/src/etc/rc.php_ini_setup - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/rc.php_ini_setup @ ba1f99cd

1	40e46009	Scott Ullrich	#!/bin/sh
2	de96a790	Scott Ullrich	#
3	ac24dc24	Renato Botelho	# rc.php_ini_setup
4			#
5			# part of pfSense (https://www.pfsense.org)
6	b8f91b7c	Luiz Souza	# Copyright (c) 2014-2018 Rubicon Communications, LLC (Netgate)
7	ac24dc24	Renato Botelho	# All rights reserved.
8			#
9	b12ea3fb	Renato Botelho	# Licensed under the Apache License, Version 2.0 (the "License");
10			# you may not use this file except in compliance with the License.
11			# You may obtain a copy of the License at
12	ac24dc24	Renato Botelho	#
13	b12ea3fb	Renato Botelho	# http://www.apache.org/licenses/LICENSE-2.0
14	ac24dc24	Renato Botelho	#
15	b12ea3fb	Renato Botelho	# Unless required by applicable law or agreed to in writing, software
16			# distributed under the License is distributed on an "AS IS" BASIS,
17			# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18			# See the License for the specific language governing permissions and
19			# limitations under the License.
20	ac24dc24	Renato Botelho	#
21	40e46009	Scott Ullrich
22			# Set our operating platform
23	45c4bc38	Renato Botelho	VERSION=`/bin/cat /etc/version`
24	5436d37a	Renato Botelho	MIN_REALMEM_FOR_OPCACHE=512
25	c44417f8	Scott Ullrich
26	d759f499	Renato Botelho	EXTENSIONSDIR="/usr/local/lib/php/20131226/"
27	79454450	Scott Ullrich
28	0d60f50a	Seth Mos	# Grab amount of memory that is detected
29	47eee8fa	Scott Ullrich	if [ -f /var/log/dmesg.boot ]; then
30	839cad07	smos	AVAILMEM=`/bin/cat /var/log/dmesg.boot \|/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'`
31	e173dd74	Phil Davis	else
32	839cad07	smos	AVAILMEM=`/sbin/dmesg -a \|/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'`
33	47eee8fa	Scott Ullrich	fi
34	c44417f8	Scott Ullrich
35	b713d790	Scott Ullrich	if [ -z "$AVAILMEM" ]; then
36	3c44c845	Luiz Souza	MEM=`/sbin/sysctl -q hw.physmem \| cut -d':' -f2`
37	51d0f816	Ermal	AVAILMEM=`/bin/expr $MEM / 1048576`
38	b713d790	Scott Ullrich	fi
39
40	73fa0178	Individual IT Services
41			# Get amount of ram installed on this system
42	3c44c845	Luiz Souza	REALMEM=`/sbin/sysctl -q hw.realmem \| /usr/bin/awk '{print $2/1048576}' \| /usr/bin/awk -F '.' '{print $1}'`
43	73fa0178	Individual IT Services	export REALMEM
44			export LOWMEM
45
46	5436d37a	Renato Botelho	if [ ${REALMEM} -lt $MIN_REALMEM_FOR_OPCACHE ]; then
47	73fa0178	Individual IT Services	LOWMEM="TRUE"
48	5436d37a	Renato Botelho	echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected. Not enabling opcache"
49			echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected. Not enabling opcache" \| /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup
50	73fa0178	Individual IT Services	else
51
52	5436d37a	Renato Botelho	# Calculate opcache memory size according
53	73fa0178	Individual IT Services	# to detected memory values
54			if [ "$AVAILMEM" -gt "135" ]; then
55	5436d37a	Renato Botelho	OPCACHEMEMSIZE="10"
56	73fa0178	Individual IT Services	fi
57			if [ "$AVAILMEM" -gt "256" ]; then
58	5436d37a	Renato Botelho	OPCACHEMEMSIZE="20"
59	73fa0178	Individual IT Services	fi
60			if [ "$AVAILMEM" -gt "384" ]; then
61	5436d37a	Renato Botelho	OPCACHEMEMSIZE="25"
62	73fa0178	Individual IT Services	fi
63			if [ "$AVAILMEM" -gt "512" ]; then
64	5436d37a	Renato Botelho	OPCACHEMEMSIZE="30"
65	73fa0178	Individual IT Services	fi
66			if [ "$AVAILMEM" -gt "784" ]; then
67	5436d37a	Renato Botelho	OPCACHEMEMSIZE="50"
68	73fa0178	Individual IT Services	fi
69	2b11ff4d	Scott Ullrich	fi
70	40e46009	Scott Ullrich
71	31c96a14	Scott Ullrich	# Set upload directory
72	dc61252a	Renato Botelho	UPLOADTMPDIR="/tmp"
73	31c96a14	Scott Ullrich
74	e173dd74	Phil Davis	# Define php modules. Do not add .so, it will
75	de96a790	Scott Ullrich	# be done automatically by the script below.
