pfSense

#!/bin/sh

#

#	rc.php_ini_setup

#	Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>

#	All rights reserved.

#

#	Redistribution and use in source and binary forms, with or without

#	modification, are permitted provided that the following conditions are met:

#

#	1. Redistributions of source code must retain the above copyright notice,

#	   this list of conditions and the following disclaimer.

#

#	2. Redistributions in binary form must reproduce the above copyright

#	   notice, this list of conditions and the following disclaimer in the

#	   documentation and/or other materials provided with the distribution.

#

#	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,

#	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

#	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

#	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

#	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

#	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

#	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

#	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

#	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

#	POSSIBILITY OF SUCH DAMAGE.

# Set our operating platform

PLATFORM=`/bin/cat /etc/platform`

MIN_REALMEM_FOR_APC=512

if [ -d /usr/local/lib/php/20090626 ]; then

	EXTENSIONSDIR="/usr/local/lib/php/20090626/"

else

	EXTENSIONSDIR="/usr/local/lib/php/20060613/"

fi

# Grab amount of memory that is detected

if [ -f /var/log/dmesg.boot ]; then

	AVAILMEM=`/bin/cat /var/log/dmesg.boot |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'`

else 

	AVAILMEM=`/sbin/dmesg -a |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'`

fi

if [ -z "$AVAILMEM" ]; then

	MEM=`/sbin/sysctl hw.physmem | cut -d':' -f2`

	AVAILMEM=`/bin/expr $MEM / 1048576`

fi

# Get amount of ram installed on this system

REALMEM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1048576}' | /usr/bin/awk -F '.' '{print $1}'`

export REALMEM

export LOWMEM

if [  ${REALMEM} -lt $MIN_REALMEM_FOR_APC ]; then

	LOWMEM="TRUE"

	echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected.  Not enabling APC."

	echo ">>> Under $MIN_REALMEM_FOR_APC megabytes of ram detected.  Not enabling APC." | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup

else

	# Calculate APC SHM size according 

	# to detected memory values

	if [ "$AVAILMEM" -gt "135" ]; then

		APCSHMEMSIZE="10M"

	fi

	if [ "$AVAILMEM" -gt "256" ]; then

		APCSHMEMSIZE="20M"

	fi

	if [ "$AVAILMEM" -gt "384" ]; then

		APCSHMEMSIZE="25M"

	fi

	if [ "$AVAILMEM" -gt "512" ]; then

		APCSHMEMSIZE="30M"

	fi

	if [ "$AVAILMEM" -gt "784" ]; then

		APCSHMEMSIZE="50M"

	fi

fi

# Set upload directory

if [ "$PLATFORM" = "embedded" -o "$PLATFORM" = "nanobsd" ]; then

	UPLOADTMPDIR=`/usr/bin/grep upload_path /etc/inc/globals.inc | /usr/bin/cut -d'"' -f4`

else 

	UPLOADTMPDIR="/tmp"

fi

# Define php modules.  Do not add .so, it will  

# be done automatically by the script below.

PHPMODULES="standard"

if [ "$LOWMEM" != "TRUE" ]; then

	PHPMODULES="$PHPMODULES apc"

fi

# Config read/write

PHPMODULES="$PHPMODULES xml libxml dom"

PHPMODULES="$PHPMODULES simplexml xmlreader xmlwriter"

# Downloading via HTTP/FTP (pkg mgr, etc)

PHPMODULES="$PHPMODULES curl date"

# Internationalization 

PHPMODULES="$PHPMODULES gettext"

# User manager

PHPMODULES="$PHPMODULES ldap openssl pcntl"

PHPMODULES="$PHPMODULES hash"

PHPMODULES="$PHPMODULES mcrypt"

# Regexs, PERL style!

PHPMODULES="$PHPMODULES pcre"

# The mighty posix!

PHPMODULES="$PHPMODULES posix"

PHPMODULES="$PHPMODULES readline"

# Login sessions

PHPMODULES="$PHPMODULES session"

# Extra sanity seatbelts

PHPMODULES="$PHPMODULES suhosin"

# Firewall rules edit

PHPMODULES="$PHPMODULES ctype"

# firewall_rules_edit.php

PHPMODULES="$PHPMODULES mbstring"

# Synchronization primitives

PHPMODULES="$PHPMODULES shmop"

# Page compression

PHPMODULES="$PHPMODULES zlib"

# SQLlite & Database

PHPMODULES="$PHPMODULES spl"

PHPMODULES="$PHPMODULES pdo"

PHPMODULES="$PHPMODULES sqlite"

# RADIUS

PHPMODULES="$PHPMODULES radius"

# ZeroMQ

PHPMODULES="$PHPMODULES zmq"

# SSH2

PHPMODULES="$PHPMODULES ssh2"

# pfSense extensions

PHPMODULES="$PHPMODULES pfSense"

# json

PHPMODULES="$PHPMODULES json"

# bcmath

PHPMODULES="$PHPMODULES bcmath"

PHP_ZEND_MODULES="ioncube_loader"

PHP_ZEND_MODULES_TS="ioncube_loader_ts"

# Modules previously included.

# can be turned on by touching

# /etc/php_dynamodules/$modulename

#	sysvmsg \

#	sysvsem \

#	sysvshm \

#	bcmath \

#	tokenizer \

#	uploadprogress \

#	sockets \

#	Reflection \

#	mysql \

#	bz2	\

# Clear the .ini file to make sure we are clean

if [ -f /usr/local/etc/php.ini ]; then

	/bin/rm /usr/local/etc/php.ini

fi

if [ -f /usr/local/lib/php.ini ]; then

	/bin/rm /usr/local/lib/php.ini

fi

LOADED_MODULES=`/usr/local/bin/php -m | /usr/bin/grep -v "\["`

# Fetch the timezone from the XML and set it here. We set it later too in the running scripts

TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'`

# Get a loaded module list in the stock php

# Populate a dummy php.ini to avoid

# the file being clobbered and the firewall

# not being able to boot back up.

/bin/cat >/usr/local/lib/php.ini <<EOF

; File generated from /etc/rc.php_ini_setup

output_buffering = "0"

expose_php = Off

implicit_flush = true

magic_quotes_gpc = Off

max_execution_time = 900

max_input_time = 1800

register_argc_argv = On

register_long_arrays = Off

variables_order = "GPCS"

file_uploads = On

upload_tmp_dir = ${UPLOADTMPDIR}

upload_max_filesize = 200M

post_max_size = 200M

html_errors = Off

zlib.output_compression = Off

zlib.output_compression_level = 1

include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg"

display_startup_errors=on

display_errors=on

log_errors=on

error_log=/tmp/PHP_errors.log

extension_dir=${EXTENSIONSDIR}

date.timezone="${TIMEZONE}"

; Extensions

EOF

# Copy php.ini file to etc/ too (cli)

/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini

# Ensure directory exists

if [ ! -d /etc/php_dynamodules ]; then

	/bin/mkdir /etc/php_dynamodules

fi

if [ ! -d /etc/php_dynamodules_zend ]; then

	/bin/mkdir /etc/php_dynamodules_zend

fi

if [ ! -d /etc/php_dynamodules_zend_ts ]; then

	/bin/mkdir /etc/php_dynamodules_zend_ts

fi

# Read in dynamodules

if [ -d /etc/php_dynamodules ]; then

	DYNA_MODULES=`/bin/ls -Utr /etc/php_dynamodules/`

	PHPMODULES="$PHPMODULES $DYNA_MODULES"

fi

# Read in zend modules

if [ -d /etc/php_dynamodules_zend ]; then

	DYNA_MODULES=`/bin/ls /etc/php_dynamodules_zend/`

	PHP_ZEND_MODULES="$PHP_ZEND_MODULES $DYNA_MODULES"

fi

# Read in zend threaded modules

if [ -d /etc/php_dynamodules_zend_ts ]; then

	DYNA_MODULES=`/bin/ls /etc/php_dynamodules_zend_ts/`

	PHP_ZEND_MODULES_TS="$PHP_ZEND_MODULES_TS $DYNA_MODULES"

fi

# Loop through and generate modules to load.

# Take into account modules built into php.

for EXT in $PHPMODULES; do

	SHOULDADD="true"

