Debian Bug report logs - #820282
Please enable fpm by default on Apache

version graph

Package: php7.0-fpm; Maintainer for php7.0-fpm is (unknown);

Reported by: Mathieu Parent <sathieu@debian.org>

Date: Thu, 7 Apr 2016 05:51:02 UTC

Severity: normal

Tags: patch

Found in version php7.0/7.0.5-2

Done: Ondřej Surý <ondrej@sury.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Thu, 07 Apr 2016 05:51:05 GMT) (full text, mbox, link).

Acknowledgement sent to Mathieu Parent <sathieu@debian.org>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 07 Apr 2016 05:51:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Mathieu Parent <sathieu@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Please enable fpm by default on Apache
Date: Thu, 07 Apr 2016 07:46:12 +0200
Package: php7.0-fpm
Version: 7.0.5-2
Severity: normal

Hi Ondrej,

Currently, php7.0 depends on php7.0-fpm | libapache2-mod-php7.0 | php7.0-cgi.

FPM being the default, a smooth experience is expected. Also, this can be a security risk as PHP source is available.

Patch:
  git revert 4c4736beed2d0151d69aadbfc156a9d9b3df05c1

Side question: Why was the default changed from mod_php5 to php7.0-fpm?

Cheers

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.58.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Thu, 07 Apr 2016 06:18:04 GMT) (full text, mbox, link).

Acknowledgement sent to Mathieu Parent <math.parent@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 07 Apr 2016 06:18:04 GMT) (full text, mbox, link).

Message #10 received at 820282@bugs.debian.org (full text, mbox, reply):

From: Mathieu Parent <math.parent@gmail.com>
To: 820282@bugs.debian.org
Subject: Re: Please enable fpm by default on Apache
Date: Thu, 7 Apr 2016 08:15:10 +0200
On Thu, 07 Apr 2016 07:46:12 +0200 Mathieu Parent <sathieu@debian.org> wrote:
[...]
> Patch:
>   git revert 4c4736beed2d0151d69aadbfc156a9d9b3df05c1


And mod_proxy should be enabled (a2enmod proxy or apache2_invoke enmod proxy).

Cheers,

Mathieu

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Thu, 07 Apr 2016 06:21:06 GMT) (full text, mbox, link).

Acknowledgement sent to Mathieu Parent <math.parent@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 07 Apr 2016 06:21:06 GMT) (full text, mbox, link).

Message #15 received at 820282@bugs.debian.org (full text, mbox, reply):

From: Mathieu Parent <math.parent@gmail.com>
To: 820282@bugs.debian.org
Subject: Re: Please enable fpm by default on Apache
Date: Thu, 7 Apr 2016 08:19:25 +0200
On Thu, 7 Apr 2016 08:15:10 +0200 Mathieu Parent <math.parent@gmail.com> wrote:
> On Thu, 07 Apr 2016 07:46:12 +0200 Mathieu Parent <sathieu@debian.org> wrote:
> [...]
> > Patch:
> >   git revert 4c4736beed2d0151d69aadbfc156a9d9b3df05c1
>
>
> And mod_proxy should be enabled (a2enmod proxy or apache2_invoke enmod proxy).


I mean proxy_fcgi

Cheers

Mathieu
(sorry for the spam)

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Thu, 07 Apr 2016 11:00:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ondřej Surý <ondrej@sury.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 07 Apr 2016 11:00:03 GMT) (full text, mbox, link).

Message #20 received at 820282@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: Mathieu Parent <sathieu@debian.org>, Debian Bug Tracking System <820282@bugs.debian.org>
Subject: Re: [php-maint] Bug#820282: Please enable fpm by default on Apache
Date: Thu, 07 Apr 2016 12:57:53 +0200
Hi Mathieu,

I already tried enabling FPM by default but it ended with a weird errors
on the user side, see:

https://github.com/oerdnj/deb.sury.org/issues/266

So I have disabled it again. It might need a debconf question that can
be pre-seeded or something like that before we re-enable it again.

I've been getting a lot of complaints that `apt-get install php` pulls
apache2 and FPM SAPI is much safer anyway.

Cheers,
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

On Thu, Apr 7, 2016, at 07:46, Mathieu Parent wrote:
> Package: php7.0-fpm
> Version: 7.0.5-2
> Severity: normal
> 
> Hi Ondrej,
> 
> Currently, php7.0 depends on php7.0-fpm | libapache2-mod-php7.0 |
> php7.0-cgi.
> 
> FPM being the default, a smooth experience is expected. Also, this can be
> a security risk as PHP source is available.
> 
> Patch:
>   git revert 4c4736beed2d0151d69aadbfc156a9d9b3df05c1
> 
> Side question: Why was the default changed from mod_php5 to php7.0-fpm?
> 
> Cheers
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.58.0-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Thu, 07 Apr 2016 21:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to "Mathieu Parent (Debian)" <sathieu@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Thu, 07 Apr 2016 21:09:03 GMT) (full text, mbox, link).

Message #25 received at 820282@bugs.debian.org (full text, mbox, reply):

From: "Mathieu Parent (Debian)" <sathieu@debian.org>
To: Ondřej Surý <ondrej@sury.org>
Cc: Debian Bug Tracking System <820282@bugs.debian.org>
Subject: Re: [php-maint] Bug#820282: Please enable fpm by default on Apache
Date: Thu, 7 Apr 2016 23:05:22 +0200
[Message part 1 (text/plain, inline)]
2016-04-07 12:57 GMT+02:00 Ondřej Surý <ondrej@sury.org>:
> Hi Mathieu,
>
> I already tried enabling FPM by default but it ended with a weird errors
> on the user side, see:
>
> https://github.com/oerdnj/deb.sury.org/issues/266
>
> So I have disabled it again. It might need a debconf question that can
> be pre-seeded or something like that before we re-enable it again.

