PHP in EHCP Force Edition
Starting in all versions of EHCP Force Edition released after June 1 2018 (6/1/2018), Apache2 and nginx web server software will be automatically configured to use PHP-FPM for processing PHP requests. Apache2 uses mod_proxy (https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) and nginx has always been setup to proxy PHP requests to PHP-FPM.
php.ini File Location
As a result of the changes, PHP settings need to be set or changed in the following php.ini files (which will be used by both nginx and Apache2):
Ubuntu 14.04 and Debian 8: /etc/php5/fpm/php.ini Ubuntu 16.04 and Debian 9: /etc/php/7.0/fpm/php.ini Ubuntu 18.04: /etc/php/7.2/fpm/php.ini
PHP disable_functions Security
By default and for security purposes, all domains and subdomains will by default run under a non-privileged FPM pool. Thus, several PHP functions are disabled and unavailable to code running under panel configured domains and sub domains to maintain better security. The disabled functions are listed below:
exec, passthru, shell_exec, system, proc_open, popen
PHP FPM Pools
There are 2 PHP-FPM pools that are in use by the panel. One is the aforementioned non-privileged FPM pool with the name of "www" which runs on port 9000. The other is a privileged pool the EHCP panel uses (since it does run some system calls) with the name of "ehcp" which runs on port 9001.
If you want to adjust the disabled functions for the non-privileged www pool, you can do so by editing the below files:
Ubuntu 14.04 and Debian 8: /etc/php5/fpm/pool.d/www.conf Ubuntu 16.04 and Debian 9: /etc/php/7.0/fpm/pool.d/www.conf Ubuntu 18.04: /etc/php/7.2/fpm/pool.d/www.conf
The privileged ehcp pool can be configured and changed here:
Ubuntu 14.04 and Debian 8: /etc/php5/fpm/pool.d/ehcp.conf Ubuntu 16.04 and Debian 9: /etc/php/7.0/fpm/pool.d/ehcp.conf Ubuntu 18.04: /etc/php/7.2/fpm/pool.d/ehcp.conf
If a trusted domain needs to run any of the listed disabled functions, it is recommended you edit the apache template for the domain using the EHCP Force Panel and direct all of that domain's PHP traffic to port 9001. This applies to both nginx and Apache2 configurations