From e20f5620d7e5d9f485df8f82da709ca42219b117 Mon Sep 17 00:00:00 2001 From: jknapp Date: Wed, 1 Apr 2026 13:04:53 -0700 Subject: [PATCH] Fix DOCUMENT_ROOT for PHP-FPM in shared httpd mode WordPress plugins like WordFence use $_SERVER['DOCUMENT_ROOT'] to locate config/log files. With ProxyPassMatch, Apache sends its own mount path (/mnt/users/...) as DOCUMENT_ROOT, which doesn't exist in the FPM container. ProxyFCGISetEnvIf can't override DOCUMENT_ROOT when using ProxyPassMatch (Apache sets it after the directive evaluates). Instead, set it via the FPM pool config's env[] directive which takes precedence. create-php-config.sh now adds env[DOCUMENT_ROOT] = /home/$user/public_html when in TCP listen mode (shared httpd), giving PHP the correct path. Co-Authored-By: Claude Opus 4.6 (1M context) --- scripts/create-php-config.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/create-php-config.sh b/scripts/create-php-config.sh index ffdcb95..cdc0d16 100644 --- a/scripts/create-php-config.sh +++ b/scripts/create-php-config.sh @@ -6,14 +6,19 @@ FPM_LISTEN=${FPM_LISTEN:-/run/php-fpm/www.sock} # Determine listen directive and ownership based on socket vs TCP if echo "$FPM_LISTEN" | grep -q '/'; then - # Unix socket mode + # Unix socket mode (standalone — Apache and FPM in same container) listen_directive="$FPM_LISTEN" listen_owner_block="listen.owner = apache listen.group = apache" + env_block="" else - # TCP port mode + # TCP port mode (shared httpd — FPM in separate container) listen_directive="0.0.0.0:${FPM_LISTEN}" listen_owner_block="" + # Override DOCUMENT_ROOT so PHP plugins (e.g., WordFence) that use + # $_SERVER['DOCUMENT_ROOT'] find files at the FPM container's path, + # not the shared httpd's /mnt/users/ mount path. + env_block="env[DOCUMENT_ROOT] = /home/$user/public_html" fi cat < /etc/php-fpm.d/$user.conf @@ -46,6 +51,7 @@ request_slowlog_timeout = 3s php_admin_value[error_log] = /home/$user/logs/php-fpm/error.log php_admin_flag[log_errors] = on php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache +${env_block} EOF