Nginx/Php-fpm security questions

Discussion in 'General' started by HerveM, Dec 7, 2013.

  1. HerveM

    HerveM New Member

    Hello,

    Just have some question about security of a Nginx + Php-fpm setup :

    After some search I find that for each client, a nginx pool is created but what about php ?

    Is a php conf file created for each new client/website ?
    For each conf, is a new port or socket file created/set (with permission) ?

    Thanks for enlighten me,
    HerveM
     
  2. DanielP

    DanielP New Member

    For better security you can enable suexec for a user account i do nothing than just check that box when create account in ISPConfig (latest stable version)
    And php will be executed with owner client client 1 is web1

    got web1.conf in /etc/php5/fpm/pool.d without do nothing elese

    Code:
    listen = /var/lib/php5-fpm/web1.sock
    listen.owner = web1
    listen.group = client1
    listen.mode = 0660
    

    so all best practices i read for are included, just check suexec box

    [​IMG]
     
  3. HerveM

    HerveM New Member

    Ok for each user, a nginx + php conf are created..

    Did someone know how to set a default pool (used by all new created account)?

    HerveM
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Each website has its own linux user and php runs under this linux user. So each site is separated from other ites by default.
     

Share This Page