lbehm/php7.4-fpm@.service

## php7.4-fpm@.service
[Unit]
Description=The PHP 7.4 FastCGI Process Manager for %I
Documentation=man:php-fpm7.4(8)
After=network.target

[Service]
Type=notify
PIDFile=/run/php-fpm/%i/main.pid
ExecStart=/usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/sites/%i/php.conf --php-ini /etc/php/7.4/fpm/sites/%i/php.ini --pid /run/php-fpm/%i/main.pid --force-stderr
ExecReload=/bin/kill -USR2 $MAINPID

StandardOutput=journal
StandardError=journal

User=www-data
Group=www-data
WorkingDirectory=/var/www/%i
Environment=HOME=/var/www/%i
Environment=TEMP=/var/lib/php-fpm/%i/tmp TMP=/var/lib/php-fpm/%i/tmp TMPDIR=/var/lib/php-fpm/%i/tmp

TemporaryFileSystem=/var:ro
InaccessiblePaths=/boot /boot /home /lost+found /media /mnt /opt /root /srv

TemporaryFileSystem=/run/php-fpm:ro
BindPaths=/run/php-fpm/%i
RuntimeDirectory=php-fpm/%i
ReadWritePaths=/run/php-fpm/%i

TemporaryFileSystem=/var/lib/php-fpm:ro
BindPaths=/var/lib/php-fpm/%i
StateDirectory=php-fpm/%i/sessions
ReadWritePaths=/var/lib/php-fpm/%i/sessions
StateDirectory=php-fpm/%i/tmp
ReadWritePaths=/var/lib/php-fpm/%i/tmp

TemporaryFileSystem=/etc/php/7.4/fpm/sites:ro
BindPaths=/etc/php/7.4/fpm/sites/%i
ConfigurationDirectory=php/7.4/fpm/sites/%i
ReadOnlyPaths=/etc/php/7.4/fpm/sites/%i

#TemporaryFileSystem=/var/www:ro
BindPaths=/var/www/%i
ReadWritePaths=/var/www/%i

ProtectSystem=strict
PrivateUsers=yes
ProtectHostname=yes
ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
PrivateDevices=yes
ProtectHome=yes
ProtectProc=invisible
PrivateTmp=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
MemoryDenyWriteExecute=yes
RestrictSUIDSGID=yes

[Install]
WantedBy=multi-user.target

## rainloop-webmail.conf
[global]
error_log = syslog

[rainloop-webmail]
prefix = /var/www/rainloop-webmail
chdir = /var/www/rainloop-webmail/htdocs
listen = /run/php-fpm/$pool/main.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0666
catch_workers_output = yes
decorate_workers_output = no

pm = dynamic
pm.max_children = 25
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 15
pm.max_requests = 512

clear_env = no
env[HOME] = /var/www/$pool

php_admin_value[upload_max_filesize] = 32M
php_admin_value[post_max_size] = 32M
php_admin_value[error_reporting] = E_ALL
php_admin_value[session.save_path] = /var/lib/php-fpm/$pool/sessions
	[Unit]
	Description=The PHP 7.4 FastCGI Process Manager for %I
	Documentation=man:php-fpm7.4(8)
	After=network.target

	[Service]
	Type=notify
	PIDFile=/run/php-fpm/%i/main.pid
	ExecStart=/usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/sites/%i/php.conf --php-ini /etc/php/7.4/fpm/sites/%i/php.ini --pid /run/php-fpm/%i/main.pid --force-stderr
	ExecReload=/bin/kill -USR2 $MAINPID

	StandardOutput=journal
	StandardError=journal

	User=www-data
	Group=www-data
	WorkingDirectory=/var/www/%i
	Environment=HOME=/var/www/%i
	Environment=TEMP=/var/lib/php-fpm/%i/tmp TMP=/var/lib/php-fpm/%i/tmp TMPDIR=/var/lib/php-fpm/%i/tmp

	TemporaryFileSystem=/var:ro
	InaccessiblePaths=/boot /boot /home /lost+found /media /mnt /opt /root /srv

	TemporaryFileSystem=/run/php-fpm:ro
	BindPaths=/run/php-fpm/%i
	RuntimeDirectory=php-fpm/%i
	ReadWritePaths=/run/php-fpm/%i

	TemporaryFileSystem=/var/lib/php-fpm:ro
	BindPaths=/var/lib/php-fpm/%i
	StateDirectory=php-fpm/%i/sessions
	ReadWritePaths=/var/lib/php-fpm/%i/sessions
	StateDirectory=php-fpm/%i/tmp
	ReadWritePaths=/var/lib/php-fpm/%i/tmp

	TemporaryFileSystem=/etc/php/7.4/fpm/sites:ro
	BindPaths=/etc/php/7.4/fpm/sites/%i
	ConfigurationDirectory=php/7.4/fpm/sites/%i
	ReadOnlyPaths=/etc/php/7.4/fpm/sites/%i

	#TemporaryFileSystem=/var/www:ro
	BindPaths=/var/www/%i
	ReadWritePaths=/var/www/%i

	ProtectSystem=strict
	PrivateUsers=yes
	ProtectHostname=yes
	ProtectClock=yes
	ProtectKernelTunables=yes
	ProtectKernelModules=yes
	ProtectKernelLogs=yes
	ProtectControlGroups=yes
	PrivateDevices=yes
	ProtectHome=yes
	ProtectProc=invisible
	PrivateTmp=yes
	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
	MemoryDenyWriteExecute=yes
	RestrictSUIDSGID=yes

	[Install]
	WantedBy=multi-user.target
	[global]
	error_log = syslog

	[rainloop-webmail]
	prefix = /var/www/rainloop-webmail
	chdir = /var/www/rainloop-webmail/htdocs
	listen = /run/php-fpm/$pool/main.sock
	listen.owner = www-data
	listen.group = www-data
	listen.mode = 0666
	catch_workers_output = yes
	decorate_workers_output = no

	pm = dynamic
	pm.max_children = 25
	pm.start_servers = 2
	pm.min_spare_servers = 2
	pm.max_spare_servers = 15
	pm.max_requests = 512

	clear_env = no
	env[HOME] = /var/www/$pool

	php_admin_value[upload_max_filesize] = 32M
	php_admin_value[post_max_size] = 32M
	php_admin_value[error_reporting] = E_ALL
	php_admin_value[session.save_path] = /var/lib/php-fpm/$pool/sessions