-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with FastCGI + SuEXEC: all sites running under www-data after update #1545
Comments
See https://www.patreon.com/posts/february-update-47617742 the point number 1) in packaging changes, more specifically the change was: diff --git a/debian/php-fpm.conf b/debian/php-fpm.conf
index 3fc2f80c0..1d78fbb48 100644
--- a/debian/php-fpm.conf
+++ b/debian/php-fpm.conf
@@ -7,7 +7,9 @@
</IfModule>
<FilesMatch ".+\.ph(ar|p|tml)$">
- SetHandler "proxy:unix:/run/php/php@PHP_VERSION@-fpm.sock|fcgi://localhost"
+ <If "-f %{REQUEST_FILENAME}">
+ SetHandler "proxy:unix:/run/php/php@PHP_VERSION@-fpm.sock|fcgi://localhost"
+ </If>
</FilesMatch>
<FilesMatch ".+\.phps$">
# Deny access to raw php sources by default Could you try reverting the change and see if that helps? I will revert the change in such case, it's recommended by Apache2, but perhaps it's not universal. |
Thanks for your incredible fast response. Yes, reverting this change fixes the issue. |
I have opened a FAQ for it on our forum so users can follow the steps there as temporary fix: https://www.howtoforge.com/community/threads/faq-problem-with-fastcgi-suexec-all-sites-running-under-www-data.86419/ |
Packages with the reverted change are building now. |
Thanks for your quick action on behalf of the whole HTF community and others! |
It seems like it has not been changed in the PHP 8.0 package - could you verify this? |
|
Weird, it's still in my config after updating. |
Here's the correct paste:
|
Alright, probably a fluke when updating. Thanks again! |
One more question :) When do you expect the update to be available in the Debian repo? |
It's available now, I was just upgrading php8.0(-fpm) from the repo with the patch + revert (hence no I was always wondering why even non-existing files are passed to FPM and added the check manually to my configs manually. But it makes sense as webserver and PHP handler do not necessarily run with the same user/permissions. However, one might argue that the default setup on Debian is with Apache2 and PHP-FPM running both as |
I am not sure about the benefit here - one could argue that a default setup should work for everybody and if you want performance you need to fine tune the setup. Perhaps the improved configuration could be added commented-out to the config? |
Fair point.
I like that idea 👍. |
Yes, perhaps it could be added with comments. It might be interesting for some users. |
Frequently asked questions
I have seen several reports on HowToForge where there was a problem with php-cgi in combination with SuEXEC after updating from the SURY repo. These issues started after the 16th of february.
The following threads explain the issue in depth and shows the debugging steps done so far:
https://www.howtoforge.com/community/threads/files-with-www-data-permission.86388/
https://www.howtoforge.com/community/threads/solved-cant-login-ispconfig-3-2-interface.86395/
https://www.howtoforge.com/community/threads/suexec-works-fine-for-php-fpm-but-fast-cgi-suddenly-runs-under-www-data-only-suexec-log-empty.86409/
I have reproduced it myself on a Ubuntu 20.04 test system. Instead of running as the correct user, it is running as www-data which does not have access to the web folder and will therefore generate a error 404. I can't find the underlying problem.
If you understand the purpose of this issue tracker and describe your problem accurately (where the template below will help), I might be able to help you.
To Reproduce
Steps to reproduce the behavior:
a2enmod http2
a2enconf php7.4-fpm
systemctl reload apache2
a2dismod php7.4
systemctl restart apache2
a2dismod mpm_prefork
a2enmod mpm_event
systemctl restart apache2
(in the threads there are some in-depth explanations aswell)
Expected behavior
The sites to keep working, like they used to. To be clear, there were no other changes made to these setups between the working and non-working system.
Distribution (please complete the following information):
The text was updated successfully, but these errors were encountered: