Difference between revisions of "SME9 Php-Fpm"

From Realm Business Systems Ltd
Jump to: navigation, search
(Created page with "{{Warning box|This page is for SME v9 and is now deprecated and for reference only. v10 uses systemd. See https://wiki.koozali.org/PHP if you search to write your own contrib...")
 
(For contribs creators)
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
copied from; https://wiki.koozali.org/Php-fpm
 +
 
{{Warning box|This page is for SME v9 and is now deprecated and for reference only.  
 
{{Warning box|This page is for SME v9 and is now deprecated and for reference only.  
 
v10 uses systemd. See https://wiki.koozali.org/PHP
 
v10 uses systemd. See https://wiki.koozali.org/PHP
 
if you search to write your own contrib using php-fpm follow  [[Building_Your_Contrib#PHP-FPM]]}}
 
if you search to write your own contrib using php-fpm follow  [[Building_Your_Contrib#PHP-FPM]]}}
  
{{Languages}}
 
<!-- here we define the contrib name variable -->
 
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want-->
 
{{#vardefine:contribname| {{lc: {{#titleparts:  {{BASEPAGENAME}} |1}} }} }}
 
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts:  {{BASEPAGENAME}} |1}} }} }}
 
<!-- we define the language -->
 
{{#vardefine:lang| {{lc:  {{#titleparts:    {{PAGENAME}} | | -1}}  }} |en }}
 
{{Infobox contribs
 
|name={{#var:contribname}}
 
|image={{#var:contribname}}.jpg
 
|description_image= {{#var:contribname}} logo
 
|maintainer= vip-ire
 
|licence=
 
|url= https://wiki.contribs.org
 
|category=
 
|tags=php,fpm
 
}}
 
  
 
===Maintainer===
 
===Maintainer===
Line 151: Line 136:
 
you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.
 
you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.
  
vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud<syntaxhighlight lang="perl">
+
vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud
{
+
  
if ($PHP_VERSION eq '71'){
+
{
 +
 +
if ($PHP_VERSION eq '71'){
 
   if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
 
   if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
 
     my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
 
     my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
Line 162: Line 148:
 
     my $id = 'nextcloud';
 
     my $id = 'nextcloud';
 
     $OUT .=<<_EOF;
 
     $OUT .=<<_EOF;
 +
 +
[php$PHP_VERSION-$id]
 +
user = www
 +
group = www
 +
listen.owner = root
 +
listen.group = www
 +
listen.mode = 0660
 +
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
 +
pm = dynamic
 +
pm.max_children = 15
 +
pm.start_servers = 3
 +
pm.min_spare_servers = 3
 +
pm.max_spare_servers = 4
 +
pm.max_requests = 1000
 +
php_admin_value[session.save_path] = /var/lib/php/$id/session
 +
php_admin_value[session.gc_maxlifetime] = 86400
 +
php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
 +
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
 +
php_admin_value[error_log] = /var/log/php/$id/error.log
 +
slowlog = /var/log/php/nextcloud/slow.log
 +
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
 +
php_admin_flag[display_errors] = off
 +
php_admin_flag[log_errors] = on
 +
php_admin_value[error_log] = syslog
 +
php_admin_value[memory_limit] = $memory_limit
 +
php_admin_value[max_execution_time] = 3600
 +
php_admin_value[post_max_size] = $max_upload_size
 +
php_admin_value[upload_max_filesize] = $max_upload_size
 +
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
 +
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
 +
php_admin_flag[allow_url_fopen] = on
 +
php_admin_flag[file_upload] = on
 +
php_admin_flag[session.cookie_httponly] = on
 +
php_admin_flag[allow_url_include] = off
 +
php_admin_value[session.save_hannextclouder] = files
 +
php_admin_flag[output_buffering] = off
 +
 +
_EOF
 +
 +
  }
 +
  else{
 +
    $OUT .= '; Nextcloud is disabled';
 +
  }
 +
}
  
[php$PHP_VERSION-$id]
 
user = www
 
group = www
 
listen.owner = root
 
listen.group = www
 
listen.mode = 0660
 
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
 
pm = dynamic
 
pm.max_children = 15
 
pm.start_servers = 3
 
pm.min_spare_servers = 3
 
pm.max_spare_servers = 4
 
pm.max_requests = 1000
 
php_admin_value[session.save_path] = /var/lib/php/$id/session
 
php_admin_value[session.gc_maxlifetime] = 86400
 
php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
 
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
 
php_admin_value[error_log] = /var/log/php/$id/error.log
 
slowlog = /var/log/php/nextcloud/slow.log
 
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
 
php_admin_flag[display_errors] = off
 
php_admin_flag[log_errors] = on
 
php_admin_value[error_log] = syslog
 
php_admin_value[memory_limit] = $memory_limit
 
php_admin_value[max_execution_time] = 3600
 
php_admin_value[post_max_size] = $max_upload_size
 
php_admin_value[upload_max_filesize] = $max_upload_size
 
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
 
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
 
php_admin_flag[allow_url_fopen] = on
 
php_admin_flag[file_upload] = on
 
php_admin_flag[session.cookie_httponly] = on
 
php_admin_flag[allow_url_include] = off
 
php_admin_value[session.save_hannextclouder] = files
 
php_admin_flag[output_buffering] = off
 
  
_EOF
+
you will also need two httpd.conf template fragment:
  
  }
+
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud
  else{
+
    $OUT .= '; Nextcloud is disabled';
+
  }
+
}
+
  
</syntaxhighlight>you will also need two httpd.conf template fragment:
+
{
 +
if ($fastcgi_mod eq 'mod_fastcgi'){
 +
  $OUT .=<<_EOF;
 +
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
 +
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
 +
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
 +
_EOF
 +
}
 +
}
  
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud<syntaxhighlight lang="perl">
+
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud
{
+
if ($fastcgi_mod eq 'mod_fastcgi'){
+
  $OUT .=<<_EOF;
+
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
+
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
+
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
+
_EOF
+
}
+
}
+
  
</syntaxhighlight>
+
{
 
+
my $access = $nextcloud{'access'} || 'private';
vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud<syntaxhighlight lang="perl">
+
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
{
+
my $authtype = $nextcloud{'Authentication'} || 'none';
my $access = $nextcloud{'access'} || 'private';
+
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
+
my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
my $authtype = $nextcloud{'Authentication'} || 'none';
+
    'Alias /nextcloud /usr/share/nextcloud' : '';
 
+
my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
+
my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
    'Alias /nextcloud /usr/share/nextcloud' : '';
+
my $maxpost = $maxupload+1;
 
+
$maxupload .= 'M';
my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
+
$maxpost .= 'M';
my $maxpost = $maxupload+1;
+
$maxupload .= 'M';
+
my $auth = '';
$maxpost .= 'M';
+
if ($authtype eq 'http'){
 
+
    $auth =<<'EOF';
my $auth = '';
+
    <FilesMatch "^(admin|rest)\.php">
if ($authtype eq 'http'){
+
        SSLRequireSSL on
    $auth =<<'EOF';
+
        AuthName "nextcloud"
    <FilesMatch "^(admin|rest)\.php">
+
        AuthType Basic
        SSLRequireSSL on
+
        AuthBasicProvider external
        AuthName "nextcloud"
+
        AuthExternal pwauth
        AuthType Basic
+
        Require valid-user
        AuthBasicProvider external
+
        AuthExternal pwauth
+
        Require valid-user
+
    </FilesMatch>
+
EOF
+
}
+
 
