I have PHP-FPM pool with such configuration blocks: ... listen = 0.0.0.0:9000 ... pm.status_path = /status ... I'm getting curl: (56) Recv failure: Connection reset by peer while trying curl 0.0.0.0:9000/status . PHP-FPM instance I try to interact with is containerized and curl action I do from docker container.

I currently face an issue in a Symfony 3.4 application, in one of its features which loads history of some data (a lot of data actually which dates from 2017). When trying to access the history feature, the GET HTTP request keeps loading for 60 seconds exactly, then a 503 service unavailable shows up, same issue happens in other features that loads big number of data. Checked the logs, application logs and server (Apache) logs, only Apache logs shows 503 code with no details. I suspected the php.ini configuration, and changed values of max_execution_time to -1 and memory_limit to 2048M, but still the GET HTTP request terminates after 60 seconds exactly. I also use php-fpm and checked the www.conf and it doesn't have anything that overrides the values of php.ini. I even added request_terminate_timeout = 600s to only see if the value will be taken into consideration but still the same issue, GET HTTP request of the history terminates exactly after 60 seconds of loading (waiting). I make sure to restart php-fpm and httpd (Apache) after the changes in the configuration file. The os system is **Redhat**, Database server is working fine, since I can access other data in other features. Expected behavior: I expected at least the GET HTTP request to keep loading for more than 60 seconds, other than that it means I still didn't find the correct parameter. Logs from ssl_access_log: ip - - date "GET /p/a/h HTTP/1.1" 503 299

My question is almost identical to Luis Machuca's from 2 years ago (Apache + php-fpm: Proper permissions for per-pool, per-user projects? ), but with some additional conditions. I have also configured the server (mine is an Ubuntu 22.04 machine) so that it is managed by Apache (v2.4.55) and php7.4-fpm. The current configuration allows every vhosts to be divided into specific php-fpm pools, and each of these pools running with different users. Everything works fine, but security related only to users to control permissions (or based on open_basedir) cannot stop shell_exec (which I need) from accessing, for example, configuration files inside /etc, or doing an ls -l /var/. What I would like, therefore, is a way to prevent a user from being able to go around and view linux's standard folders. I don't want to get to the point of making calls like:

setfacl -Rm u:user_site1:--- /;
setfacl -Rm d:u:user_site1:--- /;

and then authorizing each fundamental folder one by one. It seems too messy. I had therefore thought of using chroot inside each pool, but I was not able to do so because there was always a problem related to paths AH01071: Got error 'Primary script unknown', and all online solutions say to modify the ProxyPassMatch call based on port 9000, but I use SetHandler with sockets and I don't want to change this setting. What are the possible techniques? Do I really have to install SELinux? Below, I am adding my configurations to better understand the situation. /etc/apache2/sites-enabled/www.site.com.conf

Protocols h2 h2c http/1.1
	H2Direct on
	ServerAdmin server@site.com
	ServerName www.site.com
	DocumentRoot /var/www/vhosts/www.site.com/httpdocs
	ErrorLog /var/www/vhosts/www.site.com/log/error.log
	CustomLog /var/www/vhosts/www.site.com/log/access.log combined
	
		SetHandler "proxy:unix:/run/php/php7.4-fpm-www_site_com.sock|fcgi://localhost"
	


	Protocols h2 h2c http/1.1
		H2Direct on
		ServerAdmin server@site.com
		ServerName www.site.com
	DocumentRoot /var/www/vhosts/www.site.com/httpdocs
	ErrorLog /var/www/vhosts/www.site.com/log/error_ssl.log
	CustomLog /var/www/vhosts/www.site.com/log/access_ssl.log combined
	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/www.site.com.crt
	SSLCertificateKeyFile   /etc/ssl/private/www.site.com.key
	
		SSLOptions +StdEnvVars
	
	
		SSLOptions +StdEnvVars
	
	
		SetHandler "proxy:unix:/run/php/php7.4-fpm-www_site_com.sock|fcgi://localhost"

/etc/php/7.4/fpm/php-fpm.conf

[global]
pid = /run/php/php7.4-fpm.pid
error_log = "syslog"
syslog.ident = php-fpm
include=/etc/php/7.4/fpm/pool.d/*.conf

