Mh..

Registered
Nov 20, 2013
2
0
1
cPanel Access Level
Root Administrator
Hi,

I finally recently decided to upgrade from EA3/suPHP (Cloudlinux servers) to EA4 + PHP-FPM.

Everything went fine, however one thing was not immediately obvious after the upgrades. Namely certain PHP settings are controlled via PHP-FPM settings such as disable_functions and error_reporting (and many others).

You may think that your 'disable_functions' are set correctly via php.ini (multiphp editor in WHM) but they're not. PHP-FPM has its own settings.

To ensure that you have disable_functions actually in place for ALL accounts on the server, you will need to follow these steps:

1. Create /var/cpanel/ApachePHPFPM/

ie. "mkdir /var/cpanel/ApachePHPFPM/"

2. Create /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

ie. "touch /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml"

3. Open the above yaml file with your favorite editor

ie. pico /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml

4. Enter the following line, exit and save.

php_admin_value_disable_functions : phpinfo,dl,passthru,proc_open,proc_close,shell_exec,system,exec,show_source,popen,allow_url_fopen

^^ obviously adjust the list of functions you want to disable.

5. /scripts/php_fpm_config --rebuild

That's it...the disable_functions are now in place and actually functional.

In my system_pool_defaults.yam I have also added

php_admin_value_error_reporting : E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
php_admin_flag_allow_url_fopen : off

The error_reporting in particular drove me crazy for days as some older web sites were breaking (due to strict/deprecated error messages) even though my normal php.ini settings were set to disable strict/deprecated.

As it turned out, just like the 'disable_functions' issue above, PHP-FPM also uses it's own error_reporting settings.

PLEASE NOTE: /var/cpanel/ApachePHPFPM/system_pool_defaults.yaml affects all PHP-FPM users on the system. If you want to only modify a particular user, you can, read
PHP-FPM Code and FileSystem Layout for EasyApache 4 - Documentation - cPanel Documentation

With that said .. while this whole thing is obviously 'documented' as can be seen above, I think cpanel should excercise some care and advise customers of these major changes in the way PHP is configured especially if they're coming from EA3 and suPHP etc. The easiest way to do that would be to actually have a web based system pools (incl. per user and global settings) PHP-FPM configuration in WHM, maybe in the MultiPHP ??
I am getting this error bellow.... How to fix it by increasing memory

Resource: Virtual Memory Size
Exceeded: 579 > 512 (MB)
Executable: /opt/cpanel/ea-php70/root/usr/sbin/php-fpm
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463