IspConfig & PHP-FPM - PHP config read from different pool?

Question

on my server I have the following setup:

• ISPConfig 3.0.5.4p2
• Ubuntu 14.04 LTS
• Apache 2.4
• PHP handled by PHP-FPM (one pool for each web)

The problem is, that some web sites, that are configured as subdomains (v-host) sometimes report this strange error:

PHP error from web46

[19-Mar-2015 18:39:07 UTC] PHP Warning:  include(): open_basedir restriction in effect. File(/var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/web/ErrorAction.php) is not within the allowed path(s): (/var/www/clients/client1/we$
[19-Mar-2015 18:39:07 UTC] PHP Warning:  include(/var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/web/ErrorAction.php): failed to open stream: Operation not permitted in /var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yi$
[19-Mar-2015 18:39:07 UTC] PHP Warning:  include(): Failed opening '/var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/web/ErrorAction.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/clients/clie$
[19-Mar-2015 18:39:07 UTC] PHP Warning:  include(): open_basedir restriction in effect. File(/var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/base/UnknownClassException.php) is not within the allowed path(s): (/var/www/clients$
[19-Mar-2015 18:39:07 UTC] PHP Warning:  include(/var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/base/UnknownClassException.php): failed to open stream: Operation not permitted in /var/www/clients/client1/web3/cooltaxi/vendor$
[19-Mar-2015 18:39:07 UTC] PHP Warning:  include(): Failed opening '/var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/base/UnknownClassException.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/c$
[19-Mar-2015 18:39:07 UTC] PHP Fatal error:  Class 'yii\base\UnknownClassException' not found in /var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/BaseYii.php on line 291
[19-Mar-2015 18:39:07 UTC] PHP Fatal error:  Uncaught exception 'ReflectionException' with message 'Class yii\web\ErrorAction does not exist' in /var/www/clients/client1/web3/cooltaxi/vendor/yiisoft/yii2/di/Container.php:415

PHP-FPM pool - web46

[web46]

listen = /var/lib/php5-fpm/web46.sock
listen.owner = web3
listen.group = client1
listen.mode = 0660

user = web3
group = client1

pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 5
pm.max_requests = 0

chdir = /

php_admin_value[open_basedir] = /var/www/clients/client1/web3/test:/var/www/clients/client1/web3/private:/var/www/clients/client1/web3/tmp:/var/www/test.agelis.cz/test:/srv/www/test.agelis.cz/test:/usr/share/php5:/usr/share/php:/tmp:/us$
php_admin_value[session.save_path] = /var/www/clients/client1/web3/tmp
php_admin_value[upload_tmp_dir] = /var/www/clients/client1/web3/tmp
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -fwebmaster@test.agelis.cz"

php_admin_value[upload_max_filesize] = 128M
php_admin_value[post_max_size] = 128M
php_admin_value[max_input_vars] = 4000

PHP-FPM pool - web59

[web59]

listen = /var/lib/php5-fpm/web59.sock
listen.owner = web3
listen.group = client1
listen.mode = 0660

user = web3
group = client1

pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 5
pm.max_requests = 0

chdir = /

php_admin_value[open_basedir] = /var/www/clients/client1/web3/cooltaxi:/var/www/clients/client1/web3/private:/var/www/clients/client1/web3/tmp:/var/www/cooltaxi.agelis.cz/cooltaxi:/srv/www/cooltaxi.agelis.cz/cooltaxi:/usr/share/php5:/us$
php_admin_value[session.save_path] = /var/www/clients/client1/web3/tmp
php_admin_value[upload_tmp_dir] = /var/www/clients/client1/web3/tmp
php_admin_value[sendmail_path] = "/usr/sbin/sendmail -t -i -fwebmaster@cooltaxi.agelis.cz"

Apache fcgi vhost config - web46

      <IfModule mod_fastcgi.c>
                        <Directory /var/www/clients/client1/web3/cgi-bin>
                                                                        Require all granted
                                                            </Directory>
                        <Directory /var/www/test.agelis.cz/test>
                                <FilesMatch "\.php[345]?$">
                                        SetHandler php5-fcgi
                                </FilesMatch>
                        </Directory>
                        <Directory /var/www/clients/client1/web3/test>
                                <FilesMatch "\.php[345]?$">
                                        SetHandler php5-fcgi
                                </FilesMatch>
                        </Directory>
        Action php5-fcgi /php5-fcgi
                        Alias /php5-fcgi /var/www/clients/client1/web3/cgi-bin/php5-fcgi-88.86.115.169-443-test.agelis.cz
        FastCgiExternalServer /var/www/clients/client1/web3/cgi-bin/php5-fcgi-88.86.115.169-443-test.agelis.cz -idle-timeout 300 -socket /var/lib/php5-fpm/web46.sock -pass-header Authorization
        </IfModule>

It looks like open_basedir issue, but the strange thing is, that PHP for some reason take open_basedir setting from different pool config (you can see - error is coming form web43, but the path is from web59)

There are no enteries in php-fpm error log.

Any help will be appreciated. I have tried everything I know and still can't figure out the problem :-(

Answer 1

After having the exact same problem and trying to fix it for some weeks I finally came up with a solution.

I think the problem originates from upgrading the Apache server to 2.4. I had these error messages since the upgrade. After hours of "try and error" I finally found a hint on howtoforge, which seems to be the most active forums for ISPConfig.

It looks like ISPConfig won't update the master configuration files including Apache and PHP-FPM. I guess they want to prevent messing with your modified master configs. The ISPConfig developer there suggested to replace the old master config files with the new ones from the ISPConfig GIT. I downloaded the following files from the provided link:

• vhost.conf.master
• php_fpm_pool.conf.master

and replaced my current configuration files in /usr/local/ispconfig/server/conf/. The last step is to update all the created configs using ISPConfig (Tools -> Resync -> Resync Websites). Since doing this I did not get a single PHP-FPM error.