76	a4fc6ec7	Ermal	PHPMODULES="standard"
77	c25197ba	smos	# Config read/write
78			PHPMODULES="$PHPMODULES xml libxml dom"
79	e115bd22	Renato Botelho	PHPMODULES="$PHPMODULES SimpleXML xmlreader xmlwriter"
80	be1db1d3	Scott Ullrich	# Downloading via HTTP/FTP (pkg mgr, etc)
81	5556f3a1	Ermal	PHPMODULES="$PHPMODULES curl date"
82	e173dd74	Phil Davis	# Internationalization
83	5556f3a1	Ermal	PHPMODULES="$PHPMODULES gettext"
84	be1db1d3	Scott Ullrich	# User manager
85	5556f3a1	Ermal	PHPMODULES="$PHPMODULES ldap openssl pcntl"
86	d9867431	jim-p	PHPMODULES="$PHPMODULES hash"
87	b3765f4c	Roberto Nunnari	PHPMODULES="$PHPMODULES mcrypt"
88	be1db1d3	Scott Ullrich	# Regexs, PERL style!
89	5556f3a1	Ermal	PHPMODULES="$PHPMODULES pcre"
90	be1db1d3	Scott Ullrich	# The mighty posix!
91	5556f3a1	Ermal	PHPMODULES="$PHPMODULES posix"
92			PHPMODULES="$PHPMODULES readline"
93	be1db1d3	Scott Ullrich	# Login sessions
94	5556f3a1	Ermal	PHPMODULES="$PHPMODULES session"
95	be1db1d3	Scott Ullrich	# Extra sanity seatbelts
96	c25197ba	smos	PHPMODULES="$PHPMODULES suhosin"
97	fca48a65	Scott Ullrich	# Firewall rules edit
98	5556f3a1	Ermal	PHPMODULES="$PHPMODULES ctype"
99	16058a05	Scott Ullrich	# firewall_rules_edit.php
100	5556f3a1	Ermal	PHPMODULES="$PHPMODULES mbstring"
101			# Synchronization primitives
102			PHPMODULES="$PHPMODULES shmop"
103	be1db1d3	Scott Ullrich	# Page compression
104	5556f3a1	Ermal	PHPMODULES="$PHPMODULES zlib"
105			# SQLlite & Database
106			PHPMODULES="$PHPMODULES spl"
107	e115bd22	Renato Botelho	PHPMODULES="$PHPMODULES PDO"
108	6f657dfd	Renato Botelho	PHPMODULES="$PHPMODULES sqlite3"
109	04747c75	Warren Baker	# RADIUS
110			PHPMODULES="$PHPMODULES radius"
111	e929c925	Scott Ullrich	# ZeroMQ
112	5556f3a1	Ermal	PHPMODULES="$PHPMODULES zmq"
113			# pfSense extensions
114			PHPMODULES="$PHPMODULES pfSense"
115	a1f77238	Darren Embry	# json
116			PHPMODULES="$PHPMODULES json"
117	c1993935	jim-p	# bcmath
118			PHPMODULES="$PHPMODULES bcmath"
119	c28da0a7	Matt Smith	# filter
120			PHPMODULES="$PHPMODULES filter"
121	475f0b6d	Renato Botelho	# rrd
122			PHPMODULES="$PHPMODULES rrd"
123	e83dca8c	Scott Ullrich
124	aee36a29	Renato Botelho	PHP_ZEND_MODULES=""
125	8ef700da	Scott Ullrich
126	80d887d1	Scott Ullrich	# Modules previously included.
