Php-fpm pools configuration for multiple websites in Centos 7.

After following this tutorial for installing Lemp on Centos 7, I decided to host multiple sites on the same droplet. Using Nginx i created a server block for each site, and everything worked fine. Now i decided to add a bit of security, what concerns me is that if you got access to php you could access the whole server. So this tutorial looked exactly like what i needed.

Now i have some questions about this tutorial, and some issues i encountered at the beginning(php-fpm pools configuration).

  1. In the first tutorial(Installing Lemp), in the php-fpm configuration we configured the file “www.conf”, and the pool name was www(that was written in the head of the file like this[www]). Does this configuration only applies for sites that listen to the sock i specified there? Or is this configuration the default for other pools?

  2. In the first tutorial we uncomment “listen.owner” and “”, so they are set to “nobody”. but in the second tutorial we set it to “www-data”, is that only for Ubuntu? or i should do it too? and how does this contribute to security?

  3. in the first tutorial we set the “user” and “group” to a user and a group i created for this specific website. so if i don’t plan on giving anyone access to the server, does that contribute to security? i mean, creating a different pool for each site wont be enough? i don’t really understand how does that work.

  4. Can i set a default configuration for all the sites, and only write the changes specifically for each site in its own pool?

Those are all my questions, i hope you could help me with this. I tried searching the web for some answers, but i still don’t get it. Thanks ahead!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I think the confusion you’re encountering here is that the first tutorial is for CentOS while the second one is for Ubuntu. The default users used for these distros for web services are different. There is no www-data user on CentOS by default.