The original problem is not about mod_php vs fcgi, but about the fpm
not working by default.

What is required is enabling mod_proxy_fcgi, and ensure it's activated
with the attached patch.

This is just a proof-of-concept, I'll check that later (read: end of April)

> I've been getting a lot of complaints that `apt-get install php` pulls
> apache2 and FPM SAPI is much safer anyway.

I understand. But we have tried to move to php5-fpm in jessie and some
applications didn't work. I won't go into details, but the behavior is
slightly different, and it seems that mod_php is the most used (we
also had problem with mod_auth_cas not working with mpm_workers which
decrease the advantage of fcgi over mod_php). Anyway I don't care that
much about defaults as we use Puppet.


Cheers
-- 
Mathieu Parent

[0001-Only-use-fpm-SetHandler-when-it-works.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Sun, 17 Apr 2016 11:54:10 GMT) (full text, mbox, link).

Acknowledgement sent to "Mathieu Parent (Debian)" <sathieu@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 17 Apr 2016 11:54:10 GMT) (full text, mbox, link).

Message #30 received at 820282@bugs.debian.org (full text, mbox, reply):

From: "Mathieu Parent (Debian)" <sathieu@debian.org>
To: Ondřej Surý <ondrej@sury.org>
Cc: Debian Bug Tracking System <820282@bugs.debian.org>
Subject: Re: [php-maint] Bug#820282: Please enable fpm by default on Apache
Date: Sun, 17 Apr 2016 13:51:43 +0200
[Message part 1 (text/plain, inline)]
2016-04-07 23:05 GMT+02:00 Mathieu Parent (Debian) <sathieu@debian.org>:
> 2016-04-07 12:57 GMT+02:00 Ondřej Surý <ondrej@sury.org>:
>> Hi Mathieu,
[...]

Hello Ondřej,

Please consider the atatched patches.I've tested that they work if:
- only php7.0-fpm is installed
- only libapache2-mod-php7.0 is installed
- both are installed

Notes:
- if both are installed, -fpm wins
- if apache2 is installed after -fpm, -fpm is not activated

Regards

-- 
Mathieu Parent

[0003-Enable-mod_proxy_fcgi-for-php-fpm.patch (text/x-diff, attachment)]
[0002-Only-use-fpm-SetHandler-when-it-works.patch (text/x-diff, attachment)]
[0001-Revert-Don-t-enable-PHP-FPM-by-default.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#820282; Package php7.0-fpm. (Sun, 17 Apr 2016 18:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to "Mathieu Parent (Debian)" <sathieu@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sun, 17 Apr 2016 18:57:03 GMT) (full text, mbox, link).

Message #35 received at 820282@bugs.debian.org (full text, mbox, reply):

From: "Mathieu Parent (Debian)" <sathieu@debian.org>
To: Ondřej Surý <ondrej@sury.org>
Cc: Debian Bug Tracking System <820282@bugs.debian.org>
Subject: Re: [php-maint] Bug#820282: Please enable fpm by default on Apache
Date: Sun, 17 Apr 2016 20:53:21 +0200
[Message part 1 (text/plain, inline)]
Control: tag -1 + patch



2016-04-17 13:51 GMT+02:00 Mathieu Parent (Debian) <sathieu@debian.org>:
> 2016-04-07 23:05 GMT+02:00 Mathieu Parent (Debian) <sathieu@debian.org>:

Here is an updated version:

> Please consider the atatched patches.I've tested that they work if:
> - only php7.0-fpm is installed
> - only libapache2-mod-php7.0 is installed
> - both are installed
>
> Notes:
> - if both are installed, -fpm wins
now, mod_php wins

> - if apache2 is installed after -fpm, -fpm is not activated
still. But this not worse than currently.

Cheers

-- 
Mathieu Parent

[0003-Enable-mod_proxy_fcgi-for-php-fpm.patch (text/x-diff, attachment)]
[0002-Only-use-fpm-SetHandler-when-it-works.patch (text/x-diff, attachment)]
[0001-Revert-Don-t-enable-PHP-FPM-by-default.patch (text/x-diff, attachment)]

Added tag(s) patch. Request was from "Mathieu Parent (Debian)" <sathieu@debian.org> to 820282-submit@bugs.debian.org. (Sun, 17 Apr 2016 18:57:04 GMT) (full text, mbox, link).

Reply sent to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility. (Tue, 13 Dec 2016 15:27:06 GMT) (full text, mbox, link).

Notification sent to Mathieu Parent <sathieu@debian.org>:
Bug acknowledged by developer. (Tue, 13 Dec 2016 15:27:07 GMT) (full text, mbox, link).

Message #42 received at 820282-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>
To: 822774-done@bugs.debian.org, 820282-done@bugs.debian.org
Subject: Re: Bug#822774: Prefer libapache2-mod-php7.0
Date: Tue, 13 Dec 2016 16:23:43 +0100
Version: php7.0/7.0.6-9

libapache2-mod-php7.0 is now a preferred alternative.

Cheers,
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 11 Jan 2017 07:28:20 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 02:41:27 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.