Difference between revisions of "Php-fpm"

From SME Server
Jump to navigationJump to search
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
{{Warning box|This page is for SME v9 and is now deprecated and for reference only.
 +
v10 uses systemd. See https://wiki.koozali.org/PHP
 +
if you search to write your own contrib using php-fpm follow  [[Building_Your_Contrib#PHP-FPM]]}}
 +
 
{{Languages}}
 
{{Languages}}
 
<!-- here we define the contrib name variable -->
 
<!-- here we define the contrib name variable -->
Line 13: Line 17:
 
|licence=  
 
|licence=  
 
|url= https://wiki.contribs.org
 
|url= https://wiki.contribs.org
|category= Category you want
+
|category=  
 
|tags=php,fpm
 
|tags=php,fpm
 
}}
 
}}
Line 22: Line 26:
  
 
=== Version ===
 
=== Version ===
 +
 +
{{Warning box|DO NOT USE ON v10.
 +
SME v9 is no longer supported. v10 has php-fpm built in.
 +
Please refer to this page for more information.<br>
 +
https://wiki.koozali.org/PHP}}
 +
 +
 
<!-- keep this first element as is, you can add some if needed -->
 
<!-- keep this first element as is, you can add some if needed -->
{{#smeversion: {{#var:smecontribname}} }}
+
{{#smeversion: smeserver-php-fpm }}
{{#smeversion: {{#var:contribname}} }}
+
 
  
 
=== Description ===
 
=== Description ===
Line 40: Line 51:
 
signal-event webapps-update
 
signal-event webapps-update
 
service php-fpm start
 
service php-fpm start
service php-56 start
+
service php56-php-fpm start
service php-70 start
+
service php70-php-fpm start
service php-71 start
+
service php71-php-fpm start
service php-72 start
+
service php72-php-fpm start
service php-73 start
+
service php73-php-fpm start
  
 
</syntaxhighlight>
 
</syntaxhighlight>
Line 262: Line 273:
 
     $php =<<'_EOF';
 
     $php =<<'_EOF';
 
     <FilesMatch \.php$>
 
     <FilesMatch \.php$>
         SetHannextclouder "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
+
         SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
 
     </FilesMatch>
 
     </FilesMatch>
 
_EOF
 
_EOF
 
   }
 
   }
 +
 +
my $config =<<_EOF;
 +
  <Directory "/usr/share/nextcloud">
 +
    Options +FollowSymLinks
 +
    AllowOverride All
 +
$php
 +
    order deny,allow
 +
    deny from all
 +
    allow from $allow
 +
$auth
 +
 +
    <IfModule mod_dav.c>
 +
      Dav off
 +
    </IfModule>
 +
 +
    SetEnv HOME /usr/share/nextcloud
 +
    SetEnv HTTP_HOME /usr/share/nextcloud
 +
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
 +
  </Directory>
 +
 +
  <Directory "/home/e-smith/files/nextcloud/data/">
 +
    # just in case if .htaccess gets disabled
 +
    deny from all
 +
  </Directory>
 +
_EOF
 +
 +
 +
$OUT .=<<"END"
 +
# nextcloud Configuration
 +
<IfModule mod_headers.c>
 +
  Header always set Strict-Transport-Security "max-age=15552000"
 +
</IfModule>
 +
$alias
 +
 +
$config
 +
 +
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
 +
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
 +
 +
 +
END
 +
}
 +
else{
 +
    $OUT .= "# nextcloud is disabled\n";
 +
}
 +
}
  
 
</syntaxhighlight>Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.
 
</syntaxhighlight>Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.
  
