Difference between revisions of "Php-fpm"

From SME Server
Jump to: navigation, search
(Create and use my own pool)
 
Line 370: Line 370:
 
|
 
|
 
|-
 
|-
|DisableFunctions
+
|DisabledFunctions
|system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
+
|system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
 
|
 
|
 
|-
 
|-
Line 390: Line 390:
 
|
 
|
 
|}
 
|}
you will then need two httpd.conf custom template fragment to use your pool. You will need to change '''VERSION''' and '''MYPOOL''' to what you want<syntaxhighlight lang="bash">
+
you will then need two httpd.conf custom template fragment to use your pool. You will need to change   '''MYPOOL''' to what you want<syntaxhighlight lang="bash">
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
 
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/68FastCGIConfig15myphppool
 
</syntaxhighlight><syntaxhighlight>
 
Action phpMYPOOL-fastcgi /php-cgi-bin/phpMYPOOL-wrapper
 
Alias /php-cgi-bin/phpMYPOOL-wrapper /var/www/php-cgi-bin/phpMYPOOL-wrapper
 
FastCgiExternalServer /var/www/php-cgi-bin/phpMYPOOL-wrapper -socket /var/run/php-fpm/phpVERSION-MYPOOL.sock -pass-header Authorization -idle-timeout 120
 
</syntaxhighlight><syntaxhighlight lang="bash">
 
 
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
 
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
 
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
 
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
 
</syntaxhighlight><syntaxhighlight lang="perl">
 
</syntaxhighlight><syntaxhighlight lang="perl">
  <Directory "/home/e-smith/ibays/Primary/html/myfolder">
+
<Directory /home/e-smith/files/ibays/test/html>
 +
    SSLRequireSSL
 +
    Options None
 +
    Options +Indexes
 
     Options +FollowSymLinks
 
     Options +FollowSymLinks
 +
    DirectoryIndex index.php index.shtml index.htm index.html
 +
    AddHandler phpMYPOOL-fastcgi .php
 
     AllowOverride All
 
     AllowOverride All
     AddHandler phpMYPOOL-fastcgi .php\n";
+
     order deny,allow
  </Directory>
+
    deny from all
 
+
    allow from all
 +
</Directory>
  
</syntaxhighlight>
+
</syntaxhighlight>then just do signal-event webapps-update
  
 
=== Uninstall ===
 
=== Uninstall ===

Latest revision as of 06:48, 13 February 2020




php-fpm
NeedImage.svg
php-fpm logo
Maintainervip-ire
Urlhttps://wiki.contribs.org
CategoryCategory:Category you want
Tags phpfpm

Maintainer

Daniel

Version

smeserver-php-fpm
The latest version of smeserver-php-fpm is available in the SME repository, click on the version number(s) for more information.


Description

This contribs allow you to run php-fpm for php version from 5.6 to 7.3 on CentOS 6 (SME9). This contrib will likely not be needed directly for your own usage, unless you know what you want to do with it, but rather called by another contribs needing a specific version of php running.


Installation

yum --enablerepo=smecontribs install smeserver-php-fpm
you then need to issue the usual
signal-event post-upgrade; signal-event reboot
or you can do
signal-event webapps-update
service php-fpm start
service php-56 start
service php-70 start
service php-71 start
service php-72 start
service php-73 start

Configuration

you can list the available configuration with the following command :
config show php-fpm
config show php56-php-fpm
config show php70-php-fpm
config show php71-php-fpm
config show php72-php-fpm
config show php73-php-fpm

Some of the properties are not shown, but are defaulted in a template or a script. You can set those values for the php-fpm version you want, or you can set it against a particular share folder. Empty or missing property in the db means default value is used.

Here a more comprehensive list with default and expected values :

property default values
status enabled enabled,disabled
MemoryLimit 128M
MaxExecutionTime 30
MaxInputTime 60
AllowUrlFopen off
MaxChildren 15
PostMaxSize 10M
UploadMaxFilesize 10M
OpenBasedir
DisableFunctions system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
config setprop php72-phpfpm  PHPMemoryLimit 256M
signal-event webapps-update
more values specifics for shares:
property default values information
PHPVersion 56,70,71,72,73 should be set one value
PHPCustomPool string use of a custom pool defined elsewhere, see use my own pool section. Keep it empty to use the share specific pool.
DynamicContent disabled enabled,disabled need to be enabled
db accounts setprop SHARENAME PHPVersion 72 PHPMemoryLimit 256M
signal-event webapps-update

For contribs creators

you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.

vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud
{

if ($PHP_VERSION eq '71'){
  if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
    my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
    $max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
    my $memory_limit = ($nextcloud{MemoryLimit} || '512M');
    $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
    my $id = 'nextcloud';
    $OUT .=<<_EOF;

[php$PHP_VERSION-$id]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
php_admin_value[session.save_path] = /var/lib/php/$id/session
php_admin_value[session.gc_maxlifetime] = 86400
php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
php_admin_value[error_log] = /var/log/php/$id/error.log
slowlog = /var/log/php/nextcloud/slow.log
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = $memory_limit
php_admin_value[max_execution_time] = 3600
php_admin_value[post_max_size] = $max_upload_size
php_admin_value[upload_max_filesize] = $max_upload_size
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_upload] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_hannextclouder] = files
php_admin_flag[output_buffering] = off

_EOF

  }
  else{
    $OUT .= '; Nextcloud is disabled';
  }
}
you will also need two httpd.conf template fragment: vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud
{
if ($fastcgi_mod eq 'mod_fastcgi'){
  $OUT .=<<_EOF;
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
_EOF
}
}
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud
{
my $access = $nextcloud{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $authtype = $nextcloud{'Authentication'} || 'none';

my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
    'Alias /nextcloud /usr/share/nextcloud' : '';

my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
my $maxpost = $maxupload+1;
$maxupload .= 'M';
$maxpost .= 'M';

my $auth = '';
if ($authtype eq 'http'){
    $auth =<<'EOF';
    <FilesMatch "^(admin|rest)\.php">
        SSLRequireSSL on
        AuthName "nextcloud"
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user
    </FilesMatch>
EOF
}

if ($nextcloud{'status'} eq 'enabled'){

  my $php =<<_EOF;
    AddType application/x-httpd-php .php
    php_admin_flag file_upload On
    php_admin_flag magic_quotes Off
    php_admin_flag magic_quotes_gpc Off
    php_admin_value upload_max_filesize $maxupload
    php_admin_value post_max_size $maxpost
    php_admin_value memory_limit 512M
    php_admin_flag output_buffering Off
    php_admin_value max_execution_time 0
    php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
    php_admin_value session.save_path /var/lib/nextcloud/tmp
    php_admin_value session.gc_maxlifetime 86400
    php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
_EOF
  if ($fastcgi_mod eq 'mod_fastcgi'){
    $php = "    AddHandler phpnextcloud-fastcgi .php\n";
  }
  elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
    $php =<<'_EOF';
     <FilesMatch \.php$>
         SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
     </FilesMatch>
_EOF
  }

my $config =<<_EOF;
  <Directory "/usr/share/nextcloud">
    Options +FollowSymLinks
    AllowOverride All
$php
    order deny,allow
    deny from all
    allow from $allow
$auth

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    SetEnv HOME /usr/share/nextcloud
    SetEnv HTTP_HOME /usr/share/nextcloud
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
  </Directory>

  <Directory "/home/e-smith/files/nextcloud/data/">
    # just in case if .htaccess gets disabled
    deny from all
  </Directory>
_EOF


$OUT .=<<"END"
# nextcloud Configuration
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
$alias

$config

Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav


END
}
else{
    $OUT .= "# nextcloud is disabled\n";
}
}
Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.

You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib


Warning.png Warning:
On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services.

So pay attention you need to start if not already started on initial install.


Create and use my own pool

using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:
db php set MYPOOLNAME pool Version 72 status enabled
here are the accepted supplementary properties, as always missing or empty means using default.
property default values information
status enabled enabled,disabled
MemoryLimit 128M
MaxExecutionTime 30
MaxInputTime 60
AllowUrlFopen off
MaxChildren 15
PostMaxSize 10M
UploadMaxFilesize 10M
file_upload enabled
OpenBasedir
DisabledFunctions system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
User www
Group www
DisplayErrors disabled
LogErrors disabled
you will then need two httpd.conf custom template fragment to use your pool. You will need to change MYPOOL to what you want
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
<Directory /home/e-smith/files/ibays/test/html>
    SSLRequireSSL
    Options None
    Options +Indexes
    Options +FollowSymLinks
    DirectoryIndex index.php index.shtml index.htm index.html
    AddHandler phpMYPOOL-fastcgi .php
    AllowOverride All
    order deny,allow
    deny from all
    allow from all
</Directory>
then just do signal-event webapps-update

Uninstall

yum remove smeserver-php-fpm  php-fpm

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-php-fpm component or use this link


Below is an overview of the current issues for this contrib:
IDProductVersionStatusSummary
10561SME Contribs9.2CONFIRMEDrestarting php-fpm with signal-event make signal-event hangs forever

Changelog

Only released version in smecontrib are listed here.

smeserver-php-fpm Changelog: SME 9 (smecontribs)
2020/01/27 Jean-Philipe Pialasse 0.1.1-4.sme
- fix wrong permission on log folders [SME: 10563]

2019/12/16 Jean-Philipe Pialasse 0.1.1-3.sme
- import to mecontribs

- add php72 and php73 fix [SME: 10851]
2017/07/27 Daniel Berteaud - 0.1.1-1.sme
- Fix closing parenthesis on prop method in httpd template
2017/07/26 Daniel Berteaud - 0.1.0-1.sme
- Initial release