I’m following alongLEMP stack tutorial and I’m stuck on Configure PHP processor portion. I did the first step under Configure php processor, but I can’t implement the second step in the tutorial: Configure the PHP Processor
We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.
Open the main php-fpm configuration file with root privileges:
sudo vi /etc/php.ini What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.
This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.
We will change both of these conditions by uncommenting the line and setting it to “0” like this:
/etc/php.ini excerpt cgi.fix_pathinfo=0 Save and close the file when you are finished.
Next, open the php-fpm configuration file www.conf:
sudo vi /etc/php-fpm.d/www.conf Find the line that specifies the listen parameter, and change it so it looks like the following:
/etc/php-php.d/www.conf — 1 of 3 listen = /var/run/php-fpm/php-fpm.sock Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:
/etc/php-php.d/www.conf — 2 of 3 listen.owner = nobody listen.group = nobody Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:
/etc/php-php.d/www.conf — 3 of 3 user = nginx group = nginx Then save and quit.
Now, we just need to start our PHP processor by typing:
sudo systemctl start php-fpm This will implement the change that we made.
Next, enable php-fpm to start on boot:
sudo systemctl enable php-fpm
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Click below to sign up and get $200 of credit to try our products over 60 days!