mkn Wrote:
-------------------------------------------------------
> NEVER use domain/server specific
> fastcgi_param PHP_VALUE
> or
> fastcgi_param PHP_ADMIN_VALUE
Actually, there should be no problem passing either PHP_VALUE or PHP_ADMIN_VALUE per virtual host in nginx.conf. The reasons why the values are messed up can be various.
For example, in php-fpm.conf pools are defined with master value for 'open_basedir' already set, and that same pool is used for both sites. In that case the solution is either to remove 'php_admin_value' setting from php-fpm.conf and use PHP_ADMIN_VALUE per virtual host, or create a pool per web site. With the second approach you can also limit PHP user/group access to files per pool/host, resulting in that files from another pool/host cannot be accessed by the first pool and vice-versa.
Another note worth mentioning is that values configured in [HOST=...] and [PATH=...] sections are considered as master values which cannot be overwritten by PHP_(ADMIN_)VALUE in nginx,conf, or using PHP functions like ini_set().
Anyway, the following example demonstrates the working PHP_ADMIN_VALUE "open_basedir=...."; approach using nginx:
# test site
server {
listen 80;
server_name testsite1;
root /opt/www/testsite1;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
}
}
server {
listen 80;
server_name testsite2;
root /opt/www/testsite2;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
}
}
As you can see from the above, both virtual hosts, testsite1 and testsite2 use the same PHP-FPM pool.
When accessing http://testsite1/phpinfo.php:
open_basedir => local value: /opt/www/testsite1 master value: /opt/www/testsite1
When accessing http://testsite2/phpinfo.php:
open_basedir => local value: /opt/www/testsite2 master value: /opt/www/testsite2
This is provided there are no php_admin_value's in php-fpm.conf and no open_basedir settings in [HOST=....] or [PATH=...] configurations in php.ini or any other included configuration files.
Andrejs
-------------------------------------------------------
> NEVER use domain/server specific
> fastcgi_param PHP_VALUE
> or
> fastcgi_param PHP_ADMIN_VALUE
Actually, there should be no problem passing either PHP_VALUE or PHP_ADMIN_VALUE per virtual host in nginx.conf. The reasons why the values are messed up can be various.
For example, in php-fpm.conf pools are defined with master value for 'open_basedir' already set, and that same pool is used for both sites. In that case the solution is either to remove 'php_admin_value' setting from php-fpm.conf and use PHP_ADMIN_VALUE per virtual host, or create a pool per web site. With the second approach you can also limit PHP user/group access to files per pool/host, resulting in that files from another pool/host cannot be accessed by the first pool and vice-versa.
Another note worth mentioning is that values configured in [HOST=...] and [PATH=...] sections are considered as master values which cannot be overwritten by PHP_(ADMIN_)VALUE in nginx,conf, or using PHP functions like ini_set().
Anyway, the following example demonstrates the working PHP_ADMIN_VALUE "open_basedir=...."; approach using nginx:
# test site
server {
listen 80;
server_name testsite1;
root /opt/www/testsite1;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
}
}
server {
listen 80;
server_name testsite2;
root /opt/www/testsite2;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
}
}
As you can see from the above, both virtual hosts, testsite1 and testsite2 use the same PHP-FPM pool.
When accessing http://testsite1/phpinfo.php:
open_basedir => local value: /opt/www/testsite1 master value: /opt/www/testsite1
When accessing http://testsite2/phpinfo.php:
open_basedir => local value: /opt/www/testsite2 master value: /opt/www/testsite2
This is provided there are no php_admin_value's in php-fpm.conf and no open_basedir settings in [HOST=....] or [PATH=...] configurations in php.ini or any other included configuration files.
Andrejs