diff --git a/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc b/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc index 5ea11f61..dee89ef0 100644 --- a/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc +++ b/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc @@ -3163,29 +3163,14 @@ chmod +t /dev/shm /var/lib/php/sessions ==== Define size of upload and session options -Modify the file *`+/etc/php/*.*/*/php.ini+`* (the one for *apache*, the one for *cli* and for the *fpm*) to allow upload of bigger files: +Create a file */etc/php/sellyoursaas.ini* and enable it by adding the symlinks into *`/etc/php/*.*/*/php.ini+`* (the one for *apache*, the one for *cli* and for the *fpm*) to allow upload of bigger files: [source,bash] --------------- -upload_max_filesize = 50M - -post_max_size = 60M -max_input_vars = 4000 - -memory_limit = 256M - -session.gc_maxlifetime = 3600 - -session.use_strict_mode = 1 -session.use_only_cookies = 1 -session.cookie_httponly = 1 -session.cookie_samesite = Lax - -opcache.memory_consumption = 1024 -opcache.max_accelerated_files = 100000 -opcache.file_update_protection = 2 +include::repository_root/etc/apparmor.d/usr.bin.secureBash[] --------------- + ==== Disable some functions (optionnal) Complete also the parameter *disable_functions* for the *apache* and *fpm* file (NOT for the *cli*) by adding: @@ -3236,23 +3221,23 @@ ln /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/scripts/phpsendmailpr ln /home/admin/wwwroot/dolibarr/htdocs/custom/sellyoursaas/scripts/phpsendmail.php /usr/local/bin/ --------------- -Modify the file *php.ini* (the one for *apache* and the one for *cli*) with: +Create a file */etc/php/sellyoursaas.ini* with this content: [source,bash] --------------- -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = /usr/local/bin/phpsendmailprepend.php +include::repository_root/etc/apparmor.d/usr.bin.secureBash[] +--------------- -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -sendmail_path = /usr/local/bin/phpsendmail.php +Then enable it by adding the symlinks into *`/etc/php/*.*/*/php.ini+`* (the one for *apache*, the one for *cli* and for the *fpm*) to allow upload of bigger files: -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -mail.log = /var/log/phpmail.log +[source,bash] +--------------- +cd /etc/php/8.1/cli/conf.d/; ln -fs /etc/php/sellyoursaas.ini; +cd /etc/php/8.1/apache/conf.d/; ln -fs /etc/php/sellyoursaas.ini; +#cd /etc/php/8.1/fpm/conf.d/; ln -fs /etc/php/sellyoursaas.ini; --------------- + Create the files *phpmail.log* and *phpsendmail.log*: [source,bash] diff --git a/doc/Documentation SellYourSaas - Web portal - EN.asciidoc b/doc/Documentation SellYourSaas - Web portal - EN.asciidoc index b8592f79..81369df4 100644 --- a/doc/Documentation SellYourSaas - Web portal - EN.asciidoc +++ b/doc/Documentation SellYourSaas - Web portal - EN.asciidoc @@ -1509,20 +1509,21 @@ Mettre les droits en *drwx-wx-wt* sur le répertoire des sessions php */dev/shm/ ==== Define size of upload and session duration -Modify the file *php.ini* (the one for *apache* and the one for *cli*) to allow upload of bigger files: +Create a file */etc/php/sellyoursaas.ini* [source,bash] --------------- -upload_max_filesize = 20M +include::repository_root/etc/apparmor.d/usr.bin.secureBash[] +--------------- -post_max_size = 25M -max_input_vars = 4000 +But comment the line related to parameter *auto_prepend_file* and *sendmail_path*. -memory_limit = 256M +Then enable it by adding the symlinks into *`/etc/php/*.*/*/php.ini+`* (the one for *apache*, the one for *cli* and for the *fpm*) to allow upload of bigger files: -session.gc_maxlifetime = 3600 +[source,bash] +--------------- +cd /etc/php/8.1/fpm/conf.d/; ln -fs /etc/php/sellyoursaas.ini; --------------- - === Setup of logrotate @@ -1999,3 +2000,18 @@ We can see this error into */var/log/syslog.log*. Check the configuration file */etc/default/opendkim* and verify that the socket is SOCKET="inet:12345@localhost" +== Error fpm after upgrade + +If you have such kind of error: + +[Tue Aug 20 11:25:18.555744 2024] [proxy:error] [pid 1741] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed +[Tue Aug 20 11:25:18.555877 2024] [proxy_fcgi:error] [pid 1741] [client 82.64.109.15:46810] AH01079: failed to make connection to backend: httpd-UDS + +Check into /etc/apache2/conf-enabled that the correct version of php-fpm is enabled. If not, switch to the correct version, example: + +[source,bash] +--------------- +/usr/sbin/a2disconf php7.4-fpm; /usr/sbin/a2enconf php8.1-fpm; +--------------- + + diff --git a/etc/php/sellyoursaas.ini b/etc/php/sellyoursaas.ini new file mode 100644 index 00000000..4c5eb392 --- /dev/null +++ b/etc/php/sellyoursaas.ini @@ -0,0 +1,31 @@ +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,passthru,shell_exec,system,proc_open,popen,dl,apache_note,apache_setenv,show_source,virtual + +post_max_size = 20M +upload_max_filesize = 20M +max_input_vars = 4000 + +memory_limit = 256M + +session.gc_maxlifetime = 7200 + +session.use_strict_mode = 1 +session.use_only_cookies = 1 +session.cookie_httponly = 1 +session.cookie_samesite = Lax + +opcache.memory_consumption = 1024 +opcache.max_accelerated_files = 100000 +opcache.file_update_protection = 2 + + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = /usr/local/bin/phpsendmailprepend.php + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +sendmail_path = /usr/local/bin/phpsendmail.php + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +mail.log = /var/log/phpmail.log