Enabling PHP-FPM forces disable_functions

AndyX · Jan 18, 2017

WHM 60.0 (build 35)
PHP Version: ea-php71

When I enable PHP-FPM

When I disable PHP-FPM

Is there any way to enable PHP-FPM without disabling the following functions:

exec,passthru,shell_exec,system

sparek-3 · Jan 18, 2017

I'm not entirely sure that cPanel's PHP-FPM adaption is ready for primetime.

You will want to read through:

PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation

cPanel's PHP-FPM is adding those disabled functions by default. You can adjust this, system-wide by modifying/creating the file at:

/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

Or you can set this per VirtualHost using the file:

/var/cpanel/userdata/[user]/[domain].php-fpm.yaml

and adjust the disable_functions for that specific pool.

All of this gets exceedingly complicated in a per VirtualHost pool setup. I have real reservations over whether cPanel's decision to use a per-VirtualHost FPM pool is the way to go. I think a per-user FPM pool would be a lot simplier. And the system for doing this is all a bit convoluted at this stage.

Perhaps the cPanel PHP-FPM system will all come together at some point. Perhaps a per-VirtualHost FPM pool will make more sense then. But the system as it stands right now, to me, leaves a bit to be desired.

AndyX · Jan 18, 2017

sparek-3 said: ↑

cPanel's PHP-FPM is adding those disabled functions by default. You can adjust this, system-wide by modifying/creating the file at:

/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
Click to expand...

Hi sparek-3,

Thank you for your help.

Sounds like I will need to create a folder called ApachePHPFPM located here:

/var/cpanel/ApachePHPFPM

Then create a file called:

/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

Then in that file enter:
Code:
disable_functions = 
Is this all correct?

AndyX · Jan 18, 2017

Found the documentaion:

PHP-FPM and EasyApache 4 - Version 60 Documentation - cPanel Documentation

and

PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation

AndyX · Jan 18, 2017

I tried creating the file as I outlined in post #3, but that caused problems, when I switched to PHP-FPM is would no longer show my domain at the bottom of the page.

sparek-3 · Jan 18, 2017

I believe it should be:
Code:
---
php_admin_value_disable_functions = { present_ifdefault: 0 } 
Keep in mind though, this is going to enable all functions for every account that uses PHP-FPM

Sorry, think my original post was wrong, I think this is right. I have edited this post.

AndyX · Jan 19, 2017

sparek-3 said: ↑
I believe it should be:
Code:
---
php_admin_value_disable_functions = { present_ifdefault: 0 } 
Keep in mind though, this is going to enable all functions for every account that uses PHP-FPM

Sorry, think my original post was wrong, I think this is right. I have edited this post.
Click to expand...
When I put that code into the system_pool_defaults.yaml file and enabled PHP-FPM I got the following error when I reloaded my XenForo forum:

AndyX · Jan 19, 2017

I found the link which explains the php_admin_value_disable_functions.

Configurations Values of PHP-FPM - Documentation - cPanel Documentation

However I'm not able to make this work.

AndyX · Jan 19, 2017

@sparek-3

In the code you posted, you have --- on the fist line, is by accident or is it needed?

cPanelMichael · Jan 19, 2017

Hello,

The following document includes information on how to change the default configuration values with PHP-FPM on EA4:

PHP-FPM and EasyApache 4 - Documentation - cPanel Documentation

In particular, this is the file path to edit for a specific domain name:
Code:
/var/cpanel/userdata/[user]/[domain].php-fpm.yaml
Otherwise, review the paths under "Optional files" if you wish to to change the default parameters. Also, the following document provides information about how to formulate the custom entries:

Configurations Values of PHP-FPM - Documentation - cPanel Documentation

After making those changes to the YAML file on a specific domain name, run the following command:
Code:
/scripts/php_fpm_config --rebuild --domain=domain
This script is documented at:

The php_fpm_config Script - Documentation - cPanel Documentation

Thank you.

AndyX · Jan 20, 2017

cPanelMichael said: ↑

After making those changes to the YAML file on a specific domain name, run the following command:
Click to expand...

How come when I try to run the command I get "command not found" message?

cPanelMichael · Jan 20, 2017

Hello,

The full path to the script is required in the command:
Code:
/scripts/php_fpm_config
Thanks!

