Changes

From SME Server
Jump to navigationJump to search
15,302 bytes added ,  21:11, 25 August 2023
Created page with "A partir de la version 10 du serveur Koozali SME, le module '''php''' n'est plus utilisé pour httpd. Au lieu de cela, nous nous appuyons sur '''php-fpm''' qui peut activer to..."
A partir de la version 10 du serveur Koozali SME, le module '''php''' n'est plus utilisé pour httpd. Au lieu de cela, nous nous appuyons sur '''php-fpm''' qui peut activer toutes les versions disponibles de php.

Par défaut, nous fournissons les versions suivantes :

*54 (maintenue par Red-Hat jusqu'à CentOS 7 ; fin de vie : 30 juin 2024).
*55,56,70,71,72 (Note : non supporté !).
*73 (supportée jusqu'au 6 déc. 2021).
*74 (supportée jusqu'au 28 nov. 2022).
*80 (supportée jusqu'au 26 nov. 2023).

<br />
===Clés db disponibles pour contrôler la configuration et les services PHP===
Vous devez d'abord décider si vous souhaitez modifier le comportement de PHP pour une baie d'information (ibay) ou pour une version spécifique de PHP, ou pour toutes les versions de PHP.
{| class="wikitable"
|+Propriétés de configuration de la base de données
!Clés
!Rôle
!
|-
|php
|personnalisation de /etc/php.ini
|pour php54
|-
|php55
|personnalisation de /opt/remi/php55/root/etc/php.ini
| rowspan="8" |si aucune propriété n'est définie, les propriétés des clés php seront utilisées
|-
|php56
|personnalisation de /opt/remi/php56/root/etc/php.ini
|-
|php70
|personnalisation de /etc/opt/remi/php70/php.ini
|-
|php71
|personnalisation def /etc/opt/remi/php71/php.ini
|-
|php72
|personnalisation de /etc/opt/remi/php72/php.ini
|-
|php73
|personnalisation de /etc/opt/remi/php73/php.ini
|-
|php74
|personnalisation de /etc/opt/remi/php74/php.ini
|-
|php80
|personnalisation de /etc/opt/remi/php80/php.ini
|}
Chaque version de php a son propre service php-fpm en cours d'exécution, l'entrée de la base de données de configuration associée est (comme indiqué dans le tableau ci-dessus) php-fpm pour php (c'est-à-dire php54), php55-php-fpm pour php55 et ainsi de suite.

Si vous souhaitez vraiment désactiver une version de php, voici ce que vous devez faire pour php55, par d'exemple :

config setprop php55-php-fpm status disabled
signal-event webapps-update

===Propriétés disponibles===
Voici une liste des propriétés disponibles pour configurer php. Vous devez choisir à quel niveau vous souhaitez gérer le changement.

*Voulez-vous le changement pour l'ensemble du serveur ? -- alors choisissez probablement de le changer pour la clé php) : configuration de la base de données setprop php ...
*Voulez-vous le changement pour une version spécifique de php ? -- alors vous devriez probablement le faire avec une clé php spécifique, par exemple : configuration de base de données setprop php74 ...
*Voulez-vous appliquer le changement pour une baie spécifique ? -- c'est ce que nous vous suggérons de faire dans la plupart des cas : dbaccounts setprop mabaie ..

{| class="wikitable"
|+
!paramètre php
!propriété de la baie
!propriété de php.ini
!par défaut
!note
|-
| -
|PHPVersion
| -
|74
|peut varier selon la mise à jour si laissé vide
|-
|allow_url_fopen
|AllowUrlFopen
|AllowUrlFopen
|off
|risque de sécurité, maintenir à off
|-
|allow_url_include
| -
| -
|off
|
|-
|auto_prepend_file
|AutoPrependFile
| -
|enabled
|/usr/share/php/auth_translation.php sauf si désactivé
|-
|disable_functions
|DisableFunctions
| -
|system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
|
|-
|display_errors
|DisplayErrors
| -
|off
|
|-
|error_log
| -
| -
|/var/log/php/$key/error.log
|
|-
|error_reporting
|ErrorReporting
| -
|E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
|
|-
|expose_php
| -
|ExposePHP
|Off
|
|-
|file_upload
|FileUpload
| -
|Off
|
|-
|mail.add_x_header
| -
|MailAddXHeader
|disabled
|uniquement global, pas par version php