 
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib
 
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib
 +
 +
{{Warning box|On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services.
 +
So pay attention you need to start if not already started on initial install.}}
  
 
=== Create and use my own pool ===
 
=== Create and use my own pool ===
Line 321: Line 381:
 
|
 
|
 
|-
 
|-
|DisableFunctions
+
|DisabledFunctions
|system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
+
|system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
 
|
 
|
 
|-
 
|-
Line 341: Line 401:
 
|
 
|
 
|}
 
|}
you will then need a httpd.conf template fragment to use your pool.
+
you will then need two httpd.conf custom template fragment to use your pool. You will need to change  '''MYPOOL''' to what you want<syntaxhighlight lang="bash">
 +
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
 +
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
 +
</syntaxhighlight><syntaxhighlight lang="perl">
 +
<Directory /home/e-smith/files/ibays/test/html>
 +
    SSLRequireSSL
 +
    Options None
 +
    Options +Indexes
 +
    Options +FollowSymLinks
 +
    DirectoryIndex index.php index.shtml index.htm index.html
 +
    AddHandler phpMYPOOL-fastcgi .php
 +
    AllowOverride All
 +
    order deny,allow
 +
    deny from all
 +
    allow from all
 +
</Directory>
 +
 
 +
</syntaxhighlight>then just do signal-event webapps-update
  
 
=== Uninstall ===
 
=== Uninstall ===
Line 359: Line 436:
  
 
<!-- list of category you want to see this page in -->
 
<!-- list of category you want to see this page in -->
[[Category: Contrib]]
+
[[Category: Deprecated_Contrib]]
 
<!-- Please keep there the template revision  number as is -->
 
<!-- Please keep there the template revision  number as is -->

Latest revision as of 22:30, 4 February 2023

Warning.png Warning:
This page is for SME v9 and is now deprecated and for reference only.

v10 uses systemd. See https://wiki.koozali.org/PHP if you search to write your own contrib using php-fpm follow Building_Your_Contrib#PHP-FPM






php-fpm
NeedImage.svg
php-fpm logo
Maintainervip-ire
Urlhttps://wiki.contribs.org
Tags phpfpm


Maintainer

Daniel

Version

Warning.png Warning:
DO NOT USE ON v10.

SME v9 is no longer supported. v10 has php-fpm built in. Please refer to this page for more information.
https://wiki.koozali.org/PHP



Contrib 9:
smeserver-php-fpm
The latest version of smeserver-php-fpm is available in the SME repository, click on the version number(s) for more information.



Description

This contribs allow you to run php-fpm for php version from 5.6 to 7.3 on CentOS 6 (SME9). This contrib will likely not be needed directly for your own usage, unless you know what you want to do with it, but rather called by another contribs needing a specific version of php running.


Installation

yum --enablerepo=smecontribs install smeserver-php-fpm

you then need to issue the usual

signal-event post-upgrade; signal-event reboot

or you can do

signal-event webapps-update
service php-fpm start
service php56-php-fpm start
service php70-php-fpm start
service php71-php-fpm start
service php72-php-fpm start
service php73-php-fpm start

Configuration

you can list the available configuration with the following command :

config show php-fpm
config show php56-php-fpm
config show php70-php-fpm
config show php71-php-fpm
config show php72-php-fpm
config show php73-php-fpm

Some of the properties are not shown, but are defaulted in a template or a script. You can set those values for the php-fpm version you want, or you can set it against a particular share folder. Empty or missing property in the db means default value is used.

Here a more comprehensive list with default and expected values :

property default values
status enabled enabled,disabled
MemoryLimit 128M
MaxExecutionTime 30
MaxInputTime 60
AllowUrlFopen off
MaxChildren 15
PostMaxSize 10M
UploadMaxFilesize 10M
OpenBasedir
DisableFunctions system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
config setprop php72-phpfpm  PHPMemoryLimit 256M
signal-event webapps-update

more values specifics for shares:

property default values information
PHPVersion 56,70,71,72,73 should be set one value
PHPCustomPool string use of a custom pool defined elsewhere, see use my own pool section. Keep it empty to use the share specific pool.
DynamicContent disabled enabled,disabled need to be enabled
db accounts setprop SHARENAME PHPVersion 72 PHPMemoryLimit 256M
signal-event webapps-update

For contribs creators

you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.

vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud

{

if ($PHP_VERSION eq '71'){
  if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
    my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
    $max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
    my $memory_limit = ($nextcloud{MemoryLimit} || '512M');
    $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
    my $id = 'nextcloud';
    $OUT .=<<_EOF;

