PHP 7.2 Secure Transition

grayloon

• November 12, 2018 08:13

I'm currently running PHP 5.6 with the CGI handler for PHP-FPM. I'm also running suexec. I may have some sites that are not compatible with PHP 7.2 by the end of the year, so I want to make sure I have all sites isolated from one another as much as possible. Would it make sense to switch to mod_ruid2? If so, are there any caveats to switching from PHP 5.6 using CGI to PHP 7.2 using DSO?

• 

  cPanelMichael

  • November 12, 2018 18:37

  Hello @grayloon, Could you clarify if you are using PHP-FPM for these domain names? If so, note that PHP-FPM becomes the PHP handler for domain names it's enabled on, despite the fact that a different handler (e.g. CGI) is configured as the default handler for a PHP version. Thank you.

  0
• 

  grayloon

  • November 12, 2018 19:25

  Yes " I'm currently using PHP-FPM for all domains right now.

  0
• 

  cPanelMichael

  • November 12, 2018 19:31

  Hello, If all of the domains are assigned PHP-FPM, then switching the default handler from CGI to DSO would have no impact. You can have PHP-FPM installed on the server along with DSO/Ruid2, though while you can have both readily available for use with your accounts, you can't actually use PHP-FPM and Ruid2 at the same time for a domain name. You'd have to use one or the other for each domain name (e.g. enabling PHP-FPM for a domain name disables DSO/Ruid2 for that domain name). If you are open to using CloudLinux, there's a thread here you may find helpful:

  0
• 

  grayloon

  • November 13, 2018 17:37

  So, this is what you're suggesting?

  • Add Ruid2 to my custom profile and provision.
  • Switch the default handler to DSO
  • Turn off PHP-FPM for individual domains to force them to use Ruid2

  Unfortunately, Cloudlinux isn't an option right now.

  0
• 

  cPanelMichael

  • November 13, 2018 17:49

  Hello @grayloon, I suggest simply keeping PHP-FPM enabled on the domains. Is there anything specific about PHP-FPM on PHP 7.2 as it pertains to the compatibility of your websites that's leading you to make the change to the handler? Thank you.

  0
• 

  grayloon

  • November 13, 2018 17:55

  No. I thought Ruid2 required the DSO handler.

  0
• 

  cPanelMichael

  • November 13, 2018 18:13

  No. I thought Ruid2 required the DSO handler.

  
  That is correct. However, is there a specific reason you prefer to use DSO with Ruid2 over PHP-FPM? Thank you.

  0
• 

  grayloon

  • November 13, 2018 19:32

  I was under the impression that Ruid2 was more secure than suexec I'm using now. I'm open to suggestions to isolate my sites as much as possible.

  0
• 

  cPanelMichael

  • November 13, 2018 19:51

  Hello @grayloon, There are pros and cons to each PHP handler in terms of security and usability. Here are a few links to review when making the decision: Thank you.

  0

Please sign in to leave a comment.