From 104383d31ea0afde89e508677f7dc1cf31bc4131 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Tue, 15 Mar 2016 17:05:09 +0100 Subject: [PATCH] add a few opcache relevant php-ini directives to be used with php-fpm; add opcache.restrict_api to the default php-config for each domain with the customer's docroot as default value Signed-off-by: Michael Kaufmann (d00p) --- install/froxlor.sql | 6 +++--- .../updates/froxlor/0.9/update_0.9.inc.php | 9 ++++++++ .../phpinterface/class.phpinterface_fcgid.php | 9 ++++---- .../phpinterface/class.phpinterface_fpm.php | 21 ++++++++++++++----- lib/version.inc.php | 2 +- lng/english.lng.php | 1 + lng/german.lng.php | 1 + .../Sparkle/admin/phpconfig/overview_add.tpl | 4 ++++ .../Sparkle/admin/phpconfig/overview_edit.tpl | 4 ++++ 9 files changed, 44 insertions(+), 13 deletions(-) diff --git a/install/froxlor.sql b/install/froxlor.sql index ebca9ddc..fb16e4af 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -556,7 +556,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('panel', 'password_special_char_required', '0'), ('panel', 'password_special_char', '!?<>§$%+#=@'), ('panel', 'version', '0.9.35-rc1'), - ('panel', 'db_version', '201603070'); + ('panel', 'db_version', '201603150'); DROP TABLE IF EXISTS `panel_tasks`; @@ -741,8 +741,8 @@ CREATE TABLE `panel_phpconfigs` ( INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES -(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n'), -(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\n'); +(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'), +(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n'); DROP TABLE IF EXISTS `cronjobs_run`; diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index 49aece4e..47855444 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -3162,3 +3162,12 @@ if (isFroxlorVersion('0.9.35-rc1')) { lastStepStatus(0); } + +if (isDatabaseVersion('201603070')) { + + showUpdateStep("Adding new php.ini directive to php-configurations: opcache.restrict_api"); + Database::query("UPDATE `" . TABLE_PANEL_PHPCONFIGS ."` SET `phpsettings` = CONCAT(`phpsettings`, 'opcache.restrict_api = \"{DOCUMENT_ROOT}\"\r\n');"); + lastStepStatus(0); + + updateToDbVersion('201603150'); +} diff --git a/lib/classes/phpinterface/class.phpinterface_fcgid.php b/lib/classes/phpinterface/class.phpinterface_fcgid.php index 9f8192ba..fab0a8db 100644 --- a/lib/classes/phpinterface/class.phpinterface_fcgid.php +++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php @@ -153,15 +153,16 @@ class phpinterface_fcgid { $php_ini_variables = array( 'SAFE_MODE' => 'Off', // keep this for compatibility, just in case 'PEAR_DIR' => Settings::Get('system.mod_fcgid_peardir'), - 'OPEN_BASEDIR' => $openbasedir, - 'OPEN_BASEDIR_C' => $openbasedirc, - 'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.hpappendopenbasedir'), 'TMP_DIR' => $this->getTempDir(), 'CUSTOMER_EMAIL' => $this->_domain['email'], 'ADMIN_EMAIL' => $admin['email'], 'DOMAIN' => $this->_domain['domain'], 'CUSTOMER' => $this->_domain['loginname'], - 'ADMIN' => $admin['loginname'] + 'ADMIN' => $admin['loginname'], + 'OPEN_BASEDIR' => $openbasedir, + 'OPEN_BASEDIR_C' => $openbasedirc, + 'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'), + 'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot']) ); //insert a small header for the file diff --git a/lib/classes/phpinterface/class.phpinterface_fpm.php b/lib/classes/phpinterface/class.phpinterface_fpm.php index 5507e8c1..211ee4a8 100644 --- a/lib/classes/phpinterface/class.phpinterface_fpm.php +++ b/lib/classes/phpinterface/class.phpinterface_fpm.php @@ -92,7 +92,7 @@ class phpinterface_fpm { 'suhosin.cookie.cryptua', 'suhosin.cookie.cryptdocroot', 'suhosin.executor.disable_eval', - 'mbstring.func_overload' + 'mbstring.func_overload' ), 'php_admin_value' => array( 'cgi.redirect_status_env', @@ -111,7 +111,9 @@ class phpinterface_fpm { 'sendmail_path', 'session.gc_divisor', 'session.gc_probability', - 'variables_order' + 'variables_order', + 'opcache.log_verbosity_level', + 'opcache.restrict_api' ), 'php_admin_flag' => array( 'allow_call_time_pass_reference', @@ -127,7 +129,15 @@ class phpinterface_fpm { 'ignore_repeated_source', 'log_errors', 'register_argc_argv', - 'report_memleaks' + 'report_memleaks', + 'opcache.enable', + 'opcache.consistency_checks', + 'opcache.dups_fix', + 'opcache.load_comments', + 'opcache.revalidate_path', + 'opcache.save_comments', + 'opcache.use_cwd', + 'opcache.validate_timestamps' ) ); @@ -267,7 +277,6 @@ class phpinterface_fpm { $fpm_config.= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n"; $admin = $this->_getAdminData($this->_domain['adminid']); - $php_ini_variables = array( 'SAFE_MODE' => 'Off', // keep this for compatibility, just in case 'PEAR_DIR' => Settings::Get('phpfpm.peardir'), @@ -278,7 +287,9 @@ class phpinterface_fpm { 'CUSTOMER' => $this->_domain['loginname'], 'ADMIN' => $admin['loginname'], 'OPEN_BASEDIR' => $openbasedir, - 'OPEN_BASEDIR_C' => '' + 'OPEN_BASEDIR_C' => '', + 'OPEN_BASEDIR_GLOBAL' => Settings::Get('system.phpappendopenbasedir'), + 'DOCUMENT_ROOT' => makeCorrectDir($this->_domain['documentroot']) ); $phpini = replace_variables($phpconfig['phpsettings'], $php_ini_variables); diff --git a/lib/version.inc.php b/lib/version.inc.php index 3475e7fe..654974fd 100644 --- a/lib/version.inc.php +++ b/lib/version.inc.php @@ -19,7 +19,7 @@ $version = '0.9.35-rc1'; // Database version (YYYYMMDDC where C is a daily counter) -$dbversion = '201603070'; +$dbversion = '201603150'; // Distribution branding-tag (used for Debian etc.) $branding = ''; diff --git a/lng/english.lng.php b/lng/english.lng.php index de848e18..bc3d3dc5 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -952,6 +952,7 @@ $lng['admin']['phpconfig']['admin_email'] = 'Will be replaced with e-mail addres $lng['admin']['phpconfig']['domain'] = 'Will be replaced with the domain.'; $lng['admin']['phpconfig']['customer'] = 'Will be replaced with the loginname of the customer who owns this domain.'; $lng['admin']['phpconfig']['admin'] = 'Will be replaced with the loginname of the admin who owns this domain.'; +$lng['admin']['phpconfig']['docroot'] = 'Will be replaces with the customer\'s document-root.'; $lng['login']['backtologin'] = 'Back to login'; $lng['serversettings']['mod_fcgid']['starter']['title'] = 'Processes per domain'; $lng['serversettings']['mod_fcgid']['starter']['description'] = 'How many processes should be started/allowed per domain? The value 0 is recommended cause PHP will then manage the amount of processes itself very efficiently.'; diff --git a/lng/german.lng.php b/lng/german.lng.php index c76c4980..ecdabeac 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -947,6 +947,7 @@ $lng['admin']['phpconfig']['admin_email'] = 'Wird mit der E-Mail-Adresse des Adm $lng['admin']['phpconfig']['domain'] = 'Wird mit der Domain ersetzt.'; $lng['admin']['phpconfig']['customer'] = 'Wird mit dem Loginnamen des Kunden ersetzt, dem die Domain gehört.'; $lng['admin']['phpconfig']['admin'] = 'Wird mit dem Loginnamen des Admins ersetzt, dem die Domain gehört.'; +$lng['admin']['phpconfig']['docroot'] = 'Wird mit dem Heimatverzeichnis des Kunden ersetzt.'; $lng['login']['backtologin'] = 'Zurück zum Login'; $lng['serversettings']['mod_fcgid']['starter']['title'] = 'Prozesse je Domain'; $lng['serversettings']['mod_fcgid']['starter']['description'] = 'Wieviele PHP-Prozesse pro Domain sollen gestartet/erlaubt werden. Der Wert 0 wird empfohlen, da PHP die Anzahl dann selbst effizient verwaltet.'; diff --git a/templates/Sparkle/admin/phpconfig/overview_add.tpl b/templates/Sparkle/admin/phpconfig/overview_add.tpl index 7ccd6c5b..f11be390 100644 --- a/templates/Sparkle/admin/phpconfig/overview_add.tpl +++ b/templates/Sparkle/admin/phpconfig/overview_add.tpl @@ -84,6 +84,10 @@ $header {ADMIN} {$lng['admin']['phpconfig']['admin']} + + {DOCUMENT_ROOT} + {$lng['admin']['phpconfig']['docroot']} + diff --git a/templates/Sparkle/admin/phpconfig/overview_edit.tpl b/templates/Sparkle/admin/phpconfig/overview_edit.tpl index 6080f877..b5d73071 100644 --- a/templates/Sparkle/admin/phpconfig/overview_edit.tpl +++ b/templates/Sparkle/admin/phpconfig/overview_edit.tpl @@ -80,6 +80,10 @@ $header {ADMIN} {$lng['admin']['phpconfig']['admin']} + + {DOCUMENT_ROOT} + {$lng['admin']['phpconfig']['docroot']} +