Thank you for all the tips.
Part of my problem was probably Ninja Firewall. I installed Ninja
Firewall (free) some weeks ago for testing. The free version does not
allow whitelisting. So for unknown reasons Ninja Firewall blocked
localhost/127.0.0.1/::1. After disabling, updating and re-enabling Ninja
Firewall I have access again.
But after some minutes I was blocked again for unknown reasons.
Now I switched from Apache2-PHP-FPM TCP connection to unix socket
connection. The setup works now:
/etc/apache2/conf.d/php7-fpm.conf:
<IfModule mod_proxy_fcgi.c>
SetHandler
"proxy:unix:/var/run/php-fpm-www.sock|fcgi://localhost/"
</If>
</FilesMatch>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
/etc/php7/fpm/php-fpm.d/www.conf:
[www]
user = wwwrun
group = www
listen = /var/run/php-fpm-www.sock
listen.owner = wwwrun
listen.group = www
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.status_path = /status
catch_workers_output = yes
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
One remaining question: How can I disable apache2-mod_php7 in openSUSE?
apache2-mod_php7 is a dependency for packages like nextcloud.
My current work-around is ugly. I install apache2-mod_php7 in the RPM
database and lock the package in Zypper.
zypper al apache2-mod_php7
zypper install --download-only apache2-mod_php7
rpm -Uvh --justdb /var/cache/zypp/packages/repo-oss/x86_64/apache2-mod_php7-7.3.0-1.1.x86_64.rpm
BTW, I use PHP-FPM, because I want to use HTTP/2 and HTTP/2 does not
work with Apache Prefork MPM, which is required by MOD_PHP. Later I want
to use different PHP-FPM pools with different users and groups to
separate my PHP apps. Unfortunately none of the big PHP applications
seems to have a documentation about how harden the applications with
PHP-FPM.
Greetings
Björn
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org