Arjen de Korte wrote:
I think the 'modern' way of running PHP-FPM is through mod_proxy_fcgi.
At least that is what I do here;
<IfModule mod_proxy_fcgi.c>
# Note: The part that matters is
/var/run/php-fpm/www.sock
SetHandler
"proxy:unix:/var/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
# Add index.php to the list of index pages.
DirectoryIndex index.php
</IfModule>
My PHP-FPM Apache configuration looks like this:
/etc/apache/conf.d/php7-fpm.conf:
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/srv/www/htdocs/$1
</Proxy>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</If>
</FilesMatch>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
Apache's error_log shows such errors:
[Sat Jan 05 00:40:32.267686 2019] [proxy:warn] [pid 22833] [client ::1:58160] AH00917: connect to remote machine 127.0.0.1 blocked: IP 127.0.0.1 matched
[Sat Jan 05 00:40:32.267713 2019] [proxy:error] [pid 22833] [client ::1:58160] AH00898: Connect to remote machine blocked returned by /phpinfo.php
I found with Wireshark, that Apache does not even try to communicate
with php-fpm over port 9000.
FPM-FPM runs on port 9000:
# netstat -tulpen|grep 9000
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 0 322196 18092/php-fpm: mast
Greetings,
Björn
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org