Join Log in
Score:0
dcpartners avatar Ubuntu

FPM Apache split configuration per site

sa flag
dcpartners

We own multiple websites hosted on our Ubuntu server and it's running user/user group under www-data/www-data - it's been running ok.

It's running:

  • PHP FPM 7.4
  • Apache2

However, some sites require "external developer" to troubleshoot/access the particular site and we need to isolate this by following this old article:

https://www.dimitri.eu/php-fpm-apache-split-config-per-site

We didn't create the FPM config as it was created initially when we have this server. The config is completely different from this doco - so we leave our own as it is.

Then we managed to create a separate user, created a new pool, restart PHP-fpm, and verified the pool existed.

However, try to add into /etc/apache2/site-enabled/website.co

Alias /fcgi-bin/php7.4-fpm /fcgi-bin-php7.4-fpm-website1.co
FastCgiExternalServer /fcgi-bin-php7.4-fpm-website1.co -socket /var/run/php7.4-fpm-website1.co.sock -pass-header Authorization

Restarted the apache and we had an error.

We believe this has something to do with where we put that code, we put the same level as DocumentRoot as per the old doco.

Any ideas?

UPDATE - sudo journalctl -xe:

Dec 17 12:19:37 XXX.contaboserver.net sudo[782317]: pam_unix(sudo:session): session closed for user root Dec 17 12:19:39 XXX.contaboserver.net sshd[782348]: Invalid user sysadm from 137.184.2.0 port 33564 Dec 17 12:19:39 XXX.contaboserver.net sshd[782348]: Received disconnect from 137.184.2.0 port 33564:11: Bye Bye [preauth] Dec 17 12:19:39 XXX.contaboserver.net sshd[782348]: Disconnected from invalid user sysadm 137.184.2.0 port 33564 [preauth] Dec 17 12:19:39 XXX.contaboserver.net postfix/pickup[781058]: 95BA8CA003A: uid=0 from=root@XXX.contaboserver.net Dec 17 12:19:39 XXX.contaboserver.net postfix/cleanup[782362]: 95BA8CA003A: message-id=20221217181939.95BA8CA003A@XXX.contaboserver.net Dec 17 12:19:39 XXX.contaboserver.net postfix/qmgr[1816]: 95BA8CA003A: from=root@XXX.contaboserver.net, size=2849, nrcpt=1 (queue active) Dec 17 12:19:43 XXX.contaboserver.net postfix/smtp[782364]: 95BA8CA003A: to=support@dewacorp.com, relay=dewacorp-com.mail.protection.outlook.com[104.47.71.202]> Dec 17 12:19:43 XXX.contaboserver.net postfix/qmgr[1816]: 95BA8CA003A: removed Dec 17 12:19:50 XXX.contaboserver.net sshd[782367]: Invalid user ubuntu from 167.99.234.112 port 56046 Dec 17 12:19:50 XXX.contaboserver.net sshd[782367]: Received disconnect from 167.99.234.112 port 56046:11: Bye Bye [preauth] Dec 17 12:19:50 XXX.contaboserver.net sshd[782367]: Disconnected from invalid user ubuntu 167.99.234.112 port 56046 [preauth] Dec 17 12:19:51 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=89.248.163.209 DST=144.126.138.116 LEN=4> Dec 17 12:19:53 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=161.35.116.146 DST=144.126.138.116 LEN=4> Dec 17 12:19:53 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d6:d9:08:00 SRC=5.39.216.130 DST=144.126.138.116 LEN=40 > Dec 17 12:20:01 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d6:d9:08:00 SRC=45.227.253.99 DST=144.126.138.116 LEN=40> Dec 17 12:20:03 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=192.241.200.226 DST=144.126.138.116 LEN=> Dec 17 12:20:14 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=198.235.24.35 DST=144.126.138.116 LEN=44> Dec 17 12:20:15 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=89.248.163.30 