After following this tutorial for installing Lemp on Centos 7, I decided to host multiple sites on the same droplet. Using Nginx i created a server block for each site, and everything worked fine. Now i decided to add a bit of security, what concerns me is that if you got access to php you could access the whole server. So this tutorial looked exactly like what i needed.
Now i have some questions about this tutorial, and some issues i encountered at the beginning(php-fpm pools configuration).
In the first tutorial(Installing Lemp), in the php-fpm configuration we configured the file “www.conf”, and the pool name was www(that was written in the head of the file like this[www]). Does this configuration only applies for sites that listen to the sock i specified there? Or is this configuration the default for other pools?
In the first tutorial we uncomment “listen.owner” and “listen.group”, so they are set to “nobody”. but in the second tutorial we set it to “www-data”, is that only for Ubuntu? or i should do it too? and how does this contribute to security?
in the first tutorial we set the “user” and “group” to a user and a group i created for this specific website. so if i don’t plan on giving anyone access to the server, does that contribute to security? i mean, creating a different pool for each site wont be enough? i don’t really understand how does that work.
Can i set a default configuration for all the sites, and only write the changes specifically for each site in its own pool?
Those are all my questions, i hope you could help me with this. I tried searching the web for some answers, but i still don’t get it. Thanks ahead!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.