/etc/php/7.4/fpm/pool.d/www_site_com.conf

[www.site.com]
user = user_site1
group = user_site1
listen = /run/php/php7.4-fpm-www_site_com.sock
listen.owner = user_site1
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

I created a simple .deb package with fpm . The package is very basic and it simply runs a docker-compose file (see my other question here for package description). I tried to specify that the package needs docker and docker-compose with:

fpm \
  -s dir -t deb \
  --deb-use-file-permissions \
  -p diagnosticator-0.1.0-1-any.deb \
  --name diagnosticator \
  --license agpl3 \
  --version 0.1.0 \
  --architecture all \
  --depends bash \
  --depends docker \
  --depends docker-compose \
  --description "Diagnosticator local app" \
  --url "https://diagnosticator.com " \
  --maintainer "Enrico Cocchi" \
  diagnosticator=/usr/bin/diagnosticator diagnosticator.1=/usr/share/man/man1/diagnosticator.1 docker-compose.yml=/usr/lib/diagnosticator/docker-compose.yml

but if I try to install it with sudo dpkg -i diagnosticator-0.1.0-1-any.deb:

dpkg: dependency problems prevent configuration of diagnosticator:
 diagnosticator depends on docker; however:
  Package docker is not installed.
 diagnosticator depends on docker-compose; however:
  Package docker-compose is not installed.

even if I have both installed and working for my user:

$ which docker
/usr/bin/docker

$ which docker-compose
/usr/local/bin/docker-compose

What am I doing wrong here?