	# Check to see if module is compiled into php statically

	for LM in $LOADED_MODULES; do

		if [ "$EXT" = "$LM" ]; then

			SHOULDADD="false"

		fi

	done

	if [ "$SHOULDADD" = "true" ]; then

		# Ensure extension exists before adding.

		if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then

			echo "extension=${EXT}.so" >> /usr/local/lib/php.ini

		fi

	fi

done

# Zend modules

for EXT in $PHP_ZEND_MODULES; do

	# Ensure extension exists before adding.

	if [ -f "${EXTENSIONSDIR}/ioncube/${EXT}.so" ]; then

		echo "zend_extension=${EXTENSIONSDIR}/ioncube/${EXT}.so" >> /usr/local/lib/php.ini

	fi

done

# Zend threaded modules

for EXT in $PHP_ZEND_MODULES_TS; do

	# Ensure extension exists before adding.

	if [ -f "${EXTENSIONSDIR}/ioncube/${EXT}.so" ]; then

		echo "zend_extension_ts=${EXTENSIONSDIR}/ioncube/${EXT}.so" >> /usr/local/lib/php.ini

	fi

done

if [ "$LOWMEM" != "TRUE" ]; then

	/bin/cat >>/usr/local/lib/php.ini <<EOF

; APC Settings

apc.enabled="1"

apc.enable_cli="0"

apc.shm_size="${APCSHMEMSIZE}"

EOF

fi

	/bin/cat >>/usr/local/lib/php.ini <<EOF

[suhosin]

suhosin.get.max_array_depth = 5000

suhosin.get.max_array_index_length = 256

suhosin.get.max_vars = 5000

suhosin.get.max_value_length = 500000

suhosin.post.max_array_depth = 5000

suhosin.post.max_array_index_length = 256

suhosin.post.max_vars = 5000

suhosin.post.max_value_length = 500000

suhosin.request.max_array_depth = 5000

suhosin.request.max_array_index_length = 256

suhosin.request.max_vars = 5000

suhosin.request.max_value_length = 500000

suhosin.memory_limit = 512435456

EOF

PHPFPMMAX=3

if [ $REALMEM -lt 250 ]; then

	PHPFPMMAX=2

elif [ ${REALMEM} -gt 1000 ]; then

	PHPFPMMAX=4

fi

/bin/cat > /usr/local/lib/php-fpm.conf <<EOF

[global]

pid = run/php-fpm.pid

error_log=syslog

syslog.facility = daemon

syslog.ident = system

log_level = notice

daemonize = yes

events.mechanism = kqueue

process.max = ${PHPFPMMAX}

[lighty]

user = root

group = wheel

;mode = 0600

listen = /var/run/php-fpm.socket

listen.owner = root

listen.group = wheel

listen.mode = 0600

security.limit_extensions =

; Pass environment variables

env[PATH] = /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

EOF

if [ $REALMEM -lt 350 ]; then

	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF

pm = ondemand

pm.process_idle_timeout = 5

pm.max_children = $PHPFPMMAX

pm.max_requests = 500

EOF

elif [ $REALMEM -gt 1000 ]; then

	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF

pm = dynamic

pm.process_idle_timeout = 5

pm.max_children = $PHPFPMMAX

pm.start_servers = 1

pm.max_requests = 500

pm.min_spare_servers=1

pm.max_spare_servers=1

EOF

else

	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF

pm = static

pm.max_children = $PHPFPMMAX

pm.max_requests = 500

EOF

fi

# Copy php.ini file to etc/ too (cli)

/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini

# Remove old log file if it exists.

if [ -f /var/run/php_modules_load_errors.txt ]; then

	/bin/rm /var/run/php_modules_load_errors.txt

fi 

for EXT in $PHPMODULES; do

	PHPMODULESLC="$PHPMODULESLC `echo "$EXT" | /usr/bin/tr '[:upper:]' '[:lower:]'`"

done

# Check loaded modules and remove anything that did not load correctly

LOADED_MODULES=`/usr/local/bin/php -m | /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null | /usr/bin/grep -v "\["`

for EXT in $PHPMODULESLC; do

	SHOULDREMOVE="true"

	for LM in $LOADED_MODULES; do

		if [ "$EXT" = "$LM" ]; then

			SHOULDREMOVE="false"

		fi		

	done

	# Handle low memory situations

	if [ "$LOWMEM" = "TRUE" ]; then

		if [ "$EXT" = "apc" ]; then

			SHOULDREMOVE="true"

		fi

		if [ "$EXT" = "xcache" ]; then

			SHOULDREMOVE="true"

		fi

	fi

	if [ "$SHOULDREMOVE" = "true" ]; then

		if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then

			echo ">>> ${EXT} did not load correctly.  Removing from php.ini..." >> /var/run/php_modules_load_errors.txt

			/bin/cat /usr/local/lib/php.ini | /usr/bin/grep -v $EXT > /tmp/php.ini

			/bin/rm -f /usr/local/lib/php.ini

			/bin/mv /tmp/php.ini /usr/local/lib/php.ini

		fi

	fi

done

# Copy php.ini file to etc/ too (cli)

/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini