On Fri May 17, 2024 at 4:38 AM BST, Mike Fischer wrote:
OpenBSD httpd would be a different situation because it runs in a
chroot(2) environment by default. You can’t call on a PHP-FPM process
that is not also running in the chroot(2) environment. The
communication between httpd(8) and PHP-FPM fails due to differing
opinions about the root of the filesystem when applied to the paths
passed from httpd to PHP-FPM. At least I have not managed to get this
to work.
But AFAIK nginx does not run chroot(2)ed by default. So PHP-FPM does
not need to either.
On OpenBSD, nginx chroots its process by default. Here is a snippet from
the man page nginx(8).
-u By default nginx will chroot(2) to the home
directory of the user running the daemon, typically
"www", or to the home directory of user in
nginx.conf. The -u option disables this behaviour,
and returns nginx to the original "unsecure"
behaviour.
But it doesn't do it on other systems; I cross-checked with nginx
installed on a FreeBSD, where this option doesn't exist.
Since nginx and php_fpm chroot their processes to the same directory (if
not changed), nginx should be able to write to the php_fpm socket.
