February 09, 2023 06:52AM
Hello,

I have a problem with the following setup: One VM containing multiple VHOSTs. They are using diffferent PHP-Versions, which I manage by having a .php-Location in each VHOST which points to the correct unix socket for the PHP-Version. This is an example for PHP 7.4:

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param PHP_VALUE open_basedir="/A:/B:/C:/D";
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}

I have changed the real paths to A/B/C/D. My goal is to have one VHOST access the webroots of other vhosts and execute PHP-Code, but not the reverse. I have as yet not found a solution for this. I have set the open_basedir for the VHOST which is supposed to be able to access other webroots. Afterwards the VHOST in question can access the paths specified by open_basedir but the other VHOSTS can't access their own webroots anymore. It works again if I include the webroot of VHOST 2 in the open_basedir directive of VHOST 1, but this is not what I want. How can I limit the open_basedir-directive to a specific VHOST? If this should prove impossible: How can I let PHP-FPM access webroots from another VHOST without letting the second VHOST access the first one?

Yours faithfully
Stefan
Subject Author Posted

Change open_basedir but limit to specific vhost

s.schumacher February 09, 2023 06:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 267
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready