From d4a869809e01ea104dd65e10d6546cfbf585a16c Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 14 Jul 2017 17:43:19 +0200 Subject: [PATCH] Switch to php71 using fastcgi/fpm if available --- .../conf/httpd.conf/68FastCGIConfig20Dokuwiki | 9 ++++ .../etc/httpd/conf/httpd.conf/98Dokuwiki | 27 +++++++--- .../etc/php-fpm.d/www.conf/20Dokuwiki | 50 +++++++++++++++++++ .../lib/plugins/authhttpldap/auth.php | 12 ++++- .../lib/plugins/authhttpldap/plugin.info.txt | 2 +- smeserver-dokuwiki.spec | 7 +++ 6 files changed, 97 insertions(+), 10 deletions(-) create mode 100644 root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig20Dokuwiki create mode 100644 root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Dokuwiki diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig20Dokuwiki b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig20Dokuwiki new file mode 100644 index 0000000..87f11bd --- /dev/null +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/68FastCGIConfig20Dokuwiki @@ -0,0 +1,9 @@ +{ +if ($fastcgi_mod eq 'mod_fastcgi'){ + $OUT .=<<_EOF; +Action phpdokuwiki-fastcgi /php-cgi-bin/phpdokuwiki-wrapper +Alias /php-cgi-bin/phpdokuwiki-wrapper /var/www/php-cgi-bin/phpdokuwiki-wrapper +FastCgiExternalServer /var/www/php-cgi-bin/phpdokuwiki-wrapper -socket /var/run/php-fpm/php71-dokuwiki.sock -pass-header Authorization -idle-timeout 120 +_EOF +} +} diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki index f43a858..b04cbf5 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Dokuwiki @@ -11,6 +11,25 @@ if (($dokuwiki{'status'} || 'disabled') eq 'enabled'){ 'SSLRequireSSL on':'# SSL is not encforced'; my $maxsize = $dokuwiki{'MaxUploadSize'} || '200'; $maxsize .= 'M' unless ($maxsize =~ m/M$/); + my $php =<<_EOF; +AddType application/x-httpd-php .php + php_admin_value open_basedir /usr/share/dokuwiki:/var/lib/dokuwiki:/etc/dokuwiki:/dev/urandom + php_admin_value memory_limit 128M + php_admin_value upload_max_filesize $maxsize + php_admin_value post_max_size $maxsize + php_admin_value upload_tmp_dir /var/lib/dokuwiki/data/tmp + php_admin_value session.save_path /var/lib/dokuwiki/data/tmp +_EOF + if ($fastcgi_mod eq 'mod_fastcgi'){ + $php = "AddHandler phpdokuwiki-fastcgi .php\n"; + } + elsif ($fastcgi_mod eq 'mod_proxy_fcgi'){ + $php =<<_EOF; + + SetHandler "proxy:unix:/var/run/php-fpm/php71-dokuwiki.sock|fcgi://localhost" + +_EOF + } $OUT .=<<"EOF"; @@ -19,17 +38,11 @@ $alias AllowOverride None Options +FollowSymlinks - AddType application/x-httpd-php .php Order Allow,Deny Allow from $allow $ssl $auth - php_admin_value open_basedir /usr/share/dokuwiki:/var/lib/dokuwiki:/etc/dokuwiki:/dev/urandom - php_admin_value memory_limit 128M - php_admin_value upload_max_filesize $maxsize - php_admin_value post_max_size $maxsize - php_admin_value upload_tmp_dir /var/lib/dokuwiki/data/tmp - php_admin_value session.save_path /var/lib/dokuwiki/data/tmp + $php diff --git a/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Dokuwiki b/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Dokuwiki new file mode 100644 index 0000000..a869c2d --- /dev/null +++ b/root/etc/e-smith/templates/etc/php-fpm.d/www.conf/20Dokuwiki @@ -0,0 +1,50 @@ +{ + +if ($PHP_VERSION eq '71'){ + if (($dokuwiki{'status'} || 'disabled') eq 'enabled'){ + my $max_upload_size = ($dokuwiki{MaxUploadSize} || '20') . 'M'; + my $id = 'dokuwiki'; + $OUT .=<<_EOF; + +[php$PHP_VERSION-$id] +user = www +group = www +listen.owner = root +listen.group = www +listen.mode = 0660 +listen = /var/run/php-fpm/php$PHP_VERSION-$id.sock +pm = dynamic +pm.max_children = 15 +pm.start_servers = 3 +pm.min_spare_servers = 3 +pm.max_spare_servers = 4 +pm.max_requests = 1000 +php_admin_value[session.save_path] = /var/lib/php/$id/session +php_admin_value[opcache.file_cache] = /var/lib/php/$id/opcache +php_admin_value[upload_tmp_dir] = /var/lib/php/$id/tmp +php_admin_value[error_log] = /var/log/php/$id/error.log +slowlog = /var/log/php/dl/slow.log +php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName } +php_admin_flag[display_errors] = off +php_admin_flag[log_errors] = on +php_admin_value[error_log] = syslog +php_admin_value[memory_limit] = 128M +php_admin_value[max_execution_time] = 60 +php_admin_value[post_max_size] = $max_upload_size +php_admin_value[upload_max_filesize] = $max_upload_size +php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd +php_admin_value[open_basedir] = /usr/share/dokuwiki:/var/lib/dokuwiki:/etc/dokuwiki:/dev/urandom +php_admin_flag[allow_url_fopen] = on +php_admin_flag[file_upload] = on +php_admin_flag[session.cookie_httponly] = on +php_admin_flag[allow_url_include] = off +php_admin_value[session.save_handler] = files + +_EOF + + } + else{ + $OUT .= '; Dl is disabled'; + } +} +} diff --git a/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php b/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php index c2ea5b2..3d47c8f 100644 --- a/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php +++ b/root/usr/share/dokuwiki/lib/plugins/authhttpldap/auth.php @@ -47,8 +47,16 @@ class auth_plugin_authhttpldap extends auth_plugin_authldap { function trustExternal($user,$pass,$sticky=false){ global $USERINFO; $success = false; - if (!isset($_SERVER['REMOTE_USER'])) return false; - $username = $_SERVER['REMOTE_USER']; + if (isset($_SERVER['REMOTE_USER'])){ + $username = $_SERVER['REMOTE_USER']; + } + elseif (isset($_SERVER['REDIRECT_REMOTE_USER'])){ + $username = $_SERVER['REDIRECT_REMOTE_USER']; + $_SERVER['REMOTE_USER'] = $username; + } + else{ + return false; + } $this->_debug('LemonLDAP::NG Login Name: '.htmlspecialchars($username),0,__LINE__,__FILE__); if (!empty($username)){ $USERINFO = $this->getUserData($username,true); diff --git a/root/usr/share/dokuwiki/lib/plugins/authhttpldap/plugin.info.txt b/root/usr/share/dokuwiki/lib/plugins/authhttpldap/plugin.info.txt index b61a020..9264e26 100644 --- a/root/usr/share/dokuwiki/lib/plugins/authhttpldap/plugin.info.txt +++ b/root/usr/share/dokuwiki/lib/plugins/authhttpldap/plugin.info.txt @@ -1,7 +1,7 @@ base authhttpldap author Daniel Berteaud email daniel@firewall-services.com -date 2014-05-06 +date 2017-07-17 name HTTP+LDAP auth plugin desc This plugin uses a basic HTTP authentication, but LDAP to get info and authorization url https://www.firewall-services.com diff --git a/smeserver-dokuwiki.spec b/smeserver-dokuwiki.spec index 1b2e6a7..9f4ab4d 100644 --- a/smeserver-dokuwiki.spec +++ b/smeserver-dokuwiki.spec @@ -61,12 +61,19 @@ DokuWiki is a simple to use Wiki aimed at the documentation needs of a small com %build perl ./createlinks +%{__mkdir_p} root/var/log/php/dokuwiki +%{__mkdir_p} root/var/lib/php/dokuwiki/{tmp,session,opcache %install rm -rf $RPM_BUILD_ROOT (cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) rm -f %{name}-%{version}-filelist /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --dir /var/log/php/dokuwiki 'attr(0770,root,www)' \ + --dir /var/lib/php/dokuwiki 'attr(0770,root,www)' \ + --dir /var/lib/php/dokuwiki/tmp 'attr(0770,root,www)' \ + --dir /var/lib/php/dokuwiki/opcache 'attr(0770,root,www)' \ + --dir /var/lib/php/dokuwiki/session 'attr(0770,root,www)' \ > %{name}-%{version}-filelist %files -f %{name}-%{version}-filelist