On 2017-07-17 03:50, Luca Toscano wrote: > mod-proxy-fcgi is the preferred solution over mod-fcgi, and we have > documentation about it. Any specific reason to use libapache2-mod-fcgid? > (asking for curiosity and/or to decide if a doc update is needed :)
I am using mod_proxy_fcgi exactly for that reason (stated on https://wiki.apache.org/httpd/php). But the documentation (https://wiki.apache.org/httpd/PHP-FPM) is IMO a bit off. > Can you please be more specific? What errors do you see? In case please > open a task in bugzilla so we'll be able to debug it :) Even according to the documentation for mod_proxy_fcgi, UDS does not support connection reuse. In my case it broke POST requests. I then googled and found a bunch of articles and stackexchange entries that suggested to remove the enablereuse=on option from the Proxy section. Only after removing the Proxy directive completely, everything started to work as expected. Except from the mod_rewrite issue I experience. I'm still debugging it, but mod_rewrite behaves differently between mod_php and mod_proxy_fcgi, which should not happen at all, since rewrite shouldn't care or know about the backend. I also googled and found a few entries, none of which helped me: https://stackoverflow.com/questions/44054617/mod-rewrite-in-2-4-25-triggering-fcgi-primary-script-unknown-error-in-php-fpm http://www.coders.pro/2017/01/qq-htm/ > Using ProxyPassMatch is not only dangerous, it also has precedence over > a FilesMatch directive, which in turn limits your ability to restrict > access to certain resources. At least that was the case a couple of > years back. > > Dangerous in what way? Can you please be more specific and/or add examples? I'm sorry, my bad. I should not have generalized it. ProxyPass and ProxyPassMatch _can_ be dangerous. I see 2 main issues: 1) The match part can be set too wide, which could allow php-fpm to interpret the wrong file. 2) The documentation also states: Warning: when you ProxyPass a request to another server (in this case, the php-fpm daemon), authentication restrictions, and other configurations placed in a Directory block or .htaccess file, may be bypassed. So ProxyPass has precedence over other directives. It is evaluated first. This can lead to a number of problems. Anyway, as long as you are aware of it, the impact can be minimized. Yet I believe it is too dangerous for the average Joe. -- regards Helmut K. C. Tessarek KeyID 0xF7832007C11F128D Key fingerprint = 28A3 1666 4FE8 D72C CFD5 8B23 F783 2007 C11F 128D /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */
