Discussion:
[devinfo] Working on better PHP support
Daniel Berteaud
2017-07-05 08:17:03 UTC
Permalink
Hi.

FYI, I've started working on https://bugs.contribs.org/show_bug.cgi?id=10335

I have several goals, which I hope to reach one step at a time. I'll
take a lot of inspiration from the smeserver-php-scl contrib from
Stéphane, as from a user POV, it's quite similar, but there will in fact
be a lot of differences under the hood.

The main differences with smeserver-php-scl:

* Use FPM instead of CGI, which should gives much higher performances.
This will also open the door to a better security model where each
ibay can have its own PHP pool, executed under a dedicated user
account. It'll also be possible to create additional pools for
contribs if you need particular PHP settings
* Reduce code duplication. Most, if not all the templates for the
different PHP versions can be the same, the small differences can be
managed with some variables passed in MORE_DATA (in a
templates.metadata file)
* I don't intend to support php54 and php55 (unless someone convince
me otherwise)
* Make it super easy to add support for future PHP major versions
(just a template metadata and some defaults in the DB)
* I don't intend to support switching the version of mod_php. In fact,
one of my goal is to ditch mod_php entirely, and only use FPM. Once
this step is achieved, we'll be able to switch to httpd to MPM
worker, which should give better performances too

Here's what I want to achieve (more or less in order of priority)

* Create one default FPM pool per major, supported PHP versions. One
for the default PHP (5.3 on SME9, 5.4 on SME10), php56, php70 and php71
* Provides stricter defaults settings, like disable dangerous
functions (system, show_source, symlink, exec, dl, shell_exec,
passthru, phpinfo, escapeshellarg, escapeshellcmd)
* Add support for mod_proxy_fcgi in Apache
* Switch some contribs to use this instead of mod_php
* Add support for defining custom FPM pools in a DB
* Switch Shared Folders contrib to use it (before ibays, Shared
Folders will be a good playground)
* Create automatically one FPM pool for each ibay which has dynamic
content enabled, running under the ibay account
* Audit if we need any permission changes applied on ibay to have
execution done by the ibay account instead of www (not that www will
still need read access to every ibay because httpd itself still
needs to access files, but we could restrict this to a read only
access, with the ibay account having write access. This can provide
a much better isolation between applications because it'll be harder
to compromise the www account, and if an app is compromised, it will
be harder to gain more info, or compromise other apps on the same
server)
* Switch horde to use an FPM pool
* Convert all the contribs we can to use an FPM pool
* Remove support for mod_php
* Switch to MPM worker
* Be happy with a much better PHP support :-)

I have just started this, and am at the very beginning of the project. I
can't give any ETA.


++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
stephane de Labrusse
2017-07-05 16:02:46 UTC
Permalink
Nice project :)

