On 2020-06-06 15:58+0000, Andy Smith wrote:
> I run PHP things under mod_proxy_fcgi which makes all PHP for a
> given vhost run as a specific user. That uses only features built in
> to Apache and PHP so is pretty simple and reliable:
>
> https://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu/
> https://www.server-world.info/en/note?os=Debian_9&p=httpd&f=13
>
> Alternatively, a container that runs mod_php that the main host's
> web server acts as a proxy to also seems okay.
Agreed that is better than the way I was doing it before I knew of
things like docker. However, it may not stop runaway abuse of SMTP if
the container has a working /usr/sbin/sendmail or PHP has a working SMTP
config.
Initially wordpress was meant to be a convenience setup for a nice
looking page with an editor, tags and other nice things. In the long run
I think it was a bad idea and there's some element of data format
lock-in. Markdown seems the way to do it these days.
If $company told me to look after wordpress, container and SELinux would
be a minimum otherwise I'd fear a P45 at some point due to widespread
abuse.
Ed
