Difference between revisions of "Php-fpm"
Unnilennium (talk | contribs) |
Unnilennium (talk | contribs) |
||
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | {{Warning box|This page is for SME v9 and is now deprecated and for reference only. | ||
+ | v10 uses systemd. See https://wiki.koozali.org/PHP | ||
+ | if you search to write your own contrib using php-fpm follow [[Building_Your_Contrib#PHP-FPM]]}} | ||
+ | |||
{{Languages}} | {{Languages}} | ||
<!-- here we define the contrib name variable --> | <!-- here we define the contrib name variable --> | ||
Line 13: | Line 17: | ||
|licence= | |licence= | ||
|url= https://wiki.contribs.org | |url= https://wiki.contribs.org | ||
− | |category= | + | |category= |
|tags=php,fpm | |tags=php,fpm | ||
}} | }} | ||
Line 22: | Line 26: | ||
=== Version === | === Version === | ||
+ | |||
+ | {{Warning box|DO NOT USE ON v10. | ||
+ | SME v9 is no longer supported. v10 has php-fpm built in. | ||
+ | Please refer to this page for more information.<br> | ||
+ | https://wiki.koozali.org/PHP}} | ||
+ | |||
+ | |||
<!-- keep this first element as is, you can add some if needed --> | <!-- keep this first element as is, you can add some if needed --> | ||
− | {{#smeversion: | + | {{#smeversion: smeserver-php-fpm }} |
− | + | ||
=== Description === | === Description === | ||
Line 40: | Line 51: | ||
signal-event webapps-update | signal-event webapps-update | ||
service php-fpm start | service php-fpm start | ||
− | service php- | + | service php56-php-fpm start |
− | service php- | + | service php70-php-fpm start |
− | service php- | + | service php71-php-fpm start |
− | service php- | + | service php72-php-fpm start |
− | service php- | + | service php73-php-fpm start |
</syntaxhighlight> | </syntaxhighlight> | ||
Line 262: | Line 273: | ||
$php =<<'_EOF'; | $php =<<'_EOF'; | ||
<FilesMatch \.php$> | <FilesMatch \.php$> | ||
− | + | SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost" | |
</FilesMatch> | </FilesMatch> | ||
_EOF | _EOF | ||
} | } | ||
+ | |||
+ | my $config =<<_EOF; | ||
+ | <Directory "/usr/share/nextcloud"> | ||
+ | Options +FollowSymLinks | ||
+ | AllowOverride All | ||
+ | $php | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | allow from $allow | ||
+ | $auth | ||
+ | |||
+ | <IfModule mod_dav.c> | ||
+ | Dav off | ||
+ | </IfModule> | ||
+ | |||
+ | SetEnv HOME /usr/share/nextcloud | ||
+ | SetEnv HTTP_HOME /usr/share/nextcloud | ||
+ | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1 | ||
+ | </Directory> | ||
+ | |||
+ | <Directory "/home/e-smith/files/nextcloud/data/"> | ||
+ | # just in case if .htaccess gets disabled | ||
+ | deny from all | ||
+ | </Directory> | ||
+ | _EOF | ||
+ | |||
+ | |||
+ | $OUT .=<<"END" | ||
+ | # nextcloud Configuration | ||
+ | <IfModule mod_headers.c> | ||
+ | Header always set Strict-Transport-Security "max-age=15552000" | ||
+ | </IfModule> | ||
+ | $alias | ||
+ | |||
+ | $config | ||
+ | |||
+ | Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav | ||
+ | Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav | ||
+ | |||
+ | |||
+ | END | ||
+ | } | ||
+ | else{ | ||
+ | $OUT .= "# nextcloud is disabled\n"; | ||
+ | } | ||
+ | } | ||
</syntaxhighlight>Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use. | </syntaxhighlight>Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use. | ||
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib | You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib | ||
+ | |||
+ | {{Warning box|On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services. | ||
+ | So pay attention you need to start if not already started on initial install.}} | ||
=== Create and use my own pool === | === Create and use my own pool === | ||
