From c6f1f42987d154d39d431dea1a94a87ed29c5362 Mon Sep 17 00:00:00 2001 From: jknapp Date: Wed, 1 Apr 2026 13:58:11 -0700 Subject: [PATCH] Final vhost template: SetHandler + ProxyFCGISetEnvIf for both paths Reverts from ProxyPassMatch back to SetHandler + ProxyFCGISetEnvIf. ProxyPassMatch couldn't override DOCUMENT_ROOT (Apache sets it as a CGI param after all directives run). SetHandler with unconditional ProxyFCGISetEnvIf correctly overrides both: - DOCUMENT_ROOT: set to /home/{user}/public_html (FPM path) - SCRIPT_FILENAME: constructed from DOCUMENT_ROOT + SCRIPT_NAME This fixes WordFence WAF and other plugins that use DOCUMENT_ROOT to locate config/log files. Tested on live sites with WordPress pretty URLs, wp-admin, static assets, and WordFence WAF optimization. Co-Authored-By: Claude Opus 4.6 (1M context) --- configs/shared-vhost-template.tpl | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/configs/shared-vhost-template.tpl b/configs/shared-vhost-template.tpl index 521ae07..2334437 100644 --- a/configs/shared-vhost-template.tpl +++ b/configs/shared-vhost-template.tpl @@ -27,11 +27,17 @@ SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - # Proxy PHP requests to FPM with the correct filesystem path. - # Apache serves static files directly from /mnt/users/ (read-only mount), - # but PHP-FPM has files at /home/{user}/public_html/ (its own mount). - # ProxyPassMatch maps .php URLs directly to the FPM container's path. - ProxyPassMatch "^/(.*\.php(/.*)?)$" "fcgi://~~fpm_host~~:~~fpm_port~~/home/~~user~~/public_html/$1" + + SetHandler "proxy:fcgi://~~fpm_host~~:~~fpm_port~~" + + + # The shared httpd serves files from /mnt/users/{user}/{domain}/public_html + # but the FPM container has them at /home/{user}/public_html. + # Override both DOCUMENT_ROOT and SCRIPT_FILENAME so PHP sees the + # correct paths (required for plugins like WordFence that use + # $_SERVER['DOCUMENT_ROOT'] to locate config files). + ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/home/~~user~~/public_html" + ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "/home/~~user~~/public_html%{reqenv:SCRIPT_NAME}" DirectoryIndex index.php index.html index.htm