2016-04-07 12:57 GMT+02:00 Ondřej Surý <ond...@sury.org>: > Hi Mathieu, > > I already tried enabling FPM by default but it ended with a weird errors > on the user side, see: > > https://github.com/oerdnj/deb.sury.org/issues/266 > > So I have disabled it again. It might need a debconf question that can > be pre-seeded or something like that before we re-enable it again.
The original problem is not about mod_php vs fcgi, but about the fpm not working by default. What is required is enabling mod_proxy_fcgi, and ensure it's activated with the attached patch. This is just a proof-of-concept, I'll check that later (read: end of April) > I've been getting a lot of complaints that `apt-get install php` pulls > apache2 and FPM SAPI is much safer anyway. I understand. But we have tried to move to php5-fpm in jessie and some applications didn't work. I won't go into details, but the behavior is slightly different, and it seems that mod_php is the most used (we also had problem with mod_auth_cas not working with mpm_workers which decrease the advantage of fcgi over mod_php). Anyway I don't care that much about defaults as we use Puppet. Cheers -- Mathieu Parent
From 1d5174bfaf4219aa5169e9611395f9783a40a168 Mon Sep 17 00:00:00 2001 From: Mathieu Parent <math.par...@gmail.com> Date: Thu, 7 Apr 2016 22:57:41 +0200 Subject: [PATCH] Only use fpm SetHandler when it works i.e when mod_proxy_fcgi is loaded --- debian/php-fpm.conf | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/debian/php-fpm.conf b/debian/php-fpm.conf index 32c1119..3172a92 100644 --- a/debian/php-fpm.conf +++ b/debian/php-fpm.conf @@ -1,19 +1,21 @@ # Redirect to local php-fpm if mod_php is not available <IfModule !mod_php@PHP_MAJOR@.c> - # Enable http authorization headers - SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + <IfModule proxy_fcgi_module> + # Enable http authorization headers + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 - <FilesMatch ".+\.ph(p[3457]?|t|tml)$"> - SetHandler "proxy:unix:/run/php/php@php_vers...@-fpm.sock|fcgi://localhost" - </FilesMatch> - <FilesMatch ".+\.phps$"> - # Deny access to raw php sources by default - # To re-enable it's recommended to enable access to the files - # only in specific virtual host or directory - Require all denied - </FilesMatch> - # Deny access to files without filename (e.g. '.php') - <FilesMatch "^\.ph(p[3457]?|t|tml|ps)$"> - Require all denied - </FilesMatch> + <FilesMatch ".+\.ph(p[3457]?|t|tml)$"> + SetHandler "proxy:unix:/run/php/php@php_vers...@-fpm.sock|fcgi://localhost" + </FilesMatch> + <FilesMatch ".+\.phps$"> + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory + Require all denied + </FilesMatch> + # Deny access to files without filename (e.g. '.php') + <FilesMatch "^\.ph(p[3457]?|t|tml|ps)$"> + Require all denied + </FilesMatch> + </IfModule> </IfModule> -- 2.8.0.rc3
