{"id":5775,"date":"2023-02-15T14:54:00","date_gmt":"2023-02-15T11:24:00","guid":{"rendered":"https:\/\/maralhost.com\/hub\/?p=5775"},"modified":"2023-07-29T22:38:52","modified_gmt":"2023-07-29T19:08:52","slug":"use-nginx-and-php-fpm-pools-to-secure-multiple-websites","status":"publish","type":"post","link":"https:\/\/maralhost.com\/hub\/use-nginx-and-php-fpm-pools-to-secure-multiple-websites\/","title":{"rendered":"\u0633\u0627\u062e\u062a \u0648\u0628 \u0633\u0627\u06cc\u062a \u0647\u0627\u06cc \u0627\u06cc\u0632\u0648\u0644\u0647 \u0634\u062f\u0647 \u062f\u0631 NGINX \u0628\u0627 PHP-FPM"},"content":{"rendered":"\n<p>\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u06cc\u06a9\u06cc \u0627\u0632 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0647\u0627\u06cc \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0634\u062e\u0635\u06cc \u0634\u0645\u0627 \u0645\u0648\u0631\u062f \u0646\u0641\u0648\u0630 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u062f \u0648 &#8230; \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u0634\u0648\u062f \u06a9\u0647 \u0647\u0631 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0631\u0627 \u062f\u0631 \u06cc\u06a9 \u0645\u062d\u06cc\u0637 jailed&nbsp; \u0634\u062f\u0647 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u062a\u0627 \u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u062d\u062a\u06cc \u0648\u0628 \u0633\u0627\u06cc\u062a \u0634\u0645\u0627 \u0645\u0648\u0631\u062f \u0646\u0641\u0648\u0630 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a \u060c \u0634\u062e\u0635 \u0646\u0641\u0648\u0630\u06af\u0631 \u0646\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u062f\u06cc\u06af\u0631 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0647\u0627\u06cc \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0646\u0641\u0648\u0630 \u06a9\u0646\u062f &#8230;<\/p>\n\n\n\n<p>( \u0627\u06cc\u0646 \u0622\u0645\u0648\u0632\u0634 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u0631 \u0647\u0627\u06cc \u0628\u062f\u0648\u0646 \u06a9\u0646\u062a\u0631\u0644 \u067e\u0646\u0644 \u06a9\u0627\u0631\u0628\u0631\u062f\u06cc \u0627\u0633\u062a . )<\/p>\n\n\n\n<p>\u0627\u0628\u062a\u062f\u0627 \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0631\u062f\u0646 \u0645\u062e\u0627\u0632\u0646 &nbsp;Nginx &nbsp;\u0645\u06cc\u06a9\u0646\u06cc\u0645 .<\/p>\n\n\n\n<p><a href=\"https:\/\/www.vennedey.net\/code\/8ddc1110e11ccfa71faf142d13a3425e59eb47ced7a37dfdb47ba9a8c50f2eea\" rel=\"nofollow noopener\" target=\"_blank\">\/etc\/apt\/sources.list<\/a><\/p>\n\n\n\n<p>deb http:\/\/nginx.org\/packages\/mainline\/debian\/ stretch nginx<\/p>\n\n\n\n<p>deb-src http:\/\/nginx.org\/packages\/mainline\/debian\/ stretch nginx<\/p>\n\n\n\n<p>\u062d\u0627\u0644 \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0631\u062f\u0646 \u06a9\u0644\u06cc\u062f \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u067e\u06a9\u06cc\u0686 nginx &nbsp;\u0628\u0627 \u0622\u0646 sign &nbsp;\u0634\u062f\u0647 \u0645\u06cc\u06a9\u0646\u06cc\u0645 :<\/p>\n\n\n\n<p>root@webhost:~# wget -O- -q http:\/\/nginx.org\/keys\/nginx_signing.key | apt-key add &#8211;<\/p>\n\n\n\n<p>\u062d\u0627\u0644 \u0628\u0631\u0627\u06cc \u0646\u0635\u0628 \u0622\u0646 \u0627\u0642\u062f\u0627\u0645 \u0646\u0645\u0627\u06cc\u06cc\u062f<\/p>\n\n\n\n<p>root@webhost:~# apt-get updateroot@webhost:~# apt-get install nginx<\/p>\n\n\n\n<p>\u0646\u0648\u0628\u062a \u0628\u0647 \u0646\u0635\u0628 php-fpm &nbsp;\u0645\u06cc\u0631\u0633\u062f :<\/p>\n\n\n\n<p>root@webhost:~# apt-get install php7.0-fpm<\/p>\n\n\n\n<p>\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0632\u06cc\u0631 \u0628\u0631\u0627\u06cc \u062a\u06a9 \u062a\u06a9 \u06cc\u0648\u0632\u0631 \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0642\u0631\u0627\u0631 \u0627\u0633\u062a \u0631\u0648\u06cc \u0627\u06cc\u0646 \u0633\u0631\u0648\u0631 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u0646\u062f \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a<\/p>\n\n\n\n<p>root@webhost:~# mkdir \/home\/wwwroot@webhost:~# useradd -b \/home\/www -k \/dev\/null -m username<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">root@webhost:~# cd \/home\/www\/&lt;username&gt;\nroot@webhost:~# mkdir chroot\nroot@webhost:~# mkdir chroot\/data\nroot@webhost:~# mkdir chroot\/log\nroot@webhost:~# mkdir chroot\/tmp\nroot@webhost:~# mkdir chroot\/tmp\/misc\nroot@webhost:~# mkdir chroot\/tmp\/session\nroot@webhost:~# mkdir chroot\/upload\nroot@webhost:~# mkdir chroot\/wsdl\n\nroot@webhost:\/home\/www\/&lt;username&gt;# chown -R root:&lt;username&gt; chroot\/\nroot@webhost:\/home\/www\/&lt;username&gt;# chmod 0010 chroot\/\nroot@webhost:\/home\/www\/&lt;username&gt;# chmod 0070 chroot\/data\nroot@webhost:\/home\/www\/&lt;username&gt;# chmod 0030 chroot\/log\nroot@webhost:\/home\/www\/&lt;username&gt;# chmod 0010 chroot\/tmp\nroot@webhost:\/home\/www\/&lt;username&gt;# chmod 0030 chroot\/tmp\/*<\/pre>\n\n\n\n<p>\u062d\u0627\u0644 \u0627\u0642\u062f\u0627\u0645 \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f pool &nbsp;\u0627\u062e\u062a\u0635\u0627\u0635\u06cc php-fpm &nbsp;\u0628\u0631\u0627\u06cc \u0647\u0631 \u06cc\u0648\u0632\u0631 \u0645\u06cc\u06a9\u0646\u06cc\u0645 :<\/p>\n\n\n\n<p>nono \/etc\/php\/7.0\/fpm\/pool.d\/&lt;username&gt;.conf<\/p>\n\n\n\n<p><a href=\"https:\/\/www.vennedey.net\/code\/8ddc1110e11ccfa71faf142d13a3425edd7285ba2467fc2426f8861c17d7a67d\" rel=\"nofollow noopener\" target=\"_blank\">username.conf<\/a><a href=\"https:\/\/www.vennedey.net\/code\/8ddc1110e11ccfa71faf142d13a3425edd7285ba2467fc2426f8861c17d7a67d\" rel=\"nofollow noopener\" target=\"_blank\">username.conf<\/a><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[&lt;username&gt;]\nuser = $pool\ngroup = $pool\n\nlisten = \/var\/run\/php-fpm-$pool.sock\nlisten.owner = nginx\nlisten.group = nginx\n \npm = dynamic\npm.max_children = 5\npm.start_servers = 2\npm.min_spare_servers = 1\npm.max_spare_servers = 3\n\npm.status_path = \/php-fpm-status\nping.path = \/php-fpm-ping\n\naccess.log = \/home\/www\/$pool\/chroot\/log\/php-fpm-pool.log \nslowlog = \/home\/www\/$pool\/chroot\/log\/php-fpm-slow.log\nrequest_slowlog_timeout = 15s\nrequest_terminate_timeout = 20s\n\nchroot = \/home\/www\/$pool\/chroot\/\nchdir = \/\n\n; Flags &amp; limits\nphp_flag[display_errors] = off\nphp_admin_flag[log_errors] = on\nphp_admin_flag[expose_php] = off\nphp_admin_value[memory_limit] = 32M\nphp_admin_value[post_max_size] = 24M\nphp_admin_value[upload_max_filesize] = 20M\nphp_admin_value[cgi.fix_pathinfo] = 0\nphp_admin_value[disable_functions] = apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_lookup_uri,apache_note,apache_request_headers,apache_reset_timeout,apache_response_headers,apache_setenv,getallheaders,virtual,chdir,chroot,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,chgrp,chown,disk_free_space,disk_total_space,diskfreespace,filegroup,fileinode,fileowner,lchgrp,lchown,link,linkinfo,lstat,pclose,popen,readlink,symlink,umask,cli_get_process_title,cli_set_process_title,dl,gc_collect_cycles,gc_disable,gc_enable,get_current_user,getmygid,getmyinode,getmypid,getmyuid,php_ini_loaded_file,php_ini_scanned_files,php_logo_guid,php_sapi_name,php_uname,sys_get_temp_dir,zend_logo_guid,zend_thread_id,highlight_file,php_check_syntax,show_source,sys_getloadavg,closelog,define_syslog_variables,openlog,pfsockopen,syslog,nsapi_request_headers,nsapi_response_headers,nsapi_virtual,pcntl_alarm,pcntl_errno,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal_dispatch,pcntl_signal,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,posix_access,posix_ctermid,posix_errno,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_initgroups,posix_isatty,posix_kill,posix_mkfifo,posix_mknod,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,setproctitle,setthreadtitle,shmop_close,shmop_delete,shmop_open,shmop_read,shmop_size,shmop_write,opcache_compile_file,opcache_get_configuration,opcache_get_status,opcache_invalidate,opcache_is_script_cached,opcache_reset\n\n; Session\nphp_admin_value[session.entropy_length] = 1024\nphp_admin_value[session.cookie_httponly] = on\nphp_admin_value[session.hash_function] = sha512\nphp_admin_value[session.hash_bits_per_character] = 6\nphp_admin_value[session.gc_probability] = 1\nphp_admin_value[session.gc_divisor] = 1000\nphp_admin_value[session.gc_maxlifetime] = 1440\n\n; Pathes\nphp_admin_value[include_path] = .\nphp_admin_value[open_basedir] = \/data\/:\/tmp\/misc\/:\/tmp\/upload\/:\/dev\/urandom\nphp_admin_value[sys_temp-dir] = \/tmp\/misc\nphp_admin_value[upload_tmp_dir] = \/tmp\/upload\nphp_admin_value[session.save_path] = \/tmp\/session\nphp_admin_value[soap.wsdl_cache_dir] = \/tmp\/wsdl\nphp_admin_value[sendmail_path] = \/bin\/sendmail -f -i\nphp_admin_value[session.entropy_file] = \/dev\/urandom\nphp_admin_value[openssl.capath] = \/etc\/ssl\/certs<\/pre>\n\n\n\n<p>\u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u062a\u0633\u062a \u0627\u06cc\u062c\u0627\u062f \u0648 \u067e\u0631\u0645\u06cc\u0634\u0646 \/\u0645\u0627\u0644\u06a9\u06cc\u062a \u0647\u0627 \u0631\u0627 \u0633\u062a \u0645\u06cc\u06a9\u0646\u06cc\u0645<\/p>\n\n\n\n<p>root@webhost:\/home\/www\/&lt;username&gt;\/chroot\/data# chown &lt;username&gt;:&lt;username&gt; test.php<\/p>\n\n\n\n<p>root@webhost:\/home\/www\/&lt;username&gt;\/chroot\/data# chmod 0640 test.php<\/p>\n\n\n\n<p>root@webhost:\/home\/www\/&lt;username&gt;\/chroot\/data# usermod -a -G &lt;username&gt; nginx<\/p>\n\n\n\n<p>\u062d\u0627\u0644 \u0628\u0631\u0627\u06cc \u0633\u0627\u062e\u062a virtualhost \u0627\u0642\u062f\u0627\u0645 \u0645\u06cc\u0641\u0631\u0645\u0627\u06cc\u06cc\u062f :<\/p>\n\n\n\n<p><code>\/etc\/nginx\/conf.d\/&lt;username&gt;.conf<\/code>.<a href=\"https:\/\/www.vennedey.net\/code\/8ddc1110e11ccfa71faf142d13a3425ec0513d7eb7af729fc1ec14f7783d5de5\" rel=\"nofollow noopener\" target=\"_blank\">username.conf<\/a><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">server {\n        listen 0.0.0.0:80;\n        listen [::]:80;\n        server_name  &lt;username&gt;.web.example.com;\n\n        root \/home\/www\/&lt;username&gt;\/chroot\/data;\n        index index.html index.htm index.php;\n\n        location \/ {\n                try_files $uri $uri\/ =404;\n        }\n\n        location ~ \\.php$ {\n                try_files  $uri =404;\n                include \/etc\/nginx\/fastcgi_params;\n                fastcgi_pass