Comments (16)
Hello @ankitsnlq,
yes, I will only force www.conf & www-two.conf file deletion instead of removing everything in the pool.d directory
from wordops.
@michacassola with the correct approach yes. The Database itself is already running with a separate user.
Running each website with own user prevents a bunch of security problems.
from wordops.
Additional to separation due to security I also need to distribute/limit resources (that's what I am selling after all together with managing services), that is why I have started using LXD (Linux Containers) on top of my servers for near complete separation. It also gives me the ability to quickly move a complete container to another host server and also do backups in that way through LXD itself.
from wordops.
Hi VirtuBox,
I have noticed that if you have custom php pool configured manually during wordops update Pools get deleted. So please can make wordops update to not remove custom pools configured manually?
from wordops.
Issue has been fixed with PR #43
from wordops.
Thanks you @VirtuBox Tested it and it is good now. Are you planning per-site PHP pool module in wordops v4.0?
from wordops.
Hello @ankitsnlq,
this is not planned yet, because there are several other features already planned (wildcard SSL certs, monitoring, backup) but also because it will probably be the biggest change on WO structure and configuration. It will require to run a lot of tests, to see if there is an impact on performances, especially with open_basedir and opcache.
from wordops.
What I do is something like this on the nginx
set $phpfpm_port 9099;
set $index_https "-https";
# wpsc-php7 replace
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass 127.0.0.1:$phpfpm_port;
# Following line is needed by WP Super Cache plugin
fastcgi_param SERVER_NAME $http_host;
}
# FOR WP-SUPERCACHE
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index$index_https.html $uri $uri/ /index.php?$args;
Fix the permissions on /var/www/domain.ltd folder
chown -R user:group /var/www/domain.ltd
chmod a-w /var/www/domain.ltd
from wordops.
@andremacola
What are the main benefits? More security?
Will applying cgroups to those users or groups limit the whole site: PHP, NGINX and the Database?
Also found an interesting article: https://ma.ttias.be/a-better-way-to-run-php-fpm/
from wordops.
Yes this would be good to implement and should be the default imo. Each site PHP running under its own user.
from wordops.
I had to remove open_basedir from default pool because of performance on a bunch of heavy sites traffic.
from wordops.
Any updates on this?
Or does anyone have a config implementation of this?
Would really like to see this for increased system security
from wordops.
@VirtuBox any updates here? This seems like it would help a lot for security.
from wordops.
@VirtuBox this seems like the highest security risk right now to this setup. Any updates to when we can expect to have this feature?
from wordops.
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
from wordops.
This issue was closed because it has been stalled for 5 days with no activity.
from wordops.
Related Issues (20)
- Failed create site on Digitalocean HOT 10
- Cannot install Wordops anymore HOT 6
- `sudo wo site create` Taking Infinite time HOT 8
- wo site create portal.local --mysql not working inside WSL2 HOT 2
- variables_hash_max_size and variables_hash_bucket_size missing? HOT 4
- Question upon query cache HOT 3
- Now that NGINX 1.25 has been made stable, when will WordOPs upgrade to 1.25? HOT 15
- Nginx keep crashing after updated wordops to v3.20.0 HOT 1
- Is there a way to tune the MySQL config settings specifically for my server? HOT 5
- Ubuntu 24.04 HOT 13
- Please fix issue: Query parameters missing when caching with wpsc HOT 2
- Http2.pro error: "ALPN: No ALPN, No NPN" HOT 2
- [Request] TCP Fast Open Support HOT 2
- problems with codes/commads HOT 2
- cannot import name 'distro' after upgrade to latest version HOT 7
- Cert expired, and not renewed
- more_set_headers X-Powered-By : WordOps HOT 5
- Weird 301 redirection to my old domain HOT 3
- Getting ERR_INVALID_REDIRECT after update to v3.21.0 HOT 3
- Error after upgrading WO HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordops.