PHP-FPM usage in 7.1 of localhost for tcp/ip port configuration not consistent

Just starting to test VirtualMin 7.1 after using 6.17 and older versions for several years on RedHat Linux.

and noticed something that may almost be trivial, but its a change from 6.17 to 7.1 that caught my attention.

and that is, when using a tcp/ip port for php-fpm communication, in httpd.conf you still use the 6.17 syntax of

SetHandler proxy:fcgi://localhost:8006

but in the actual php-fpm CONF file, such as /etc/php-fpm.d/165973266954302.conf, you have changed the syntax in 7.1 to

listen = 127.0.0.1:8006

the change is in the subroutine create_php_fpm_pool in php-lib.pl around line 2220. That is, I believe a 6.17 system would have instead

listen = localhost:8006

I am not sure if you generally want to move away from localhost, or this is a single unique edit/update that possibly should be reversed so the two config items that define the php-fpm connection will be consistent/identical as it was in 6.17.

Verne

Hello,

We intentionally switched to using 127.0.0.1. However, older configurations using localhost will also be detected and handled correctly.

Moreover, all new Virtualmin 7 installs will use sockets instead of TCP for PHP-FPM.

so I guess I need to report … your code that makes the apache config line

SetHandler proxy:fcgi://localhost:8006

needs updating to stop using localhost and start using 127.0.0.1 :slight_smile:

Verne

AND … if new installs will start using sockets by default, I must point out the older issue that if SELinux is enabled, that socket path will never work.

SELinux will cause the php-fpm service/program to fail to restart – I just tested it on my new 7.1 system a few minutes ago by manually changing an existing virtual server from port to socket !!

Somewhere I have a GIT item on this very issue – the SELinux impact of

my $base = "/var/php-fpm";

which fails, while my suggested code update of

my $base = "/var/run/php-fpm";

will make SELinux happy.

I really REALLY hope you do not take the position that you do not and will not support in any way or make minor changes for those of us using SELinux :slight_smile:

Verne

Thanks for the heads up. You are right that Virtualmin 7.1 adds localhost:port to Apache config, however this already been fixed in checked in development version of the code for upcoming Virtualmin 7.2.

Speaking about SELinux – I remember about that PR – although, we need to make paths conditional to fit for both Debian and RHEL accordingly.

some articles I just found say things like –

It’s very important to know that it will not go through network card when using localhost while it will when using 127.0.0.1, this means localhost will not be affected by network card configurations and firewall settings, all ports are open as well.

I just find it curious the VM team is spending time changing localhost over to 127.0.0.1 – are there real life cases where localhost is not defined in /etc/hosts?

Maybe I am missing something here :slight_smile:

Verne