diff options
Diffstat (limited to 'src/etc/rc.php_ini_setup')
-rwxr-xr-x | src/etc/rc.php_ini_setup | 417 |
1 files changed, 417 insertions, 0 deletions
diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup new file mode 100755 index 0000000..0013b58 --- /dev/null +++ b/src/etc/rc.php_ini_setup @@ -0,0 +1,417 @@ +#!/bin/sh +# +# rc.php_ini_setup +# Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +# Set our operating platform +PLATFORM=`/bin/cat /etc/platform` +MIN_REALMEM_FOR_OPCACHE=512 + +if [ -d /usr/local/lib/php/20121212 ]; then + EXTENSIONSDIR="/usr/local/lib/php/20121212/" +elif [ -d /usr/local/lib/php/20090626 ]; then + EXTENSIONSDIR="/usr/local/lib/php/20090626/" +else + EXTENSIONSDIR="/usr/local/lib/php/20060613/" +fi + +# Grab amount of memory that is detected +if [ -f /var/log/dmesg.boot ]; then + AVAILMEM=`/bin/cat /var/log/dmesg.boot |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'` +else + AVAILMEM=`/sbin/dmesg -a |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'` +fi + +if [ -z "$AVAILMEM" ]; then + MEM=`/sbin/sysctl hw.physmem | cut -d':' -f2` + AVAILMEM=`/bin/expr $MEM / 1048576` +fi + + +# Get amount of ram installed on this system +REALMEM=`/sbin/sysctl hw.realmem | /usr/bin/awk '{print $2/1048576}' | /usr/bin/awk -F '.' '{print $1}'` +export REALMEM +export LOWMEM + +if [ ${REALMEM} -lt $MIN_REALMEM_FOR_OPCACHE ]; then + LOWMEM="TRUE" + echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected. Not enabling opcache" + echo ">>> Under $MIN_REALMEM_FOR_OPCACHE megabytes of ram detected. Not enabling opcache" | /usr/bin/logger -p daemon.info -i -t rc.php_ini_setup +else + + # Calculate opcache memory size according + # to detected memory values + if [ "$AVAILMEM" -gt "135" ]; then + OPCACHEMEMSIZE="10" + fi + if [ "$AVAILMEM" -gt "256" ]; then + OPCACHEMEMSIZE="20" + fi + if [ "$AVAILMEM" -gt "384" ]; then + OPCACHEMEMSIZE="25" + fi + if [ "$AVAILMEM" -gt "512" ]; then + OPCACHEMEMSIZE="30" + fi + if [ "$AVAILMEM" -gt "784" ]; then + OPCACHEMEMSIZE="50" + fi +fi + +# Set upload directory +if [ "$PLATFORM" = "nanobsd" ]; then + UPLOADTMPDIR=`/usr/bin/grep upload_path /etc/inc/globals.inc | /usr/bin/cut -d'"' -f4` +else + UPLOADTMPDIR="/tmp" +fi + +# Define php modules. Do not add .so, it will +# be done automatically by the script below. +PHPMODULES="standard" +if [ "$LOWMEM" != "TRUE" ]; then + PHPMODULES="$PHPMODULES opcache" +fi +# Config read/write +PHPMODULES="$PHPMODULES xml libxml dom" +PHPMODULES="$PHPMODULES SimpleXML xmlreader xmlwriter" +# Downloading via HTTP/FTP (pkg mgr, etc) +PHPMODULES="$PHPMODULES curl date" +# Internationalization +PHPMODULES="$PHPMODULES gettext" +# User manager +PHPMODULES="$PHPMODULES ldap openssl pcntl" +PHPMODULES="$PHPMODULES hash" +PHPMODULES="$PHPMODULES mcrypt" +# Regexs, PERL style! +PHPMODULES="$PHPMODULES pcre" +# The mighty posix! +PHPMODULES="$PHPMODULES posix" +PHPMODULES="$PHPMODULES readline" +# Login sessions +PHPMODULES="$PHPMODULES session" +# Extra sanity seatbelts +PHPMODULES="$PHPMODULES suhosin" +# Firewall rules edit +PHPMODULES="$PHPMODULES ctype" +# firewall_rules_edit.php +PHPMODULES="$PHPMODULES mbstring" +# Synchronization primitives +PHPMODULES="$PHPMODULES shmop" +# Page compression +PHPMODULES="$PHPMODULES zlib" +# SQLlite & Database +PHPMODULES="$PHPMODULES spl" +PHPMODULES="$PHPMODULES PDO" +PHPMODULES="$PHPMODULES sqlite3" +# RADIUS +PHPMODULES="$PHPMODULES radius" +# ZeroMQ +PHPMODULES="$PHPMODULES zmq" +# SSH2 +PHPMODULES="$PHPMODULES ssh2" +# pfSense extensions +PHPMODULES="$PHPMODULES