卷曲触发open_basedir
我有一个 php (php-fpm) 脚本 script1.php 在 /var/www/html/folder1/script1.php 中运行,受 open_basedir 保护代码>“/var/www/html/folder1”。
从该脚本中,我通过 php-curl 调用位于 /var/www/html/folder2/script2.php 中的第二个脚本 script2.php >。
我使用其公共负载均衡器 IP 调用 script2,但是,我从 script1 收到错误,open_basedir 有效。我不确定为什么会发生这种情况,因为curl是http://,而不是file://,并且不应该像它那样解析文件系统。还是应该这样?我不打算更改 open_basedir 参数。我最好的行动方案是什么?
I have a php (php-fpm) script script1.php running in /var/www/html/folder1/script1.php, protected with open_basedir "/var/www/html/folder1".
From that script, I call a 2nd script script2.php located in /var/www/html/folder2/script2.php through php-curl.
I call script2 using its public load balancer IP, yet, I get an error from script1, open_basedir in effect. I'm not sure why that's happening since curl is http://, not file://, and shouldn't resolve the file system the way it does. Or should it? I don't intend to change that open_basedir parameter. What's my best course of action?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我解决了。尽管 php 对于每个脚本执行都有不同的子 Pid,但它仍然认为 script2 是从 script1 直接调用的,因此属于 open_basedir 管辖范围。我不知道为什么,因为curl调用正在模拟http请求,因此应该产生一个全新的进程...
无论哪种方式,我都强制
/var/www/html/folder2进入第二个php-fpm 池,因此不仅子进程有不同的 PID,父进程也有不同的 PID。现在,curl 调用 script2,并创建一个单独的上下文来处理它。这样,openbase_dir被正确重新计算,我的问题就解决了。创建第二个 php-fpm 池非常简单。我使用 Apache 2.4,但这里有一个 nginx 示例,我在本次练习中大致遵循了该示例: https://www.vultr.com/docs/use-php-fpm-pools-to-secure-multiple-web-sites/
Ok I worked it out. Even though php has different child Pids for each script execution, it still considered script2 being called from script1 directly, hence falling within
open_basedirjurisdiction. I'm not sure why, since the curl call is emulating an http request and therefore should spawn a brand new process...Either way, I forced
/var/www/html/folder2into a 2nd php-fpm pool, so not only the children have different PIDs but also the parent process as well. Now curl calls script2, and a separate context is created to handle it. This way,openbase_diris recalculated correctly and my problem was solved.Creating a 2nd
php-fpmpool is really easy. I use Apache 2.4 but here is an example for nginx that I loosely followed for this exercise: https://www.vultr.com/docs/use-php-fpm-pools-to-secure-multiple-web-sites/