Trouble with LEMP stack install on CentOS 7
I’m following alongLEMP stack tutorial and I’m stuck on Configure PHP processor portion. I did the first step under Configure php processor, but I can’t implement the second step in the tutorial: Configure the PHP Processor
We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.
Open the main php-fpm configuration file with root privileges:
sudo vi /etc/php.ini
What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.
This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.
We will change both of these conditions by uncommenting the line and setting it to “0” like this:
Save and close the file when you are finished.
Next, open the php-fpm configuration file www.conf:
sudo vi /etc/php-fpm.d/www.conf
Find the line that specifies the listen parameter, and change it so it looks like the following:
/etc/php-php.d/www.conf — 1 of 3
listen = /var/run/php-fpm/php-fpm.sock
Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:
/etc/php-php.d/www.conf — 2 of 3
listen.owner = nobody
listen.group = nobody
Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:
/etc/php-php.d/www.conf — 3 of 3
user = nginx
group = nginx
Then save and quit.
Now, we just need to start our PHP processor by typing:
sudo systemctl start php-fpm
This will implement the change that we made.
Next, enable php-fpm to start on boot:
sudo systemctl enable php-fpm
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.