Line 321: | Line 381: | ||
| | | | ||
|- | |- | ||
− | | | + | |DisabledFunctions |
− | |system,show_source, | + | |system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd |
| | | | ||
|- | |- | ||
Line 341: | Line 401: | ||
| | | | ||
|} | |} | ||
− | you will then need | + | you will then need two httpd.conf custom template fragment to use your pool. You will need to change '''MYPOOL''' to what you want<syntaxhighlight lang="bash"> |
+ | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ | ||
+ | vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage | ||
+ | </syntaxhighlight><syntaxhighlight lang="perl"> | ||
+ | <Directory /home/e-smith/files/ibays/test/html> | ||
+ | SSLRequireSSL | ||
+ | Options None | ||
+ | Options +Indexes | ||
+ | Options +FollowSymLinks | ||
+ | DirectoryIndex index.php index.shtml index.htm index.html | ||
+ | AddHandler phpMYPOOL-fastcgi .php | ||
+ | AllowOverride All | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | allow from all | ||
+ | </Directory> | ||
+ | |||
+ | </syntaxhighlight>then just do signal-event webapps-update | ||
=== Uninstall === | === Uninstall === | ||
Line 359: | Line 436: | ||
<!-- list of category you want to see this page in --> | <!-- list of category you want to see this page in --> | ||
− | [[Category: | + | [[Category: Deprecated_Contrib]] |
<!-- Please keep there the template revision number as is --> | <!-- Please keep there the template revision number as is --> |
Latest revision as of 22:30, 4 February 2023
Maintainer
Version
Description
This contribs allow you to run php-fpm for php version from 5.6 to 7.3 on CentOS 6 (SME9). This contrib will likely not be needed directly for your own usage, unless you know what you want to do with it, but rather called by another contribs needing a specific version of php running.
Installation
yum --enablerepo=smecontribs install smeserver-php-fpm
you then need to issue the usual
signal-event post-upgrade; signal-event reboot
or you can do
signal-event webapps-update
service php-fpm start
service php56-php-fpm start
service php70-php-fpm start
service php71-php-fpm start
service php72-php-fpm start
service php73-php-fpm start
Configuration
you can list the available configuration with the following command :
config show php-fpm
config show php56-php-fpm
config show php70-php-fpm
config show php71-php-fpm
config show php72-php-fpm
config show php73-php-fpm
Some of the properties are not shown, but are defaulted in a template or a script. You can set those values for the php-fpm version you want, or you can set it against a particular share folder. Empty or missing property in the db means default value is used.
Here a more comprehensive list with default and expected values :
property | default | values |
---|---|---|
status | enabled | enabled,disabled |
MemoryLimit | 128M | |
MaxExecutionTime | 30 | |
MaxInputTime | 60 | |
AllowUrlFopen | off | |
MaxChildren | 15 | |
PostMaxSize | 10M | |
UploadMaxFilesize | 10M | |
OpenBasedir | ||
DisableFunctions | system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd |
config setprop php72-phpfpm PHPMemoryLimit 256M
signal-event webapps-update
more values specifics for shares:
property | default | values | information |
---|---|---|---|
PHPVersion | 56,70,71,72,73 | should be set one value | |
PHPCustomPool | string | use of a custom pool defined elsewhere, see use my own pool section. Keep it empty to use the share specific pool. | |
DynamicContent | disabled | enabled,disabled | need to be enabled |
db accounts setprop SHARENAME PHPVersion 72 PHPMemoryLimit 256M
signal-event webapps-update
For contribs creators
you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.
vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud
{
if ($PHP_VERSION eq '71'){
if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
$max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
my $memory_limit = ($nextcloud{MemoryLimit} || '512M');
$memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
my $id = 'nextcloud';
$OUT .=<<_EOF;
[php$PHP_VERSION-$id]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
php_admin_value[session.save_path] = /var/lib/php/$id/session
php_admin_value[session.gc_maxlifetime] = 86400
php_admin_value[opcache.file_cache] = /var/lib/php/$id/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
php_admin_value[error_log] = /var/log/php/$id/error.log
slowlog = /var/log/php/nextcloud/slow.log
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = $memory_limit
php_admin_value[max_execution_time] = 3600
php_admin_value[post_max_size] = $max_upload_size
php_admin_value[upload_max_filesize] = $max_upload_size
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_upload] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_hannextclouder] = files
php_admin_flag[output_buffering] = off
_EOF
}
else{
$OUT .= '; Nextcloud is disabled';
}
}
you will also need two httpd.conf template fragment: vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud
{
if ($fastcgi_mod eq 'mod_fastcgi'){
$OUT .=<<_EOF;
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
_EOF
}
}
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud
{
my $access = $nextcloud{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $authtype = $nextcloud{'Authentication'} || 'none';
my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
'Alias /nextcloud /usr/share/nextcloud' : '';
my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
my $maxpost = $maxupload+1;
$maxupload .= 'M';
$maxpost .= 'M';
my $auth = '';
if ($authtype eq 'http'){
$auth =<<'EOF';
<FilesMatch "^(admin|rest)\.php">
SSLRequireSSL on
AuthName "nextcloud"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
</FilesMatch>
EOF
}
if ($nextcloud{'status'} eq 'enabled'){
my $php =<<_EOF;
AddType application/x-httpd-php .php
php_admin_flag file_upload On
php_admin_flag magic_quotes Off
php_admin_flag magic_quotes_gpc Off
php_admin_value upload_max_filesize $maxupload
php_admin_value post_max_size $maxpost
php_admin_value memory_limit 512M
php_admin_flag output_buffering Off
php_admin_value max_execution_time 0
php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
php_admin_value session.save_path /var/lib/nextcloud/tmp
php_admin_value session.gc_maxlifetime 86400
php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
_EOF
if ($fastcgi_mod eq 'mod_fastcgi'){
$php = " AddHandler phpnextcloud-fastcgi .php\n";
}
elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
$php =<<'_EOF';
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
</FilesMatch>
_EOF
}
my $config =<<_EOF;
<Directory "/usr/share/nextcloud">
Options +FollowSymLinks
AllowOverride All
$php
order deny,allow
deny from all
allow from $allow
$auth
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/share/nextcloud
SetEnv HTTP_HOME /usr/share/nextcloud
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
</Directory>
<Directory "/home/e-smith/files/nextcloud/data/">
# just in case if .htaccess gets disabled
deny from all
</Directory>
_EOF
$OUT .=<<"END"
# nextcloud Configuration
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
$alias
$config
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
END
}
else{
$OUT .= "# nextcloud is disabled\n";
}
}
Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib
Create and use my own pool
using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:
db php set MYPOOLNAME pool Version 72 status enabled
here are the accepted supplementary properties, as always missing or empty means using default.
property | default | values | information |
---|---|---|---|
status | enabled | enabled,disabled | |
MemoryLimit | 128M | ||
MaxExecutionTime | 30 | ||
MaxInputTime | 60 | ||
AllowUrlFopen | off | ||
MaxChildren | 15 | ||
PostMaxSize | 10M | ||
UploadMaxFilesize | 10M | ||
file_upload | enabled | ||
OpenBasedir | |||
DisabledFunctions | system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd | ||
User | www | ||
Group | www | ||
DisplayErrors | disabled | ||
LogErrors | disabled |
you will then need two httpd.conf custom template fragment to use your pool. You will need to change MYPOOL to what you want
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
<Directory /home/e-smith/files/ibays/test/html>
SSLRequireSSL
Options None
Options +Indexes
Options +FollowSymLinks
DirectoryIndex index.php index.shtml index.htm index.html
AddHandler phpMYPOOL-fastcgi .php
AllowOverride All
order deny,allow
deny from all
allow from all
</Directory>
then just do signal-event webapps-update
Uninstall
yum remove smeserver-php-fpm php-fpm
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-php-fpm component or use this link
Below is an overview of the current issues for this contrib:
Changelog
Only released version in smecontrib are listed here.