-
-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom PHP pool and user/group per site #41
Comments
Hi VirtuBox, I have noticed that if you have custom php pool configured manually during wordops update Pools get deleted. So please can make wordops update to not remove custom pools configured manually? |
Hello @ankitsnlq, |
Issue has been fixed with PR #43 |
Thanks you @VirtuBox Tested it and it is good now. Are you planning per-site PHP pool module in wordops v4.0? |
Hello @ankitsnlq, this is not planned yet, because there are several other features already planned (wildcard SSL certs, monitoring, backup) but also because it will probably be the biggest change on WO structure and configuration. It will require to run a lot of tests, to see if there is an impact on performances, especially with open_basedir and opcache. |
What I do is something like this on the nginx
Fix the permissions on /var/www/domain.ltd folder |
@andremacola Will applying cgroups to those users or groups limit the whole site: PHP, NGINX and the Database? Also found an interesting article: https://ma.ttias.be/a-better-way-to-run-php-fpm/ |
@michacassola with the correct approach yes. The Database itself is already running with a separate user. Running each website with own user prevents a bunch of security problems. |
Yes this would be good to implement and should be the default imo. Each site PHP running under its own user. |
I had to remove open_basedir from default pool because of performance on a bunch of heavy sites traffic. |
Any updates on this? Or does anyone have a config implementation of this? Would really like to see this for increased system security |
@VirtuBox any updates here? This seems like it would help a lot for security. |
@VirtuBox this seems like the highest security risk right now to this setup. Any updates to when we can expect to have this feature? |
Additional to separation due to security I also need to distribute/limit resources (that's what I am selling after all together with managing services), that is why I have started using LXD (Linux Containers) on top of my servers for near complete separation. It also gives me the ability to quickly move a complete container to another host server and also do backups in that way through LXD itself. |
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This issue was closed because it has been stalled for 5 days with no activity. |
Like: wo site create mysite.com --wp --umyuserr:gmygroup
The script create and assign the user and group for the folder, fix the permissions and create the php pool.
RunCloud does exactly like that.
I'm doing this manually everytime
Ex PHP POOL:
[mysite]
listen = 127.0.0.1:9087
listen.owner = www-data
listen.group = www-data
listen.backlog = 65536
pm.status_path = /status
ping.path = /ping
ping.response = pong
user = mysite
group = mysite
pm = ondemand
php_admin_value[open_basedir] = /var/www/mysite:/var/lib/php/session:/tmp
The text was updated successfully, but these errors were encountered: