Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP 7.2 Secure Transition

Discussion in 'EasyApache' started by grayloon, Nov 12, 2018.

  1. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    117
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm currently running PHP 5.6 with the CGI handler for PHP-FPM. I'm also running suexec. I may have some sites that are not compatible with PHP 7.2 by the end of the year, so I want to make sure I have all sites isolated from one another as much as possible. Would it make sense to switch to mod_ruid2? If so, are there any caveats to switching from PHP 5.6 using CGI to PHP 7.2 using DSO?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,335
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @grayloon,

    Could you clarify if you are using PHP-FPM for these domain names? If so, note that PHP-FPM becomes the PHP handler for domain names it's enabled on, despite the fact that a different handler (e.g. CGI) is configured as the default handler for a PHP version.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    117
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes – I'm currently using PHP-FPM for all domains right now.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,335
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    If all of the domains are assigned PHP-FPM, then switching the default handler from CGI to DSO would have no impact. You can have PHP-FPM installed on the server along with DSO/Ruid2, though while you can have both readily available for use with your accounts, you can't actually use PHP-FPM and Ruid2 at the same time for a domain name. You'd have to use one or the other for each domain name (e.g. enabling PHP-FPM for a domain name disables DSO/Ruid2 for that domain name). If you are open to using CloudLinux, there's a thread here you may find helpful:

    Cloudlinux, EA4 and PHP Handlers. Impossible Triangle?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    117
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    So, this is what you're suggesting?
    1. Add Ruid2 to my custom profile and provision.
    2. Switch the default handler to DSO
    3. Turn off PHP-FPM for individual domains to force them to use Ruid2

    Unfortunately, Cloudlinux isn't an option right now.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,335
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @grayloon,

    I suggest simply keeping PHP-FPM enabled on the domains. Is there anything specific about PHP-FPM on PHP 7.2 as it pertains to the compatibility of your websites that's leading you to make the change to the handler?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    117
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    No. I thought Ruid2 required the DSO handler.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,335
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    That is correct. However, is there a specific reason you prefer to use DSO with Ruid2 over PHP-FPM?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    117
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    I was under the impression that Ruid2 was more secure than suexec I'm using now. I'm open to suggestions to isolate my sites as much as possible.
     
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,335
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice