PHP-FPM chroot with chdir

apache-2.2 php-fpm php5

Solution 1:

Have you actually prepared a proper chroot for PHP?

Simply setting an arbitrary directory is not enough - you actually need to build the chroot and ensure it includes all necessary libraries, devices and binaries.

Otherwise, basic things like DNS resolution will fail to work and you'll get random errors, hangs or app segfaults. It sounds like you are mistaking the simplicity of open_basedir with that of a chroot.

As a start, this script, once customized, should give you a basis for a chroot.

http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/make_chroot_jail.sh

But realistically, if you don't have much experience with chroots ...

  1. It may not be any more secure than normal if incorrectly set up
  2. It may be far more insecure than normal and could allow root escalation if incorrectly set up
  3. You could end up with random issues, that will plague your application over time all caused by a badly built chroot

I would guess security is your goal, but you're very likely to end up with the exact opposite.

Solution 2:

Got help from phpfreaks IRC last night. It was an issue on the Apache side that I needed it to send the "/www" to PHP-FPM.

Related

nginx leads to 504 error, but my app is still running
Needed Counts in WSUS show Declined Updates
How to grow LVM and underlying partition?
IIS7 add certificate to site from command line
How do I encrypt SQL Server traffic with IPSEC?
configure squid3 as transparent proxy
Securing PHP via open_basedir based on script path
HP Procurve 2512/2524 protected port, source port filter or similar?
How to grep httpd error_log within a time range?
Enabling phar on Dreamhost shared hosting?
Change update strategy of CoreOS machine
Confusion about Microsoft Exchange 2013 RTM .ISO and Cumulative Updates