Configuring Apache with FastCGI PHP-FPM for a Slim Application

The Code to Dump Info Back to the Client via JSON

I had a small bit of debugging code added, so requests to /legacy-sitemap/api/ without a token, would dump some values back to me as JSON. They would be visible right in the Firefox window.

I just hacked up the code to check the bearer token in middleware.php:

// API key check
$app->add(function ($req, $res, $next) {
    $auth = $req->getHeader('authorization')[0];
    $parts = explode(' ', $auth);
    if ($parts[1] === getenv('LEGACY_SITEMAP_API_KEY')) {
        $response = $next($req, $res);
        return $response;
    } else {
        $env = $_ENV;
        $headers = $req->getHeaders();
        $server = $req->getServerParams();
        return $res->withStatus(403)->withJson([ 'status'=>403, 'error'=>'Bad Authorization', 'env'=>$env, 'headers'=>$headers, 'server'=>$server ]);

The Other Option: Disable mod_php7

I was looking through some posts and found out there’s a config file for the php7.2-fpm module:

# Redirect to local php-fpm if mod_php is not available
<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost"
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied

That will send all PHP file requests to the FastCGI server.

Maybe it works fine. I’m disinclined to subject my entire site to FastCGI.


Symfony’s Configuring a Web Server





Apache vs. NGINX

Front Controller pattern

Ondřej Surý PHP repository

Leave a comment

Your email address will not be published. Required fields are marked *