127	fcdf9492	Scott Ullrich	# can be turned on by touching
128	80d887d1	Scott Ullrich	# /etc/php_dynamodules/$modulename
129			# sysvmsg \
130			# sysvsem \
131			# sysvshm \
132			# bcmath \
133			# tokenizer \
134			# uploadprogress \
135			# sockets \
136			# Reflection \
137			# mysql \
138			# bz2 \
139
140	5556f3a1	Ermal	# Clear the .ini file to make sure we are clean
141	69b27c16	Scott Ullrich	if [ -f /usr/local/etc/php.ini ]; then
142	51d0f816	Ermal	/bin/rm /usr/local/etc/php.ini
143	69b27c16	Scott Ullrich	fi
144	cb7d18d5	Renato Botelho	LOADED_MODULES=`/usr/local/bin/php-cgi -m \| /usr/bin/grep -v "\["`
145	e83dca8c	Scott Ullrich
146	a5c36eb2	Renato Botelho	unset TIMEZONE
147	339b8893	Renato Botelho	# Fetch the timezone from /var/db/zoneinfo if present
148			if [ -f /var/db/zoneinfo ]; then
149			TIMEZONE=$(cat /var/db/zoneinfo)
150	a5c36eb2	Renato Botelho	fi
151
152			if [ -z "${TIMEZONE}" ]; then
153			# Second option is from config.xml
154			TIMEZONE=$(/usr/local/sbin/read_xml_tag.sh string system/timezone)
155			fi
156
157			if [ -z "${TIMEZONE}" ]; then
158	e4121dde	Renato Botelho	# Last option, use default value from $g or Etc/UTC
159			TIMEZONE=$(/usr/local/sbin/read_global_var default_timezone "Etc/UTC")
160	a5c36eb2	Renato Botelho	fi
161
162	45c4bc38	Renato Botelho	if echo "${VERSION}" \| grep -q RELEASE; then
163			error_reporting="error_reporting = E_ERROR \| E_PARSE"
164			else
165			error_reporting=""
166			fi
167
168	5556f3a1	Ermal	# Get a loaded module list in the stock php
169	2ed3203c	Scott Ullrich	# Populate a dummy php.ini to avoid
170			# the file being clobbered and the firewall
171			# not being able to boot back up.
172	3646fbcb	Renato Botelho	/bin/cat >/usr/local/etc/php.ini <<EOF
173	4b29393a	Scott Ullrich	; File generated from /etc/rc.php_ini_setup
174	40e46009	Scott Ullrich	output_buffering = "0"
175			expose_php = Off
176			implicit_flush = true
177			magic_quotes_gpc = Off
178	9d0be827	smos	max_execution_time = 900
179	062a5434	Chris Buechler	request_terminate_timeout = 900
180	7e824233	smos	max_input_time = 1800
181	e56374a8	NewEraCracker	max_input_vars = 5000
182	40e46009	Scott Ullrich	register_argc_argv = On
183	aa205c3b	Ermal	register_long_arrays = Off
184	362ec35d	Ermal	variables_order = "GPCS"
185	40e46009	Scott Ullrich	file_uploads = On
186	31c96a14	Scott Ullrich	upload_tmp_dir = ${UPLOADTMPDIR}
187	96325dba	Warren Baker	upload_max_filesize = 200M
188			post_max_size = 200M
189	40e46009	Scott Ullrich	html_errors = Off
190	f4015bd7	Scott Ullrich	zlib.output_compression = Off
191	40e46009	Scott Ullrich	zlib.output_compression_level = 1
192	ea0e22ee	Renato Botelho	include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear"
193	8919256f	Scott Ullrich	display_startup_errors=on
194			display_errors=on
195	baa2dba2	Scott Ullrich	log_errors=on
196			error_log=/tmp/PHP_errors.log
197	0804f515	Scott Ullrich	extension_dir=${EXTENSIONSDIR}
198	9d0be827	smos	date.timezone="${TIMEZONE}"
199	3e582e4f	NewEraCracker	session.hash_bits_per_character = 5
200			session.hash_function = 1
201	45c4bc38	Renato Botelho	${error_reporting}
202	40e46009	Scott Ullrich
203	4b29393a	Scott Ullrich	; Extensions
204	a8e61346	Ermal
205	40e46009	Scott Ullrich	EOF
206
207	e83dca8c	Scott Ullrich	# Loop through and generate modules to load.
208			# Take into account modules built into php.
209			for EXT in $PHPMODULES; do
210			SHOULDADD="true"
211	de96a790	Scott Ullrich	# Check to see if module is compiled into php statically
212	e83dca8c	Scott Ullrich	for LM in $LOADED_MODULES; do
213			if [ "$EXT" = "$LM" ]; then
214			SHOULDADD="false"
215			fi
216			done
217			if [ "$SHOULDADD" = "true" ]; then
218	de96a790	Scott Ullrich	# Ensure extension exists before adding.
219	69b27c16	Scott Ullrich	if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then
220	3646fbcb	Renato Botelho	echo "extension=${EXT}.so" >> /usr/local/etc/php.ini
221	0804f515	Scott Ullrich	fi
222	e83dca8c	Scott Ullrich	fi
223			done
224
225	8ef700da	Scott Ullrich	# Zend modules
226			for EXT in $PHP_ZEND_MODULES; do
227			# Ensure extension exists before adding.
228	aee36a29	Renato Botelho	if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then
229	3646fbcb	Renato Botelho	echo "zend_extension=${EXT}.so" >> /usr/local/etc/php.ini
230	8ef700da	Scott Ullrich	fi
231			done
232
233	73fa0178	Individual IT Services	if [ "$LOWMEM" != "TRUE" ]; then
234	40e46009	Scott Ullrich
235	3646fbcb	Renato Botelho	/bin/cat >>/usr/local/etc/php.ini <<EOF
236	e83dca8c	Scott Ullrich
237	5436d37a	Renato Botelho	; opcache Settings
238			opcache.enabled="1"
239			opcache.enable_cli="0"
240			opcache.memory_consumption="${OPCACHEMEMSIZE}"
241	40e46009	Scott Ullrich
242	a5c53d26	Renato Botelho	EOF
243			else
244	3646fbcb	Renato Botelho	/bin/cat >>/usr/local/etc/php.ini <<EOF
245	a5c53d26	Renato Botelho	; opcache Settings
246			opcache.enabled="0"
247	5556f3a1	Ermal	EOF
248			fi
249
250	3646fbcb	Renato Botelho	/bin/cat >>/usr/local/etc/php.ini <<EOF
251	5556f3a1	Ermal
252	a8e61346	Ermal	[suhosin]
253			suhosin.get.max_array_index_length = 256
254			suhosin.get.max_vars = 5000
255	4f1bace5	Ermal	suhosin.get.max_value_length = 500000
256	a8e61346	Ermal	suhosin.post.max_array_index_length = 256
257			suhosin.post.max_vars = 5000
258	4f1bace5	Ermal	suhosin.post.max_value_length = 500000
259	a8e61346	Ermal	suhosin.request.max_array_index_length = 256
260			suhosin.request.max_vars = 5000
261	4f1bace5	Ermal	suhosin.request.max_value_length = 500000
262	7edcc54b	NewEraCracker	suhosin.memory_limit = 805306368
263	a8e61346	Ermal
264	40e46009	Scott Ullrich	EOF
265
266
267	6d7ee1ab	Ermal	PHPFPMMAX=3
268	2c131b10	marjohn56	PHPFPMIDLE=30
269			PHPFPMSTART=1
270			PHPFPMSPARE=2
271			PHPFPMREQ=500
272	7b03748b	Ermal	if [ $REALMEM -lt 250 ]; then
273	6d7ee1ab	Ermal	PHPFPMMAX=2
274	2c131b10	marjohn56	PHPFPMIDLE=5
275			PHPFPMSTART=1
276			PHPFPMSPARE=1
277			PHPFPMREQ=500
278	4aea91d8	Ermal	elif [ ${REALMEM} -gt 1000 ]; then
279	2c131b10	marjohn56	PHPFPMMAX=8
280			PHPFPMIDLE=3600
281			PHPFPMSTART=2
282			PHPFPMSPARE=7
283	179377b0	robjarsen	PHPFPMREQ=5000
284	4aea91d8	Ermal	fi
285
286			/bin/cat > /usr/local/lib/php-fpm.conf <<EOF
287
288			[global]
289			pid = run/php-fpm.pid
290			error_log=syslog
291			syslog.facility = daemon
292	9e0fb701	Ermal	syslog.ident = system
293	3ffae79b	Ermal	log_level = error
294	4aea91d8	Ermal	daemonize = yes
295			events.mechanism = kqueue
296			process.max = ${PHPFPMMAX}
297
298	40880eec	Renato Botelho	[nginx]
299	4aea91d8	Ermal	user = root
300			group = wheel
301			;mode = 0600
302
303			listen = /var/run/php-fpm.socket
304			listen.owner = root
305			listen.group = wheel
306			listen.mode = 0600
307
308			security.limit_extensions =
309
310	5293c5c7	Warren Baker	; Pass environment variables
311			env[PATH] = /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