If you drop the support of php-mod, then you cannot change the php
settings on the fly with php-admin in the virtualhost. Apache is no more
the handler of php with php-fpm. How do you want to work with this. It
is cool to set different limits with different sharefolders/ibays
Post by Daniel Berteaud
Hi.
FYI, I've started working on
https://bugs.contribs.org/show_bug.cgi?id=10335
I have several goals, which I hope to reach one step at a time. I'll
take a lot of inspiration from the smeserver-php-scl contrib from
Stéphane, as from a user POV, it's quite similar, but there will in
fact be a lot of differences under the hood.
* Use FPM instead of CGI, which should gives much higher
performances. This will also open the door to a better security
model where each ibay can have its own PHP pool, executed under a
dedicated user account. It'll also be possible to create
additional pools for contribs if you need particular PHP settings
* Reduce code duplication. Most, if not all the templates for the
different PHP versions can be the same, the small differences can
be managed with some variables passed in MORE_DATA (in a
templates.metadata file)
* I don't intend to support php54 and php55 (unless someone convince
me otherwise)
* Make it super easy to add support for future PHP major versions
(just a template metadata and some defaults in the DB)
* I don't intend to support switching the version of mod_php. In
fact, one of my goal is to ditch mod_php entirely, and only use
FPM. Once this step is achieved, we'll be able to switch to httpd
to MPM worker, which should give better performances too
Here's what I want to achieve (more or less in order of priority)
* Create one default FPM pool per major, supported PHP versions. One
for the default PHP (5.3 on SME9, 5.4 on SME10), php56, php70 and php71
* Provides stricter defaults settings, like disable dangerous
functions (system, show_source, symlink, exec, dl, shell_exec,
passthru, phpinfo, escapeshellarg, escapeshellcmd)
* Add support for mod_proxy_fcgi in Apache
* Switch some contribs to use this instead of mod_php
* Add support for defining custom FPM pools in a DB
* Switch Shared Folders contrib to use it (before ibays, Shared
Folders will be a good playground)
* Create automatically one FPM pool for each ibay which has dynamic
content enabled, running under the ibay account
* Audit if we need any permission changes applied on ibay to have
execution done by the ibay account instead of www (not that www
will still need read access to every ibay because httpd itself
still needs to access files, but we could restrict this to a read
only access, with the ibay account having write access. This can
provide a much better isolation between applications because it'll
be harder to compromise the www account, and if an app is
compromised, it will be harder to gain more info, or compromise
other apps on the same server)
* Switch horde to use an FPM pool
* Convert all the contribs we can to use an FPM pool
* Remove support for mod_php
* Switch to MPM worker
* Be happy with a much better PHP support :-)
I have just started this, and am at the very beginning of the project.
I can't give any ETA.
++
--
Logo FWS
*Daniel Berteaud*
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
_______________________________________________
Server Development Discussion
Searchable archive at https://lists.contribs.org/mailman/public/devinfo/
--
Cordialement

Stéphane de Labrusse
Membre de l'Aru2L http://www.aru2L.org

PORTABLE : 06 29 19 12 99
DOMICILE : 05 65 78 90 72
WEB : http://geekeries.de-labrusse.fr
PGP : 1CBB5BB0
Daniel Berteaud
2017-07-05 16:05:42 UTC
Permalink
Post by stephane de Labrusse
Nice project :)
Hi Stéphane. Glad to see you around :-)
Post by stephane de Labrusse
If you drop the support of php-mod, then you cannot change the php
settings on the fly with php-admin in the virtualhost. Apache is no
more the handler of php with php-fpm. How do you want to work with
this. It is cool to set different limits with different sharefolders/ibays
That's the beauty of FPM: you can run as many pools as you need. I want
to provide a default pool with settings which should satisfy most apps,
but for those which need finer tuning, then the best thing to do is to
create another FPM pool (using the PHP version you want)

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
stephane de Labrusse
2017-07-05 16:52:23 UTC
Permalink
Hi daniel :)

I'm starting to see where you want to go

http://php.net/manual/en/install.fpm.configuration.php

I saw one drawback, you need an opened port per ibay, if you want to
customize the php setting in this ibay

Do I'm right ?
Post by Daniel Berteaud
Post by stephane de Labrusse
Nice project :)
Hi Stéphane. Glad to see you around :-)
Post by stephane de Labrusse
If you drop the support of php-mod, then you cannot change the php
settings on the fly with php-admin in the virtualhost. Apache is no
more the handler of php with php-fpm. How do you want to work with
this. It is cool to set different limits with different
sharefolders/ibays
That's the beauty of FPM: you can run as many pools as you need. I
want to provide a default pool with settings which should satisfy most
apps, but for those which need finer tuning, then the best thing to do
is to create another FPM pool (using the PHP version you want)
++
--
Logo FWS
*Daniel Berteaud*
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
_______________________________________________
Server Development Discussion
Searchable archive at https://lists.contribs.org/mailman/public/devinfo/
--
Cordialement

Stéphane de Labrusse
Membre de l'Aru2L http://www.aru2L.org

PORTABLE : 06 29 19 12 99
DOMICILE : 05 65 78 90 72
WEB : http://geekeries.de-labrusse.fr
PGP : 1CBB5BB0
Daniel Berteaud
2017-07-05 16:57:04 UTC
Permalink
Post by stephane de Labrusse
Hi daniel :)
I'm starting to see where you want to go
http://php.net/manual/en/install.fpm.configuration.php
I saw one drawback, you need an opened port per ibay, if you want to
customize the php setting in this ibay
Do I'm right ?
Not necessarily, as FPM can be contacted through a UNIX socket. I need
to check if mod_proxy_fcgi on SME9 supports it, but on EL7 (and so on
SME10), it works for sure as I use it a lot. So it would just mean on
socket per ibay in /var/run/php-fpm/

Anyway, even if we were forced to use a TCP socket, it wouldn't be a big
deal as the port would bind only on 127.0.0.1.

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Daniel Berteaud
2017-07-05 17:01:35 UTC
Permalink
Post by Daniel Berteaud
Post by stephane de Labrusse
Hi daniel :)
I'm starting to see where you want to go
http://php.net/manual/en/install.fpm.configuration.php
I saw one drawback, you need an opened port per ibay, if you want to
customize the php setting in this ibay
Do I'm right ?
Not necessarily, as FPM can be contacted through a UNIX socket. I need
to check if mod_proxy_fcgi on SME9 supports it, but on EL7 (and so on
SME10), it works for sure as I use it a lot. So it would just mean on
socket per ibay in /var/run/php-fpm/
Anyway, even if we were forced to use a TCP socket, it wouldn't be a
big deal as the port would bind only on 127.0.0.1.
But I agree it'd be a pain in the %*$=# as we would have to manage port
allocation

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Daniel Berteaud
2017-07-06 10:43:47 UTC
Permalink
Post by Daniel Berteaud
But I agree it'd be a pain in the %*$=# as we would have to manage
port allocation
Unfortunately, mod_proxy_fcgi backported for httpd 2.2 has severe
limitations compared to the one for httpd 2.4 (see
https://github.com/ceph/mod-proxy-fcgi), including:

* No UNIX socket support (only TCP, which means we have to manage port
allocation)
* No SetHandler statement, only ProxyPass* ones are supported, which
make it much harder to use

That means it'll be harder than I initially though to have this running
on SME9 (which is my current goal). It shouldn't be a problem on SME10
though


++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
John Crisp
2017-10-05 13:00:32 UTC
Permalink
Post by Daniel Berteaud
Post by Daniel Berteaud
But I agree it'd be a pain in the %*$=# as we would have to manage
port allocation
Unfortunately, mod_proxy_fcgi backported for httpd 2.2 has severe
limitations compared to the one for httpd 2.4 (see
* No UNIX socket support (only TCP, which means we have to manage port
allocation)
* No SetHandler statement, only ProxyPass* ones are supported, which
make it much harder to use
That means it'll be harder than I initially though to have this running
on SME9 (which is my current goal). It shouldn't be a problem on SME10
though
Dan,

on SME v9 I use mod_proxy for rocketchat

What are the ramifications for mod_proxy of installing your contrib ?

Rgds
JC
_______________________________________________
Server Development Discussion
To unsubscribe, e-mail devinfo-***@lists.contribs.org
Searchable archive at
Daniel Berteaud
2017-10-05 13:08:15 UTC
Permalink
Post by John Crisp
Dan,
on SME v9 I use mod_proxy for rocketchat
What are the ramifications for mod_proxy of installing your contrib ?
There should be none. I use ProxyPass extensively for tons of
applications, and had no problem (though, I use my WebAppVirtualHost
templates provided by smeserver-webapps-common as it's more flexible,
but it shouldn't make any difference)

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Jean-Philippe Pialasse
2017-07-06 13:17:25 UTC
Permalink
To complete Daniel's answer here,
This means you are setting php admin values in the pool configuration related to the ibay or contrib instead of in httpd.conf directory section.

So we can recycle the same db entries and just create the ad hoc template. Only to decide which php fpm version to use ;)

Jean-Philippe Pialasse
Post by stephane de Labrusse
Hi daniel :)
I'm starting to see where you want to go
http://php.net/manual/en/install.fpm.configuration.php
I saw one drawback, you need an opened port per ibay, if you want to customize the php setting in this ibay
Do I'm right ?
Not necessarily, as FPM can be contacted through a UNIX socket. I need to check if mod_proxy_fcgi on SME9 supports it, but on EL7 (and so on SME10), it works for sure as I use it a lot. So it would just mean on socket per ibay in /var/run/php-fpm/
Anyway, even if we were forced to use a TCP socket, it wouldn't be a big deal as the port would bind only on 127.0.0.1.
++
--
Daniel Berteaud
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32
Visio : http://vroom.fws.fr/dani
www.firewall-services.com
_______________________________________________
Server Development Discussion
Searchable archive at https://lists.contribs.org/mailman/public/devinfo/
stephane de Labrusse
2017-07-06 16:17:29 UTC
Permalink
Post by Jean-Philippe Pialasse
This means you are setting php admin values in the pool configuration
related to the ibay or contrib instead of in httpd.conf directory section.
I'm recalling I tried it but without the success that I waited :)


I need to retry :)
--
Cordialement

Stéphane de Labrusse
Membre de l'Aru2L http://www.aru2L.org

PORTABLE : 06 29 19 12 99
DOMICILE : 05 65 78 90 72
WEB : http://geekeries.de-labrusse.fr
PGP : 1CBB5BB0
Daniel Berteaud
2017-07-06 16:23:32 UTC
Permalink
Post by stephane de Labrusse
Post by Jean-Philippe Pialasse
This means you are setting php admin values in the pool configuration
related to the ibay or contrib instead of in httpd.conf directory section.
I'm recalling I tried it but without the success that I waited :)
I need to retry :)
For SME9, I think I'll use mod_fastcgi instead of mod_proxy_fcgi. It's a
3rd party module, supports unix socket, and is a bit easier to use
compared to mod_proxy_fcgi. For SME10, I'll work with mod_proxy_fcgi
instead. I'm keeping a single tree for now, with templates doing the
adaptation to work with one or the other.
Progressing slowly, but progressing ;-)

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Daniel Berteaud
2017-07-17 13:21:49 UTC
Permalink
I've done some progress, and start to have things working. So, I'll
share it with those interested. Warning: it's still a work in progress,
please only try on non critical servers !!

You first need to configure fws and fws-testing repo (see
https://wiki.contribs.org/Fws), epel and Remi Safe repo (which maintains
up-to-date SCL for PHP)

db yum_repositories set remi-safe repository \
GPGCheck enabled \
GPGKey http://rpms.remirepo.net/RPM-GPG-KEY-remi \
MirrorList 'http://rpms.remirepo.net/enterprise/$releasever/safe/mirror' \
Name "Safe Remi's RPM repository for Enterprise Linux" \
Visible yes \
status enabled
expand-template /etc/yum.smerepos.d/sme-base.repo

Now, you can install smeserver-php-fpm

yum --enablerepo=fws-testing,epel install smeserver-php-fpm

It should pull a few packages from remi (all important php modules for
5.6, 7.0 and 7.1).

You can now just run:

signal-event webapps-update
expand-template /etc/httpd/conf/httpd.conf
sv h /service/httpd-e-smith
/etc/init.d/php-fpm start
/etc/init.d/php56-php-fpm start
/etc/init.d/php70-php-fpm start
/etc/init.d/php71-php-fpm start

Now, that's great, but you just have a few more PHP process running,
they are not used yet. I've started migrating my contribs to use this.
If you use either Tiny Tiny RSS, Download TIcket Service or Dokuwiki,
you can try to update it from fws-testing

yum --enablerepo=fws-testing update smeserver-dl smeserver-tt-rss tt-rss
smeserver-dokuwiki
[...]
signal-event webapps-update

Once you've done this, those 3 app will be running with newer PHP
engines, using PHP-FPM (using mod_fastcgi). I haven't done any
benchmark, but those app should be a bit faster (especially Tiny Tiny
RSS and Dokuwiki which have been switched to PHP 7.1)

If you don't use any of those app, you can also play with this with
Shared Folders. If you install smeserver-shared-folders from smetest,
every share for which dynamic content is enabled will automatically use
a dedicated PHP pool. You can then choose which version:

db accounts setprop myshare PHPVersion 71
signal-event share-modify myshare

The following settings are available (I guess you'll figure out to which
php setting they map)

* PHPVersion (supported are empty value, which means default PHP, 56,
70 or 71)
* PHPMemoryLimit (default is 128M)
* PHPMaxExecutionTime (default is 30)
* PHPMaxInputTime (default is 60)
* PHPAllowUrlFopen (default is disabled)
* PHPPostMaxSize (default is 10M)
* PHPUploadMaxFilesize (default is 10M)
* PHPFileUpload (default is enabled)
* PHPBaseDir (default is the share path and /var/lib/php/sharename)
* PHPDisabledFunctions (default is system, show_source, symlink, exec,
dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd)

