technese.com

Configure a separate PHP-FPM pool for each vhost. This allows each vhost to have its own isolated PHP-FPM process, which communicates over its own unique socket

To create a separate FastCGI socket for each virtual host (vhost), you’ll typically need to configure a separate PHP-FPM pool for each vhost. This allows each vhost to have its own isolated PHP-FPM process, which communicates over its own unique socket. Here’s how you can set it up:

1. Configure Separate PHP-FPM Pools

PHP-FPM allows you to define multiple pools, each with unique settings, including its own socket. By creating a separate pool for each vhost, you can control resources independently and enhance security and isolation.

1. Locate the PHP-FPM Pool Configuration Directory:

• PHP-FPM pool configurations are usually found in /etc/php/<version>/fpm/pool.d/ (replace <version> with your PHP version, e.g., 7.4).

1. Create a New Pool Configuration File for Each Vhost:

• Copy the default pool configuration file to create new files for each vhost. For example:
  cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/vhost1.conf
cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/vhost2.conf

1. Edit Each Pool Configuration File:

• Open each pool file (e.g., vhost1.conf) in a text editor and configure the following settings to make each pool unique.
• Set a Unique Pool Name: [vhost1]
• Specify a Unique Socket for Each Pool: listen = /var/run/php/php7.4-fpm-vhost1.sock
• Optionally Configure Additional Settings:
  • You can configure other settings independently, such as user, group, pm.max_children, etc., to control resource usage for each vhost.

1. Repeat for Each Vhost:

• Change the pool name and socket path in each configuration file to ensure they are unique (e.g., vhost2 with php7.4-fpm-vhost2.sock).

1. Restart PHP-FPM:

• Once all pools are configured, restart PHP-FPM to apply the changes.
  sudo systemctl restart php7.4-fpm

2. Configure Apache for Each Vhost to Use the Correct FastCGI Socket

In your Apache configuration, you need to configure each vhost to use its respective FastCGI socket.

1. Define Each Vhost in Apache (in /etc/apache2/sites-available/):

• For each vhost configuration file, use the FastCgiExternalServer directive to point to the unique socket created for that vhost’s PHP-FPM pool.

1. Example Apache Configuration:

   <VirtualHost *:80>
       ServerName vhost1.example.com

       # FastCGI configuration for vhost1
       FastCgiExternalServer /var/www/vhost1/cgi-bin/php-fcgi -socket /var/run/php/php7.4-fpm-vhost1.sock -pass-header Authorization -pass-header Content-Type
       DocumentRoot /var/www/vhost1

       <Directory /var/www/vhost1>
           Options +ExecCGI
           Require all granted
       </Directory>
   </VirtualHost>

   <VirtualHost *:80>
       ServerName vhost2.example.com

       # FastCGI configuration for vhost2
       FastCgiExternalServer /var/www/vhost2/cgi-bin/php-fcgi -socket /var/run/php/php7.4-fpm-vhost2.sock -pass-header Authorization -pass-header Content-Type
       DocumentRoot /var/www/vhost2

       <Directory /var/www/vhost2>
           Options +ExecCGI
           Require all granted
       </Directory>
   </VirtualHost>

• In this setup, each vhost has a separate FastCgiExternalServer directive pointing to its dedicated PHP-FPM socket.

1. Reload Apache:

• After configuring each vhost, reload or restart Apache to apply the changes.
  sudo systemctl restart apache2

Summary

By configuring a separate PHP-FPM pool and socket for each vhost, each site operates in isolation with its own dedicated FastCGI process. This setup not only enhances security but also allows for resource control per vhost, preventing one site from monopolizing resources at the expense of others.

Source: ChatGPT