Hello. I have a issue with the fact that only one php-fpm master is started for all customers and webspaces. Why is this a issue? I use Zend opCache and in this setup the memory for the opCache is shared across all hostings. This might be a security problem, but what bothers me most is the fact that I cannot optimize the opCache settings for a important project. To properly optimize the settings, the opCache memory must not be shared between different hostings. As far as I got this can only be accomplished by starting a dedicated php-fpm master for every webspace. Can this be done in ispConfig? What settings and start-up scripts need to be altered? Some sample code would be really great. @forum mod: please add a tag for "Zend Cache" or "opCache"
The easiest way to accomplish this is to add a separate php version for your project under System in ISPConfig and then select this php version in the website.
Thanks Till. That would be a possible workaround. Would a more generic solution be possible or is too much fiddling with core ispConfig files involved?
Ok. Would be a nginx plugin then. Do you think this more strikt separation of php-fpm processes would be somthing of interest for ISPconfig in gerneral? Do you think a feature request would be useful?
I'am not sure if a separate master for each vhost is a good idea. If you have a shared hosting enviroment with lets say 200 sites on a server, then you would need 200 master processes with 200 init scripts etc. which will use a lot ressources and makes the init system quite crowded and may delay boot times. The problem described in the blog post above is more a performance problem then a security problem, you can circumvent that by denying the cache clearing functions for one or all vhosts in the custom php.ini files of the sites or the global php.ini. If you need a separate php FPM instance, then the custom php versions function does exactly this, you can even limit it to one client. But feel free to make a feature request for it anyway, if others find it useful then we will add it on the roadmap.