pfSense" +# json +PHPMODULES="$PHPMODULES json" +# bcmath +PHPMODULES="$PHPMODULES bcmath" +# filter +PHPMODULES="$PHPMODULES filter" + +PHP_ZEND_MODULES="ioncube_loader" +PHP_ZEND_MODULES_TS="ioncube_loader_ts" + +# Modules previously included. +# can be turned on by touching +# /etc/php_dynamodules/$modulename +# sysvmsg \ +# sysvsem \ +# sysvshm \ +# bcmath \ +# tokenizer \ +# uploadprogress \ +# sockets \ +# Reflection \ +# mysql \ +# bz2 \ + +# Clear the .ini file to make sure we are clean +if [ -f /usr/local/etc/php.ini ]; then + /bin/rm /usr/local/etc/php.ini +fi +if [ -f /usr/local/lib/php.ini ]; then + /bin/rm /usr/local/lib/php.ini +fi +LOADED_MODULES=`/usr/local/bin/php-cgi -m | /usr/bin/grep -v "\["` + +# Fetch the timezone from the XML and set it here. We set it later too in the running scripts +TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` + +# Get a loaded module list in the stock php +# Populate a dummy php.ini to avoid +# the file being clobbered and the firewall +# not being able to boot back up. +/bin/cat >/usr/local/lib/php.ini <<EOF +; File generated from /etc/rc.php_ini_setup +output_buffering = "0" +expose_php = Off +implicit_flush = true +magic_quotes_gpc = Off +max_execution_time = 900 +max_input_time = 1800 +register_argc_argv = On +register_long_arrays = Off +variables_order = "GPCS" +file_uploads = On +upload_tmp_dir = ${UPLOADTMPDIR} +upload_max_filesize = 200M +post_max_size = 200M +html_errors = Off +zlib.output_compression = Off +zlib.output_compression_level = 1 +include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg" +display_startup_errors=on +display_errors=on +log_errors=on +error_log=/tmp/PHP_errors.log +extension_dir=${EXTENSIONSDIR} +date.timezone="${TIMEZONE}" + +; Extensions + +EOF + +# Copy php.ini file to etc/ too (cli) +/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini + +# Ensure directory exists +if [ ! -d /etc/php_dynamodules ]; then + /bin/mkdir /etc/php_dynamodules +fi +if [ ! -d /etc/php_dynamodules_zend ]; then + /bin/mkdir /etc/php_dynamodules_zend +fi +if [ ! -d /etc/php_dynamodules_zend_ts ]; then + /bin/mkdir /etc/php_dynamodules_zend_ts +fi + +# Read in dynamodules +if [ -d /etc/php_dynamodules ]; then + DYNA_MODULES=`/bin/ls -Utr /etc/php_dynamodules/` + PHPMODULES="$PHPMODULES $DYNA_MODULES" +fi + +# Read in zend modules +if [ -d /etc/php_dynamodules_zend ]; then + DYNA_MODULES=`/bin/ls /etc/php_dynamodules_zend/` + PHP_ZEND_MODULES="$PHP_ZEND_MODULES $DYNA_MODULES" +fi + +# Read in zend threaded modules +if [ -d /etc/php_dynamodules_zend_ts ]; then + DYNA_MODULES=`/bin/ls /etc/php_dynamodules_zend_ts/` + PHP_ZEND_MODULES_TS="$PHP_ZEND_MODULES_TS $DYNA_MODULES" +fi + +# Loop through and generate modules to load. +# Take into account modules built into php. +for EXT in $PHPMODULES; do + SHOULDADD="true" + # Check to see if module is compiled into php statically + for LM in $LOADED_MODULES; do + if [ "$EXT" = "$LM" ]; then + SHOULDADD="false" + fi + done + if [ "$SHOULDADD" = "true" ]; then + # Ensure extension exists before adding. + if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then + echo "extension=${EXT}.so" >> /usr/local/lib/php.ini + fi + fi +done + +# Zend modules +for EXT in $PHP_ZEND_MODULES; do + # Ensure extension exists before adding. + if [ -f "${EXTENSIONSDIR}/ioncube/${EXT}.so" ]; then + echo "zend_extension=${EXTENSIONSDIR}/ioncube/${EXT}.so" >> /usr/local/lib/php.ini + fi +done + +# Zend threaded modules +for EXT in $PHP_ZEND_MODULES_TS; do + # Ensure extension exists before adding. + if [ -f "${EXTENSIONSDIR}/ioncube/${EXT}.so" ]; then + echo "zend_extension_ts=${EXTENSIONSDIR}/ioncube/${EXT}.so" >> /usr/local/lib/php.ini + fi +done + + +if [ "$LOWMEM" != "TRUE" ]; then + + /bin/cat >>/usr/local/lib/php.ini <<EOF + +; opcache Settings +opcache.enabled="1" +opcache.enable_cli="0" +opcache.memory_consumption="${OPCACHEMEMSIZE}" + +EOF +fi + + /bin/cat >>/usr/local/lib/php.ini <<EOF + +[suhosin] +suhosin.get.max_array_depth = 5000 +suhosin.get.max_array_index_length = 256 +suhosin.get.max_vars = 5000 +suhosin.get.max_value_length = 500000 +suhosin.post.max_array_depth = 5000 +suhosin.post.max_array_index_length = 256 +suhosin.post.max_vars = 5000 +suhosin.post.max_value_length = 500000 +suhosin.request.max_array_depth = 5000 +suhosin.request.max_array_index_length = 256 +suhosin.request.max_vars = 5000 +suhosin.request.max_value_length = 500000 +suhosin.memory_limit = 512435456 + +EOF + + +PHPFPMMAX=3 +if [ $REALMEM -lt 250 ]; then + PHPFPMMAX=2 +elif [ ${REALMEM} -gt 1000 ]; then + PHPFPMMAX=4 +fi + +/bin/cat > /usr/local/lib/php-fpm.conf <<EOF + +[global] +pid = run/php-fpm.pid +error_log=syslog +syslog.facility = daemon +syslog.ident = system +log_level = error +daemonize = yes +events.mechanism = kqueue +process.max = ${PHPFPMMAX} + +[lighty] +user = root +group = wheel +;mode = 0600 + +listen = /var/run/php-fpm.socket +listen.owner = root +listen.group = wheel +listen.mode = 0600 + +security.limit_extensions = + +; Pass environment variables +env[PATH] = /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin +env[LOGNAME] = root + +EOF + +if [ $REALMEM -lt 350 ]; then + /bin/cat >> /usr/local/lib/php-fpm.conf <<EOF + +pm = ondemand +pm.process_idle_timeout = 5 +pm.max_children = $PHPFPMMAX +pm.max_requests = 500 + +EOF + +elif [ $REALMEM -gt 1000 ]; then + /bin/cat >> /usr/local/lib/php-fpm.conf <<EOF + +pm = dynamic +pm.process_idle_timeout = 5 +pm.max_children = $PHPFPMMAX +pm.start_servers = 1 +pm.max_requests = 500 +pm.min_spare_servers=1 +pm.max_spare_servers=1 + +EOF +else + + /bin/cat >> /usr/local/lib/php-fpm.conf <<EOF + +pm = static +pm.max_children = $PHPFPMMAX +pm.max_requests = 500 + +EOF + +fi + +# Copy php.ini file to etc/ too (cli) +/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini + +# Remove old log file if it exists. +if [ -f /var/run/php_modules_load_errors.txt ]; then + /bin/rm /var/run/php_modules_load_errors.txt +fi + +for EXT in $PHPMODULES; do + PHPMODULESLC="$PHPMODULESLC `echo "$EXT" | /usr/bin/tr '[:upper:]' '[:lower:]'`" +done + +# Check loaded modules and remove anything that did not load correctly +LOADED_MODULES=`/usr/local/bin/php-cgi -m | /usr/bin/tr '[:upper:]' '[:lower:]' 2>/dev/null | /usr/bin/grep -v "\["` +for EXT in $PHPMODULESLC; do + SHOULDREMOVE="true" + for LM in $LOADED_MODULES; do + if [ "$EXT" = "$LM" ]; then + SHOULDREMOVE="false" + fi + done + # Handle low memory situations + if [ "$LOWMEM" = "TRUE" ]; then + if [ "$EXT" = "opcache" ]; then + SHOULDREMOVE="true" + fi + if [ "$EXT" = "xcache" ]; then + SHOULDREMOVE="true" + fi + fi + if [ "$SHOULDREMOVE" = "true" ]; then + if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then + echo ">>> ${EXT} did not load correctly. Removing from php.ini..." >> /var/run/php_modules_load_errors.txt + /bin/cat /usr/local/lib/php.ini | /usr/bin/grep -v $EXT > /tmp/php.ini + /bin/rm -f /usr/local/lib/php.ini + /bin/mv /tmp/php.ini /usr/local/lib/php.ini + fi + fi +done + +# Copy php.ini file to etc/ too (cli) +/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini |