ "${PHP_BASE:0:1}" != "8" ] ; then PHP_ENABLE_JSON=TRUE fi @@ -75,3 +107,4 @@ if [ "${PHP_ENABLE_MEMCACHED,,}" = "true" ] ; then PHP_ENABLE_IGBINARY=TRUE PHP_ENABLE_MSGPACK=TRUE fi + diff --git a/install/assets/functions/20-php-fpm b/install/assets/functions/20-php-fpm index ac99c0d..67d8b69 100755 --- a/install/assets/functions/20-php-fpm +++ b/install/assets/functions/20-php-fpm @@ -96,7 +96,7 @@ EOF if [ "${PHP_XDEBUG_PROFILER_ENABLE}" = "1" ] || [ "${PHP_XDEBUG_MODE}" = "trace" ]; then print_notice "PROFILING MODE ACTIVATED: Please find the profiler logs at: ${PHP_XDEBUG_PROFILER_DIR}" mkdir -p "$PHP_XDEBUG_PROFILER_DIR" - chown -R "${NGINX_USER}":"${NGINX_GROUP}" "${PHP_XDEBUG_PROFILER_DIR}" + chown -R "${PHP_FPM_USER}":"${PHP_FPM_GROUP}" "${PHP_XDEBUG_PROFILER_DIR}" fi fi @@ -117,7 +117,7 @@ EOF esac if var_true "${CONTAINER_ENABLE_MESSAGING}" ; then - chown "${NGINX_USER}":"${NGINX_GROUP}" /etc/msmtprc + chown "${PHP_FPM_USER}":"${PHP_FPM_GROUP}" /etc/msmtprc chmod 0600 /etc/msmtprc fi @@ -149,9 +149,9 @@ phpfpm_configure_logging() { mkdir -p "${PHP_LOG_LOCATION}" touch "${PHP_LOG_LOCATION}"/"${PHP_LOG_ACCESS_FILE}" touch "${PHP_LOG_LOCATION}"/"${PHP_LOG_ERROR_FILE}" - chown -R "${NGINX_USER}":"${NGINX_GROUP}" "${PHP_LOG_LOCATION}" - create_logrotate php-fpm-access "${PHP_LOG_LOCATION}"/"${PHP_LOG_ACCESS_FILE}" php-fpm "${NGINX_USER}" "${NGINX_GROUP}" - create_logrotate php-fpm-error "${PHP_LOG_LOCATION}"/"${PHP_LOG_ERROR_FILE}" php-fpm-error "${NGINX_USER}" "${NGINX_GROUP}" + chown -R "${PHP_FPM_USER}":"${PHP_FPM_GROUP}" "${PHP_LOG_LOCATION}" + create_logrotate php-fpm-access "${PHP_LOG_LOCATION}"/"${PHP_LOG_ACCESS_FILE}" php-fpm "${NGINX_USER}" "${PHP_FPM_GROUP}" + create_logrotate php-fpm-error "${PHP_LOG_LOCATION}"/"${PHP_LOG_ERROR_FILE}" php-fpm-error "${NGINX_USER}" "${PHP_FPM_GROUP}" sed -i "/access.format=/d" /assets/php-fpm/fpm/php-fpm.conf case "${PHP_LOG_ACCESS_FORMAT,,}" in "default" | "standard" ) @@ -170,17 +170,14 @@ phpfpm_configure_nginx() { if var_true "${NGINX_ENABLE_UPSTREAM_KEEPALIVE}" ; then upstream_keepalive="keepalive ${NGINX_UPSTREAM_KEEPALIVE};" fi - php_fpm_hosts=$(echo "${PHP_FPM_HOST}" | tr "," "\n") echo "upstream php-fpm-upstream {" >> /etc/nginx/snippets/php-fpm-upstream.conf echo " ${upstream_keepalive}" >> /etc/nginx/snippets/php-fpm-upstream.conf - for host in $php_fpm_hosts; do - if [[ ${host} != *":"* ]];then - php_listen_port=":${PHP_FPM_LISTEN_PORT}" - else - php_listen_port="" + for php_fpm_host in $php_fpm_hosts; do + if [[ ${php_fpm_host} != *":"* ]];then + php_fpm_host_socket_prefix="unix://" fi - echo " server $host${php_listen_port} ${PHP_FPM_UPSTREAM_OPTIONS};" >> /etc/nginx/snippets/php-fpm-upstream.conf + echo " server ${php_fpm_host_socket_prefix}${php_fpm_host} ${PHP_FPM_UPSTREAM_OPTIONS};" >> /etc/nginx/snippets/php-fpm-upstream.conf done echo "}" >> /etc/nginx/snippets/php-fpm-upstream.conf @@ -195,15 +192,45 @@ phpfpm_configure_nginx() { } phpfpm_configure_server() { + create_socket_dir() { + if [ ! -d "$(dirname "${PHP_FPM_LISTEN_UNIX_SOCKET}")" ]; then + mkdir -p "$(dirname "${PHP_FPM_LISTEN_UNIX_SOCKET}")" + chown -R "${PHP_FPM_LISTEN_UNIX_USER}":"${PHP_FPM_LISTEN_UNIX_GROUP}" "$(dirname "${PHP_FPM_LISTEN_UNIX_SOCKET}")" + fi + } + if [ "${PHP_BASE:0:1}" = "5" ] ; then echo "suhosin.executor.include.whitelist = phar" >> /etc/php"${PHP_BASE:0:1}"/php.ini ; fi truefalse_onoff PHP_DISPLAY_ERRORS + + case "${PHP_FPM_LISTEN_TYPE,,}" in + "both" ) + create_socket_dir + ;; + "tcp" ) + sed -i \ + -e "/listen = {{PHP_FPM_LISTEN_UNIX_SOCKET}}/d" \ + -e "/listen.owner = {{PHP_FPM_LISTEN_UNIX_USER}}/d" \ + -e "/listen.group = {{PHP_FPM_LISTEN_UNIX_GROUP}}/d" \ + /assets/php-fpm/fpm/php-fpm.conf + ;; + "unix" ) + create_socket_dir + sed -i \ + -e "/listen = {{PHP_FPM_LISTEN_TCP_IP}}:{{PHP_FPM_LISTEN_TCP_PORT}}/d" \ + -e "/listen.allowed_clients = {{PHP_FPM_LISTEN_TCP_IP_ALLOWED}}/d" \ + /assets/php-fpm/fpm/php-fpm.conf + ;; + esac + update_template /assets/php-fpm/fpm/php-fpm.conf \ - NGINX_USER \ - NGINX_GROUP \ PHP_DISPLAY_ERRORS \ PHP_FPM_HOST \ - PHP_FPM_LISTEN_PORT \ - PHP_FPM_LISTEN_PORT \ + PHP_FPM_LISTEN_TCP_IP \ + PHP_FPM_LISTEN_TCP_IP_ALLOWED \ + PHP_FPM_LISTEN_TCP_PORT \ + PHP_FPM_LISTEN_UNIX_GROUP \ + PHP_FPM_LISTEN_UNIX_SOCKET \ + PHP_FPM_LISTEN_UNIX_USER \ PHP_FPM_MAX_CHILDREN \ PHP_FPM_MAX_REQUESTS \ PHP_FPM_MAX_SPARE_SERVERS \ @@ -369,7 +396,7 @@ phpfpm_post_init() { fi chmod -R 0755 "${php_prefix}" - chown -R root:"${NGINX_GROUP}" "${php_prefix}" + chown -R root:"${PHP_FPM_GROUP}" "${php_prefix}" if [ -n "${PHP_FPM_POST_INIT_SCRIPT}" ] ; then print_debug "Found Post Init Scripts" diff --git a/install/assets/php-fpm/fpm/php-fpm.conf b/install/assets/php-fpm/fpm/php-fpm.conf index 6ee8815..a51b7b6 100644 --- a/install/assets/php-fpm/fpm/php-fpm.conf +++ b/install/assets/php-fpm/fpm/php-fpm.conf @@ -3,9 +3,11 @@ log_level = {{PHP_LOG_LEVEL}} log_limit = {{PHP_LOG_LIMIT}} [www] -listen = 0.0.0.0:{{PHP_FPM_LISTEN_PORT}} -listen.owner = {{NGINX_USER}} -listen.group = {{NGINX_GROUP}} +listen = {{PHP_FPM_LISTEN_UNIX_SOCKET}} +listen = {{PHP_FPM_LISTEN_TCP_IP}}:{{PHP_FPM_LISTEN_TCP_PORT}} +listen.allowed_clients = {{PHP_FPM_LISTEN_TCP_IP_ALLOWED}} +listen.owner = {{PHP_FPM_LISTEN_UNIX_USER}} +listen.group = {{PHP_FPM_LISTEN_UNIX_GROUP}} access.log = {{PHP_LOG_LOCATION}}/{{PHP_LOG_ACCESS_FILE}} diff --git a/install/etc/services.available/20-php-fpm/run b/install/etc/services.available/20-php-fpm/run index e9c461e..059ac34 100755 --- a/install/etc/services.available/20-php-fpm/run +++ b/install/etc/services.available/20-php-fpm/run @@ -9,4 +9,4 @@ check_service_initialized init liftoff print_start "Starting php-fpm ${PHP_VERSION}" -silent exec s6-setuidgid nginx php-fpm -F; +silent exec s6-setuidgid ${PHP_FPM_USER} php-fpm -F;