All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
PHP7.2, opcache file cache & multiple php-fpm pool owners
Opcache file caching doesn't work with two or more php-fpm pools with different owners.
Set opcache.file_cache=/tmp/opcache and clear it out if necessary.
The first site visited will trigger PHP to create a directory:
/tmp/opcache/138dc3bbfb6772d00f2ba10a33e00818
... owned by that pool's user and chmod 700. (The hash is based on the php version and some other stuff).
After that, other pools (different users) can't write to it. So no file caching.
Attempts to change the file cache directory in the pool config, such as:
php_value[opcache.file_cache] = /tmp/opcache-1
or
php_admin_value[opcache.file_cache] = /tmp/opcache-1
... cause a 'bad gateway' error, regardless of ownership/permissions on the directory.
Any ideas?
Comments
Is opcache.use_cwd set to true?
Also, try this
https://stackoverflow.com/questions/20960469/php-fpm-5-5-does-opcache-run-per-domain
You are referring to a particular PHP version. If this doesn't happen in a previous version, probably should be reported as some kind of bug?
Generally you would be need to have separate master PHP-FPM processes with separate PHP-FPM service control files rather than trying to get one default master PHP-FPM process and service control file handling separate PHP-FPM owned users. Which means as you add more PHP-FPM pools with more master PHP-FPM processes, you'll be using more memory as you add more.
It defaults to true, so yes.
As I understand it, that's a method to have separate opcaches per domain, as @eva2000 suggests below. I don't want separate opcaches, I just want the opcache file cache (introduced in php7) to be writable by all pools.
I'm using php 7.2.2, and it's the first time I've experimented with the opcache file cache.
I expected that:
php_value[opcache.file_cache] = /tmp/opcache-1
in the pool config would work, provided that the dir existed and had the correct permissions. It doesn't. I don't know at this point whether that's a bug or intended behaviour.
Again, I'm not trying to have separate opaches, just a file cache that's writable by all php users. The problem is basically a simple file ownership/permissions issue.
My sites are in user home directories, each in a separate php pool, e.g.:
Starting fresh, if I visit user1's website then a 'home' directory is created in the file cache, owned by www-user1 and chmod 700.
If I then visit user2's website, file caching does not happen, as the 'home' directory in the file cache is not writable by www-user2.
I can work around this with a script to initialize the cache directories:
https://pastebin.com/FDyhnVKc
Then I have what I want
https://pastebin.com/UWw0By9J
You shouldn't have a single cache for all users - that allows cache poisoning.
In case you want that, just run all php-fpm pools under same user :-) It's just as secure as using a shared file cache between multiple users.
I don't think so. Running all pools as the same user provides the same filesystem access for all pools.
A poisoned cache is one thing, a poisoned filesystem is something else.
There's a few things that can be done to lessen the likelihood of cache poisoning. Have a look through http://gosecure.net/2016/04/27/binary-webshell-through-opcache-in-php-7/