+
if ($nextcloud{'status'} eq 'enabled'){
+
 
+
  my $php =<<_EOF;
+
    AddType application/x-httpd-php .php
+
    php_admin_flag file_upload On
+
    php_admin_flag magic_quotes Off
+
    php_admin_flag magic_quotes_gpc Off
+
    php_admin_value upload_max_filesize $maxupload
+
    php_admin_value post_max_size $maxpost
+
    php_admin_value memory_limit 512M
+
    php_admin_flag output_buffering Off
+
    php_admin_value max_execution_time 0
+
    php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
+
    php_admin_value session.save_path /var/lib/nextcloud/tmp
+
    php_admin_value session.gc_maxlifetime 86400
+
    php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
+
_EOF
+
  if ($fastcgi_mod eq 'mod_fastcgi'){
+
    $php = "    AddHandler phpnextcloud-fastcgi .php\n";
+
  }
+
  elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
+
    $php =<<'_EOF';
+
    <FilesMatch \.php$>
+
        SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
+
 
     </FilesMatch>
 
     </FilesMatch>
_EOF
+
EOF
  }
+
}
 
+
my $config =<<_EOF;
+
if ($nextcloud{'status'} eq 'enabled'){
  <Directory "/usr/share/nextcloud">
+
    Options +FollowSymLinks
+
  my $php =<<_EOF;
    AllowOverride All
+
    AddType application/x-httpd-php .php
$php
+
    php_admin_flag file_upload On
    order deny,allow
+
    php_admin_flag magic_quotes Off
    deny from all
+
    php_admin_flag magic_quotes_gpc Off
    allow from $allow
+
    php_admin_value upload_max_filesize $maxupload
$auth
+
    php_admin_value post_max_size $maxpost
 
+
    php_admin_value memory_limit 512M
    <IfModule mod_dav.c>
+
    php_admin_flag output_buffering Off
      Dav off
+
    php_admin_value max_execution_time 0
    </IfModule>
+
    php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
 
+
    php_admin_value session.save_path /var/lib/nextcloud/tmp
    SetEnv HOME /usr/share/nextcloud
+
    php_admin_value session.gc_maxlifetime 86400
    SetEnv HTTP_HOME /usr/share/nextcloud
+
    php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
+
_EOF
  </Directory>
+
  if ($fastcgi_mod eq 'mod_fastcgi'){
 
+
    $php = "    AddHandler phpnextcloud-fastcgi .php\n";
  <Directory "/home/e-smith/files/nextcloud/data/">
+
  }
    # just in case if .htaccess gets disabled
+
  elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
    deny from all
+
    $php =<<'_EOF';
  </Directory>
+
      <FilesMatch \.php$>
_EOF
+
          SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
 
+
      </FilesMatch>
 
+
_EOF
$OUT .=<<"END"
+
  }
# nextcloud Configuration
+
<IfModule mod_headers.c>
+
my $config =<<_EOF;
  Header always set Strict-Transport-Security "max-age=15552000"
+
  <Directory "/usr/share/nextcloud">
</IfModule>
+
    Options +FollowSymLinks
$alias
+
    AllowOverride All
 
+
$php
$config
+
    order deny,allow
 
+
    deny from all
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
+
    allow from $allow
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
+
$auth
 
+
 +
    <IfModule mod_dav.c>
 +
      Dav off
 +
    </IfModule>
 +
 +
    SetEnv HOME /usr/share/nextcloud
 +
    SetEnv HTTP_HOME /usr/share/nextcloud
 +
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
 +
  </Directory>
 +
 +
  <Directory "/home/e-smith/files/nextcloud/data/">
 +
    # just in case if .htaccess gets disabled
 +
    deny from all
 +
  </Directory>
 +
_EOF
 +
 +
 +
$OUT .=<<"END"
 +
# nextcloud Configuration
 +
<IfModule mod_headers.c>
 +
  Header always set Strict-Transport-Security "max-age=15552000"
 +
</IfModule>
 +
$alias
 +
 +
$config
 +
 +
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
 +
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
 +
 +
 +
END
 +
}
 +
else{
 +
    $OUT .= "# nextcloud is disabled\n";
 +
}
 +
}
  
END
+
Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.
}
+
else{
+
    $OUT .= "# nextcloud is disabled\n";
+
}
+
}
+
  
</syntaxhighlight>Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.
+
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib
  
You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib
+
{{Warning box|On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services.
  