For now, every PHP pools for Shared Folders are all running under the
www account

You can also use on of the default PHP pool. Eg, in your httpd.conf
template, replace


AddType application/x-httpd-php .php


With


AddHandler php70-fastcgi .php

Or

AddHandler php56-fastcgi .php


You can also create your own PHP pool, if the settings for the default
pools doesn't fit your needs:


db php set mypool pool Version 70 AllowUrlFopen disabled

signal-event webapps-update


And the, use

AddHandler phpmypool-fastcgi .php


The settings for custom PHP Pools are the same as for Shared Folders,
but without the PHP prefix, and there's also the following additional
settings:

* User and Group (account under which we run the php fpm pool)
* MaxChildren (max number of children for this pool, default is 15)
* DisplayErrors (default is disabled)
* LogErrors (default is enabled)


That's all for now.

Next step: I'll convert all of my contribs to use this new system and
test it a bit more, before I publish this in my stable repo. Please
report any issue you might have here, or by email to me directly. Once
things are more tested, I'll push smeserver-php-fpm into contribs
buildsys, and we then might evaluate integration with core components
(ibays, horde)


++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Hsing-Foo Wang
2017-07-17 14:22:10 UTC
Permalink
Great work Daniel, thanks!

any procedure on removing existing SCL PHP contribs/install, clean
things up and use your contrib please?

Thanks,

-HF
Post by Daniel Berteaud
I've done some progress, and start to have things working. So, I'll
share it with those interested. Warning: it's still a work in
progress, please only try on non critical servers !!
You first need to configure fws and fws-testing repo (see
https://wiki.contribs.org/Fws), epel and Remi Safe repo (which
maintains up-to-date SCL for PHP)
db yum_repositories set remi-safe repository \
GPGCheck enabled \
GPGKey http://rpms.remirepo.net/RPM-GPG-KEY-remi \
MirrorList 'http://rpms.remirepo.net/enterprise/$releasever/safe/mirror' \
Name "Safe Remi's RPM repository for Enterprise Linux" \
Visible yes \
status enabled
expand-template /etc/yum.smerepos.d/sme-base.repo
Now, you can install smeserver-php-fpm
yum --enablerepo=fws-testing,epel install smeserver-php-fpm
It should pull a few packages from remi (all important php modules for
5.6, 7.0 and 7.1).
signal-event webapps-update
expand-template /etc/httpd/conf/httpd.conf
sv h /service/httpd-e-smith
/etc/init.d/php-fpm start
/etc/init.d/php56-php-fpm start
/etc/init.d/php70-php-fpm start
/etc/init.d/php71-php-fpm start
Now, that's great, but you just have a few more PHP process running,
they are not used yet. I've started migrating my contribs to use this.
If you use either Tiny Tiny RSS, Download TIcket Service or Dokuwiki,
you can try to update it from fws-testing
yum --enablerepo=fws-testing update smeserver-dl smeserver-tt-rss
tt-rss smeserver-dokuwiki
[...]
signal-event webapps-update
Once you've done this, those 3 app will be running with newer PHP
engines, using PHP-FPM (using mod_fastcgi). I haven't done any
benchmark, but those app should be a bit faster (especially Tiny Tiny
RSS and Dokuwiki which have been switched to PHP 7.1)
If you don't use any of those app, you can also play with this with
Shared Folders. If you install smeserver-shared-folders from smetest,
every share for which dynamic content is enabled will automatically
db accounts setprop myshare PHPVersion 71
signal-event share-modify myshare
The following settings are available (I guess you'll figure out to
which php setting they map)
* PHPVersion (supported are empty value, which means default PHP,
56, 70 or 71)
* PHPMemoryLimit (default is 128M)
* PHPMaxExecutionTime (default is 30)
* PHPMaxInputTime (default is 60)
* PHPAllowUrlFopen (default is disabled)
* PHPPostMaxSize (default is 10M)
* PHPUploadMaxFilesize (default is 10M)
* PHPFileUpload (default is enabled)
* PHPBaseDir (default is the share path and /var/lib/php/sharename)
* PHPDisabledFunctions (default is system, show_source, symlink,
exec, dl, shell_exec, passthru, phpinfo, escapeshellarg,
escapeshellcmd)
For now, every PHP pools for Shared Folders are all running under the
www account
You can also use on of the default PHP pool. Eg, in your httpd.conf
template, replace
AddType application/x-httpd-php .php
With
AddHandler php70-fastcgi .php
Or
AddHandler php56-fastcgi .php
You can also create your own PHP pool, if the settings for the default
db php set mypool pool Version 70 AllowUrlFopen disabled
signal-event webapps-update
And the, use
AddHandler phpmypool-fastcgi .php
The settings for custom PHP Pools are the same as for Shared Folders,
but without the PHP prefix, and there's also the following additional
* User and Group (account under which we run the php fpm pool)
* MaxChildren (max number of children for this pool, default is 15)
* DisplayErrors (default is disabled)
* LogErrors (default is enabled)
That's all for now.
Next step: I'll convert all of my contribs to use this new system and
test it a bit more, before I publish this in my stable repo. Please
report any issue you might have here, or by email to me directly. Once
things are more tested, I'll push smeserver-php-fpm into contribs
buildsys, and we then might evaluate integration with core components
(ibays, horde)
++
--
Logo FWS
*Daniel Berteaud*
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
_______________________________________________
Server Development Discussion
Searchable archive at https://lists.contribs.org/mailman/public/devinfo/
Daniel Berteaud
2017-07-17 15:55:10 UTC
Permalink
Post by Hsing-Foo Wang
Great work Daniel, thanks!
any procedure on removing existing SCL PHP contribs/install, clean
things up and use your contrib please?
It should not conflict with smeserver-php-scl (I think).

