mod_ruid2 with php-fpm

S

SactoBob

Active Member
Aug 15, 2015
33
5
58
Sacramento
cPanel Access Level
DataCenter Provider
I couldn't find an exact answer regarding this. Are mod_ruid2 with php-fpm compatible? When I go to the php manager section, I get an informational box wanting me to install php-fpm, which from my understanding is more efficient as well the php via cgi? I'd like to install that, but I don't want to give up the "run as user" and jail environment.

-SactoBob
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

Yes, you can use PHP-FPM with Mod_Ruid2 and the "Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell." option in "WHM >> Tweak Settings".

Thank you.
 
L

linuxman1

Member
Aug 25, 2017
15
0
1
Egypt
cPanel Access Level
Root Administrator
cPanelMichael said:
Hello,

Yes, you can use PHP-FPM with Mod_Ruid2 an the "Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell." option in "WHM >> Tweak Settings".

Thank you.
Click to expand...
But what will be the benefits? will Jail Apache protect the server's file system from attacks coming via Virtual hosts PHP compromised sites when we use Jail Apache with anything but DSO?
As I read once on Cpanel docs that we must use Jail Apache, mod_ruid2 with DSO to gain benefits, also I tried it my self, through PHP on a compromized web site I could browse the whole /etc although the Jail Apache was active with ruid2, and Cpanel Advisor says every thing is fine, but when I used DSO+openbase_dir protection, the tries failed to reach anything out side the home of the user.
So I wish to use PHP-FPM on Cpanel instead of DSO, but only because of this security issue, I can't, do you have any advice?
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

To clarify from my last response, you can have PHP-FPM installed on the server along with DSO/Ruid2. That said, while you can have both readily available for use with your accounts, you can't actually use PHP-FPM and Ruid2 at the same time for a domain name. You'd have to use one or the other for each domain name (e.g. enabling PHP-FPM for a domain name disables DSO/Ruid2 for that domain name).

If you are open to using CloudLinux, there's a thread here you may find helpful:

Cloudlinux, EA4 and PHP Handlers. Impossible Triangle?

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S mod_ruid2 with php-fpm and http2 (jail Apache) Web Servers and Applications 1
joaosavioli mod_ruid2+jail apache vs suphp (security) Web Servers and Applications 1
D mod_ruid2 and mod_suphp help Web Servers and Applications 7
M EA4: mod_php (dso) / mod_security2 + mod_ruid2 Web Servers and Applications 8
A PHPINIDir, new vhosts, and mod_ruid2 Web Servers and Applications 1
Similar threads
mod_ruid2 with php-fpm and http2 (jail Apache)
mod_ruid2+jail apache vs suphp (security)
mod_ruid2 and mod_suphp help
EA4: mod_php (dso) / mod_security2 + mod_ruid2
PHPINIDir, new vhosts, and mod_ruid2
Top Bottom