yup that works if you do manually creating etch users file as far as i can see… thats what i’m using now too with manual edit
Would be so nice, if this was implemented in the core, to do it automatic.
Would be so nice, if this was implemented in the core, to do it automatic.
What if we put together a fund or crowdfunding so that a Webmin developer can dedicate time to it?
And while at it benefit all the users that use or can use this feature
At first I was skeptical, but if the “crowdfunding a developer” idea is popular and gathers somehow enough audience, that wouldn’t be bad, yeah…
Though, no idea how much that would cost, first thing…
if the coders could give an answer if they are planing om moving on this or need funding before they will would help alot
I am glad you guys like the “crowdfunding a developer” idea.
Where should we put the ad, Jobs or Developers? It should also include the time and cost of the development of the module.
Note: this might become a new trend on this site. I will be even better if we can get some comment from existing developers.
Just to let you know that Joe will be taking a swing at the issue:
Hi,
Just checking in to see if there is any updated about the PHP-FPM native implementation?
@Joe: is the crowdfunding set up yet?
OK, I’m back onto this subject, while messing around with our website migration.
We’re going to use mod_proxy_fcgi rather than mod_fcgi_handler, so I can’t really work from the example provided here. Being in Apache core for most of our current crop of systems is a killer feature, and the rationale for the creation of mod_fcgi_handle (lack of UNIX domain sockets in mod_proxy_fcgi) isn’t the case anymore. It looks like UDS was added to mod_proxy_fcgi in Apach 2.4.7 or 2.4.8 (conflicting reports about exactly when, I’m researching it, so we’ll know when we can use it). Configuration is no more complicated than mod_fcgid and less complicated than many other configurations we support (particularly Ruby on Rails deployments, though adding support for mod_proxy_fcgi can potentially simplify that, too).
Does anyone who has tinkered with this know if UDS has been backported to the CentOS httpd 2.4.6 packages? I need to research which version of Apache ships with the current generation of Ubuntu and Debian, as we’ll need to enforce network sockets if UDS isn’t available. There’s also the problem in either case (which I guess can also be true in mod_fcgid, though it probably shows up differently) of network socket limits on high load servers.
There’s some trickiness in that we have to have a different socket for each php-fpm process, and oddly the configuration seems to hint that we also have to have a different address:port combo, which seems weird and unnecessary, but as long as we don’t make it user controllable, it should be safe.
Finally, by switching to php-fpm, we lose the ability to have a per-user php.ini, which mod_fcgid provides. I don’t know how big of a deal this is…and, maybe it’s even a benefit, since a user could abuse php.ini to perform DoS attacks on other users who share the system (by consuming more resources than their fair share). These values can be set in .htaccess using php_admin_value settings, but I don’t think we currently make that available by default…but maybe we do. I dunno. I’ll discuss it with Jamie on Thursday.
This isn’t imminent; it’ll be a couple of weeks before I expect to have code written, but I did want to chime in with the results of my research. I’m convinced this is a better way to run PHP on modern Apache versions, and I’m convinced that at least its developers believe it is secure enough for shared hosting environments.
I do things a bit differently.
After installing virtualmin create directory /etc/skel/var/run
I add the following to the apache server template config:
FastCGI
FastCGIExternalServer /home/${DOM}/cgi-bin/fastcgi -socket /home/${DOM}/var/run/php5-fpm.sock -idle-timeout 900 -pass-header Authorization,X-Forwarded-For
Define FastCGI interface to PHP…
AddHandler php-fastcgi .php
Action php-fastcgi /cgi-bin/fastcgi
End FastCGI interface
I then have a script that gets executed upon creation that creates the /etc/php5/fpm/pool.d/$dom.conf
Uses sed to comment out the fcgid crap from the apache2 config that gets created & php_values as mod_php gets disabled and restarts php5-fpm.
php5-fpm is configured to use a socket not IP as that adds overhead to the network stack.
When an instance is deleted, the script removes any left over configs that were created in addition to the standard virtualmin config generation.
No need to mangle any virtualmin base code so upgrades to the virtualmin packages don’t affect my configs / builds.
@Joe You asked “Does anyone who has tinkered with this know if UDS has been backported to the CentOS httpd 2.4.6 packages?”
It looks as though it has been and is shipping with CentOS 7.1 . As far as I can tell the Apache version you are looking for is “httpd-2.4.6-31.el7.x86_64.rpm” (so anything 31+) should include Unix Domain Sockets. This is confirmed by
* With this update, the mod_proxy module of the Apache HTTP Server supports the
Unix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS
sockets instead of TCP sockets, and as a result, mod_proxy can be used to
connect UDS back ends. (BZ#1168081) which can be found at https://rhn.redhat.com/errata/RHSA-2015-0325.html .
Also, you mention the concerns over php.ini . It is worth noting that you can set php_value and php_fag values direct in the php.conf. They can be set to override or be overridden the ‘normal’ php.ini .
Hi Joe,
Was curious, any news on this subject? When could we expect PHP-FPM support in Virtualmin (Pro)?
Thanks,
Patrick
Howdy,
This is a feature we’d like to add, but not a lot of work has been done on that yet. Sorry for the delay, I know some of you are excited about seeing this.
Hopefully you’ll see something in the not-too-distant future on this 
-Eric
I am trying to get DaviCAL working, and not having FPM seems to be a big deterrant. Unless someone has done it and can give me some help. For that reason alone, I would like to have it!
Thanks, all the hard work is much appreciated!
I thought php-fpm was enabled by default on certain linux distributions now? If so, hopefully you will add this feature sooner! It’s extremely useful.