When running PHP through PHP-FPM you have option to chroot FastCGI PHP server. Unfortunately, Apache is not aware of chrooting and therefore pass wrong script path to the server.
This patch supposed to help with it - http://orfika.net/src/mod_fastcgi-chroot-patch/
Below are steps I've run in order to apply this patch to my server. First, you want to remove installed mod_fastcgi package:
apt-get purge libapache2-mod-fastcgi
You will also need some additional packages to do whole source building thing:
apt-get install build-essential dpkg-dev debhelper cdbs apache2-prefork-dev dpatch libapr1-dev pkg-config
You do not want to use "apt-get build-dep libapache2-mod-fastcgi" if you use fork MPM, because this will try to install threaded MPM and remove fork one. Which might stop your sites from working.
Now you will need to download package source code, patch from the link above and apply this patch to source code. Once this is done, you will need to create a .deb package and install it with dpkg as usual.
apt-get source libapache2-mod-fastcgi cd libapache-mod-fastcgi-2.4.7~0910052141 wget http://orfika.net/src/mod_fastcgi-chroot-patch/mod_fastcgi-2.4.6-chroot-patch-rev3-20120131.patch patch -p1 --dry-run < mod_fastcgi-2.4.6-chroot-patch-rev3-20120131.patch patch -p1 < mod_fastcgi-2.4.6-chroot-patch-rev3-20120131.patch dpkg-buildpackage -rfakeroot -uc -b cd .. dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1_amd64.deb
Obviously, adjust paths to latest versions of the patch and packages. And if the are any dependency errors during package build step - just "apt-get" them manually and try again.
At this point new mod_fastcgi should be installed. You can use -chroot parameter to specify path prefix for scripts based on where FPM process was chrooted. For example my sample configuration is below:
Virtual Host config:
<VirtualHost *:80>
ServerAdmin admin@domain.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/www/web/domain.com
Action php5-fcgi /php
Alias /php /home/www/php
FastCgiExternalServer /home/www/php -chroot /web/domain.com -host 127.0.0.1:9000
<Directory /home/www/web/domain.com/>
<Files *.php>
SetHandler php5-fcgi
</Files>
Options -Indexes MultiViews +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/domain.com-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/domain.com-access.log combined
</VirtualHost>FPM Pool config:
[www] prefix = /home/$pool user = $pool group = $pool listen = 127.0.0.1:9000 pm = dynamic pm.max_children = 10 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 8 chroot = /home/www
Now, there are few caveats:
First: Anything PHP using date() function will throw fatal error:
"PHP Fatal error: strtotime(): Timezone database is corrupt - this should *never* happen!"
This happens due PHP process being chroot'ed and not being able to access /usr/share/zoneinfo/. Just copy this folder. In my example it was:
cd /home/www sudo -u www mkdir -p usr/share cd usr/share cp -avr /usr/share/zoneinfo ./
Second: In my particular case I had to rewrite different environment variables. Patch above rewrites SCRIPT_FILENAME based on chroot setting and SCRIPT_URL variable. In my setup I had to rewrite PATH_TRANSLATED based on PATH_INFO. I am running Ubuntu 12.04 server with packaged Apache 2.2 pre-fork MPM and PHP 5.3.10. So this likely apply to all Ubuntu-based LAMP installs. You can get patch I actually used to patch my copy of libapache2-mod-fastcgi at https://github.com/hippich/mod_fastcgi_chroot_patch . I would say - try original patch first. And if it will not work - try mine. If it will not work as well, then, well, get strace and see what is being passed to FPM worker script. Likely answer to a problem will be there.
More details about this patch settings can be read on patch's homepage - http://orfika.net/src/mod_fastcgi-chroot-patch/