diff options
author | Ermal <eri@pfsense.org> | 2013-01-04 09:19:04 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-01-04 09:19:04 +0000 |
commit | c21b10d499841ed5662a5fd7f05b0e0383828617 (patch) | |
tree | d89b3f0f857a88d5f90d1679a7fa4ed051f314cb /etc | |
parent | 56ef4d26e8a99b5b7918f4e94cde6cadad3d429e (diff) | |
download | pfsense-c21b10d499841ed5662a5fd7f05b0e0383828617.zip pfsense-c21b10d499841ed5662a5fd7f05b0e0383828617.tar.gz |
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 11 | ||||
-rw-r--r-- | etc/inc/system.inc | 25 |
2 files changed, 13 insertions, 23 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index b48b64c..02cc8c2 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -398,13 +398,6 @@ function captiveportal_init_webgui() { if (!isset($config['captiveportal']['enable'])) return; - if ($config['captiveportal']['maxprocperip']) - $maxproc = $config['captiveportal']['maxprocperip']; - else - $maxproc = 16; - - $use_fastcgi = true; - if (isset($config['captiveportal']['httpslogin'])) { $cert = base64_decode($config['captiveportal']['certificate']); if (isset($config['captiveportal']['cacertificate'])) @@ -415,13 +408,13 @@ function captiveportal_init_webgui() { /* generate lighttpd configuration */ system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal-SSL.conf", $cert, $key, $cacert, "lighty-CaptivePortal-SSL.pid", "8001", "/usr/local/captiveportal/", - "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); + "cert-portal.pem", "ca-portal.pem", 1, true); } /* generate lighttpd configuration */ system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal.conf", "", "", "", "lighty-CaptivePortal.pid", "8000", "/usr/local/captiveportal/", - "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); + "cert-portal.pem", "ca-portal.pem", 1, true); /* attempt to start lighttpd */ $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal.conf"); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 633abbe..359f6a5 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -716,8 +716,6 @@ function system_generate_lighty_config($filename, $cert_location = "cert.pem", $ca_location = "ca.pem", $max_procs = 1, - $max_requests = "2", - $fast_cgi_enable = true, $captive_portal = false) { global $config, $g; @@ -762,28 +760,27 @@ function system_generate_lighty_config($filename, // Ramp up captive portal max procs // Work relative to the default of 2, for values that would be >2. if($captive_portal == true) { - if($avail > 65 and $avail < 98) { + if ($avail <= 135) $max_procs = 1; - } - if($avail > 97 and $avail < 128) { - $max_procs = 2; - } - if($avail > 127 and $avail < 256) { + else if ($avail > 135 and $avail < 256) { $max_procs += 1; - } - if($avail > 255 and $avail < 384) { + } else if ($avail > 255 and $avail < 384) { $max_procs += 2; - } - if($avail > 383) { + } else if ($avail > 383) { $max_procs += 3; } - } else if ($avail > 135) + } else if ($avail > 135 && $max_procs < 2) $max_procs = 2; if ($captive_portal == true) { + if ($max_procs > 1) + $max_php_children = intval($max_php_children/2); + else + $max_php_children = 1; + $bin_environment = <<<EOC "bin-environment" => ( - "PHP_FCGI_CHILDREN" => "{$max_procs}", + "PHP_FCGI_CHILDREN" => "{$max_php_children}", "PHP_FCGI_MAX_REQUESTS" => "500" ), EOC; |