Dedicated PHP FPM Handler - Chrooted Environment
Actually, the fpm dedicated handler would be perfect for a native PHP FPM jail to get rid of open_basedir (cause of disabled realpath_cache).
It would be great to get an option to enable "PHP Chrooted Mode" if dedicated handler is set.
Benefits:
* Native Chrooted FPM-Handler
* Active Realpath Cache (open_basedir could be safely disabled)
* Massive Performance Improvement for any PHP based web app
* More security, because fpm handles the jail instead of php.ini
Template / Config Changes:
PHP-FPM Config
Set "chroot" Option inside generated fpm pool config:
/var/www/vhosts/system/<domain>/etc/php-fpm.conf
chroot = /var/www/vhosts/<domain>/
chdir = /
Apache & NGINX:
/var/www/vhosts/system/<domain>/conf/nginx.conf
Override /etc/nginx/fastcgi.conf SCRIPT_FILENAME setting to use the chrooted basepath instead of the full $document_root path.
Example:
fastcgi_param SCRIPT_FILENAME /httpdocs$fastcgi_script_name;
Would be a great feature for plesk in my opinion.
creoline GmbH
shared this idea
This is a valid request, so we'll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features.
Thanks in advance!
--
IG