unix:\/var\/run\/php-fpm-&lt;username&gt;.sock;\n                fastcgi_param SCRIPT_FILENAME \/data$fastcgi_script_name;\n        }\n}\n\n<\/pre>\n\n\n\n<p>\u062f\u0631 \u0622\u062e\u0631 \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0631\u06cc\u0633\u062a\u0627\u0631\u062a php-fpm , nginx &nbsp;\u0645\u06cc\u06a9\u0646\u06cc\u0645<\/p>\n\n\n\n<p>systemctl restart php7.0-fpm<\/p>\n\n\n\n<p>systemctl restart nginx<\/p>\n\n\n\n<p>\u0646\u06a9\u062a\u0647 : \u0628\u062c\u0627\u06cc username \u0646\u0627\u0645 \u06a9\u0627\u0631\u0628\u0631 \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0631\u0627 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f &#8230;<\/p>\n\n\n\n<p>\u062f\u0631 \u062a\u0635\u0648\u06cc\u0631 \u0632\u06cc\u0631 \u0645\u0634\u0627\u0647\u062f\u0647 \u0645\u06cc\u0641\u0631\u0645\u0627\u06cc\u06cc\u062f \u06a9\u0647 \u0647\u0631 php-pool \u0647\u0627\u06cc \u062c\u062f\u0627 \u0627\u06cc\u062c\u0627\u062f \u0648 \u0631\u0627\u0646 \u0634\u062f\u0647 \u0627\u0633\u062a .<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a ref=\"magnificPopup\" href=\"www.maralhost.com\/wp-content\/uploads\/2019\/11\/pools.png\"><img decoding=\"async\" src=\"www.maralhost.com\/wp-content\/uploads\/2019\/11\/pools-300x146.png\" alt=\"\" class=\"wp-image-1726\" title=\"\"><\/a><\/figure><\/div>","protected":false},"excerpt":{"rendered":"<p>\u0628\u0627 \u062a\u0648\u062c\u0647 \u0628\u0647 \u0627\u06cc\u0646\u06a9\u0647 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u06cc\u06a9\u06cc \u0627\u0632 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0647\u0627\u06cc \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0634\u062e\u0635\u06cc \u0634\u0645\u0627 \u0645\u0648\u0631\u062f \u0646\u0641\u0648\u0630 \u0642\u0631\u0627\u0631 \u0628\u06af\u06cc\u0631\u062f \u0648 &#8230; \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u0634\u0648\u062f \u06a9\u0647 \u0647\u0631 \u0648\u0628 \u0633\u0627\u06cc\u062a \u0631\u0627 \u062f\u0631 \u06cc\u06a9 \u0645\u062d\u06cc\u0637 jailed&nbsp; \u0634\u062f\u0647 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u062a\u0627 \u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u062d\u062a\u06cc \u0648\u0628 \u0633\u0627\u06cc\u062a \u0634\u0645\u0627 \u0645\u0648\u0631\u062f \u0646\u0641\u0648\u0630 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a \u060c \u0634\u062e\u0635 \u0646\u0641\u0648\u0630\u06af\u0631 \u0646\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u062f\u06cc\u06af\u0631 \u0648\u0628 \u0633\u0627\u06cc\u062a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":5776,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-5775","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-hosting"],"_links":{"self":[{"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/posts\/5775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/comments?post=5775"}],"version-history":[{"count":1,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/posts\/5775\/revisions"}],"predecessor-version":[{"id":5777,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/posts\/5775\/revisions\/5777"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/media\/5776"}],"wp:attachment":[{"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/media?parent=5775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/categories?post=5775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maralhost.com\/hub\/wp-json\/wp\/v2\/tags?post=5775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}