Hello,
I have a problem with the following setup: One VM containing multiple VHOSTs. They are using diffferent PHP-Versions, which I manage by having a .php-Location in each VHOST which points to the correct unix socket for the PHP-Version. This is an example for PHP 7.4:
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param PHP_VALUE open_basedir="/A:/B:/C:/D";
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
I have changed the real paths to A/B/C/D. My goal is to have one VHOST access the webroots of other vhosts and execute PHP-Code, but not the reverse. I have as yet not found a solution for this. I have set the open_basedir for the VHOST which is supposed to be able to access other webroots. Afterwards the VHOST in question can access the paths specified by open_basedir but the other VHOSTS can't access their own webroots anymore. It works again if I include the webroot of VHOST 2 in the open_basedir directive of VHOST 1, but this is not what I want. How can I limit the open_basedir-directive to a specific VHOST? If this should prove impossible: How can I let PHP-FPM access webroots from another VHOST without letting the second VHOST access the first one?
Yours faithfully
Stefan