|-
|mail.force_extra_parameters
|MailForceSender
|MailForceSender
|root@$DomainName
|ibayname@$DomainName pour les baies d'information
|-
|mail.log
| -
|MailLog
|disabled
|
|-
|max_execution_time
|MaxExecutionTime
|MaxExecutionTime
|30
|
|-
|max_file_uploads
| -
|MaxFileUpload
|20
|
|-
|max_input_time
|MaxInputTime
|MaxInputTime
|60
|
|-
|memory_limit
|MemoryLimit
|MemoryLimit
|128M
|
|-
|open_basedir
|PHPBaseDir
| -
|/home/e-smith/files/ibays/IBAYNAME/:/var/lib/php/IBAYNAME/:/usr/share/php/:/usr/share/pear/:/opt/remi/php$version/root/usr/share/pear/:/opt/remi/php$version/root/usr/share/php/
|
|-
|post_max_size
|PostMaxSize
|PostMaxSize
|20M
|
|-
|security.limit_extensions
|AllowPHTML
|
|disabled
|permet à php d'interpréter plus de types de fichiers (.php .htm .html .phar .phtml .xml)
|-
|sendmail_from
| -
|MailForceSender
|root@$DomainName
|
|-
|sendmail_path
| -
|SendmailPath
|/usr/sbin/sendmail -t -i
|
|-
|short_open_tag
| -
|ShortOpenTag
|On
|
|-
|upload_max_filesize
|UploadMaxFilesize
|UploadMaxFilesize
|10M
|
|}
Si vous souhaitez définir une valeur spécifique pour une baie, nous montrons ici comment utiliser php80 pour la baie MYIBAY et éviter d'avoir une fonction désactivée :
db accounts setprop MYIBAY disable_functions none PHPVersion 80
signal-event webapps-update
{{Note box|type=Note :| il est fortement suggéré d'installer la contribution smeserver-webhosting vous permettant de définir vos valeurs php de la baie depuis le gestionnaire de serveur. Tout est disponible et cela vous évite de vous tromper dans les paramètres.}}

===Display Error Messages===

By default PHP does not display error messages on screen. Sometimes you get a blank page when executing PHP scripts. Usually some sort of error has occurred, but this error text will '''not''' be displayed as SME Server is configured to not display them. Instead the error messages are reported to the log files of the webserver and the general logfile of the server.

Try to analyze your logfiles:
/var/log/httpd/error_log and /var/log/httpd/access_log and perhaps also /var/log/messages.

{{Warning box|It is strongly advised that you disable "display errors" after you have tracked and solved the problem, as the displayed error message might provide information (like filesystem layout) that only should be known to the system administrators and not to users, let alone people with bad intentions. Thus it is a potential SECURITY RISK. After debugging, disable it again.}}

====Enable changes for all php versions====
If you (for debugging purposes for instance) would like to enable it you can do it with the instructions found below:

mkdir -p /etc/e-smith/templates-custom/etc/php.ini
cp /etc/e-smith/templates/etc/php.ini/30ErrorHandling /etc/e-smith/templates-custom/etc/php.ini

After that:

sed -i /etc/e-smith/templates-custom/etc/php.ini/30ErrorHandling -e 's/display_errors.*/display_errors = On/g'

After that issue the following commands:

signal-event webapps-updates


Now access your page again and see what the error is.

====Undo Changes====
If everything works you remove the 30ErrorHandling file from the /etc/e-smith/templates-custom/etc/php.ini folder and issue the last two lines again:

signal-event webapps-update

====Enable changes for a specific ibay====
Starting SME10 and smeserver-php-3.0.0-39
db accounts setprop MYIBAY DisplayErrors enabled
signal-event webapps-update
===Open basedir restriction===
SME Server has a security measure in place which is called 'open basedir restriction'. This measure prevents PHP from executing or invoking other PHP scripts outside the scope of its own tree; in other words it creates a 'sandbox' or 'jail'.

Overall configuration is defined in the php.ini file but you can add an override on a per ibay basis.

====Error message====
The PHP open basedir restriction is usually presented to the user like this in the /var/log/messages file:

Aug 12 17:27:42 homer httpd: PHP Warning: main(): open_basedir restriction in effect. File(/tmp/test.php) is not within the allowed path(s): (/home/e-smith/files/ibays/Primary/html/) in /home/e-smith/files/ibays/Primary/html/test.php on line 2

In general you will find this message in the log files only as by default PHP is configured to prevent the display of error messages to the end users. This can be changed as per [[PHP#Display_Error_Messages|this HowTo]].

====Modifying the PHPBaseDir setting for an ibay====
<ol>
(Please also see: [http://wiki.contribs.org/Useful_Commands#PHP_Related_Commands these] instructions on the [http://wiki.contribs.org/Useful_Commands Useful_Commands] page.)
<!--Please do not remove the following closing tag as a fromatting/rendering bug will kick in, for more details see: http://bugzilla.wikimedia.org/show_bug.cgi?id=10893--><li>Open a SME Server shell as root user and document the current setting of the PHPBaseDir directive by writing down the output of the following command:
db accounts getprop ibayname PHPBaseDir
Be careful to write it down to the letter as we need it in the next step
For the Primary ibay the ouptut of above command would normally look like this:
/home/e-smith/files/ibays/Primary/html/
</li><li>Decide on what directory you would like to add and issue the following:
db accounts setprop ibayname PHPBaseDir value
Replace ibayname with the name of the ibay and value with the old value for the PHPBaseDir directive you have written down and a colon (:) followed by the full path to the directory you would like to add with a tailing slash (/), e.g.
db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/html/:/opt/gallery2/
Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP.
To allow uploading of files to via http to a ibay name wiki
db accounts setprop wiki PHPBaseDir /home/e-smith/files/ibays/wiki/:/tmp/

</li><li>After defining the new setting we need to reflect the change in the configuration file of the web server and have the web server reload it's configuration file. This is done by issuing the following command:
signal-event ibay-modify ibayname

Be sure to replace ibayname with the name of the ibay you have just modified.
</li></ol>
===Upload_tmp_dir===
upload_tmp_dir

From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. ther symptoms observed are that you can't upload contents to the PHP application.

An easy resolution is to make a Custom Template to resolve this issue. see [[Uploadtmpdir]]

=== Advanced use of the php-fpm pools ===

==== For the ibays with with php-fpm.d/ibays.conf ====
for the ibays better option is to simply use the contrib [[Webhosting]]

==== For the contrib sharefolders with php-fpm.d/shares.conf ====
similar to ibays

==== For the contribs with php-fpm.d/www.conf ====
please read [[Building Your Contrib]]

==== For your custom needs with php-fpm.d/custom.conf ====
you can build your own pool to use in any place on your server, even in a subfolder of an ibay or in place of the regular ibay php-pool (property PHPCustomPool)

There are two ways in doing that

===== using db php =====
using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:
db php set MYPOOLNAME pool Version 81 status enabled
here are the accepted supplementary properties, as always missing or empty means using default.
{| class="wikitable"
!property
!default
!values
!information
|-
|status
|enabled
|enabled,disabled
|-
|Version
|
|
|php version to use eg 80 for php 8.0
|-
|MemoryLimit
|128M
|
|-
|MaxExecutionTime
|30
|
|-
|MaxInputTime
|60
|
|-
|AllowUrlFopen
|off
|
|-
|MaxChildren
|15
|
|-
|PostMaxSize
|10M
|
|-
|UploadMaxFilesize
|10M
|
|-
|FileUpload
|enabled
|
|-
|BaseDir
|
|
|-
|DisabledFunctions
|system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
|
|-
|User
|www
|
|-
|Group
|www
|
|-
|DisplayErrors
|disabled
|
|-
|LogErrors
|disabled
|
|-
|MaxChildren
|15
|
|-
|AutoPrependFile
|enabled
|
|will use the autoprepend file
|-
|MailForceSender
|php\@$DomainName
|
|
|}
you will then need two httpd.conf custom template fragment to use your pool. You will need to change '''MYPOOL''' to what you want
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage

<Directory /home/e-smith/files/ibays/test/html/mysubfolder>
SSLRequireSSL
Options None
Options +Indexes
Options +FollowSymLinks
DirectoryIndex index.php index.shtml index.htm index.html
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php-fpm/php80-MYPOOLNAME.sock|fcgi://localhost"
</FilesMatch>
AllowOverride All
order deny,allow
deny from all
allow from all
</Directory>
then just do signal-event webapps-update

===== using a templates-custom =====
You can write your own fragment in /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/ e.g. /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/15mypool

You will also need to write a httpd fragment similarly to what shown just above.

Here is an example if you want a custom pool for your ibay, in /etc/e-smith/templates-custom/etc/php-fpm.d/ibays.conf/15MYIBAY<syntaxhighlight lang="perl">
{

use esmith::AccountsDB;
use esmith::php;
my $a = esmith::AccountsDB->open_ro || die "Couldn't open the accounts database";
my $ibay = $a->get("MYIBAY");
my $version = PhpFpmVersionToUse($ibay);
my $dynamic = $ibay->prop('CgiBin') || 'disabled';
my $custom = $ibay->prop('CustomPool') || undef;
next unless ($dynamic eq 'enabled' && $version eq $PHP_VERSION && $custom);
my $key = $ibay->key;
my $name = lc $key;
my $pool_name = 'php' . $version . '-' . $name;
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);

[$pool_name]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/$pool_name.sock
;
;
;put whatever you need there
;
;
_EOF
}

</syntaxhighlight>

You have then to force the ibay to use it by doing :<syntaxhighlight lang="bash">
db accounts MYIBAY setprop CustomPool enabled
</syntaxhighlight>This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay.

===Installation of composer===

This is made tricky as we do not have the PHP CLI configured.

But we can install it as follows with command line arguments. This is using php74

Download:
php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

Install:
php74 -d allow_url_fopen=on ./composer-setup.php

=== Bugs ===
Please raise bugs under the SME-Server 10.X section in [http://bugs.contribs.org/enter_bug.cgi Bugzilla] and select the smeserver-php component or use {{BugzillaFileBug|product=SME%20Server%2010.X|component=e-smith-*%20and%20smeserver-*&20packages|title=this link}}.

Below is an overview of the current issues for this package:
{{#bugzilla:columns=id,product,version,status,summary |sort=id|order=desc |component=smeserver-php|noresultsmessage="No open bugs found."}}
----

[[Category: Howto]]
3,072

edits

Navigation menu