Comments (16)
Hello @ankitsnlq,
yes, I will only force www.conf & www-two.conf file deletion instead of removing everything in the pool.d directory
from wordops.
@michacassola with the correct approach yes. The Database itself is already running with a separate user.
Running each website with own user prevents a bunch of security problems.
from wordops.
Additional to separation due to security I also need to distribute/limit resources (that's what I am selling after all together with managing services), that is why I have started using LXD (Linux Containers) on top of my servers for near complete separation. It also gives me the ability to quickly move a complete container to another host server and also do backups in that way through LXD itself.
from wordops.
Hi VirtuBox,
I have noticed that if you have custom php pool configured manually during wordops update Pools get deleted. So please can make wordops update to not remove custom pools configured manually?
from wordops.
Issue has been fixed with PR #43
from wordops.
Thanks you @VirtuBox Tested it and it is good now. Are you planning per-site PHP pool module in wordops v4.0?
from wordops.
Hello @ankitsnlq,
this is not planned yet, because there are several other features already planned (wildcard SSL certs, monitoring, backup) but also because it will probably be the biggest change on WO structure and configuration. It will require to run a lot of tests, to see if there is an impact on performances, especially with open_basedir and opcache.
from wordops.
What I do is something like this on the nginx
set $phpfpm_port 9099;
set $index_https "-https";
# wpsc-php7 replace
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:$phpfpm_port;
# Following line is needed by WP Super Cache plugin
fastcgi_param SERVER_NAME $http_host;
}
# FOR WP-SUPERCACHE
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index$index_https.html $uri $uri/ /index.php?$args;
Fix the permissions on /var/www/domain.ltd folder
chown -R user:group /var/www/domain.ltd
chmod a-w /var/www/domain.ltd
from wordops.
@andremacola
What are the main benefits? More security?
Will applying cgroups to those users or groups limit the whole site: PHP, NGINX and the Database?
Also found an interesting article: https://ma.ttias.be/a-better-way-to-run-php-fpm/
from wordops.
Yes this would be good to implement and should be the default imo. Each site PHP running under its own user.
from wordops.
I had to remove open_basedir from default pool because of performance on a bunch of heavy sites traffic.
from wordops.
Any updates on this?
Or does anyone have a config implementation of this?
Would really like to see this for increased system security
from wordops.
@VirtuBox any updates here? This seems like it would help a lot for security.
from wordops.
@VirtuBox this seems like the highest security risk right now to this setup. Any updates to when we can expect to have this feature?
from wordops.
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
from wordops.
This issue was closed because it has been stalled for 5 days with no activity.
from wordops.
Related Issues (20)
- Robots.txt not editable via Hook Filter "robots_txt" HOT 2
- wo site update --phpXx doesn't do anything to vhost config HOT 2
- Install stack without Database HOT 3
- Remove Anemometer Package - Potential Vulnerability HOT 2
- [Suggestion]Redis compatible cache alternative HOT 11
- Wordops installtaion fails on arm64 HOT 2
- Was Ngxblocker removed from wordops? HOT 4
- Following #549 can we have a .mustache template for /etc/nginx/conf.d/force-ssl-?.com.conf HOT 9
- `wo update` fails on Debian 11 due to deprecation error HOT 5
- Installing PHP 8.3 fails on Debian 10 due to missing Xdebug package HOT 7
- Error: Access denied; you need (at least one of) the SUPER privilege(s) for this operation - MYSQL HOT 2
- File has unexpected size HOT 4
- Incorrectly detects `PHP8.2-FPM is not installed` HOT 3
- Wo log show does not work HOT 3
- Unable to update or install latest php HOT 3
- Issue regarding logging sensitive information HOT 4
- Potential TOCTOU Attack Surface HOT 5
- Let'sEncrypt certificate overwrite between subdomains. HOT 5
- Nginx -t gives me errors and website is crashing HOT 1
- Feat: make WordOps more resilient by adding `Restart=on-failure RestartSec=5s` HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordops.