Difference between revisions of "PHP"
m |
|||
(8 intermediate revisions by 4 users not shown) | |||
Line 25: | Line 25: | ||
|php55 | |php55 | ||
|customization of /opt/remi/php55/root/etc/php.ini | |customization of /opt/remi/php55/root/etc/php.ini | ||
− | | rowspan=" | + | | rowspan="11" |if no properties defined, will use php keys properties |
|- | |- | ||
|php56 | |php56 | ||
Line 47: | Line 47: | ||
|php80 | |php80 | ||
|customization of /etc/opt/remi/php80/php.ini | |customization of /etc/opt/remi/php80/php.ini | ||
+ | |- | ||
+ | |php81 | ||
+ | |customization of /etc/opt/remi/php81/php.ini | ||
+ | |- | ||
+ | |php82 | ||
+ | |customization of /etc/opt/remi/php82/php.ini | ||
+ | |- | ||
+ | |php83 | ||
+ | |customization of /etc/opt/remi/php83/php.ini | ||
|} | |} | ||
Every version of php has its own php-fpm service running, the related configuration db entry is (as shown in the Table above) php-fpm for php (ie php54), php55-php-fpm for php55 and so on. | Every version of php has its own php-fpm service running, the related configuration db entry is (as shown in the Table above) php-fpm for php (ie php54), php55-php-fpm for php55 and so on. | ||
Line 239: | Line 248: | ||
After that issue the following commands: | After that issue the following commands: | ||
− | signal-event webapps- | + | signal-event webapps-update |
Line 291: | Line 300: | ||
From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. The symptoms observed are that you can't upload contents to the PHP application. | From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. The symptoms observed are that you can't upload contents to the PHP application. | ||
− | An easy resolution is to make a Custom Template to resolve this issue. See [[Uploadtmpdir]] | + | An easy resolution is to make a Custom Template to resolve this issue. See [[Uploadtmpdir]]. |
=== Advanced use of the php-fpm pools === | === Advanced use of the php-fpm pools === | ||
Line 461: | Line 470: | ||
</syntaxhighlight>This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay. | </syntaxhighlight>This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay. | ||
− | ===Installation of | + | ===Installation of Composer=== |
This is made tricky as we do not have the PHP CLI configured. | This is made tricky as we do not have the PHP CLI configured. | ||
− | But we can install it as follows with command line arguments. This is using | + | But we can install it as follows with command line arguments. This is using php7. Check the latest hash file as this changes. |
Download: | Download: | ||
php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" | php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" | ||
+ | |||
+ | Hash check: | ||
+ | php74 -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" | ||
Install: | Install: | ||
− | php74 -d allow_url_fopen=on ./composer-setup.php | + | php74 -d allow_url_fopen=on ./composer-setup.php |
+ | |||
+ | === Bash script=== | ||
+ | |||
+ | Add the code: | ||
+ | |||
+ | nano composer.install | ||
+ | |||
+ | Paste this: | ||
+ | |||
+ | if [ ! -d '/tmp/compose' ]; then | ||
+ | /usr/bin/mkdir -p /tmp/compose | ||
+ | cd /tmp/compose | ||
+ | else | ||
+ | cd /tmp/compose | ||
+ | fi | ||
+ | |||
+ | # Get the setup file | ||
+ | /usr/bin/php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', '/tmp/compose/composer-setup.php');" | ||
+ | |||
+ | # Hash check | ||
+ | /usr/bin/php74 -r "if (hash_file('sha384', '/tmp/compose/composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('/tmp/compose/composer-setup.php'); } echo PHP_EOL;" | ||
+ | |||
+ | # Install | ||
+ | /usr/bin/php74 -d allow_url_fopen=on /tmp/compose/composer-setup.php | ||
+ | mv /tmp/compose/composer.phar /usr/local/bin/composer | ||
+ | |||
+ | # Tidy | ||
+ | rm -rf /tmp/compose | ||
+ | |||
+ | Save and exit. | ||
+ | |||
+ | Run it: | ||
+ | |||
+ | chmod 0700 composer.install | ||
+ | ./composer.install | ||
+ | |||
+ | Check ths file is there: | ||
+ | |||
+ | ll /usr/local/bin/composer | ||
+ | |||
+ | Use with | ||
+ | |||
+ | php74 composer <blah> | ||
=== Bugs === | === Bugs === | ||
Line 481: | Line 536: | ||
[[Category: Howto]] | [[Category: Howto]] | ||
+ | [[Category: Webapps]] |
Latest revision as of 14:50, 17 July 2024
Starting with SME 10, the php module is no longer used for httpd. Instead we rely on php-fpm which can enable every available version of php.
