Changes

3,906 bytes added , 02:49, 15 November 2023

Line 1: Line 1: −

Starting ~~SME10~~ php module is ~~not~~ used ~~anymore~~ for httpd. Instead we rely on php-fpm ~~for~~ every available version of php ~~available. By default we provide the following versions : 54 (base one maintained by Red-Hat), 55, 56, 70, 71, 72, 73, 74, 80~~.

Starting with SME 10, the '''php''' module is no longer used for httpd. Instead we rely on '''php-fpm''' which can enable every available version of php.

−

=== ~~Available properties~~ ===

By default we provide the following versions:

*54 (maintained by Red-Hat up to CentOS 7 EOL: 30 Jun 2024).

*55,56,70,71,72 (Note: unsupported!).

*73 (supported up to 6 Dec 2021).

*74 (supported up to 28 Nov 2022).

*80 (supported up to 26 Nov 2023).

<br />

===db keys available to control php configuration and services===

First you need to decide if you want to alter the php behaviour for an ibay or for a specific php version, of for all php versions.

{| class="wikitable"

Line 15: Line 25:

|php55

|customization of /opt/remi/php55/root/etc/php.ini

−

| rowspan="8" |if no properties defined, will use php keys properties

| rowspan="11" |if no properties defined, will use php keys properties

|php56

Line 37: Line 47:

|php80

|customization of /etc/opt/remi/php80/php.ini

|php81

|customization of /etc/opt/remi/php81/php.ini

|php82

|customization of /etc/opt/remi/php82/php.ini

|php83

|customization of /etc/opt/remi/php83/php.ini

−

Every version of php has its own php-fpm service running, the related configuration db entry is php-fpm for php (ie php54), php55-php-fpm for php55 and so on. If you ~~reallly~~ want to disable one version of php, you need to do for php55

Every version of php has its own php-fpm service running, the related configuration db entry is (as shown in the Table above) php-fpm for php (ie php54), php55-php-fpm for php55 and so on.

If you really want to disable one version of php, shown below is what you need to do for php55, as an example:

config setprop php55-php-fpm status disabled

signal-event webapps-update

−

~~<br />~~

===Available properties===

Here is a list of available properties to configure php. You have to choose at which level you want to handle the change.

*Do you want the change for the whole server? -- then probably choose to change it for key php): db configuration setprop php ...

*Do you want the change for a specific version of php? -- then you should probably do it against a specific php key e.g. : db configuration setprop php74 ...

*Do you want to apply the change for a specific ibay? -- this is what we suggest you to do in most cases: db accounts setprop myibay ..

{| class="wikitable"

Line 58: Line 85:

|allow_url_fopen

−

|~~AllowUrlfOpen~~

|AllowUrlFopen

|off

Line 76: Line 103:

|disable_functions

−

|~~DisabledFunctions~~

|DisableFunctions

| -

|system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd

Line 195: Line 222:

−

if you want to set a specific value for an ibay, here we use php80 for ibay MYIBAY and avoid ~~to have~~ any disabled function:

if you want to set a specific value for an ibay, here we show how to use php80 for ibay MYIBAY and avoid having any disabled function:

db accounts setprop MYIBAY disable_functions none PHPVersion 80

signal-event webapps-update

−

{{Note box|It is ~~highly~~ suggested to install smeserver-webhosting contrib to set your ibay php values from the server-manager. Everything is available and it ~~prevent~~ you from ~~doing any~~ mistake.}}

{{Note box|It is strongly suggested that you install the smeserver-webhosting contrib enabling you to set your ibay php values from the server-manager. Everything is available and it prevents you from making a mistake in the settings.}}

===Display Error Messages===

−

By default PHP does not display error messages on screen. ~~Some times~~ you get a blank page when executing PHP scripts. Usually some sort of error has occurred, but this error text will not be displayed as SME Server is configured to not display them. Instead the error messages are reported to the log files of the webserver and the general logfile of the server.

By default PHP does not display error messages on screen. Sometimes you get a blank page when executing PHP scripts. Usually some sort of error has occurred, but this error text will '''not''' be displayed as SME Server is configured to not display them. Instead the error messages are reported to the log files of the webserver and the general logfile of the server.

Try to analyze your logfiles:

/var/log/httpd/error_log and /var/log/httpd/access_log and perhaps also /var/log/messages.

