Difference between revisions of "Php-fpm"
Unnilennium (talk | contribs) |
Unnilennium (talk | contribs) |
||
| Line 23: | Line 23: | ||
=== Version === | === Version === | ||
<!-- keep this first element as is, you can add some if needed --> | <!-- keep this first element as is, you can add some if needed --> | ||
| − | {{#smeversion: | + | {{#smeversion: smeserver-php-fpm }} |
| − | + | ||
=== Description === | === Description === | ||
Revision as of 21:07, 27 January 2020
 | |
| php-fpm logo | |
| Maintainer | vip-ire |
|---|---|
| Url | https://wiki.contribs.org |
| Category | |
| Tags | php, fpm |
Maintainer
Version
Description
This contribs allow you to run php-fpm for php version from 5.6 to 7.3 on CentOS 6 (SME9). This contrib will likely not be needed directly for your own usage, unless you know what you want to do with it, but rather called by another contribs needing a specific version of php running.
Installation
yum --enablerepo=smecontribs install smeserver-php-fpm
you then need to issue the usual
signal-event post-upgrade; signal-event reboot
or you can do
signal-event webapps-update
service php-fpm start
service php-56 start
service php-70 start
service php-71 start
service php-72 start
service php-73 start
Configuration
you can list the available configuration with the following command :
config show php-fpm
config show php56-php-fpm
config show php70-php-fpm
config show php71-php-fpm
config show php72-php-fpm
config show php73-php-fpm
Some of the properties are not shown, but are defaulted in a template or a script. You can set those values for the php-fpm version you want, or you can set it against a particular share folder. Empty or missing property in the db means default value is used.
Here a more comprehensive list with default and expected values :
| property | default | values |
|---|---|---|
| status | enabled | enabled,disabled |
| MemoryLimit | 128M | |
| MaxExecutionTime | 30 | |
| MaxInputTime | 60 | |
| AllowUrlFopen | off | |
| MaxChildren | 15 | |
| PostMaxSize | 10M | |
| UploadMaxFilesize | 10M | |
| OpenBasedir | ||
| DisableFunctions | system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd |
config setprop php72-phpfpm PHPMemoryLimit 256M
signal-event webapps-update
more values specifics for shares:
| property | default | values | information |
|---|---|---|---|
| PHPVersion | 56,70,71,72,73 | should be set one value | |
| PHPCustomPool | string | use of a custom pool defined elsewhere, see use my own pool section. Keep it empty to use the share specific pool. | |
| DynamicContent | disabled | enabled,disabled | need to be enabled |
db accounts setprop SHARENAME PHPVersion 72 PHPMemoryLimit 256M
signal-event webapps-update
For contribs creators
you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.
vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud
{
if ($PHP_VERSION eq '71'){
if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
$max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
my $memory_limit = ($nextcloud{MemoryLimit} || '512M');
$memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
my $id = 'nextcloud';
$OUT .=<<_EOF;
[php$PHP_VERSION-$id]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
php_admin_value[session.save_path] = /var/lib/php/$id/session
php_admin_value[session.gc_maxlifetime] = 86400
php_admin_value[opcache.file_cache] = /var/lib/php/$id/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
php_admin_value[error_log] = /var/log/php/$id/error.log
slowlog = /var/log/php/nextcloud/slow.log
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = $memory_limit
php_admin_value[max_execution_time] = 3600
php_admin_value[post_max_size] = $max_upload_size
php_admin_value[upload_max_filesize] = $max_upload_size
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_upload] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_hannextclouder] = files
php_admin_flag[output_buffering] = off
_EOF
}
else{
$OUT .= '; Nextcloud is disabled';
}
}
you will also need two httpd.conf template fragment: vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud
{
if ($fastcgi_mod eq 'mod_fastcgi'){
$OUT .=<<_EOF;
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
_EOF
}
}
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud
{
my $access = $nextcloud{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $authtype = $nextcloud{'Authentication'} || 'none';
my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
'Alias /nextcloud /usr/share/nextcloud' : '';
my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
my $maxpost = $maxupload+1;
$maxupload .= 'M';
$maxpost .= 'M';
my $auth = '';
if ($authtype eq 'http'){
$auth =<<'EOF';
<FilesMatch "^(admin|rest)\.php">
SSLRequireSSL on
AuthName "nextcloud"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
</FilesMatch>
EOF
}
if ($nextcloud{'status'} eq 'enabled'){
my $php =<<_EOF;
AddType application/x-httpd-php .php
php_admin_flag file_upload On
php_admin_flag magic_quotes Off
php_admin_flag magic_quotes_gpc Off
php_admin_value upload_max_filesize $maxupload
php_admin_value post_max_size $maxpost
php_admin_value memory_limit 512M
php_admin_flag output_buffering Off
php_admin_value max_execution_time 0
php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
php_admin_value session.save_path /var/lib/nextcloud/tmp
php_admin_value session.gc_maxlifetime 86400
php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
_EOF
if ($fastcgi_mod eq 'mod_fastcgi'){
$php = " AddHandler phpnextcloud-fastcgi .php\n";
}
elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
$php =<<'_EOF';
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
</FilesMatch>
_EOF
}
my $config =<<_EOF;
<Directory "/usr/share/nextcloud">
Options +FollowSymLinks
AllowOverride All
$php
order deny,allow
deny from all
allow from $allow
$auth
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/share/nextcloud
SetEnv HTTP_HOME /usr/share/nextcloud
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
</Directory>
<Directory "/home/e-smith/files/nextcloud/data/">
# just in case if .htaccess gets disabled
deny from all
</Directory>
_EOF
$OUT .=<<"END"
# nextcloud Configuration
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
$alias
$config
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
END
}
else{
$OUT .= "# nextcloud is disabled\n";
}
}
Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib
Create and use my own pool
using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:
db php set MYPOOLNAME pool Version 72 status enabled
here are the accepted supplementary properties, as always missing or empty means using default.
| property | default | values | information |
|---|---|---|---|
| status | enabled | enabled,disabled | |
| MemoryLimit | 128M | ||
| MaxExecutionTime | 30 | ||
| MaxInputTime | 60 | ||
| AllowUrlFopen | off | ||
| MaxChildren | 15 | ||
| PostMaxSize | 10M | ||
| UploadMaxFilesize | 10M | ||
| file_upload | enabled | ||
| OpenBasedir | |||
| DisableFunctions | system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd | ||
| User | www | ||
| Group | www | ||
| DisplayErrors | disabled | ||
| LogErrors | disabled |
you will then need two httpd.conf custom template fragment to use your pool. You will need to change VERSION and MYPOOL to what you want
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/68FastCGIConfig15myphppool
Action phpMYPOOL-fastcgi /php-cgi-bin/phpMYPOOL-wrapper
Alias /php-cgi-bin/phpMYPOOL-wrapper /var/www/php-cgi-bin/phpMYPOOL-wrapper
FastCgiExternalServer /var/www/php-cgi-bin/phpMYPOOL-wrapper -socket /var/run/php-fpm/phpVERSION-MYPOOL.sock -pass-header Authorization -idle-timeout 120mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
<Directory "/home/e-smith/ibays/Primary/html/myfolder">
Options +FollowSymLinks
AllowOverride All
AddHandler phpMYPOOL-fastcgi .php\n";
</Directory>
Uninstall
yum remove smeserver-php-fpm php-fpm
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-php-fpm component or use this link
Below is an overview of the current issues for this contrib:
Changelog
Only released version in smecontrib are listed here.
