Nginx fastcgi cache deletion seems impossible if running PHP-fpm

Discussion in 'Installation/Configuration' started by Ovidiu, Sep 23, 2015.

  1. Ovidiu

    Ovidiu Active Member

    Found a very similar thread with the same problem but can't reply as it is a priority support thread: https://www.howtoforge.com/community/threads/fastcgi-cache.70825/

    The issue is that nginx writes the fastcgi cache as www-data but when it gets deleted by the different "client's websites" it gets deleted via the corresponding PHP-FPM pool user i.e. webxxx so the cache cannot be deleted by the separate client's websites which makes using the cache quite an annoyance.

    Are there any workarounds for this?

    I can gladly offer all my system details but so far this is a general question...
     
  2. Ovidiu

    Ovidiu Active Member

    Anyone?

    I've been thinking, would it be possible to add the web users which phpFPM uses for each site, to the www-data group and would that have any security drawbacks?
     
  3. Ovidiu

    Ovidiu Active Member

    Sorry to insist but I can't find any help out there so hoping to catch someone's eye here...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can try that. The only drawback is that these users might get access to software that runs as www-data (e.g. phpmyadmin or webmail).
     
  5. Ovidiu

    Ovidiu Active Member

    THanks for the feedback Till, is there an elegant way to do this using some ISPCFG template?
    Otherwise I'd just manually add these users to the www-data group.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no template for this. To automate this for the future I would recommend to write a small plugin that attches to the website add event and runs just the group add / mod command.
     
    Ovidiu likes this.
  7. Ovidiu

    Ovidiu Active Member

    hm, last question:

    If you could chose, would you go this way or maybe simply change the cache backend, i.e. use redis instead of file based caching? I'd guess if I chose a different cache backend that would be safer, not having to change anything related to the www-data group...
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    I would try a different cache backend first.
     

Share This Page