[php$PHP_VERSION-$id]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
php_admin_value[session.save_path] = /var/lib/php/$id/session
php_admin_value[session.gc_maxlifetime] = 86400
php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
php_admin_value[error_log] = /var/log/php/$id/error.log
slowlog = /var/log/php/nextcloud/slow.log
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = $memory_limit
php_admin_value[max_execution_time] = 3600
php_admin_value[post_max_size] = $max_upload_size
php_admin_value[upload_max_filesize] = $max_upload_size
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_upload] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_hannextclouder] = files
php_admin_flag[output_buffering] = off

_EOF

  }
  else{
    $OUT .= '; Nextcloud is disabled';
  }
}

you will also need two httpd.conf template fragment: vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud

{
if ($fastcgi_mod eq 'mod_fastcgi'){
  $OUT .=<<_EOF;
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
_EOF
}
}

vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud

{
my $access = $nextcloud{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $authtype = $nextcloud{'Authentication'} || 'none';

my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
    'Alias /nextcloud /usr/share/nextcloud' : '';

my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
my $maxpost = $maxupload+1;
$maxupload .= 'M';
$maxpost .= 'M';

my $auth = '';
if ($authtype eq 'http'){
    $auth =<<'EOF';
    <FilesMatch "^(admin|rest)\.php">
        SSLRequireSSL on
        AuthName "nextcloud"
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user
    </FilesMatch>
EOF
}

if ($nextcloud{'status'} eq 'enabled'){

  my $php =<<_EOF;
    AddType application/x-httpd-php .php
    php_admin_flag file_upload On
    php_admin_flag magic_quotes Off
    php_admin_flag magic_quotes_gpc Off
    php_admin_value upload_max_filesize $maxupload
    php_admin_value post_max_size $maxpost
    php_admin_value memory_limit 512M
    php_admin_flag output_buffering Off
    php_admin_value max_execution_time 0
    php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
    php_admin_value session.save_path /var/lib/nextcloud/tmp
    php_admin_value session.gc_maxlifetime 86400
    php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
_EOF
  if ($fastcgi_mod eq 'mod_fastcgi'){
    $php = "    AddHandler phpnextcloud-fastcgi .php\n";
  }
  elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
    $php =<<'_EOF';
     <FilesMatch \.php$>
         SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
     </FilesMatch>
_EOF
  }

my $config =<<_EOF;
  <Directory "/usr/share/nextcloud">
    Options +FollowSymLinks
    AllowOverride All
$php
    order deny,allow
    deny from all
    allow from $allow
$auth

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    SetEnv HOME /usr/share/nextcloud
    SetEnv HTTP_HOME /usr/share/nextcloud
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
  </Directory>

  <Directory "/home/e-smith/files/nextcloud/data/">
    # just in case if .htaccess gets disabled
    deny from all
  </Directory>
_EOF


$OUT .=<<"END"
# nextcloud Configuration
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
$alias

$config

Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav


END
}
else{
    $OUT .= "# nextcloud is disabled\n";
}
}

Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.

You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib


Warning.png Warning:
On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services.

So pay attention you need to start if not already started on initial install.


Create and use my own pool

using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:

db php set MYPOOLNAME pool Version 72 status enabled

here are the accepted supplementary properties, as always missing or empty means using default.

property default values information
status enabled enabled,disabled
MemoryLimit 128M
MaxExecutionTime 30
MaxInputTime 60
AllowUrlFopen off
MaxChildren 15
PostMaxSize 10M
UploadMaxFilesize 10M
file_upload enabled
OpenBasedir
DisabledFunctions system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
User www
Group www
DisplayErrors disabled
LogErrors disabled

you will then need two httpd.conf custom template fragment to use your pool. You will need to change MYPOOL to what you want

mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
<Directory /home/e-smith/files/ibays/test/html>
    SSLRequireSSL
    Options None
    Options +Indexes
    Options +FollowSymLinks
    DirectoryIndex index.php index.shtml index.htm index.html
    AddHandler phpMYPOOL-fastcgi .php
    AllowOverride All
    order deny,allow
    deny from all
    allow from all
</Directory>

then just do signal-event webapps-update

Uninstall

yum remove smeserver-php-fpm  php-fpm

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-php-fpm component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.