My notes on configuring Apache2 with FastCGI (php-fpm) on Debian

This is not intended to be a tutorial but, some of the notes I've taken while setting up FastCGI on Debian.

I followed several good tutorials at once and that got me very confused and puzzled.

I decided to run Apache2 with FastCGI because I have a server with several Joomla websites. Without FastCGI in order to be able to upload images to the sites, the directory needed to owned by the user Apache2 runs under, mostly www-data. Giving permission to that leaves you vulnerable to be hacked (and we did get hacked).

The best solution was to run FastCGI (PHP-FPM) which offers more security, since scripts are not run as the Apache user. When running multiple sites, you can even set site-specific users to run php scripts, helping prevent one site’s compromise from affecting the others, writes Alex Fornuto on one of the tutorials I followed.

These are the links to the tutorials:

https://www.linode.com/docs/web-servers/apache/install-php-fpm-and-apache-on-debian-8/

https://serverfault.com/questions/705304/two-separate-php-fpm-sites-seem-to-be-using-the-same-code

http://blog.starcklin.com/2013/08/install-mod-fastcgi-and-php5-fpm-on-ubuntu/

https://askubuntu.com/questions/378734/how-to-configure-apache-to-run-php-as-fastcgi-on-ubuntu-12-04-via-terminal

https://serversforhackers.com/c/apache-and-php-fpm

https://www.howtoforge.com/tutorial/how-to-install-php-7-on-debian/

 

This needs to be in /etc/apache2/sites-enabled/optimumwireless.com

[code]

<VirtualHost *:80>
ServerName www.optimumwireless.com
ServerAlias optimumwireless.com
ServerAdmin Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo.
DocumentRoot /var/www/html/optimumwireless.com/www

<Directory /var/www/html/optimumwireless.com/www>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>

<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/var/run/php5-fpm-optimumwireless.com.sock|fcgi://localhost/"

# Else we can just use a tcp socket:
#SetHandler "proxy:fcgi://127.0.0.1:8999"
</FilesMatch>
</VirtualHost>

[/code]

This is what should be in pool:

  • Chage pool name, user, and group
  • Make sure listen matches SetHandler: listen = /var/run/php5-fpm-optimumwireless.com.sock

 

Hope this can help others.