Using OpenSUSE v15.2, Apache. Installed PHP-FPM with zypper. Followed instructions on this site: https://en.opensuse.org/SDB:Apache_FastCGI_and_PHP-FPM_configuration I restarted Apache and PHP-FPM. However the site is not loading in the browser. **I get HTTP ERROR 502.** lynx http://10.20.30.40/info.php results Alert!: HTTP/1.0 502 cannotconnect Also get this error: McAfee Web Gateway - Notification Cannot Connect The proxy could not connect to the destination in time. URL: _____________________________________________________________________________________________________ generated 2020-08-02 15:00:37 by McAfee Web Gateway Lynx/2.8.9dev.16 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/1.1.1d **Might be just a firewall issue?** **Or error is in my Apache/PHP-FPM config?** /etc/apache2/vhosts.d/mysite.conf ServerAdmin webmaster@localhost ServerName devsite.com DocumentRoot /srv/www/mydir # RewriteEngine On # RewriteRule ^(.*)$ https://devsite.com$1 [L,R=301] # ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/srv/www/mydir$1 SetHandler "proxy:fcgi://127.0.0.1:9000" DirectoryIndex index.html index.php Options FollowSymLinks AllowOverride None Options FollowSymLinks MultiViews AllowOverride None Require all granted AccessFileName .htaccess ErrorLog /var/log/apache2/myhost.err CustomLog /var/log/apache2/myhost.acs combined LogLevel warn I tried to debug the problem with lynx browser locally and got this result: lynx 127.0.0.1:9000 Looking up 127.0.0.1 first Looking up 127.0.0.1:9000 Making HTTP connection to 127.0.0.1:9000 Sending HTTP request. HTTP request sent; waiting for response. Retrying as HTTP0 request. Looking up 127.0.0.1:9000 Making HTTP connection to 127.0.0.1:9000 Sending HTTP request. HTTP request sent; waiting for response. Alert!: Unexpected network read error; connection aborted. Can't Access `http://127.0.0.1:9000/ ' Alert!: Unable to access document. lynx: Can't access startfile Also tried lynx http://127.0.0.1/info.php Looking up 127.0.0.1 first Looking up 127.0.0.1 Making HTTP connection to 127.0.0.1 Sending HTTP request. HTTP request sent; waiting for response. HTTP/1.1 200 OK which executes phpinfo(). The php was not executed, just offered the info.php to download. So php is not interpreted. PHP-FPM log: tail -f /var/log/php-fpm.log [02-Aug-2020 01:37:29] NOTICE: Terminating ... [02-Aug-2020 01:37:29] NOTICE: exiting, bye-bye! [02-Aug-2020 01:37:29] NOTICE: fpm is running, pid 8099 [02-Aug-2020 01:37:29] NOTICE: ready to handle connections [02-Aug-2020 01:37:29] NOTICE: systemd monitor interval set to 10000ms [02-Aug-2020 01:39:47] NOTICE: Terminating ... [02-Aug-2020 01:39:47] NOTICE: exiting, bye-bye! [02-Aug-2020 01:39:47] NOTICE: fpm is running, pid 8202 [02-Aug-2020 01:39:47] NOTICE: ready to handle connections [02-Aug-2020 01:39:47] NOTICE: systemd monitor interval set to 10000ms Shows that it is running, and shows restarts, nothing more. Apache error log: tail -f /var/log/apache2/error_log [Sun Aug 02 01:37:34.743959 2020] [mpm_prefork:notice] [pid 6160] AH00170: caught SIGWINCH, shutting down gracefully AH00557: httpd-prefork: apr_sockaddr_info_get() failed for myhost AH00558: httpd-prefork: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message [Sun Aug 02 01:37:34.818193 2020] [mpm_prefork:notice] [pid 8113] AH00163: Apache/2.4.43 (Linux/SUSE) OpenSSL/1.1.1d configured -- resuming normal operations [Sun Aug 02 01:37:34.818251 2020] [core:notice] [pid 8113] AH00094: Command line: '/usr/sbin/httpd-prefork -D SYSCONFIG -D SSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -D SYSTEMD -D FOREGROUND' [Sun Aug 02 01:39:45.771523 2020] [mpm_prefork:notice] [pid 8113] AH00170: caught SIGWINCH, shutting down gracefully AH00557: httpd-prefork: apr_sockaddr_info_get() failed for myhost AH00558: httpd-prefork: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message [Sun Aug 02 01:39:45.852536 2020] [mpm_prefork:notice] [pid 8186] AH00163: Apache/2.4.43 (Linux/SUSE) OpenSSL/1.1.1d configured -- resuming normal operations [Sun Aug 02 01:39:45.852586 2020] [core:notice] [pid 8186] AH00094: Command line: '/usr/sbin/httpd-prefork -D SYSCONFIG -D SSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -D SYSTEMD -D FOREGROUND' In www.conf I enabled php_flag[display_errors] = on php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on But no /var/log/fpm-php.www.log was created. Apache info: apachectl -S VirtualHost configuration: 10.20.30.40:80 mysite.com (/etc/apache2/vhosts.d/myhost.conf:1) *:443 mysite.com (/etc/apache2/vhosts.d/myhost.ssl.conf:1) ServerRoot: "/srv/www" Main DocumentRoot: "/srv/www/htdocs" Main ErrorLog: "/var/log/apache2/error_log" Mutex proxy: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/run/" mechanism=default Mutex mpm-accept: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling: using_defaults PidFile: "/var/run/httpd.pid" Define: SYSCONFIG Define: SSL Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="wwwrun" id=471 Group: name="www" id=471 /etc/apache2/conf.d/mod_fcgid.conf: FcgidIPCDir /var/lib/apache2/fcgid/ FcgidProcessTableFile /var/lib/apache2/fcgid/shm # # SetHandler "proxy:fcgi://localhost/" # SetHandler "proxy:fcgi://127.0.0.1:9000/" # /etc/php7/fpm/php-fpm.conf [global] include=/etc/php7/fpm/php-fpm.d/*.conf /etc/php7/fpm/php-fpm.d/www.conf [www] user = wwwrun group = www listen = 127.0.0.1:9000 listen.owner = wwwrun listen.group = www listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 php_flag[display_errors] = on php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on Any idea, what can be the problem?

