cPanel WHM EA 4 PHP Handler not show PHP-FPM

explorer1979

Member
Jun 24, 2007
8
0
51
Hi all,

I have a VPS in Godaddy that provide me cPanel WHM, I then upgrade it to EA 4 from 3...

It is using 60.0.22 already before I am upgrade from EA3 to 4

Then choose one of ALL PHP Option with OPcache Profile to rebuild the Apache and PHP.

OK, I am sure it have mod_proxy_fcgi, and php-fpm installed by the Profiles ....

But ... I following up this KB
PHP Handlers - EasyApache 4 - cPanel Documentation

It have a PHP Handler
FastCGI Process Manager (FPM)

But I never find it there. on my list, it just show up
cgi
none
suphp

That is it... and it default choose is the suphp ...

So I am wonder, do my install step wrong or PHP-fpm is there, but will not show in PHP Handler?
 

hbouma

Well-Known Member
Jun 8, 2002
61
1
308
Hi,

You cannot run FPM as a global handler, it's insecure and we do not allow cPanel & WHM to be setup that way. You need to setup individual vhosts to use FPM. I would recommend reading up on our documentation here:
PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation
You're not allowing us to use PHP-FPM as a global handler because its insecure? Seriously? If its such a security risk, why is there nothing mentioned about this in the documentation? After all, if you're still allowing us to use mod_php without mod_ruid as a global handler, then PHP-FPM must be horrible and avoided at all costs.... </sarcasm> I seriously doubt that is the case since Plesk's documentation states we should use secure PHP engines like PHP-FPM instead of mod_php for shared hosting. Also, its not like mod_ruid2 is perfect either when it comes to security. So what exactly is the big issue with PHP-FPM and why was it never mentioned all these years when people were asking for PHP-FPM support?

Hal
 

sparek-3

Well-Known Member
Aug 10, 2002
2,120
255
388
cPanel Access Level
Root Administrator
I think @cPJacob is referring to a single global PHP-FPM pool as being insecure. If you run all of your VirtualHosts under just 1 PHP-FPM pool, then all VirtualHosts are essentially running PHP as the same user with open access among every VirtualHost.

Running each VirtualHost (or I would argue each user) in their own PHP-FPM pool, then you minimize this threat. Each VirtualHost or each user is tied to its own PHP-FPM pool, meaning it can only access what is within that pool.