cloud-apache-container/scripts/create-php-config.sh

#!/bin/bash

rm /etc/php-fpm.d/www.conf

FPM_LISTEN=${FPM_LISTEN:-/run/php-fpm/www.sock}

# Determine listen directive and ownership based on socket vs TCP
if echo "$FPM_LISTEN" | grep -q '/'; then
  # Unix socket mode (standalone — Apache and FPM in same container)
  listen_directive="$FPM_LISTEN"
  listen_owner_block="listen.owner = apache
listen.group = apache"
  env_block=""
else
  # TCP port mode (shared httpd — FPM in separate container)
  listen_directive="0.0.0.0:${FPM_LISTEN}"
  listen_owner_block=""
  # Override DOCUMENT_ROOT so PHP plugins (e.g., WordFence) that use
  # $_SERVER['DOCUMENT_ROOT'] find files at the FPM container's path,
  # not the shared httpd's /mnt/users/ mount path.
  env_block="env[DOCUMENT_ROOT] = /home/$user/public_html"
fi

cat <<EOF > /etc/php-fpm.d/$user.conf

[$user]

user = $user
group = $user
listen = ${listen_directive}
${listen_owner_block}

pm = ${PHP_FPM_PM}
pm.max_children = ${PHP_FPM_MAX_CHILDREN}
pm.max_requests = ${PHP_FPM_MAX_REQUESTS}
pm.process_idle_timeout = ${PHP_FPM_PROCESS_IDLE_TIMEOUT}

; Settings used when pm = dynamic (fallback if user overrides FPM_PM)
pm.start_servers = ${PHP_FPM_START_SERVERS}
pm.min_spare_servers = ${PHP_FPM_MIN_SPARE}
pm.max_spare_servers = ${PHP_FPM_MAX_SPARE}

; Health check endpoints
ping.path = /fpm-ping
ping.response = pong
pm.status_path = /fpm-status

slowlog = /home/$user/logs/php-fpm/slowlog
request_slowlog_timeout = 3s

php_admin_value[error_log] = /home/$user/logs/php-fpm/error.log
php_admin_flag[log_errors] = on
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
${env_block}

EOF

exit 0