DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

SSHD2 Update Wordpress. "Unable to locate WordPress Content directory (wp-content)."

I am unable to pinpoint this error. I am trying to use an SSH key and unique user for this particular site. FS_METHOD direct is of course making files under the www-data user, which I don’t want (I don’t think). So I’m kinda stuck here. No matter which settings I change in the config file that’s the error I get (after fixing the public/private key mismatch error hah). And in the tutorial I didn’t see much talk about this error. Any help pointing me in the right direction would be much appreciated!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Jonathan TittleJanuary 13, 2017
Accepted Answer

@danfoote104227

For Apache, then, you may need to run ownership equal to user:apacheuser where apacheuser is the user that Apache is running as. On NGINX, you have a little more control as you can actually run PHP as a different user than you run NGINX as (i.e. the user you created), so PHP-FPM will run as intended without the need for work arounds.

With Apache, and without the ability to run PHP as a different user per instance (as you can with PHP-FPM), then you may be forced to use define() and the plugins. That is, unless you run all files and dirs as the same user as apache is running as, which isn’t very secure as one user then has control over all files and directories associated with your accounts.

In such a case, should someone gain access to one, they could easily gain access to the rest.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

Jonathan TittleJanuary 14, 2017

@danfoote104227

From a security standpoint, each user should always have their own account.

What you’re talking about is changing the user that PHP-FPM runs as, and yes, you can and should do that. You’ll want to look in:

/etc/php/7.1/fpm/pool.d/

By default, there’s only a single file in that directory and that’s www.conf which uses www-data as the default user. To setup a PHP-FPM instance for each user, you’d simply copy that file to a new one and change the configuration within it.

For example, let’s say we have user1, user2, user3. In the above directory, create:

user1.conf
user2.conf
user3.con

by simply copying the existing www.conf to a new file. The command below creates the 3 new files we need for this example.

cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user1.conf \
&& cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user2.conf
&& cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user3.conf

Now, you’d simply create directories for each user and then a new user account for each:

sudo mkdir -p /home/{user1,user2,user3} \
&& sudo useradd -d /home/user1 user1 \
&& sudo useradd -d /home/user2 user2 \
&& sudo useradd -d /home/user3 user3

Now we need to edit our newly created PHP-FPM configuration files and change a few specific values before we restart PHP-FPM. The lines you want to look at changing are:

[www]

user = www-data
group = www-data

and

listen = 127.0.0.1:9000

In the first, change [www] to the username (i.e [user1] …). You’ll then set the user and group to the same username. Finally, increase the port # by one (i.e. 9000 becomes 9001, 9002, etc).

The reason we need to increase the port is because we can’t have two users listening in on the same port. Yes, it’s really that simple :-).

Now, once all 3 configuration files have been modified, restart PHP-FPM.

sudo service php7.1-fpm restart

Now, the biggest change is going to be how I setup NGINX in the guide I provided you with. If you look in this file:

/etc/nginx/config/php/php-fpm.conf

You’ll see where I defined the port that PHP-FPM connects on for that account. You’ll need to copy this file in to each server block instead of including it and then change the port. So what you’d end up with is a server block that looks like the below for each account instead of the slimmer one in that guide.

server {
    listen                                          80;
    server_name                                     yourdomain.com www.yourdomain.com;
    root                                            /home/yourdomain/htdocs/public;
    index                                           index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    $request_filename;

        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 512 16k;
        fastcgi_busy_buffers_size 1m;
        fastcgi_temp_file_write_size 4m;
        fastcgi_max_temp_file_size 4m;
        fastcgi_intercept_errors off;

        fastcgi_param  PATH_INFO          $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

        fastcgi_param  QUERY_STRING       $query_string;
        fastcgi_param  REQUEST_METHOD     $request_method;
        fastcgi_param  CONTENT_TYPE       $content_type;
        fastcgi_param  CONTENT_LENGTH     $content_length;

        fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param  REQUEST_URI        $request_uri;
        fastcgi_param  DOCUMENT_URI       $document_uri;
        fastcgi_param  DOCUMENT_ROOT      $document_root;
        fastcgi_param  SERVER_PROTOCOL    $server_protocol;
        fastcgi_param  REQUEST_SCHEME     $scheme;
        fastcgi_param  HTTPS              $https if_not_empty;
        fastcgi_param  HTTP_PROXY         "";

        fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

        fastcgi_param  REMOTE_ADDR        $remote_addr;
        fastcgi_param  REMOTE_PORT        $remote_port;
        fastcgi_param  SERVER_ADDR        $server_addr;
        fastcgi_param  SERVER_PORT        $server_port;
        fastcgi_param  SERVER_NAME        $server_name;

        fastcgi_param  REDIRECT_STATUS    200;

    }
}

The only line in the PHP block that you need to change is fastcgi_pass 127.0.0.1:9000;. All you’re doing here is making sure the ports match up.

Once you have your 3 server blocks, 3 PHP-FPM configuration files, and you’re set:

nginx -s reload

NOTE: You could simply copy that file to another 2 files to make 3 and just modify the include line. This would probably be better down the line to reduce clutter, but for show, I’ve simply pasted the contents in to the server block.

Jonathan TittleJanuary 13, 2017

@danfoote104227

If you’ve created a new user:group and changed the ownership of all files and directories to the newly created user, then set all directories with a CHMOD 0755 and files with a CHMOD of 0644, you really shouldn’t need a more complex setup. When a user owns the files and directories, it should be able to access them as needed without the use of a plugin or SSH keys.

i.e.

sudo useradd -d /var/www/html exampleuser \
&& chown -R exampleuser:exampleuser /var/www/html

Running the following command will recursively change all directories to CHMOD 0755:

find /var/www/html -type d -exec chmod 755 {} \;

Then, we’ll handle files by setting the CHMOD to 0644

find /var/www/html -type f -exec chmod 644 {} \;

Using plugins and setting SSH keys for SFTP uploads seems to be overkill and the above is a far more simple solution that I’ve used in the past without any issues.

danfoote104227January 13, 2017

To help narrow this down I think it’s something in Linux that’s the issue. As when I installed the plugin ssh sftp support everything is working beautifully. Ideally I wouldn’t need this though :)

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up