By default we provide the following versions:
- 54 (maintained by Red-Hat up to CentOS 7 EOL: 30 Jun 2024).
- 55,56,70,71,72 (Note: unsupported!).
- 73 (supported up to 6 Dec 2021).
- 74 (supported up to 28 Nov 2022).
- 80 (supported up to 26 Nov 2023).
db keys available to control php configuration and services
First you need to decide if you want to alter the php behaviour for an ibay or for a specific php version, of for all php versions.
keys | role | |
---|---|---|
php | customization of /etc/php.ini | for php54 |
php55 | customization of /opt/remi/php55/root/etc/php.ini | if no properties defined, will use php keys properties |
php56 | customization of /opt/remi/php56/root/etc/php.ini | |
php70 | customization of /etc/opt/remi/php70/php.ini | |
php71 | customization of /etc/opt/remi/php71/php.ini | |
php72 | customization of /etc/opt/remi/php72/php.ini | |
php73 | customization of /etc/opt/remi/php73/php.ini | |
php74 | customization of /etc/opt/remi/php74/php.ini | |
php80 | customization of /etc/opt/remi/php80/php.ini | |
php81 | customization of /etc/opt/remi/php81/php.ini | |
php82 | customization of /etc/opt/remi/php82/php.ini | |
php83 | customization of /etc/opt/remi/php83/php.ini |
Every version of php has its own php-fpm service running, the related configuration db entry is (as shown in the Table above) php-fpm for php (ie php54), php55-php-fpm for php55 and so on.
If you really want to disable one version of php, shown below is what you need to do for php55, as an example:
config setprop php55-php-fpm status disabled signal-event webapps-update
Available properties
Here is a list of available properties to configure php. You have to choose at which level you want to handle the change.
- Do you want the change for the whole server? -- then probably choose to change it for key php): db configuration setprop php ...
- Do you want the change for a specific version of php? -- then you should probably do it against a specific php key e.g. : db configuration setprop php74 ...
- Do you want to apply the change for a specific ibay? -- this is what we suggest you to do in most cases: db accounts setprop myibay ..
php setting | ibay property | php.ini property | default | note |
---|---|---|---|---|
- | PHPVersion | - | 74 | can vary upon update if left empty |
allow_url_fopen | AllowUrlFopen | AllowUrlFopen | off | unsecure keep to off |
allow_url_include | - | - | off | |
auto_prepend_file | AutoPrependFile | - | enabled | /usr/share/php/auth_translation.php unless disabled |
disable_functions | DisableFunctions | - | system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd | |
display_errors | DisplayErrors | - | off | |
error_log | - | - | /var/log/php/$key/error.log | |
error_reporting | ErrorReporting | - | E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT | |
expose_php | - | ExposePHP | Off | |
file_upload | FileUpload | - | Off | |
mail.add_x_header | - | MailAddXHeader | disabled | only global, not per php version |
mail.force_extra_parameters | MailForceSender | MailForceSender | root@$DomainName | ibayname@$DomainName for ibays |
mail.log | - | MailLog | disabled | |
max_execution_time | MaxExecutionTime | MaxExecutionTime | 30 | |
max_file_uploads | - | MaxFileUpload | 20 | |
max_input_time | MaxInputTime | MaxInputTime | 60 | |
memory_limit | MemoryLimit | MemoryLimit | 128M | |
open_basedir | PHPBaseDir | - | /home/e-smith/files/ibays/IBAYNAME/:/var/lib/php/IBAYNAME/:/usr/share/php/:/usr/share/pear/:/opt/remi/php$version/root/usr/share/pear/:/opt/remi/php$version/root/usr/share/php/ | |
post_max_size | PostMaxSize | PostMaxSize | 20M | |
security.limit_extensions | AllowPHTML | disabled | allow php to interprete more file (.php .htm .html .phar .phtml .xml) | |
sendmail_from | - | MailForceSender | root@$DomainName | |
sendmail_path | - | SendmailPath | /usr/sbin/sendmail -t -i | |
short_open_tag | - | ShortOpenTag | On | |
upload_max_filesize | UploadMaxFilesize | UploadMaxFilesize | 10M |
if you want to set a specific value for an ibay, here we show how to use php80 for ibay MYIBAY and avoid having any disabled function:
db accounts setprop MYIBAY disable_functions none PHPVersion 80 signal-event webapps-update
Display Error Messages
By default PHP does not display error messages on screen. Sometimes you get a blank page when executing PHP scripts. Usually some sort of error has occurred, but this error text will not be displayed as SME Server is configured to not display them. Instead the error messages are reported to the log files of the webserver and the general logfile of the server.
Try to analyze your logfiles: /var/log/httpd/error_log and /var/log/httpd/access_log and perhaps also /var/log/messages.
Enable changes for all php versions
If you (for debugging purposes for instance) would like to enable it you can do it with the instructions found below:
mkdir -p /etc/e-smith/templates-custom/etc/php.ini cp /etc/e-smith/templates/etc/php.ini/30ErrorHandling /etc/e-smith/templates-custom/etc/php.ini
After that:
sed -i /etc/e-smith/templates-custom/etc/php.ini/30ErrorHandling -e 's/display_errors.*/display_errors = On/g'
After that issue the following commands:
signal-event webapps-update
Now access your page again and see what the error is.
Undo Changes
If everything works you remove the 30ErrorHandling file from the /etc/e-smith/templates-custom/etc/php.ini folder and issue the last two lines again:
signal-event webapps-update
Enable changes for a specific ibay
Starting SME10 and smeserver-php-3.0.0-39
db accounts setprop MYIBAY DisplayErrors enabled signal-event webapps-update
Open basedir restriction
SME Server has a security measure in place which is called 'open basedir restriction'. This measure prevents PHP from executing or invoking other PHP scripts outside the scope of its own tree; in other words it creates a 'sandbox' or 'jail'.
Overall configuration is defined in the php.ini file but you can add an override on a per ibay basis.
Error message
The PHP open basedir restriction is usually presented to the user like this in the /var/log/messages file:
Aug 12 17:27:42 homer httpd: PHP Warning: main(): open_basedir restriction in effect. File(/tmp/test.php) is not within the allowed path(s): (/home/e-smith/files/ibays/Primary/html/) in /home/e-smith/files/ibays/Primary/html/test.php on line 2
In general you will find this message in the log files only as by default PHP is configured to prevent the display of error messages to the end users. This can be changed as per this HowTo.
Modifying the PHPBaseDir setting for an ibay
-
(Please also see: these instructions on the Useful_Commands page.)
- Open a SME Server shell as root user and document the current setting of the PHPBaseDir directive by writing down the output of the following command: db accounts getprop ibayname PHPBaseDir Be careful to write it down to the letter as we need it in the next step. For the Primary ibay the ouptut of above command would normally look like this: /home/e-smith/files/ibays/Primary/html/
- Decide on what directory you would like to add and issue the following: db accounts setprop ibayname PHPBaseDir value Replace ibayname with the name of the ibay and value with the old value for the PHPBaseDir directive you have written down and a colon (:) followed by the full path to the directory you would like to add with a tailing slash (/), e.g. db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/html/:/opt/gallery2/ Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP. To allow uploading of files to via http to a ibay name wiki: db accounts setprop wiki PHPBaseDir /home/e-smith/files/ibays/wiki/:/tmp/
- After defining the new setting we need to reflect the change in the configuration file of the web server and have the web server reload it's configuration file. This is done by issuing the following command: signal-event ibay-modify ibayname Be sure to replace ibayname with the name of the ibay you have just modified.
Upload_tmp_dir
upload_tmp_dir
From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see bugzilla:6650 and bugzilla:7652. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. The symptoms observed are that you can't upload contents to the PHP application.
An easy resolution is to make a Custom Template to resolve this issue. See Uploadtmpdir.
Advanced use of the php-fpm pools
For the ibays with php-fpm.d/ibays.conf
For the ibays better option is to simply use the contrib Webhosting.