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Stephane de Labrusse
2017-07-17 16:24:31 UTC
Permalink
Why did not you create your own database instead to use the db Accounts ?
Post by Daniel Berteaud
Post by Hsing-Foo Wang
Great work Daniel, thanks!
any procedure on removing existing SCL PHP contribs/install, clean
things up and use your contrib please?
It should not conflict with smeserver-php-scl (I think).
++
--
Logo FWS
*Daniel Berteaud*
FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
--
Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma briÚveté.
Daniel Berteaud
2017-07-17 16:28:14 UTC
Permalink
Post by Stephane de Labrusse
Why did not you create your own database instead to use the db Accounts ?
Accounts is used to store shared folders specific settings, just like
before (PHPMaxExecutionTime etc.. already existed). The same will be
done to store ibays related config. Only manually managed pools are
stored in their own db (called php)

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Michael Doerner | Technologywise
2017-07-17 21:02:41 UTC
Permalink
I also want to say Thank you for your work! At the same time apologies
for not being involved but this is not my area of knowledge and I cannot
contribute or judge on the details.

However, the aim to be able to use different php versions on the same
SMEserver is highly appreciated. We have created (too) many VMs to work
around this and I would prefer to minimise these.

Thanks again.
Michael
Post by Hsing-Foo Wang
Great work Daniel, thanks!
any procedure on removing existing SCL PHP contribs/install, clean
things up and use your contrib please?
Thanks,
-HF
Post by Daniel Berteaud
I've done some progress, and start to have things working. So, I'll
share it with those interested. Warning: it's still a work in
progress, please only try on non critical servers !!
You first need to configure fws and fws-testing repo (see
https://wiki.contribs.org/Fws), epel and Remi Safe repo (which
maintains up-to-date SCL for PHP)
.. cut ..
_______________________________________________
Server Development Discussion
To unsubscribe, e-mail devinfo-***@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/devinfo/
Daniel Berteaud
2017-07-17 22:40:02 UTC
Permalink
Post by Michael Doerner | Technologywise
However, the aim to be able to use different php versions on the same
SMEserver is highly appreciated. We have created (too) many VMs to work
around this and I would prefer to minimise these.
The aim is also to make SME a first choice for small web hosters, where
simplicity, security, and flexibility are keys.

++
--
Logo FWS

*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Visio : http://vroom.fws.fr/dani
/www.firewall-services.com/
Loading...