312	75b8eb83	Renato Botelho	env[LOGNAME] = root
313	5293c5c7	Warren Baker
314	4aea91d8	Ermal	EOF
315
316	5be2085a	Ermal	if [ $REALMEM -lt 350 ]; then
317	4aea91d8	Ermal	/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
318
319			pm = ondemand
320	2c131b10	marjohn56	pm.process_idle_timeout = $PHPFPMIDLE
321	6d7ee1ab	Ermal	pm.max_children = $PHPFPMMAX
322	2c131b10	marjohn56	pm.max_requests = $PHPFPMREQ
323	4aea91d8	Ermal	EOF
324
325			elif [ $REALMEM -gt 1000 ]; then
326			/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
327
328			pm = dynamic
329	2c131b10	marjohn56	pm.process_idle_timeout = $PHPFPMIDLE
330	6d7ee1ab	Ermal	pm.max_children = $PHPFPMMAX
331	2c131b10	marjohn56	pm.start_servers = $PHPFPMSTART
332			pm.max_requests = $PHPFPMREQ
333	4aea91d8	Ermal	pm.min_spare_servers=1
334	2c131b10	marjohn56	pm.max_spare_servers= $PHPFPMSPARE
335
336	4aea91d8	Ermal	EOF
337			else
338
339			/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
340
341			pm = static
342	6d7ee1ab	Ermal	pm.max_children = $PHPFPMMAX
343	2c131b10	marjohn56	pm.max_requests = $PHPFPMREQ
344	4aea91d8	Ermal	EOF
345
346			fi
347
348	418fdfb3	PiBa-NL	# Add status url for php-fpm this will only be made available from localhost through nginx 'allow 127.0.0.1'
349			/bin/cat >> /usr/local/lib/php-fpm.conf <<EOF
350			pm.status_path = /status
351
352			EOF
353
354	e1fda0c0	Scott Ullrich	# Remove old log file if it exists.
355			if [ -f /var/run/php_modules_load_errors.txt ]; then
356	51d0f816	Ermal	/bin/rm /var/run/php_modules_load_errors.txt
357	e173dd74	Phil Davis	fi
358	e1fda0c0	Scott Ullrich
359	7030262c	Scott Ullrich	for EXT in $PHPMODULES; do
360	51d0f816	Ermal	PHPMODULESLC="$PHPMODULESLC `echo "$EXT" \| /usr/bin/tr '[:upper:]' '[:lower:]'`"
361	7030262c	Scott Ullrich	done
362
363	e1fda0c0	Scott Ullrich	# Check loaded modules and remove anything that did not load correctly
364	cb7d18d5	Renato Botelho	LOADED_MODULES=`/usr/local/bin/php-cgi -m \| /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null \| /usr/bin/grep -v "\["`
365	7030262c	Scott Ullrich	for EXT in $PHPMODULESLC; do
366	e1fda0c0	Scott Ullrich	SHOULDREMOVE="true"
367			for LM in $LOADED_MODULES; do
368			if [ "$EXT" = "$LM" ]; then
369			SHOULDREMOVE="false"
370	14dd1631	Renato Botelho	break
371	e173dd74	Phil Davis	fi
372	e1fda0c0	Scott Ullrich	done
373	1e86e897	Scott Ullrich	# Handle low memory situations
374	8ee1dc80	Scott Ullrich	if [ "$LOWMEM" = "TRUE" ]; then
375	5436d37a	Renato Botelho	if [ "$EXT" = "opcache" ]; then
376	8ee1dc80	Scott Ullrich	SHOULDREMOVE="true"
377			fi
378			if [ "$EXT" = "xcache" ]; then
379			SHOULDREMOVE="true"
380			fi
381			fi
382	e1fda0c0	Scott Ullrich	if [ "$SHOULDREMOVE" = "true" ]; then
383			if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then
384			echo ">>> ${EXT} did not load correctly. Removing from php.ini..." >> /var/run/php_modules_load_errors.txt
385	3646fbcb	Renato Botelho	/bin/cat /usr/local/etc/php.ini \| /usr/bin/grep -v $EXT > /tmp/php.ini
386			/bin/rm -f /usr/local/etc/php.ini
387			/bin/mv /tmp/php.ini /usr/local/etc/php.ini
388	e1fda0c0	Scott Ullrich	fi
389			fi
390			done

Project

General

Profile

pfSense