Thanks to everyone who proved feedback on this thread and through other
channels. Most of the ideas fell into two buckets, web server specific
or web server generic. At this time, we feel that leave any web server
configuration out of our php56u-fpm package is best approach. Updated
packages will be hitting the testing repos tonight.
It is important to note, using anything but Apache and mod_php may cause
issues with php application RPMs that are excepting the stock EL
approach. They might want to add some Apache configuration files for
example. Off the top of my head, I can't name a RPM that does this, but
I would not be surprised if there are plenty out there.
Please let us know if you run into any issues with these updated packages.
-Ben
On 09/12/2014 11:06 AM, Strahinja Kustudic wrote:
I don't know if Ben forwarded my feedback internally, so I'm replying
now. In my opinion using php or the current apache user doesn't make
much of a difference tbh, I don't see any advantage of using a new
user except to be different. When we setup Nginx+php-fpm we set them
to run as same users, which is the reason why the user in Fedora
packages is apache, because they want to run Apache and php-fpm with
same users.
My biggest issue with php54/55u packages is that by default, besides
setting the owner of the /var/log/php-fpm directory to apache:apache,
they also set the permissions to 770. This is frustrating since if you
configure different permissions for that directory (e.g. 755 or
whatever) every time you update php-fpm it overwrites them to 770. I
don't understand the reasoning behind this, since if an admin wants to
allow everyone (or to restrict it even more) to read this directory it
should be possible. I mentioned this in the bug that was linked in the
thread.
Regards,
Strahinja
Sounds good. I hadn’t realized that it wasn’t using sockets by
default, in which case having phpXXu-fpm create it’s own user would
make the most sense.
---
BJ Dierkes
Data Folk Labs, LLC
From: Carl George <[email protected]>
<mailto:[email protected]>
Reply: Carl George <[email protected]>>
<mailto:[email protected]>
Date: September 12, 2014 at 9:43:34 AM
To: [email protected]
<mailto:[email protected]>
<[email protected]>>
<mailto:[email protected]>
Subject: Re: [Ius-community] RFC IUS php 5.6 FPM
I think the best solution is to just use a dedicated php-fpm user.
The default configuration is to listen on a tcp port, so the user
doesn't matter. If you change the config to use a unix socket, then
just add the webserver user to the php-fpm group.
Advantages:
* works out of the box
* easy to maintain
* simple to explain
* package names don't diverge from the stock layout
Disadvantages:
* ?
- Carl
________________________________________
From: Ius-community
[ius-community-bounces+carl.george=rackspace....@lists.launchpad.net
<mailto:[email protected]>] on behalf of Ben Harper
[[email protected] <mailto:[email protected]>]
Sent: Tuesday, September 09, 2014 05:22 PM
To: [email protected]
<mailto:[email protected]>
Subject: Re: [Ius-community] RFC IUS php 5.6 FPM
On 09/08/2014 04:04 PM, Ben Harper wrote:
> Greetings,
>
> The initial build of IUS php56u packages will be hitting the testing
> repo tonight for Red Hat and CentOS 7. We would like some input on
> how to handle the FPM package. Historically Red Hat and IUS packages
> have taken approach that FPM would be used with Red Hat's default web
> server, Apache. With the popularity of Nginx and other web servers,
> we want to reevaluate this approach.
>
> Up until recently, the main php package (php54 and php55u) required
> Apache for mod_php and the php FPM logs were owned by the apache
> user. Since both php54 and php55u had been in the stable repos for
> some time, we were very cautious about making changes. We removed the
> requirement for Apache, but kept the logs owned by the apache user[0].
>
> Seeing that php56u is a brand new package, we can afford to completely
> rethink how we handle php FPM. We could follow Red Hat lead and
> assume FPM will be used with Apache. We could also do what we did
> with php53u and php54. Another option would be not to require Apache
> and have the logs owned by a new user like http, php, php-fpm or some
> other user. Are there other ideas we should consider?
>
> Thanks,
> Ben and the rest of the IUS covedev team
>
> [0] https://bugs.launchpad.net/ius/+bug/1312972
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
> Post to : [email protected]
<mailto:[email protected]>
> Unsubscribe : https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
> More help : https://help.launchpad.net/ListHelp
BJ had an interesting idea in #iuscommunity. His idea was to have a
dedicate package for FPM and Nginx, something like php56u-fpm-nginx.
The php56u and php56u-fpm would continue to use Apache, while the
php56u-fpm-nginx would be set up to work with Ngnix. I think this idea
is worthy of consideration.
-Ben
_______________________________________________
Mailing list: https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
Post to : [email protected]
<mailto:[email protected]>
Unsubscribe : https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
Post to : [email protected]
<mailto:[email protected]>
Unsubscribe : https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
Post to : [email protected]
<mailto:[email protected]>
Unsubscribe : https://launchpad.net/~ius-community
<https://launchpad.net/%7Eius-community>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~ius-community
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ius-community
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~ius-community
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ius-community
More help : https://help.launchpad.net/ListHelp