DST=144.126.138.116 LEN=40> Dec 17 12:20:22 XXX.contaboserver.net sshd[782371]: Received disconnect from 43.131.30.59 port 60660:11: Bye Bye [preauth] Dec 17 12:20:22 XXX.contaboserver.net sshd[782371]: Disconnected from authenticating user root 43.131.30.59 port 60660 [preauth] Dec 17 12:20:27 XXX.contaboserver.net sshd[782373]: Received disconnect from 138.186.165.176 port 35054:11: Bye Bye [preauth] Dec 17 12:20:27 XXX.contaboserver.net sshd[782373]: Disconnected from authenticating user root 138.186.165.176 port 35054 [preauth] Dec 17 12:20:31 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d6:d9:08:00 SRC=5.39.216.130 DST=144.126.138.116 LEN=40 > Dec 17 12:20:34 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=5.188.206.38 DST=144.126.138.116 LEN=40 > Dec 17 12:20:35 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=185.156.73.57 DST=144.126.138.116 LEN=40> Dec 17 12:20:37 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=192.241.198.196 DST=144.126.138.116 LEN=> Dec 17 12:20:37 XXX.contaboserver.net sshd[782375]: Invalid user pro from 209.141.37.35 port 58568 Dec 17 12:20:37 XXX.contaboserver.net sshd[782375]: Received disconnect from 209.141.37.35 port 58568:11: Bye Bye [preauth] Dec 17 12:20:37 XXX.contaboserver.net sshd[782375]: Disconnected from invalid user pro 209.141.37.35 port 58568 [preauth] Dec 17 12:20:59 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=176.111.174.95 DST=144.126.138.116 LEN=4> Dec 17 12:21:01 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=81.182.181.172 DST=144.126.138.116 LEN=4> Dec 17 12:21:12 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d6:d9:08:00 SRC=5.39.216.130 DST=144.126.138.116 LEN=40 > Dec 17 12:21:45 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d6:d9:08:00 SRC=46.161.27.85 DST=144.126.138.116 LEN=40 > Dec 17 12:21:50 XXX.contaboserver.net sshd[782743]: Invalid user mi from 67.164.27.145 port 43488 Dec 17 12:21:51 XXX.contaboserver.net sshd[782743]: Received disconnect from 67.164.27.145 port 43488:11: Bye Bye [preauth] Dec 17 12:21:51 XXX.contaboserver.net sshd[782743]: Disconnected from invalid user mi 67.164.27.145 port 43488 [preauth] Dec 17 12:21:51 XXX.contaboserver.net postfix/pickup[781058]: E1C01CA003A: uid=0 from=root@XXX.contaboserver.net Dec 17 12:21:51 XXX.contaboserver.net postfix/cleanup[782757]: E1C01CA003A: message-id=20221217182151.E1C01CA003A@XXX.contaboserver.net Dec 17 12:21:51 XXX.contaboserver.net postfix/qmgr[1816]: E1C01CA003A: from=root@XXX.contaboserver.net, size=4075, nrcpt=1 (queue active) Dec 17 12:21:55 XXX.contaboserver.net kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:43:3a:89:98:5d:82:47:d0:93:08:00 SRC=167.94.138.159 DST=144.126.138.116 LEN=4> Dec 17 12:21:55 XXX.contaboserver.net sudo[782760]: superuser : TTY=pts/1 ; PWD=/usr/lib/cgi-bin ; USER=root ; COMMAND=/usr/bin/journalctl -xe Dec 17 12:21:55 XXX.contaboserver.net sudo[782760]: pam_unix(sudo:session): session opened for user root by superuser(uid=0)

30
0 + 4
khgasd652k avatar
br flag
khgasd652k
Could you share the error log, please?
0
Reply
dcpartners avatar
sa flag
dcpartners
@khgasd652k - Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
0
Reply
khgasd652k avatar
br flag
khgasd652k
Please update your question with the output of sudo journalctl -xe
0
Reply
dcpartners avatar
sa flag
dcpartners
@khgasd652k - I've updated the sudo journalctl -xe on the main post.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.