diff options
| author | Romain Porte <microjoe@microjoe.org> | 2017-11-03 22:51:44 +0100 |
|---|---|---|
| committer | Romain Porte <microjoe@microjoe.org> | 2017-11-03 22:51:44 +0100 |
| commit | f7b1945008ae46b647da093d6f7c25f0849a75e5 (patch) | |
| tree | 4154d805e48c7f20a2ea5264ba0389d4cfd23d27 /templates | |
| parent | e8d772a8e10b7e046ec3ab5da2326ab2ba38e6e2 (diff) | |
| download | MicroJoe.ttrss-f7b1945008ae46b647da093d6f7c25f0849a75e5.tar.gz MicroJoe.ttrss-f7b1945008ae46b647da093d6f7c25f0849a75e5.zip | |
Use dedicated php-fpm for security
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/nginx.j2 | 2 | ||||
| -rw-r--r-- | templates/php-fpm.conf | 20 |
2 files changed, 21 insertions, 1 deletions
diff --git a/templates/nginx.j2 b/templates/nginx.j2 index 2046c35..8a9732d 100644 --- a/templates/nginx.j2 +++ b/templates/nginx.j2 @@ -60,7 +60,7 @@ server { fastcgi_split_path_info ^(.+\.php)(/.+)$; # filter and proxy PHP requests to PHP-FPM - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-ttrss.sock; fastcgi_index index.php; include fastcgi.conf; } diff --git a/templates/php-fpm.conf b/templates/php-fpm.conf new file mode 100644 index 0000000..a17ef22 --- /dev/null +++ b/templates/php-fpm.conf @@ -0,0 +1,20 @@ +[ttrss] +user = {{ ttrss_user }} +group = {{ ttrss_group }} + +listen = /var/run/php/php7.0-fpm-ttrss.sock +listen.owner = www-data +listen.group = www-data + +; Disable possible remote exploit commands +php_admin_value[disable_functions] = exec,passthru,shell_exec,system +php_admin_flag[allow_url_fopen] = off + +; Pool configuration +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +chdir = / |