AndyX · Jan 20, 2017

Thank you, Michael.

So far so good, I ran the script and my server is still running.

Now I will need to make the changes to the .yaml
Code:
/var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
and run the script again. I'm still not clear if the first line should have a --- or that was a mistake.
Code:
---
php_admin_value_disable_functions = { present_ifdefault: 0 }

cPanelMichael · Jan 20, 2017

AndyX said: ↑

I'm still not clear if the first line should have a --- or that was a mistake.
Click to expand...

Hello,

Yes, that should be the first line. Information on YAML files is also available at:

YAML - Wikipedia

Thanks!

AndyX · Jan 20, 2017

I followed all the steps:

1) Created a ApachePHPFPM folder and system_pool_defaults.yaml file.

2) The system_pool_defaults.yaml file contains:

3) Ran the script:

/scripts/php_fpm_config --rebuild --domain=example.com

Of course instead of using example.com I used my domain.

4) Applied PHP-FPM

And the result is a server error when I try to view my server in the browser:

Looking at my error_log file I have many lines similar to this:

AndyX · Jan 21, 2017

Looking at the following error.log file:

/opt/ea-php71/root/usr/var/log/php-fpm/error.log

I have never tried setting any pool, could that be the problem?

AndyX · Jan 23, 2017

I was never able to solve this issue.

cPanelMichael · Jan 24, 2017

Hello,

Please revert any modifications you have made and let us know if the steps outlined below are helpful:

1. Create the /var/cpanel/ApachePHPFPM directory:
Code:
mkdir /var/cpanel/ApachePHPFPM
2. Create the /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml file:
Code:
touch /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml
3. Edit /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml using your preferred text editor (e.g. vi, nano) so that it looks exactly like this:
Code:
php_admin_value_disable_functions : passthru,system
In this example, "passthru,system" are left as disabled functions. No other lines exist before or after this entry in this file.

4. Regenerate the PHP-FPM configuration files via:
Code:
/scripts/php_fpm_config --rebuild
Thank you.

Floyd R Turbo · Aug 13, 2017

'sup @AndyX! Were you able to fix this? I'm hitting the same issue after bumping to php7 and php-fpm

cPanelMichael · Aug 14, 2017

Floyd R Turbo said: ↑

'sup @AndyX! Were you able to fix this? I'm hitting the same issue after bumping to php7 and php-fpm
Click to expand...

Do the instructions in my last response to this thread help?

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Enabling PHP-FPM forces disable_functions

AndyX Active Member

sparek-3 Well-Known Member

AndyX Active Member

AndyX Active Member

AndyX Active Member

sparek-3 Well-Known Member

AndyX Active Member

AndyX Active Member

AndyX Active Member

cPanelMichael Forums Analyst
Staff Member

AndyX Active Member

cPanelMichael Forums Analyst
Staff Member

AndyX Active Member

cPanelMichael Forums Analyst
Staff Member

AndyX Active Member

AndyX Active Member

AndyX Active Member

cPanelMichael Forums Analyst
Staff Member

Floyd R Turbo Member

cPanelMichael Forums Analyst
Staff Member

Enabling SSH for cPanel Account Not Working

Questions about enabling mod_security

Enabling DKIM for root account

Enabling Temporary Links and .htaccess Rewrite Rules

SOLVED Enabling Jail Apache issue

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Enabling PHP-FPM forces disable_functions

AndyX Active Member

sparek-3 Well-Known Member

AndyX Active Member

AndyX Active Member

AndyX Active Member

sparek-3 Well-Known Member

AndyX Active Member

AndyX Active Member

AndyX Active Member

cPanelMichael Forums Analyst Staff Member

AndyX Active Member

cPanelMichael Forums Analyst Staff Member

AndyX Active Member

cPanelMichael Forums Analyst Staff Member

AndyX Active Member

AndyX Active Member

AndyX Active Member

cPanelMichael Forums Analyst Staff Member

Floyd R Turbo Member

cPanelMichael Forums Analyst Staff Member

Enabling SSH for cPanel Account Not Working

Questions about enabling mod_security

Enabling DKIM for root account

Enabling Temporary Links and .htaccess Rewrite Rules

SOLVED Enabling Jail Apache issue

Share This Page

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member