Setting up PHP

On CentOS6/CentOS7/CloudLinux6/CloudLinux7

Run the following script /opt/nDeploy/scripts/easy_php_setup.sh

ZendOpcache and security considerations on php-fpm single master setup

AUTOM8N currently offers the following settings that can mitigate the security risk of a shared OpCache memory to some extend

1. opcache.restrict_api

opcache.restrict_api
Allows calling OPcache API functions only from PHP scripts which path is started from specified string. The default "" means no restriction.
This is set to /home/CPANELUSER/

2. opcache.blacklist_filename

opcache.blacklist_filename
The location of the OPcache blacklist file. A blacklist file is a text file containing the names of files that should not be accelerated, one per line. Wildcards are allowed, and prefixes can also be provided. Lines starting with a semi-colon are ignored as comments.
This is set to /home/CPANELUSER/opcache-blacklist.txt
User can upload the opcache-blacklist.txt to his homedir via FTP or ssh and paths in this file will not be cached.

Per user php.ini custom settings

php-fpm lets users configure settings of type PHP_INI_PERDIR and PHP_INI_USER in .user.ini files

Ref: http://php.net/manual/en/configuration.file.per-user.php

the settings can be provided in ini format(same as php.ini) and the file must be named .user.ini