Just starting to test VirtualMin 7.1 after using 6.17 and older versions for several years on RedHat Linux.
and noticed something that may almost be trivial, but its a change from 6.17 to 7.1 that caught my attention.
and that is, when using a tcp/ip port for php-fpm communication, in httpd.conf you still use the 6.17 syntax of
SetHandler proxy:fcgi://localhost:8006
but in the actual php-fpm CONF file, such as /etc/php-fpm.d/165973266954302.conf, you have changed the syntax in 7.1 to
listen = 127.0.0.1:8006
the change is in the subroutine create_php_fpm_pool in php-lib.pl around line 2220. That is, I believe a 6.17 system would have instead
listen = localhost:8006
I am not sure if you generally want to move away from localhost, or this is a single unique edit/update that possibly should be reversed so the two config items that define the php-fpm connection will be consistent/identical as it was in 6.17.
AND … if new installs will start using sockets by default, I must point out the older issue that if SELinux is enabled, that socket path will never work.
SELinux will cause the php-fpm service/program to fail to restart – I just tested it on my new 7.1 system a few minutes ago by manually changing an existing virtual server from port to socket !!
Somewhere I have a GIT item on this very issue – the SELinux impact of
my $base = "/var/php-fpm";
which fails, while my suggested code update of
my $base = "/var/run/php-fpm";
will make SELinux happy.
I really REALLY hope you do not take the position that you do not and will not support in any way or make minor changes for those of us using SELinux
Thanks for the heads up. You are right that Virtualmin 7.1 adds localhost:port to Apache config, however this already been fixed in checked in development version of the code for upcoming Virtualmin 7.2.
Speaking about SELinux – I remember about that PR – although, we need to make paths conditional to fit for both Debian and RHEL accordingly.
It’s very important to know that it will not go through network card when using localhost while it will when using 127.0.0.1, this means localhost will not be affected by network card configurations and firewall settings, all ports are open as well.
I just find it curious the VM team is spending time changing localhost over to 127.0.0.1 – are there real life cases where localhost is not defined in /etc/hosts?