Answer the question
In order to leave comments, you need to log in
How to set up php-fpm logs correctly?
Set up a server in the nginx + php-fpm bundle.
For security reasons, I created a new user (usersite) to work via ssh. On his behalf, I create folders in the home directory, this user is the owner of all files.
The first problem that arose php-fpm works on behalf of (www-data) and when my scripts created thumbnails, they were already on behalf of www-data, because of this I can’t delete them from ssh as usersite (the rights are 755 on folders and 644 on files and I don’t want to change these rights).
I solved this problem by setting user = userite
group = userite
listen.owner = www-data
listen.group = www-data in the config in php-fpm
After that, everything seems to work fine, but there were problems with logs and sessions.
php_admin_value[error_log] = /var/log/fpm-php.usersite.log
php_admin_value[session.save_path] = /var/lib/php/sessions/
usersite with log and session files?
1) create a usersite folder in the logs and session and make it the owner?
2) judging by the log folder in it, all files are archived after some time, how will this happen in my case? (I didn’t register archiving anywhere and who does it at all)
3) what will happen in the sessions folder, will they be automatically deleted there?
4) What should be configured besides logs and sessions when nginx is one user and php-fpm is another?
Answer the question
In order to leave comments, you need to log in
1) For the php-fpm daemon to work correctly, either make the usersite user the owner of all working files / directories, or set the necessary rights. There is an option to use access list at the fs level (getfacl / setfacl utilities)
2) Archiving is done by logrotate. Look for configs in /etc/logrotate.d/ or /etc/logrotate.conf
3) It seems that php has something like a garbage collector for cleaning sessions
4) It's better to look in the config for filenames / paths.
Leave the www-data user and do not change it,
or set the usersite user to the www-data group, give the files permissions 775 (read write to the owner and group)
or when you need to work with files, do sudo su www-data and tinker with the files
2) Logs are rotated another service that has root rights, he can.
3) Session files are never deleted by themselves. Delete by crown. Cron from user www-data or root
4) Nginx still uses caching when proxying. There are /var/lib/nginx/*** folders (the path depends on the OS version) - usually nginx can write there, but if you change the user for it, then you need to change the rights to these folders
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question