{{Warning box|On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services.
 
 
So pay attention you need to start if not already started on initial install.}}
 
So pay attention you need to start if not already started on initial install.}}
  
 
=== Create and use my own pool ===
 
=== Create and use my own pool ===
using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:<syntaxhighlight lang="bash">
+
using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing:
 
db php set MYPOOLNAME pool Version 72 status enabled
 
db php set MYPOOLNAME pool Version 72 status enabled
</syntaxhighlight>here are the accepted supplementary properties, as always missing or empty means using default.
+
here are the accepted supplementary properties, as always missing or empty means using default.
 
{| class="wikitable"
 
{| class="wikitable"
 
!property
 
!property
Line 401: Line 389:
 
|
 
|
 
|}
 
|}
you will then need two httpd.conf custom template fragment to use your pool. You will need to change  '''MYPOOL''' to what you want<syntaxhighlight lang="bash">
+
you will then need two httpd.conf custom template fragment to use your pool. You will need to change  '''MYPOOL''' to what you want
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
+
mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
+
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
</syntaxhighlight><syntaxhighlight lang="perl">
+
</syntaxhighlight><syntaxhighlight lang="perl">
<Directory /home/e-smith/files/ibays/test/html>
+
<Directory /home/e-smith/files/ibays/test/html>
    SSLRequireSSL
+
    SSLRequireSSL
    Options None
+
    Options None
    Options +Indexes
+
    Options +Indexes
    Options +FollowSymLinks
+
    Options +FollowSymLinks
    DirectoryIndex index.php index.shtml index.htm index.html
+
    DirectoryIndex index.php index.shtml index.htm index.html
    AddHandler phpMYPOOL-fastcgi .php
+
    AddHandler phpMYPOOL-fastcgi .php
    AllowOverride All
+
    AllowOverride All
    order deny,allow
+
    order deny,allow
    deny from all
+
    deny from all
    allow from all
+
    allow from all
</Directory>
+
</Directory>
  
</syntaxhighlight>then just do signal-event webapps-update
+
then just do signal-event webapps-update
  
 
=== Uninstall ===
 
=== Uninstall ===

Latest revision as of 07:15, 4 May 2024

copied from; https://wiki.koozali.org/Php-fpm


* Warning:
This page is for SME v9 and is now deprecated and for reference only.

v10 uses systemd. See https://wiki.koozali.org/PHP if you search to write your own contrib using php-fpm follow Building_Your_Contrib#PHP-FPM



Maintainer

Daniel

Version

* Warning:
DO NOT USE ON v10.

SME v9 is no longer supported. v10 has php-fpm built in. Please refer to this page for more information.
https://wiki.koozali.org/PHP



{{#smeversion: smeserver-php-fpm }}


Description

This contribs allow you to run php-fpm for php version from 5.6 to 7.3 on CentOS 6 (SME9). This contrib will likely not be needed directly for your own usage, unless you know what you want to do with it, but rather called by another contribs needing a specific version of php running.


Installation

yum --enablerepo=smecontribs install {{#var:smecontribname}}

you then need to issue the usual<syntaxhighlight lang="bash"> signal-event post-upgrade; signal-event reboot </syntaxhighlight>

or you can do <syntaxhighlight lang="bash"> signal-event webapps-update service php-fpm start service php56-php-fpm start service php70-php-fpm start service php71-php-fpm start service php72-php-fpm start service php73-php-fpm start

</syntaxhighlight>

Configuration

you can list the available configuration with the following command :<syntaxhighlight lang="bash"> config show php-fpm config show php56-php-fpm config show php70-php-fpm config show php71-php-fpm config show php72-php-fpm config show php73-php-fpm

</syntaxhighlight>

Some of the properties are not shown, but are defaulted in a template or a script. You can set those values for the php-fpm version you want, or you can set it against a particular share folder. Empty or missing property in the db means default value is used.

Here a more comprehensive list with default and expected values :

property default values
status enabled enabled,disabled
MemoryLimit 128M
MaxExecutionTime 30
MaxInputTime 60
AllowUrlFopen off
MaxChildren 15
PostMaxSize 10M
UploadMaxFilesize 10M
OpenBasedir
DisableFunctions system,show_source, symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd

<syntaxhighlight lang="bash"> config setprop php72-phpfpm PHPMemoryLimit 256M signal-event webapps-update </syntaxhighlight>more values specifics for shares:

property default values information
PHPVersion 56,70,71,72,73 should be set one value
PHPCustomPool string use of a custom pool defined elsewhere, see use my own pool section. Keep it empty to use the share specific pool.
DynamicContent disabled enabled,disabled need to be enabled

<syntaxhighlight lang="bash"> db accounts setprop SHARENAME PHPVersion 72 PHPMemoryLimit 256M signal-event webapps-update </syntaxhighlight>

For contribs creators

you can either call an existing php-pool or create your own one. As an example you can check smeserver-nextcloud. The following template will make a dedicated php 7.1 pool with php setting adapted for Nextcloud.

vim /etc/e-smith/templates/etc/php-fpm.d/www.conf/15Nextcloud 

{

if ($PHP_VERSION eq '71'){
 if (($nextcloud{'status'} || 'disabled') eq 'enabled'){
   my $max_upload_size = ($nextcloud{MaxUploadSize} || '4096');
   $max_upload_size .= 'M' if ($max_upload_size =~ m/^\d+$/);
   my $memory_limit = ($nextcloud{MemoryLimit} || '512M');
   $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
   my $id = 'nextcloud';
   $OUT .=<<_EOF;

[php$PHP_VERSION-$id]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
php_admin_value[session.save_path] = /var/lib/php/$id/session
php_admin_value[session.gc_maxlifetime] = 86400
php_admin_value[opcache.file_cache]  = /var/lib/php/$id/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp
php_admin_value[error_log] = /var/log/php/$id/error.log
slowlog = /var/log/php/nextcloud/slow.log
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = $memory_limit
php_admin_value[max_execution_time] = 3600
php_admin_value[post_max_size] = $max_upload_size
php_admin_value[upload_max_filesize] = $max_upload_size
php_admin_value[disable_functions] = system, show_source, symlink, exec, nextcloud, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_upload] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_hannextclouder] = files
php_admin_flag[output_buffering] = off

_EOF

  }
  else{
    $OUT .= '; Nextcloud is disabled';
  }
}


you will also need two httpd.conf template fragment:

vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig15nextcloud 

{
if ($fastcgi_mod eq 'mod_fastcgi'){
  $OUT .=<<_EOF;
Action phpnextcloud-fastcgi /php-cgi-bin/phpnextcloud-wrapper
Alias /php-cgi-bin/phpnextcloud-wrapper /var/www/php-cgi-bin/phpnextcloud-wrapper
FastCgiExternalServer /var/www/php-cgi-bin/phpnextcloud-wrapper -socket /var/run/php-fpm/php71-nextcloud.sock -pass-header Authorization -idle-timeout 120
_EOF
}
}

vim /etc/e-smith/templates/etc/httpd/conf/httpd.conf/98nextcloud 

{
my $access = $nextcloud{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $authtype = $nextcloud{'Authentication'} || 'none';

my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
    'Alias /nextcloud /usr/share/nextcloud' : ;

my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
my $maxpost = $maxupload+1;
$maxupload .= 'M';
$maxpost .= 'M';

my $auth = ;
if ($authtype eq 'http'){
    $auth =<<'EOF';
    <FilesMatch "^(admin|rest)\.php">
        SSLRequireSSL on
        AuthName "nextcloud"
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user
    </FilesMatch>
EOF
}

if ($nextcloud{'status'} eq 'enabled'){

  my $php =<<_EOF;
    AddType application/x-httpd-php .php
    php_admin_flag file_upload On
    php_admin_flag magic_quotes Off
    php_admin_flag magic_quotes_gpc Off
    php_admin_value upload_max_filesize $maxupload
    php_admin_value post_max_size $maxpost
    php_admin_value memory_limit 512M
    php_admin_flag output_buffering Off
    php_admin_value max_execution_time 0
    php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
    php_admin_value session.save_path /var/lib/nextcloud/tmp
    php_admin_value session.gc_maxlifetime 86400
    php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
_EOF
  if ($fastcgi_mod eq 'mod_fastcgi'){
    $php = "    AddHandler phpnextcloud-fastcgi .php\n";
  }
  elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
    $php =<<'_EOF';
     <FilesMatch \.php$>
         SetHandler "proxy:unix:/var/run/php-fpm/php71-nextcloud.sock|fcgi://localhost"
     </FilesMatch>
_EOF
  }

my $config =<<_EOF;
  <Directory "/usr/share/nextcloud">
    Options +FollowSymLinks
    AllowOverride All
$php
    order deny,allow
    deny from all
    allow from $allow
$auth

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    SetEnv HOME /usr/share/nextcloud
    SetEnv HTTP_HOME /usr/share/nextcloud
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
  </Directory>

  <Directory "/home/e-smith/files/nextcloud/data/">
    # just in case if .htaccess gets disabled
    deny from all
  </Directory>
_EOF


$OUT .=<<"END"
# nextcloud Configuration
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
$alias

$config

Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav


END
}
else{
    $OUT .= "# nextcloud is disabled\n";
}
}

Of course you will need to process both httpd.conf, php-fpm specific version and restart both httpd-e-smith and the php-fpm version you use.

You will also need specific code to create the destination directories for php usage : see /etc/e-smith/events/actions/php-pool-dirs from this contrib


* Warning:
On initial installation, smeserver-php-fpm does not start php pools and signal-event webapps-update does only a reload which will not start stopped services.

So pay attention you need to start if not already started on initial install.


Create and use my own pool

using the default template : /etc/e-smith/templates/etc/php-fpm.d/custom.conf , you can set your own pool doing: db php set MYPOOLNAME pool Version 72 status enabled here are the accepted supplementary properties, as always missing or empty means using default.

property default values information
status enabled enabled,disabled
MemoryLimit 128M
MaxExecutionTime 30
MaxInputTime 60
AllowUrlFopen off
MaxChildren 15
PostMaxSize 10M
UploadMaxFilesize 10M
file_upload enabled
OpenBasedir
DisabledFunctions system,show_source,symlink,exec,dl,shell_exec,passthru,phpinfo,escapeshellarg,escapeshellcmd
User www
Group www
DisplayErrors disabled
LogErrors disabled

you will then need two httpd.conf custom template fragment to use your pool. You will need to change MYPOOL to what you want 

mkdir -p  /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vim /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98mypoolusage
</syntaxhighlight><syntaxhighlight lang="perl">
<Directory /home/e-smith/files/ibays/test/html>
    SSLRequireSSL
    Options None
    Options +Indexes
    Options +FollowSymLinks
    DirectoryIndex index.php index.shtml index.htm index.html
    AddHandler phpMYPOOL-fastcgi .php
    AllowOverride All
    order deny,allow
    deny from all
    allow from all
</Directory>

then just do signal-event webapps-update

Uninstall

yum remove {{#var:smecontribname}}  {{#var:contribname}}

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the {{#var:smecontribname}} component or use Template:BugzillaFileBug

Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}}

Changelog

Only released version in smecontrib are listed here.

{{#smechangelog: {{#var:smecontribname}} }}

Retrieved from "https://wiki.2clever.co.uk/index.php?title=SME9_Php-Fpm&oldid=4840"