Forum

Hi Hugo,

Could you please help me uderstand what the following line in the cgi-wrapper.conf does?

Wrap = jail_mydomain.co.uk ; /usr/local/www/prod_site ; 80:80

What is the purpose of this line of code?

Thank you

That's all explained in the CGI-wrapper HOWTO.

Hi,

Thank you for the link but I already read it before..
I'm sorry but is there any way you could try to explain in different way?
is this setting complimentary to isolation user with php-fmp?

 FastCGIserver {
         FastCGIid = PHP7-FPM-FRED
         ConnectTo = /var/run/fred.sock
         Extension = php
 }
 FastCGIserver {
         FastCGIid = PHP7-FPM-JOHN
         ConnectTo = /var/run/john.sock
         Extension = php
 }
 FastCGIserver {
         FastCGIid = PHP7-FPM-LUCY
         ConnectTo = /var/run/lucy.sock
         Extension = php
 }

That's more or less the same, yes. FastCGI is of course faster, but the CGI-wrapper has easy chroot capabilities.

Hugo,
Would you mind giving me an exampe?
At the moment I use Hiawatha in a FreeBSD jail..
In the jail, I create 1 user per domain with sftp access only (no shell)...
I then create

mkdir /home/fred/public_html

I then create vi /usr/local/etc/php-fpm.d/fred.conf with the following

[fred]
user = fred
group = www

listen = /var/run/fred.sock

listen.owner = fred
listen.group = www
listen.mode = 0660

pm = ondemand
pm.max_children = 20
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.process_idle_timeout = 60s;
pm.max_requests = 200
pm.status_path = /status
request_terminate_timeout = 0

env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /home/fred/tmp
env[TMPDIR] = /home/fred/tmp
env[TEMP] = /home/fred/tmp

php_admin_value[open_basedir]      = /home/fred/public_html:/home/fred/tmp:/usr/local/share/pear:/usr/local/php70/lib/php
php_admin_value[disable_functions] = "exec,passthru,shell_exec,system,proc_open,popen,show_source"
php_admin_value[date.timezone]     = Europe/London

php_flag[display_errors]           = off
php_admin_flag[log_errors]         = on
php_admin_value[error_reporting]   = 30711
php_admin_value[error_log]         = /var/log/php-fpm/fred.error.log
php_admin_value[memory_limit]      = 128M
php_admin_value[upload_tmp_dir]    = /home/fred/tmp
php_admin_value[session.save_path] = /home/fred/tmp

and finally add it to hiawatha.conf

FastCGIserver {
         FastCGIid = PHP7-FPM-FRED
         ConnectTo = /var/run/fred.sock
         Extension = php
 }

So if I understand, I can cut all the steps above by only doing that 1 line of code?:

Wrap = jail_mydomain.co.uk ; /home/fred/public_html ; fred:www

where /home/fred/public_html will be in chroot and permision fred:www..

Is that correct? can i remove the

FastCGIserver {
         FastCGIid = PHP7-FPM-FRED
         ConnectTo = /var/run/fred.sock
         Extension = php
 }

from hiawatha.conf with the above?
Thank you

I would stick to php-fpm, as it is much faster than normal CGI (about 15 times faster). The CGI-wrapper uses normal CGI. The chroot functionality in the CGI-wrapper works with a pipe-sign in the path, as explained in the HOWTO.

Thank you Hugo.
I think I got it now. I'll keep php-fpm for my large site but I wanted to understand how think work in Hiawatha..
Last question if I can..
As I have my public_html in user home directory, will the following be the correct syntaxt?

Wrap = jail_chroot ; /home/fred/public_html|~fred ; fred:www

Why the '~fred' part? That's not an actual directory on disk, I guess. Use this:

Wrap = jail_chroot ; /home/fred/public_html| ; fred:www

Thank you Hugo