Upgrade php7.0 to php7.2

Question

I have upgraded with success my ubuntu server from php7.0 to php7.2 I am using Nginx with php-fpm. Although php -v output is:

PHP 7.2.11-4+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Nov 4 2018 05:10:57) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v10.2.5, Copyright (c) 2002-2018, by ionCube Ltd. with Zend OPcache v7.2.11-4+ubuntu16.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

I noticed that Nginx still runs with php-fpm7.0. I checked and both php-fpm 7.0 & 7.2 are running. My /etc/nginx/conf.d/mysite.com.conf doesn't include

location ~* .php$

line.

Output of

find / ( -iname "php.ini" -o -name "www.conf" )

is

/etc/php/7.0/apache2/php.ini  
/etc/php/7.0/fpm/pool.d/www.conf  
/etc/php/7.0/fpm/php.ini  
/etc/php/7.0/cli/php.ini  
/etc/php/7.2/fpm/pool.d/www.conf  
/etc/php/7.2/fpm/php.ini  
/etc/php/7.2/cli/php.ini

Also I don't have any /etc/nginx/conf.d/mysite.com.conf file
I only have global_locations_ssl.conf.inc inside /etc/nginx/conf.d/

Output of

ps -aux | grep nginx

is

root      3123  0.0  0.0  37944  4192 ?        Ss   Nov05   0:00               nginx: master process /usr/sbin/nginx -g daemon on; master_process on;  
www-data  3124  0.0  0.0  37944  8416 ?        S    Nov05   0:54 nginx: worker process  
www-data  3125  0.0  0.0  37944  8500 ?        S    Nov05   0:58 nginx: worker process  
www-data  3126  0.0  0.0  37944  8552 ?        S    Nov05   2:04 nginx: worker process  
www-data  3127  0.0  0.0  37944  8588 ?        S    Nov05   1:04 nginx: worker process  
www-data  3128  0.0  0.0  37944  8668 ?        S    Nov05   1:10 nginx: worker process  
www-data  3129  0.0  0.0  37944  8536 ?        S    Nov05   1:27 nginx: worker process  
root     22931  0.0  0.0  13348   916 pts/0    R+   12:50   0:00 grep --color=auto nginx

So my Nginx master process runs as root.

What should I check to fix this?

Harsh Shah Harsh Shah · Accepted Answer · 2018-11-06T10:41:30

you can find solution full solution in https://linode.com/docs/web-servers/nginx/serve-php-php-fpm-and-nginx/

Depending on your distribution and PHP version, the PHP configuration files will be stored in different locations. This guide is using PHP 7.0 from Ubuntu’s repositories on Ubuntu 16.04 as an example, and the

`/etc/php/7.0/fpm/pool.d/www.conf and /etc/php/7.0/fpm/php.ini` 

files are what we’ll be modifying.

Find those full file paths using a find command:

`find / \( -iname "php.ini" -o -name "www.conf" \)`

The output should look similar to:

`root@localhost:~# find / \( -iname "php.ini" -o -name "www.conf" \)
/etc/php/7.0/fpm/php.ini
/etc/php/7.0/fpm/pool.d/www.conf
/etc/php/7.0/cli/php.ini
`

The listen.owner and listen.group variables are set to www-data by default, but they need to match the user and group NGINX is running as. If you installed NGINX using our Getting Started with NGINX series, then your setup will be using the nginx user and group. You can verify with:

`ps -aux | grep nginx`

The output should be similar to:

`
root@localhost:~# ps -aux | grep nginx
root      3448  0.0  0.0  32500  3516 ?        Ss   18:21   0:00 nginx: master process /        usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3603  0.0  0.0  32912  2560 ?        S    18:24   0:00 nginx: worker process
nginx     3604  0.0  0.0  32912  3212 ?        S    18:24   0:00 nginx: worker process
`
This shows the NGINX master process is running as root, and the worker processes are running as the nginx user and group. Change the listen variables to that:

`
sed -i 's/listen.owner = www-data/listen.owner = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
sed -i 's/listen.group = www-data/listen.group = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
`
When pairing NGINX with PHP-FPM, it’s possible to return to NGINX a .php URI that does not actually exist in the site’s directory structure. The PHP processor will process the URI, and execute the .php file, because its job is to process anything handed to it by NGINX. This of course presents a security problem.

It’s important limit what NGINX passes to PHP-FPM so malicious scripts can’t be injected into return streams to the server. Instead, the request is stopped, possibly then resulting in a 404. There are multiple ways to do this (see the NGINX wiki) but here we chose to specify the setting in PHP-FPM rather than in NGINX’s configuration.

`sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.0/fpm/php.ini`

You’ll notice that ;cgi.fix_pathinfo=1 is commented out by default. Setting it to 0 and uncommenting it will enforce the configuration should there be any upstream changes in the default value in the future.

Restart PHP-FPM to apply the changes:

`systemctl restart php7.0-fpm.service`

Configure the NGINX Server BlockPermalink
Again pulling from Part 1 of our NGINX series, we’ll start with a basic Server Block for a static HTTP page being served from /var/www/example.com. Replace example.com with your site’s domain or IP address, and the root directive with your site’s root directory.

`/etc/nginx/conf.d/example.com.conf

`server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;
}
`
To the Server Block above, add a location block containing the PHP directives. You should then have:

/etc/nginx/conf.d/example.com.conf

server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;

  location ~* \.php$ {
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
}
This is just a bare minimum to get PHP-FPM working and you will want to configure it further for your specific needs. Some further points about the configuration above:

The location ~* \.php$ means that NGINX will apply this configuration to all .php files (file names are not case sensitive) in your site’s root directory, including any subdirectories containing PHP files.
The * in the ~* \.php$ location directive indicates that PHP file names are not case sensitive. This can be removed if you prefer to enforce letter case.
The fastcgi_pass location must match the listen = value in /etc/php/7.0/fpm/pool.d/www.conf. It is preferable for performance reasons for PHP-FPM to listen on a UNIX socket instead of a TCP address. Only change this if you require PHP-FPM use network connections.
Using $document_root in the SCRIPT_FILENAME parameter instead of an absolute path is preferred by NGINX’s documentation.
Here’s a variation of the location block above. This includes an if statement which disallows the FPM to process files in the /uploads/ directory. This is a security measure which prevents people from being able to upload .php files to your server or application which the FastCGI process manager would then execute.

This only applicable if you allow users to upload or submit files to your site. Change the name of the directory from uploads to whatever suits your need.

/etc/nginx/conf.d/example.com.conf

  location ~* \.php$ {
    if ($uri !~ "^/uploads/") {
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
    include         fastcgi_params;
    fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
  }
Reload NGINX:

nginx -s reload

Upgrade php7.0 to php7.2

2 Answers