Php-fpm cannot run a *.php file from a symlink pointing outside the DocumentRoot directory. Error "File not found."

Peter Bentix

2/6/24, 4:51 PM

if I will create a virtualhost with PHP mode: php-fpm (using Virtualmin)
if I enable Options +FollowSymLinks in the Virtualhost
if I create a symlink inside DocumentRoot to a directory outside DocumentRoot

, then php-fpm will refuse to run any *.php file in that symlink directory location. Only the error "File not found." is displayed. If I display a different type of file available through the same directory symlink in the browser (e.g. TXT, HTML file), the file is displayed correctly.

(Same problem with PHP FCGId, only different error message.)

If I change the PHP mode from php-fpm to mod_php everything works fine.

Is there an option to allow running PHP files outside of DocumentRoot in php-fpm mode?

I tried:

change rights, including 777 (does not solve the problem, access to other files is without problems, the problem is only running PHP files)
+FollowSymLinks
open_basedir
add ProtectSystem=false to /lib/systemd/system/php-fpm.service

Unfortunately, none of this helped.

You will probably answer me that it is a security problem to run PHP scripts outside DocumentRoot. That's certainly mostly true.

But the use case is as follows:

on one Virtualhost there is a multi-user CMS system in which there is, among other things, a directory for translating URL addresses into sections, articles, goods, etc.
domains (a few hundreds) are hosted on other Virtualhosts of the same server, in which the directory is a symlink directed to this URL address translator script, which searches for the relevant section and article or product based on the URL address, generates the relevant template and content and sends the output.
everything is on one server, no unauthorized person has access to these hostings with access to shared CMS directory

All other solution variants are not comparable in terms of performance and speed (the resulting content would have to be data transferred between hosted domains) and, in addition, they mean installing duplicate code for the URL translator to the IDs of sections, articles and product pages on all hosted domains (several hundred duplicate codes).

I will be grateful for any advice.

150

0 + 0

linux

php-fpm

documentroot

virtualmin

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Php-fpm cannot run a *.php file from a symlink pointing outside the DocumentRoot directory. Error "File not found."

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.