A Stone Bell

Deep and Sonorous, or maybe just a Dull Thud?


Running PHP securely under apache


A quote for you: “PHP-FPM is a daemon process (with the systemd unit php7.0-fpm.service) that runs a FastCGI server on the socket /var/run/php/php7.0-fpm.sock” – well that’s not entirely true as we’ll see in a minute, but it does state the main thing which we are trying to achieve, that is to get Apache to call a separate PHP process for each of our websites.

Instead of calling the built in MOD_PHP we want PHP to work by Apache2 calling PHP-FPM via its mod_fastcgi module which we install as follows:

apt-get -y install libapache2-mod-fastcgi php7.0-fpm

In all of my examples I’m assuming that you are running with sudoers permissions, so I’m not going to prefix every line with “sudo”

If it doesn’t start automatically, you’ll have to do it yourself:

service php7.0-fpm start

There is no issue in starting a service which is already running, so you don’t have to check just start it.

The Apache server ships with two modules we need (alias and actions) already loaded, but in case they are not enabled, just include them when we activate fastcgi:

a2enmod actions fastcgi alias

Again, there is no harm in enabling them again if they are active. Then restart Apache so it knows these are all present and running

service apache2 restart

One author bravely said “That’s it, PHP-FPM is now running on your system”, but as he or she went on to say “Apache does not know about it yet though and is still using mod_php”.

And that’s where the fun starts.

- No Comments on this Post -