−

{{Warning box|It is strongly advised to disable display errors after you have tracked and solved the problem, as the displayed error message might provide information (like filesystem layout) that only should be known to the system administrators and not to users, let alone people with bad intentions.}}

{{Warning box|It is strongly advised that you disable "display errors" after you have tracked and solved the problem, as the displayed error message might provide information (like filesystem layout) that only should be known to the system administrators and not to users, let alone people with bad intentions. Thus it is a potential SECURITY RISK. After debugging, disable it again.}}

====Enable changes for all php versions====

Line 217: Line 244:

After that:

−

cd /etc/e-smith/templates-custom/etc/php.ini

sed -i /etc/e-smith/templates-custom/etc/php.ini/30ErrorHandling -e 's/display_errors.*/display_errors = On/g'

−

~~pico~~ 30ErrorHandling

−

~~Modify the second line to read:~~

−

display_errors = On

After that issue the following commands:

−

~~expand~~-~~template /etc/php.ini~~

signal-event webapps-update

−

~~Depending on your server version use the proper command to restart your webbrowser.~~

−

~~SME Server 7 and newer:~~

Now access your page again and see what the error is.

−

~~sv t httpd-e-smith~~

−

~~older releases:~~

−

~~/etc/rc7.d/S86httpd-e-smith restart~~

−

Now access your page again and see what the error is.

====Undo Changes====

If everything works you remove the 30ErrorHandling file from the /etc/e-smith/templates-custom/etc/php.ini folder and issue the last two lines again:

−

~~expand~~-~~template /etc/php.ini~~

signal-event webapps-update

−

~~/etc/rc7.d/S86httpd~~-~~e-smith restart~~

====Enable changes for a specific ibay====

Line 250: Line 263:

signal-event webapps-update

===Open basedir restriction===

−

SME Server has a security measure in place which is called 'open basedir restriction'. This measure prevents PHP from executing or invoking other PHP scripts outside the scope of ~~it's~~ own tree in other words it creates a 'sandbox' or 'jail'.

SME Server has a security measure in place which is called 'open basedir restriction'. This measure prevents PHP from executing or invoking other PHP scripts outside the scope of its own tree; in other words it creates a 'sandbox' or 'jail'.

Overall configuration is defined in the php.ini file but you can add an override on a per ibay basis.

====Error message====

−

The PHP open basedir restriction usually ~~present~~ to the user like this in the /var/log/messages file:

The PHP open basedir restriction is usually presented to the user like this in the /var/log/messages file:

Aug 12 17:27:42 homer httpd: PHP Warning: main(): open_basedir restriction in effect. File(/tmp/test.php) is not within the allowed path(s): (/home/e-smith/files/ibays/Primary/html/) in /home/e-smith/files/ibays/Primary/html/test.php on line 2

Line 265: Line 279:

<li>Open a SME Server shell as root user and document the current setting of the PHPBaseDir directive by writing down the output of the following command:

db accounts getprop ibayname PHPBaseDir

−

Be careful to write it down to the letter as we need it in the next step

Be careful to write it down to the letter as we need it in the next step.

For the Primary ibay the ouptut of above command would normally look like this:

/home/e-smith/files/ibays/Primary/html/

Line 273: Line 287:

db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/html/:/opt/gallery2/

Above command would allow for invocation of scripts in the /opt/gallery2 path from the Primary ibay html folder by PHP.

−

To allow uploading of files to via http to a ibay name wiki

To allow uploading of files to via http to a ibay name wiki:

db accounts setprop wiki PHPBaseDir /home/e-smith/files/ibays/wiki/:/tmp/

Line 284: Line 298:

upload_tmp_dir

−

~~Since~~ SME Server V8, you could have ~~sometime~~ an error is thrown by PHP and ~~you will~~ need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many ~~Php~~ applications ~~needs~~ this setting, ~~most of~~ known are ~~wordpress~~, ~~roudcube~~, ~~egroupware~~, ~~etc~~. ~~Symptoms~~ are that you can't upload contents to the PHP application.

From SME Server V8 up to and including SME Server V9, you could sometimes have an error thrown by PHP and would then need to specify a temporary directory (e.g. upload_tmp_dir) which is not set in php.ini. see [[bugzilla:6650]] and [[bugzilla:7652]]. Many php applications need this setting, the best-known culprits are Wordpress, Roundcube, eGroupWare, and there are others. The symptoms observed are that you can't upload contents to the PHP application.

−

An easy ~~way~~ is to make a Custom Template to resolve this issue. ~~see~~ [[Uploadtmpdir]]

An easy resolution is to make a Custom Template to resolve this issue. See [[Uploadtmpdir]].

−

~~===PHP 5===~~

−

~~SME 7.x uses PHP 4, upgrading to PHP 5 is not recommended and not supported. However, you can add PHP5 as a cgi~~-~~bin handler for any given directory on the webserver with the [[PHP5 | PHP version 5 contrib]].~~

=== Advanced use of the php-fpm pools ===

−

~~If you really want to upgrade~~ the ~~entire system~~ to ~~PHP 5 (for instance, if you need~~ the ~~mysqli extension), here's how to do it:~~

==== For the ibays with php-fpm.d/ibays.conf ====

For the ibays better option is to simply use the contrib [[Webhosting]].

−

~~yum --enablerepo~~=~~centosplus \~~

==== For the contrib sharefolders with php-fpm.d/shares.conf ====

−

~~install~~ php.~~i386 php-pear-Net-Socket php-pear-Auth-SASL \~~

Similar to ibays.

−

~~php-pear-DB php-pear-HTTP php-pear-Mail php-pear-XML-Parser~~

−

/~~sbin/e-smith/signal-event post-upgrade~~

−

~~/sbin/e-smith/signal-event reboot~~

−

~~Horde webmail is confirmed to work under PHP 5, provided you've upgraded to~~ the ~~latest SME version. Please note again that PHP 5 is not officially supported by SME 7.x, and therefore you may run into trouble when upgrading SME (see e.g. http://forums.~~contribs.~~org~~/~~index~~.~~php?topic~~=~~38194.0 and http://forums.contribs.org/index.php?topic~~=~~39611.0)~~.

==== For the contribs with php-fpm.d/www.conf ====

Please read [[Building Your Contrib]].

−

~~See also:~~

==== For your custom needs with php-fpm.d/custom.conf ====

You can build your own pool to use in any place on your server, even in a subfolder of an ibay or in place of the regular ibay php-pool (property PHPCustomPool).

−

*[[bugzilla:~~1120]]~~

There are two ways in doing that:

−

*[[bugzilla:2132]]

−

*http://~~forums.contribs~~.~~org~~/~~index~~.php~~?topic~~=~~31518~~

===== using db php =====

Using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:

db php set MYPOOLNAME pool Version 81 status enabled

here are the accepted supplementary properties, as always missing or empty means using default.

{| class="wikitable"

!property

!default

!values

!information

|status

|enabled

|enabled,disabled

|Version

|php version to use eg 80 for php 8.0

|MemoryLimit

|128M

|MaxExecutionTime

|30

|MaxInputTime

|60

|AllowUrlFopen

|off

|MaxChildren

|15

|PostMaxSize

|10M

|UploadMaxFilesize

|10M

|FileUpload

|enabled

|BaseDir

|DisabledFunctions

|system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd

|User

|www

|Group

|www

|DisplayErrors

|disabled

|LogErrors

|disabled

|MaxChildren

|15

|AutoPrependFile

|enabled

|will use the autoprepend file

|MailForceSender

|php\@$DomainName

You will then need two httpd.conf custom template fragment to use your pool. You will need to change '''MYPOOL''' to what you want

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage

−

~~===PHP 5 with php~~-~~mcrypt===~~

−

~~{{Note box|msg=For SME Server 8~~.~~0 beta 5 only... with~~ php 5.2.~~10 (default rpms for beta 5)~~...}}

SSLRequireSSL

Options None

Options +Indexes

Options +FollowSymLinks

DirectoryIndex index.php index.shtml index.htm index.html

SetHandler "proxy:unix:/var/run/php-fpm/php80-MYPOOLNAME.sock|fcgi://localhost"

</FilesMatch>

AllowOverride All

order deny,allow

deny from all

allow from all

</Directory>

Then just do:

signal-event webapps-update

−

You ~~need~~ php-~~mcrypt for new WEB applications like eGroupWare, Joomla,~~ etc. ~~So see this Howto:~~

===== using a templates-custom =====

You can write your own fragment in /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/ e.g. /etc/e-smith/templates-custom/etc/php-fpm.d/custom.conf/15mypool

−

~~Tested on my SME Server 7.4 upgraded~~ to ~~SME Server 8~~.~~0 Beta 5 and works great !~~

You will also need to write a httpd fragment similarly to what shown just above.

−

~~<ol>~~

Here is an example if you want a custom pool for your ibay, in /etc/e-smith/templates-custom/etc/php-fpm.d/ibays.conf/15MYIBAY<syntaxhighlight lang="perl">

−

~~<li>Download php-mcrypt rpms needed~~

{

−

cd /~~tmp~~

−

~~wget http:~~//~~rpms.famillecollet.com/enterprise/5~~/~~olds/i386~~/php-~~common-5~~.~~2.10-1.el5.remi.i386.rpm~~

−

~~wget http:/~~/~~rpms.famillecollet~~.~~com~~/~~enterprise/5/olds/i386/php-mcrypt-5.2.10-1.el5.remi.i386.rpm~~

−

~~</li~~>~~<li~~>~~Make a backup of your current~~ php.~~ini file~~'(~~because the install will change the file~~)

use esmith::AccountsDB;

use esmith::php;

my $a = esmith::AccountsDB->open_ro || die "Couldn't open the accounts database";

my $ibay = $a->get("MYIBAY");

my $version = PhpFpmVersionToUse($ibay);

my $dynamic = $ibay->prop('CgiBin') || 'disabled';

my $custom = $ibay->prop('CustomPool') || undef;

next unless ($dynamic eq 'enabled' && $version eq $PHP_VERSION && $custom);

my $key = $ibay->key;

my $name = lc $key;

my $pool_name = 'php' . $version . '-' . $name;

$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);

−

cp /~~etc~~/php~~.ini /etc~~/~~php.ini~~.~~org~~

[$pool_name]

user = www

group = www

listen.owner = root

listen.group = www

listen.mode = 0660

listen = /var/run/php-fpm/$pool_name.sock

;

;put whatever you need there

;

_EOF

}

−

</li>~~<li>Remove the default php-common installed from SME Server Beta 5 (conflict with the new rpm)~~

</syntaxhighlight>

−

~~rpm -e~~ -~~-nodeps~~ php-~~common~~-5.2.~~10-1~~.~~el5~~.~~sme~~

You have then to force the ibay to use it by doing :<syntaxhighlight lang="bash">

db accounts MYIBAY setprop CustomPool enabled

</syntaxhighlight>This will prevent the generation of the default ibay pool in ibays.conf , and let you use /var/run/php-fpm/php$version-$name.sock socket from your template-custom... or from the db php using the same key as the name of the ibay.

−

~~</li><li>Then install the 2 new rpms~~

===Installation of Composer===

−

~~yum localinstall php-common-5~~.~~2.10-1.el5.remi.i386.rpm php-mcrypt-5.2.10-1.el5.remi.i386.rpm~~

This is made tricky as we do not have the PHP CLI configured.

−

~~</li><li>Backup the new php~~.~~ini file created and restore the original~~

But we can install it as follows with command line arguments. This is using php74.

−

mv /~~etc~~/~~php~~.~~ini /etc/php.ini.old~~

Download:

−

~~mv /etc~~/~~php.ini~~.~~org /etc/~~php~~.ini~~

php74 -d allow_url_fopen=on -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

−

~~</li><li>Restart all services~~

Hash check:

php74 -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ff031906575712edab6f13eb0b361f2085f1f1237b7126d785e826a450292b6cfd1d64d92e6563bbde02') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

−

~~svc~~ -t /~~service/httpd-e~~-~~smith~~

Install:

php74 -d allow_url_fopen=on ./composer-setup.php

−

</~~li><li>Check Apache syntax~~

=== Bugs ===

Please raise bugs under the SME-Server 10.X section in [http://bugs.contribs.org/enter_bug.cgi Bugzilla] and select the smeserver-php component or use {{BugzillaFileBug|product=SME%20Server%2010.X|component=e-smith-*%20and%20smeserver-*&20packages|title=this link}}.

−

~~httpd~~ -t

Below is an overview of the current issues for this package:

−

~~</li></ol>~~

{{#bugzilla:columns=id,product,version,status,summary |sort=id|order=desc |component=smeserver-php|noresultsmessage="No open bugs found."}}

----

[[Category: Howto]]

[[Category: Webapps]]

Gzartman

board, director

297

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/40433...42397"

Changes

PHP (view source)

Revision as of 02:49, 15 November 2023

Navigation menu

Search