You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93 lines
4.7 KiB
Plaintext
93 lines
4.7 KiB
Plaintext
{
|
|
use esmith::ConfigDB;
|
|
use esmith::php;
|
|
my $c = esmith::ConfigDB->open_ro || die "Couldn't opeen the configuration database\n";
|
|
my $horde = $c->get( "horde" );
|
|
|
|
my $version = PhpFpmVersionToUse($horde,"72"); #$horde->prop('PHPVersion') || '72';
|
|
my $status = $horde->prop('status') || 'disabled';
|
|
return unless ($status eq 'enabled' && $version eq $PHP_VERSION);
|
|
my $key = $horde->key;
|
|
my $pool_name = lc $key;
|
|
my $memory_limit = $horde->prop('PHPMemoryLimit') || '128M';
|
|
my $max_execution_time = $horde->prop('PHPMaxExecutionTime') || '30';
|
|
my $max_input_time = $horde->prop('PHPMaxInputTime') || '60';
|
|
my $allow_url_fopen = $horde->prop('PHPAllowUrlFopen') || 'disabled';
|
|
my $post_max_size = $horde->prop('PHPPostMaxSize') || '10M';
|
|
my $upload_max_filesize = $horde->prop('PHPUploadMaxFilesize') || '10M';
|
|
my $file_upload = $horde->prop('PHPFileUpload') || 'enabled';
|
|
my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data/:/usr/share/php".
|
|
":/opt/remi/php55/root/usr/share/pear-data/:/opt/remi/php56/root/usr/share/pear-data/".
|
|
":/opt/remi/php70/root/usr/share/pear-data/:/opt/remi/php71/root/usr/share/pear-data/:/opt/remi/php72/root/usr/share/pear-data/: /opt/remi/php73/root/usr/share/pear-data/: /opt/remi/php74/root/usr/share/pear-data/".
|
|
":/opt/remi/php55/root/usr/share/pear/:/opt/remi/php56/root/usr/share/pear/".
|
|
":/opt/remi/php70/root/usr/share/pear/:/opt/remi/php71/root/usr/share/pear/:/opt/remi/php72/root/usr/share/pear/: /opt/remi/php73/root/usr/share/pear/: /opt/remi/php74/root/usr/share/pear/" ;
|
|
my $open_basedir = $horde->prop('PHPBaseDir') || '/usr/share/horde' .
|
|
':/etc/horde/' .
|
|
':/var/lib/php/' . $key .
|
|
":$include_path" .
|
|
":/etc/resolv.conf".
|
|
":/usr/bin/gpg:/usr/bin/gpg2:/usr/bin/hunspell:/usr/bin/openssl:/home/e-smith/ssl.crt/:/usr/bin/convert:/usr/bin/identify:/usr/bin/misc/magic".
|
|
":/usr/bin/quota:/bin/grep:/etc/mtab";
|
|
# needed for php-fpm 5.4, does not seem to handle the sys_temp_dir
|
|
# not that a security concern as systemd use a rooted /tmp
|
|
$open_basedir .= ":/tmp/" if $version eq "";
|
|
my $disabled_functions = $horde->prop('PHPDisabledFunctions') || 'system,show_source,' .
|
|
'symlink,exec,dl,shell_exec,' .
|
|
'passthru,phpinfo,' .
|
|
'escapeshellarg,escapeshellcmd';
|
|
my $MailForceSender = $horde->prop('MailForceSender') || "$name\@$DomainName";
|
|
# Format vars
|
|
$file_upload = ($file_upload =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
|
|
$allow_url_fopen = "off" ; # ($allow_url_fopen =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
|
|
$disabled_functions = join(', ', split /[,;:]/, $disabled_functions);
|
|
$open_basedir = join(':', split(/[,;:]/, $open_basedir . ",/usr/share/php"));
|
|
|
|
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);
|
|
|
|
[$pool_name]
|
|
user = www
|
|
group = www
|
|
listen.owner = root
|
|
listen.group = www
|
|
listen.mode = 0660
|
|
listen = /var/run/php-fpm/php$version-$pool_name.sock
|
|
pm = dynamic
|
|
pm.max_children = 15
|
|
pm.start_servers = 3
|
|
pm.min_spare_servers = 3
|
|
pm.max_spare_servers = 4
|
|
pm.max_requests = 1000
|
|
slowlog = /var/log/$key/slow.log
|
|
php_admin_value[session.save_path] = /var/lib/php/$key/session
|
|
php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache
|
|
php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
|
|
php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp
|
|
php_admin_value[mail.force_extra_parameters] = '-f $MailForceSender'
|
|
php_admin_flag[display_errors] = off
|
|
php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE
|
|
php_admin_value[error_log] = /var/log/$key/error.log
|
|
php_admin_value[memory_limit] = $memory_limit
|
|
php_admin_value[max_execution_time] = $max_execution_time
|
|
php_admin_value[post_max_size] = $post_max_size
|
|
php_admin_value[upload_max_filesize] = $upload_max_filesize
|
|
php_admin_value[max_input_time] = $max_input_time
|
|
php_admin_value[disable_functions] = $disabled_functions
|
|
php_admin_flag[allow_url_fopen] = $allow_url_fopen
|
|
php_admin_flag[file_upload] = $file_upload
|
|
php_admin_flag[session.cookie_httponly] = on
|
|
php_admin_flag[allow_url_include] = off
|
|
php_admin_value[session.save_handler] = files
|
|
php_admin_value[open_basedir] = $open_basedir
|
|
|
|
php_admin_value[auto_prepend_file] = /usr/share/php/auth_translation.php
|
|
php_value[include_path] = $include_path
|
|
php_flag[magic_quotes_gpc] = off
|
|
php_flag[track_vars] = on
|
|
php_flag[session.use_trans_sid] = off
|
|
|
|
|
|
_EOF
|
|
|
|
|
|
}
|