Enhancements to PHP-FPM & Nginx Configuration

[ihfbib]

trafficstars

Summary

Updated stack_pref.py

Why listen.owner = www-data is Better Than listen.owner = root in PHP-FPM

1️⃣ Ensures Proper Communication – Nginx runs as www-data, so setting listen.owner = www-data allows seamless access to the PHP-FPM socket, preventing 502 Bad Gateway errors.

2️⃣ Prevents Permission Issues – Using www-data eliminates the need for manual permission adjustments (chmod) and avoids access errors.

3️⃣ Enhances Security – Running the socket as root increases security risks; www-data follows the principle of least privilege, reducing potential exploits.

4️⃣ Maintains Consistency – Since PHP-FPM workers run as www-data, the socket should match to avoid conflicts and unexpected behavior.

5️⃣ Avoids Manual Fixes – Using root may require permission fixes after reboots or updates, whereas www-data keeps everything working smoothly.

✅ Best Practice: Use

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

to ensure seamless, secure, and low-maintenance operation. 🚀

Improved Nginx Security Headers

• Enhanced readability and maintainability of the Nginx configuration.
• Standardized headers for better security and performance.

Optimized Caching for WordPress REST API (/wp-json/)

• Excluded /wp-json/ from FastCGI caching via map to ensure dynamic responses remain fresh.
• Implemented more_set_headers to prevent browser & CDN caching of REST API responses.
• Ensures AJAX requests, Gutenberg, WooCommerce, and REST-dependent plugins receive real-time updates.

These changes improve server stability, security, and performance while minimizing manual interventions.

Additional Information

[VirtuBox]

Hello @ihfbib, Thanks for your contribution. I'm going to review your pull request and merge it as soon as possible.