The beginning of investigation:
Hi Marko,
I re-read your post:
The first time, I didn’t notice that.
So it is useless to try to take out the ending “/” as it will be put back any time any PHP setting is changed/updated.
The case is worse than I thought,
Michel-André
For the nethgui php implementation I am guilty, I used php scl of remi, up to php74
For the cockpit php implementation I am too guilty, this time we used rh-php from the official software collections, up to rh-php73
This is why the version are different but when in the same vhost you enable a different php version in cockpit and nethgui, cockpit must win
You are using a community module for php.
Here’s a past discussion about it:
Salut Stéphane,
My module (remi-safe) is working well as it is not using an ending “/” for the SetHandler
for www.
That is the reason why it is possible to switch NinjaFirewall to Full WAF.
So the bug is in “the core package use the official SCL (limited to 7.3 currently)”
What is the solution you recommend for a Vhost as both modules insert an ending “/” for the SetHandler
.
Or to put it in another way: Why my module doesn’t insert an ending “/” in www, but insert one for the Vhost
Michel-Andé
Salut encore Stéphane,
FILE: /etc/httpd/conf.d/www.conf → no ending “/”
# set a different php version
<Directory "/var/www/html">
<FilesMatch .php$>
SetHandler "proxy:fcgi://127.0.0.1:9072"
</FilesMatch>
</Directory>
FILE: /etc/httpd/conf.d/virtualhosts.conf → ending "/"
# use php-fpm with mod_proxy_fcgi by socket
# from Remi repository instead of the default PHP
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php72-php-fpm/VHOSTNAME-php72.sock|fcgi://localhost/"
</FilesMatch>
This suggest that it is not the module handling the “www” that is causing the problem… or if it is the same module handling both, then it handles “www” differently than the “Vhost”.
Main goal, is it possible to take out the ending “/” ?
Michel-André
The www uses the port redirection
The virtualhost uses a linux socket
Too late in my TZ for thinking more
I have no malfunction recognized by removing the “/” from my virtual hosts. I would prefer to correct the the implementation in this way.
Sincerely, Marko
Thats why I thought we (means not me ) can customize the used template to expand the virtualhost.conf.
Sincerely, Marko
Bonjour Stéphane,
Après ton p’tit-dej demain matin,
Unix Domain Socket
By default, FPM listens for incoming requests on a network socket but can use a Unix Domain Socket, which can slightly improve performance.
In Apache httpd configuration: (no ending “/”)
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
…
Now, it is possible to choose PHP version for each directory, from Apache httpd configuration file.
Example: (no ending “/”)
# Use PHP 7.1 by default
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9071"
</FilesMatch>
# Some legacy application use PHP 5.4
<Directory /var/www/html/old>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
</Directory>
…
Bonne matinée,
Michel-André
??
Hi Marc,
As it is written: " Double-slashes could be the issue"
And in the recommended follow-up thread:
https://forums.cpanel.net/threads/user-ini-files-not-recursive.601163/
This was fixed as part of internal case HB-2719 in the most recent EasyApache 4 update:
1.0-107 - HB-2719: remove trailing slash from fcgi alias config line in template
Thank you.
Marko suggestion was right, the culprit is the ending “/”.
Michel-André
Indeed it seems that we have a working solution but buggy in some cases, however the documentation of remi states also to remove the trailling /
another french example, I know you love it.
https://blog.remirepo.net/post/2017/10/28/Astuces-de-configuration-de-PHP
I fixed my rpm nethserver-php-scl, could you verify that other ressources using php-fpm are not broken and you fix your issue.
Only for nethgui by now
yum install nethserver-php-scl --enablerepo=stephdl
Indeed when I use a phpinfo, I can find this
$_SERVER['SCRIPT_FILENAME'] //usr/share/dokuwiki/phpinfo.php
Salut Stéphane,
Narrator: Faster than a speeding bullet. More powerful than a locomotive. Able to leap tall buildings in a single bound.
Man 1: Look! Up in the sky! It’s a bird!
Woman 1: It’s a plane !
Man 2: It’s SuperStephdl !
I confirm, now NinjaFirewall is working in Full WAF mode on Vhost.
Merci mil fois,
Michel-André