doorito/systemd/php8.2-fpm@.service

[Unit]
Description=The PHP 8.2 FastCGI Process Manager for %I
Documentation=man:php-fpm8.2(8)
After=network.target
Before=nginx.service
# PartOf=php.target

[Service]
Type=notify
PIDFile=/run/php-fpm/%i/main.pid
ExecStart=/usr/sbin/php-fpm8.2 --nodaemonize --fpm-config /etc/php/8.2/fpm/sites/%i/php.conf --php-ini /etc/php/8.2/fpm/sites/%i/php.ini --pid /run/php-fpm/%i/main.pid --force-stderr
ExecReload=/bin/kill -USR2 $MAINPID

StandardOutput=journal
StandardError=journal

User=www-data
Group=www-data
WorkingDirectory=/var/www/%i
Environment=HOME=/var/www/%i
Environment=TEMP=/var/lib/php-fpm/%i/tmp TMP=/var/lib/php-fpm/%i/tmp TMPDIR=/var/lib/php-fpm/%i/tmp

TemporaryFileSystem=/var:ro
InaccessiblePaths=/boot /home /lost+found /media /mnt /opt /root /srv

# permits for /var/run
RuntimeDirectory=php-fpm/%i
#TemporaryFileSystem=/var/run/php-fpm:ro
BindPaths=/var/run/php-fpm/%i
ReadWritePaths=/var/run/php-fpm/%i
BindPaths=/var/run/postgresql

#TemporaryFileSystem=/var/lib/php-fpm:ro
BindPaths=/var/lib/php-fpm/%i
StateDirectory=php-fpm/%i/sessions
ReadWritePaths=/var/lib/php-fpm/%i/sessions
StateDirectory=php-fpm/%i/tmp
ReadWritePaths=/var/lib/php-fpm/%i/tmp

TemporaryFileSystem=/etc/php/8.2/fpm/sites:ro
BindPaths=/etc/php/8.2/fpm/sites/%i
ConfigurationDirectory=php/8.2/fpm/sites/%i
ReadOnlyPaths=/etc/php/8.2/fpm/sites/%i

#TemporaryFileSystem=/var/www:ro
BindPaths=/var/www/%i
ReadWritePaths=/var/www/%i

ProtectSystem=strict
PrivateUsers=yes
ProtectHostname=yes
ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
PrivateDevices=yes
ProtectHome=yes
ProtectProc=invisible
PrivateTmp=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
MemoryDenyWriteExecute=yes
RestrictSUIDSGID=yes

[Install]
WantedBy=multi-user.target
php: init 2024-04-20 22:23:29 +02:00			`[Unit]`
			`Description=The PHP 8.2 FastCGI Process Manager for %I`
			`Documentation=man:php-fpm8.2(8)`
			`After=network.target`
			`Before=nginx.service`
			`# PartOf=php.target`

			`[Service]`
			`Type=notify`
			`PIDFile=/run/php-fpm/%i/main.pid`
			`ExecStart=/usr/sbin/php-fpm8.2 --nodaemonize --fpm-config /etc/php/8.2/fpm/sites/%i/php.conf --php-ini /etc/php/8.2/fpm/sites/%i/php.ini --pid /run/php-fpm/%i/main.pid --force-stderr`
			`ExecReload=/bin/kill -USR2 $MAINPID`

			`StandardOutput=journal`
			`StandardError=journal`

			`User=www-data`
			`Group=www-data`
			`WorkingDirectory=/var/www/%i`
			`Environment=HOME=/var/www/%i`
			`Environment=TEMP=/var/lib/php-fpm/%i/tmp TMP=/var/lib/php-fpm/%i/tmp TMPDIR=/var/lib/php-fpm/%i/tmp`

			`TemporaryFileSystem=/var:ro`
			`InaccessiblePaths=/boot /home /lost+found /media /mnt /opt /root /srv`

			`# permits for /var/run`
			`RuntimeDirectory=php-fpm/%i`
			`#TemporaryFileSystem=/var/run/php-fpm:ro`
			`BindPaths=/var/run/php-fpm/%i`
			`ReadWritePaths=/var/run/php-fpm/%i`
			`BindPaths=/var/run/postgresql`

			`#TemporaryFileSystem=/var/lib/php-fpm:ro`
			`BindPaths=/var/lib/php-fpm/%i`
			`StateDirectory=php-fpm/%i/sessions`
			`ReadWritePaths=/var/lib/php-fpm/%i/sessions`
			`StateDirectory=php-fpm/%i/tmp`
			`ReadWritePaths=/var/lib/php-fpm/%i/tmp`

			`TemporaryFileSystem=/etc/php/8.2/fpm/sites:ro`
			`BindPaths=/etc/php/8.2/fpm/sites/%i`
			`ConfigurationDirectory=php/8.2/fpm/sites/%i`
			`ReadOnlyPaths=/etc/php/8.2/fpm/sites/%i`

			`#TemporaryFileSystem=/var/www:ro`
			`BindPaths=/var/www/%i`
			`ReadWritePaths=/var/www/%i`

			`ProtectSystem=strict`
			`PrivateUsers=yes`
			`ProtectHostname=yes`
			`ProtectClock=yes`
			`ProtectKernelTunables=yes`
			`ProtectKernelModules=yes`
			`ProtectKernelLogs=yes`
			`ProtectControlGroups=yes`
			`PrivateDevices=yes`
			`ProtectHome=yes`
			`ProtectProc=invisible`
			`PrivateTmp=yes`
			`RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6`
			`MemoryDenyWriteExecute=yes`
			`RestrictSUIDSGID=yes`

			`[Install]`
			`WantedBy=multi-user.target`