Similar to ibays.
For the contribs with php-fpm.d/www.conf
Please read Building Your Contrib.
For your custom needs with php-fpm.d/custom.conf
You can build your own pool to use in any place on your server, even in a subfolder of an ibay or in place of the regular ibay php-pool (property PHPCustomPool).
There are two ways in doing that:
using db php
Using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:
db php set MYPOOLNAME pool Version 81 status enabled
here are the accepted supplementary properties, as always missing or empty means using default.
property | default | values | information |
---|---|---|---|
status | enabled | enabled,disabled | |
Version | php version to use eg 80 for php 8.0 | ||
MemoryLimit | 128M | ||
MaxExecutionTime | 30 | ||
MaxInputTime | 60 | ||
AllowUrlFopen | off | ||
MaxChildren | 15 | ||
PostMaxSize | 10M | ||
UploadMaxFilesize | 10M | ||
FileUpload | enabled | ||
BaseDir | |||
DisabledFunctions | system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd | ||
User | www | ||
Group | www | ||
DisplayErrors | disabled | ||
LogErrors | disabled | ||
MaxChildren | 15 | ||
AutoPrependFile | enabled | will use the autoprepend file | |
MailForceSender | php\@$DomainName |
You will then need two httpd.conf custom template fragment to use your pool. You will need to change MYPOOL to what you want
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
<Directory /home/e-smith/files/ibays/test/html/mysubfolder> SSLRequireSSL Options None Options +Indexes Options +FollowSymLinks DirectoryIndex index.php index.shtml index.htm index.html <FilesMatch \.php$> SetHandler "proxy:unix:/var/run/php-fpm/php80-MYPOOLNAME.sock|fcgi://localhost" </FilesMatch> AllowOverride All order deny,allow deny from all allow from all </Directory>
Then just do:
signal-event webapps-update
using a templates-custom
You can write your own fragment in /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/ e.g. /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/15mypool
You will also need to write a httpd fragment similarly to what shown just above.
Here is an example if you want a custom pool for your ibay, in /etc/e-smith/templates-custom/etc/php-fpm.d/ibays.conf/15MYIBAY
{
use esmith::AccountsDB;
use esmith::php;
my $a = esmith::AccountsDB->open_ro || die "Couldn't open the accounts database";
my $ibay = $a->get("MYIBAY");
my $version = PhpFpmVersionToUse($ibay);
my $dynamic = $ibay->prop('CgiBin') || 'disabled';
my $custom = $ibay->prop('CustomPool') || undef;
next unless ($dynamic eq 'enabled' && $version eq $PHP_VERSION && $custom);
my $key = $ibay->key;
my $name = lc $key;
my $pool_name = 'php' . $version . '-' . $name;
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);
[$pool_name]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/$pool_name.sock
;
;
;put whatever you need there
;
;
_EOF
}
You have then to force the ibay to use it by doing :
db accounts MYIBAY setprop CustomPool enabled
This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay.
Installation of Composer
This is made tricky as we do not have the PHP CLI configured.
But we can install it as follows with command line arguments. This is using php7. Check the latest hash file as this changes.
Download:
php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
Hash check:
php74 -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
Install:
php74 -d allow_url_fopen=on ./composer-setup.php
Bash script
Add the code:
nano composer.install
Paste this:
if [ ! -d '/tmp/compose' ]; then /usr/bin/mkdir -p /tmp/compose cd /tmp/compose else cd /tmp/compose fi # Get the setup file /usr/bin/php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', '/tmp/compose/composer-setup.php');" # Hash check /usr/bin/php74 -r "if (hash_file('sha384', '/tmp/compose/composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('/tmp/compose/composer-setup.php'); } echo PHP_EOL;" # Install /usr/bin/php74 -d allow_url_fopen=on /tmp/compose/composer-setup.php mv /tmp/compose/composer.phar /usr/local/bin/composer
# Tidy rm -rf /tmp/compose
Save and exit.
Run it:
chmod 0700 composer.install ./composer.install
Check ths file is there:
ll /usr/local/bin/composer
Use with
php74 composer <blah>
Bugs
Please raise bugs under the SME-Server 10.X section in Bugzilla and select the smeserver-php component or use this link .
Below is an overview of the current issues for this package: