gpg: Signature made Sat Jun 6 15:58:07 2020 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,
On Sat, Jun 06, 2020 at 04:35:44PM +0100, ed-bitfolk@??? wrote:
> bites you eventually as the disk cache has to be writable by the
> httpd process, which is bad. Maybe these days there's a way to
> protect that through SELinux, but it's just trouble I'd rather not
> have.
I run PHP things under mod_proxy_fcgi which makes all PHP for a
given vhost run as a specific user. That uses only features built in
to Apache and PHP so is pretty simple and reliable:
https://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu/
https://www.server-world.info/en/note?os=Debian_9&p=httpd&f=13
Alternatively, a container that runs mod_php that the main host's
web server acts as a proxy to also seems okay.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting