Giter VIP home page Giter VIP logo

alternc-php-fpm's Issues

Check php service before to reload/restart it

php7-fpm must do a check before to reload pool.
To each php-fpm service will must check it before to reload.

We have --test argument to check configuration

Note : reload act as a restart and any check is done.

Alternc-nss

Hello

we have yet a project to manage our alternc account as posix
alternc-nss

Could be interessting to mutualize our work :)

Enable .php.ini local config

As we isolate php by account, could be interresting to enable .php.ini file in local directory.

Could be done by enabling in each pool configuration :
php_value[user_ini.filename] = ".php.ini"
php_value[user_ini.cache_ttl] = 300

Domains type names conflics with alternc

Names for domaines_type in BDD are made whit a "-":

alternc-php-fpm/debian/postinst

Lines 10 to 15 in 392f45c

INSERT IGNORE INTO domaines_type SET name='php56-fpm', description='PHP 5.6 FPM', target='DIRECTORY', entry='%SUB% IN A @@PUBLIC_IP@@', compatibility='txt,defmx,defmx2,mx,mx2', enable='ALL', need_dns=0, has_https_option=1;
INSERT IGNORE INTO domaines_type SET name='php70-fpm', description='PHP 7.0 FPM', target='DIRECTORY', entry='%SUB% IN A @@PUBLIC_IP@@', compatibility='txt,defmx,defmx2,mx,mx2', enable='ALL', need_dns=0, has_https_option=1;
INSERT IGNORE INTO domaines_type SET name='php71-fpm', description='PHP 7.1 FPM', target='DIRECTORY', entry='%SUB% IN A @@PUBLIC_IP@@', compatibility='txt,defmx,defmx2,mx,mx2', enable='ALL', need_dns=0, has_https_option=1;
INSERT IGNORE INTO domaines_type SET name='php72-fpm', description='PHP 7.2 FPM', target='DIRECTORY', entry='%SUB% IN A @@PUBLIC_IP@@', compatibility='txt,defmx,defmx2,mx,mx2', enable='ALL', need_dns=0, has_https_option=1;
INSERT IGNORE INTO domaines_type SET name='php73-fpm', description='PHP 7.3 FPM', target='DIRECTORY', entry='%SUB% IN A @@PUBLIC_IP@@', compatibility='txt,defmx,defmx2,mx,mx2', enable='ALL', need_dns=0, has_https_option=1;
INSERT IGNORE INTO domaines_type SET name='php74-fpm', description='PHP 7.4 FPM', target='DIRECTORY', entry='%SUB% IN A @@PUBLIC_IP@@', compatibility='txt,defmx,defmx2,mx,mx2', enable='ALL', need_dns=0, has_https_option=1;

AlternC doesn't apreciate this:
https://github.com/AlternC/AlternC/blob/3c83f33935bdaf0f601b5d5ba096936cfcac0597/bureau/class/m_dom.php#L552

Now three choices:

  • add an sql upgrade in alternc-php-fpm Debian packaging
  • remove name limitation in alternc
  • authorize '-' in name in alternc

Erreur à l'install

ERROR 1136 (21S01) at line 2: Column count doesn't match value count at row 1

erreur dans la requête d'insertion des version de php-fpm (si alternc-ssl est installé?)

alternc-php-fpm/debian/postinst

Line 10 in ea3951c

INSERT IGNORE INTO domaines_type VALUES ('php56-fpm','PHP 5.6 FPM','DIRECTORY','%SUB% IN A @@PUBLIC_IP@@','txt,defmx,defmx2,mx,mx2','ALL',0,0,0,0,0);

Les requêtes d'insertion ont un champ trop peu:

#1136 - Column count doesn't match value count at row 1

Alternc-certbot qui ajoute cette colonne?
J'ai rajouté un 1 en dernière colonne pour avoir l'accès http et/ou https pour les vhost php-fpm

INSERT IGNORE INTO domaines_type VALUES ('php70-fpm','PHP 7.0 FPM','DIRECTORY','%SUB% IN A @@PUBLIC_IP@@','txt,defmx,defmx2,mx,mx2','ALL',0,0,0,0,0,1)

Missing PHP 8.0 dependencies

Commit #27c3b5e introduces PHP 8.0 support, but the dependencies are missing in debian/control.
I'll push a PR for that.

phpx.x-fpm services fail to reload

If the services are not running, /usr/lib/alternc/php7-fpm will fail with, for instance:

Reloading phpx.x-fpm configuration (via systemctl): phpx.x-fpm.servicephpx.x-fpm.service is not active, cannot reload.
 failed!

An easy way is to add an OR in the reload call to ensure the service is started if not running:
passthru("/etc/init.d/php".$service."-fpm reload || /etc/init.d/php".$service."-fpm start");

Which works properly:

Reloading php8.2-fpm configuration (via systemctl): php8.2-fpm.servicephp8.2-fpm.service is not active, cannot reload.                                                          
 failed!
Starting php8.2-fpm (via systemctl): php8.2-fpm.service.

Exit when mysql is absent

Hi

For different reason, mysql could be down during php7-fpm execution.
In this case, all pool are deleted and break all sites hosted.

We must check mysql state and ran script only we are sure mysql state

Retours de test

C'est vraiment chouette !

Deux petites choses:

  • Choisir la version de php en https ne fonctionne pas.
  • Ce serait sans doute utile de permettre de choisir la version de PHP de manière plus simple

Hébergé localement /www/monsite.tld / Selection HTTP-S / Selection version PHP

Error during alternc.install 

ln: impossible de créer le lien symbolique '/etc/php7.3/apache2/conf.d/alternc.ini': Aucun fichier ou dossier de ce type
ln: impossible de créer le lien symbolique '/etc/php7.3/cli/conf.d/alternc.ini': Aucun fichier ou dossier de ce type

with master branch

Allow catch error 40x 50X

Hi

On some case if an user try to override ErroDocument feature in its .htacess, As ErrorDocument 404 /404.php
Any wrong url with php extension will be catch by fpm and not errordocument, as we have set a <FilesMatch \.php$> on Virtualhost. This directive as precedence about .htaccess

Looks natural to change this behavior and we have two options to change fpm template :

<FilesMatch \.php$>
<If \"-f %{REQUEST_FILENAME}\">
SetHandler "proxy:unix:/run/php/php7.3-user.sock|fcgi://localhost"
</If>
</FilesMatch>

ProxyErrorOverride On

ProxyErrorOverride looks easier, but I'm not sure about errodocument managed directly by an CMS.
If test looks more accurate but could impact performance.

To discuss before provide any global solution

Config PHP-FPM manuelle

Dans certains cas précis (instance Nextcloud par exemple) on devrait être en mesure de pourvoir modifier le pool PHP=FPM manuellement sans que sa config soit écrasée lors du prochain cron.

En gros faire en sorte que cela fonctionne comme les VHOST Nginx notamment quand le nom du fichier de config ne contient pas .alternc. mais .manual.

MX compatibility

Hi

We can't enable mail service after a php-fpm activation.
mx type is not compatible with any php-fpm version, could break when site is hosting on root domain and not as www subdomain.

Proposition de changement de présentation dasn l'interface + corr bugs

Quelques améliorations, corrections de bugs et une proposition de changement de présentation des options fpm dan l'interface Alternc.

Les propositions de changements liés à l'interface Alternc sont ici: AlternC/AlternC#351

Du côté du paquet alternc-php-fpm:

  1. J'ai ajouté à chaque template apache2 les versions http, https et both dans le cas où on utilise alternc-certbot
    Exemple pour php7.0-fpm
  • php70-fpm-http.conf
# %%fqdn%%
<Virtualhost *:443>
  ServerName %%fqdn%%
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
  KeepAlive Off

  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !/cgi-bin/
  RewriteCond %{REQUEST_FILENAME} !/.well-known/acme-challenge/
  RewriteRule ^/(.*)$ http://%%fqdn%%/$1 [R=301,L]

  SSLEngine On
  SSLCertificateFile %%CRT%%
  SSLCertificateKeyFile %%KEY%%
  %%CHAINLINE%%

</Virtualhost>
<VirtualHost *:80>
  ServerName %%fqdn%%
  DocumentRoot "%%document_root%%"
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine on
  RewriteCond %{QUERY_STRING} (%2d|-)d.*auto_prepend  [NC]
  RewriteRule .? - [F,L]

  <Directory "%%document_root%%">
    require all granted
    Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch
    AllowOverride AuthConfig FileInfo Limit Options Indexes
    php_admin_flag engine off
  </Directory>
</VirtualHost>
  • php70-fpm-https.conf
# %%fqdn%%
<Virtualhost *:80>
  ServerName %%fqdn%%
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
  KeepAlive Off

  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !/cgi-bin/
  RewriteCond %{REQUEST_FILENAME} !/.well-known/acme-challenge/
  RewriteRule ^/(.*)$ https://%%fqdn%%/$1 [R=301,L]

</Virtualhost>
<VirtualHost *:443>
  ServerName %%fqdn%%
  DocumentRoot "%%document_root%%"
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine on
  RewriteCond %{QUERY_STRING} (%2d|-)d.*auto_prepend  [NC]
  RewriteRule .? - [F,L]

  <Directory "%%document_root%%">
    require all granted
    Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch
    AllowOverride AuthConfig FileInfo Limit Options Indexes
    php_admin_flag engine off
  </Directory>

  SSLEngine On
  SSLCertificateFile %%CRT%%
  SSLCertificateKeyFile %%KEY%%
  %%CHAINLINE%%

</VirtualHost>
  • php70-fpm-both.conf
# %%fqdn%%
<VirtualHost *:80>
  ServerName %%fqdn%%
  DocumentRoot "%%document_root%%"
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine on
  RewriteCond %{QUERY_STRING} (%2d|-)d.*auto_prepend  [NC]
  RewriteRule .? - [F,L]

  <Directory "%%document_root%%">
    require all granted
    Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch
    AllowOverride AuthConfig FileInfo Limit Options Indexes
    php_admin_flag engine off
  </Directory>
</VirtualHost>
<VirtualHost *:443>
  ServerName %%fqdn%%
  DocumentRoot "%%document_root%%"
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine on
  RewriteCond %{QUERY_STRING} (%2d|-)d.*auto_prepend  [NC]
  RewriteRule .? - [F,L]

  <Directory "%%document_root%%">
    require all granted
    Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch
    AllowOverride AuthConfig FileInfo Limit Options Indexes
    php_admin_flag engine off
  </Directory>

  SSLEngine On
  SSLCertificateFile %%CRT%%
  SSLCertificateKeyFile %%KEY%%
  %%CHAINLINE%%

</VirtualHost>
  1. Modifié les templates apache2 existants (exemple pour fpm-7.0)
# %%fqdn%%
<VirtualHost *:80>
  ServerName %%fqdn%%
  DocumentRoot "%%document_root%%"
  AssignUserId #%%UID%% #%%GID%%
  SetEnv LOGIN "%%UID%%-%%LOGIN%%"
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    
  <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost"
  </FilesMatch>

  RewriteEngine on
  RewriteCond %{QUERY_STRING} (%2d|-)d.*auto_prepend  [NC]
  RewriteRule .? - [F,L]

  <Directory "%%document_root%%">
    require all granted
    Options +MultiViews -FollowSymLinks +SymLinksIfOwnerMatch
    AllowOverride AuthConfig FileInfo Limit Options Indexes
    php_admin_flag engine off
  </Directory>
</VirtualHost>
  • retiré des options qui se retrouvent dans la config du pool fpm
  1. Modifé les templates fpm (exemple pour fpm-7.0)
[%%LOGIN%%]
user = %%LOGIN%%
group = %%LOGIN%%
listen = /run/php/php7.0-%%LOGIN%%.sock
listen.owner = %%LOGIN%%
listen.group = %%LOGIN%%
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 60s
pm.max_requests = 1000
catch_workers_output = yes
php_admin_value[open_basedir] = "%%account_root%%"
php_admin_value[upload_tmp_dir] = %%account_root%%/tmp
env[TMP] = %%account_root%%/tmp
env[TMPDIR] = %%account_root%%/tmp
env[TEMP] = %%account_root%%/tmp
php_admin_value[sys_temp_dir] = %%account_root%%/tmp
php_admin_value[sendmail_path] = '/usr/lib/alternc/sendmail "%%mail_account%%" '
php_admin_flag[mail.add_x_header] = on
  1. Problème de droits sur le dossier /var/run/php.
    Les sockets doivent pouvoir être accédés par tous les utilisateurs alternc.
    0750 sur ce dossier ne permet pas ça.

J'ai changé les droits vers 0755.
Il existe peut-être une meilleure approche. Niveau sécurité, c'est peut-être pas bon de faire comme-ceci.

  1. script php7-fpm appellé par le cron:
while ($db->next_record()) {
      $version=substr($db->f("type"),3,1).".".substr($db->f("type"),4,1);
      $user=$db->f("login");
      $allpools[$version][]=$user;
      if ($force || !is_file("/etc/php/".$version."/fpm/pool.d/".$user.".alternc.conf")) {
          myecho("Creating php $version fpm pool for user $user");
          $content=file_get_contents("/etc/alternc/templates/php/fpm-".$version);
          $content=str_replace("%%LOGIN%%",$user,$content);

          $account_root=ALTERNC_HTML . substr($user, 0, 1) . "/" . $user;
          $content=str_replace("%%account_root%%",$account_root,$content);

          $mail_account=$user."@".$L_FQDN;
          $content=str_replace("%%mail_account%%",$mail_account,$content);

          file_put_contents("/etc/php/".$version."/fpm/pool.d/".$user.".alternc.conf",$content);

          $reload[$version]=$version;
      }
}
  • On doit récupérer plusieurs variables à remplacer dans le template fpm.
// now delete pools we don't need anymore
foreach($allversions as $version) {
    $d=opendir("/etc/php/$version/fpm/pool.d"   );
    while (($c=readdir($d))!==false) {
        if (preg_match('#/?([^\.]*).alternc.conf$#',$c,$mat)) {
            $user=$mat[1];
            if (! isset($allpools[$version]) || !in_array($user,$allpools[$version])) {
                echo("Deleting php $version fpm pool for user $user");
                @unlink("/etc/php/".$version."/fpm/pool.d/".$user.".alternc.conf");
                $reload[$version]=$version;
            }
        }
    }
}
  • ajouté un ? dans le preg_match pour ne pas rendre le / obligatoire (je ne sais pas pourquoi on veut qu'il y ai un / à ce stade où si c'est juste une erreur),
  • "if (! isset($allpools[$version]) || !in_array($user,$allpools[$version])) {" -> rajouté un test isset pour éviter un mail avec un php notice
// now reloads php fpm versions
foreach($reload as $service) {
    passthru("systemctl reload php".$service."-fpm");
}
  • plus sure pour redémarrer les service fpm. On a par exemple pas les scripts dans init.d pour toutes les versions fpm installées, ils n'étaient jamais redémarrés.

Avec tout ça, on a maintenant un php-fpm + certbot fonctionnels et les utilisateurs peuvent choisir la version php qu'ils veulent, c'est vraiment chouette.

trigger php installation

We can't code all php version on the world
dpkg provide a trigger sytem, then when we should be detect any php installation and enable relative vhost about this.

adding MaxClientsVHost for apache templates

http://mpm-itk.sesse.net/ says :

MaxClientsVHost: A separate MaxClients for the vhost. This can be useful if, say, half of your vhosts depend on some NFS server; if the NFS server goes down, you do not want the children waiting forever on NFS to take the non-NFS-dependent hosts down. This can thus act as a safety measure, giving “server too busy” on the NFS-dependent vhosts while keeping the other ones happily running. (Of course, you could use it to simply keep one site from eating way too much resources, but there are probably better ways of doing that.)

AlternC used to have this in the vhost configuration file for apache (with a limit of 40)

we should add those to the FPM configuration templates for apache too

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.