Showing my case how to debug the problem, that a PHP module is not loaded into PHP. I use OpenSUSE v42.2 Linux OS, with Apache webserver, PHP v7.1, Mysql. Because it does not provide PHP v7.1 I need, I built PHP v7.1 from source. Using PHP-FPM. I installed it into /opt/php-7.1/ php.ini is in: /opt/php-7.1/lib/php.ini I find, that opcache is installed to /opt/php-7.1/lib64/extensions/no-debug-non-zts-20160303/opcache.so I edited php.ini and added the following line: zend_extension=/opt/php-7.1/lib64/extensions/no-debug-non-zts-20160303/opcache.so Restarted: systemctl restart php-7.1-fpm.service systemctl restart apache2.service But still I get the following result: php -m [PHP Modules] bcmath bz2 calendar Core ctype curl date dom exif fileinfo filter ftp gd gettext hash iconv imap intl json libxml mbstring mcrypt mysqli mysqlnd openssl pcntl pcre PDO pdo_mysql pdo_pgsql pdo_sqlite pgsql Phar posix Reflection session SimpleXML soap sockets SPL sqlite3 standard sysvsem sysvshm tokenizer xml xmlreader xmlrpc xmlwriter xsl zip zlib [Zend Modules] The opcache is missing from [Zend Modules]. But in configure there is '--enable-opcache': > php -i | grep -i opcache > Configure Command => './configure' '--prefix=/opt/php-7.1' '--with-pdo-pgsql' '--with-zlib-dir' '--with-freetype-dir' > '--enable-mbstring' '--with-libxml-dir=/usr' '--enable-soap' > '--enable-intl' '--enable-calendar' '--with-curl' '--with-mcrypt' > '--with-gd' '--with-pgsql' '--disable-rpath' > '--enable-inline-optimization' '--with-bz2' '--with-zlib' > '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' > '--enable-pcntl' '--enable-mbregex' '--enable-exif' '--enable-bcmath' > '--with-mhash' '--enable-zip' '--with-pcre-regex' '--with-pdo-mysql' > '--with-mysqli' '--with-mysql-sock=/var/run/mysql/mysql.sock' > '--with-xpm-dir=/usr' '--with-webp-dir=/usr' '--with-jpeg-dir=/usr' > '--with-png-dir=/usr' '--enable-gd-native-ttf' '--with-openssl' > '--with-fpm-user=wwwrun' '--with-fpm-group=www' '--with-libdir=lib64' > '--enable-ftp' '--with-imap' '--with-imap-ssl' '--with-kerberos' > '--with-gettext' '--with-xmlrpc' '--with-xsl' '--enable-opcache' > '--enable-fpm' I also tried to specify as: zend_extension=opcache but I got the same result, opcache still missing. How to fix to have opcache enabled?

I have a RPM that I'm currently building with FPM, fpm --verbose \ -s dir \ -t rpm \ --directories /opt/myprod --name myprod --rpm-summary "My Prod" --version $(git describe --abbrev=0 --tags) --rpm-sign --rpm-digest sha512 ./myprod=/opt/ This essentially creates an rpm **from a directory** that does **exactly** what I want. It works perfectly. But, my company has their own signing key that can not be shared on an [Open Build Service (OBS)](https://openbuildservice.org/) server. I don't *need* to use FPM at all if OBS can do everything. What I do need is some *understanding* of how I go from the directory ./myprod to an RPM which installs it under /opt/myprod. I'm new to RPM packaging. I assume I could take this directory and .tar.gz it and submit it to to OBS to be packaged and signed. I assume I need to somehow specify this with a spec file? What is the most simple way to accomplish this. Ideally, I wouldn't have to manually generate a spec file. Is any of this provided by OBS?

RPMs have been built using FPM . When the --rpm-user and --rpm-group parameters are used the %defattr(-,user,group,-) attribute is part of the %files, but not part of the %directory section. How to define the user and group for directories inside and RPM using FPM?

I'm using the delightfully–named Effing Package Manager (FPM) to build RPMs and DEBs for a project. After publishing the generated RPM with createrepo, I noted the following lines in the generated repo UUID-primary.xml.gz: [..] me@machine-that-built-this machine-that-built-this [..] Short of changing my hostname and user, is there a way to define these with FPM? I've got plenty of experience building and running DEB repos, this is my first attempt at RPMs.

When I run fpm with --rpm-sign I get the following error, > rpm: /usr/bin/rpmsign: No such file or directory I am using CentOS