[BlueOnyx:27097] Re: fpmPort mismatch between vsite and its subdomain - fixed

Tomohiro Hosaka bokutin at gmail.com
Tue Jul 9 03:41:43 -05 2024 

Hi Michael,

Thank you for taking the time to help.

> https://devel.blueonyx.it/trac/changeset/5368/

I have looked at it a little and am concerned.

Perhaps the Subdomain file
/etc/httpd/conf.d/subdomains/site28-host.domain.tld.conf must match
the /etc/httpd/conf/vhosts/site28 file.

In virtual_host.pl, free ports are dynamically checked.
In subdomain-new.pl, unlike virtual_host.pl, it does not do so.
If you respect the way things are done in virtual_host.pl,
subdomain-new.pl must be calculated at the same time or there is a
risk of misalignment.
It would be possible to quote virtual_host.pl and use it without
calculating the port in subdomain-new.pl.

Here is my first aid code.
I don't think this will be helpful, but just in case.

Thanks

root # crontab -e
*/5 * * * * ~/bin/cronlog -- ~/script/bx_subdomain_group.pl

root # cat ~/script/bx_subdomain_group.pl
#!/usr/bin/perl

use FindBin;
BEGIN { unshift @INC, "$FindBin::Bin/../perl5/lib/perl5" }
use lib "/usr/sausalito/perl";

use Modern::Perl;
use Moo;
use CLI::Osprey;

use CCE;
use IO::All;
use Process::Status;
use String::ShellQuote;
use Text::Diff;
use YAML::Syck;

option do_correct => (
    is => 'ro',
);

sub run {
    my ($self) = @_;

    die "EUID=0 required." unless $> == 0;

    local $| = 1;

    my $notify = 0;

    my $cce = CCE->new;
    $cce->connectuds;

    my @vsites = map {
        my ($ok, $obj) = $cce->get($_);
        die unless $ok;
        $obj;
    } $cce->findx('Vsite');
    @vsites = sort { $a->{name} cmp $b->{name} } @vsites;

    for my $vsite (@vsites) {
        my $vsite_port = $self->_get_vsite_fpm_port($vsite) or next;

        say "--> $vsite->{fqdn}\tvsite:$vsite_port";

        my @subdomains = map {
            my ($ok, $obj) = $cce->get($_);
            die unless $ok;
            $obj;
        } $cce->find('Subdomains', { group => $vsite->{name} });

        for my $subdomain (@subdomains) {
            # /etc/httpd/conf.d/subdomains/site28-host.domain.tld.conf
            my $subdomain_file =
"/etc/httpd/conf.d/subdomains/$vsite->{name}-$subdomain->{hostname}.$subdomain->{domainname}.conf";
            die unless -f $subdomain_file;
            my $txt1 = io($subdomain_file)->all;
            my $txt2 = $txt1 =~ s{fcgi://127\.0\.0\.1:\K\d+}{$vsite_port}gr;
            my $diff = diff \$txt1, \$txt2, { Style => 'Unified',
FILENAME_A => $subdomain_file, FILENAME_B =>
"$subdomain_file.corrected" };
            if ($diff) {
                $notify++;
                if ($self->do_correct) {
                    say "correct. $subdomain_file";
                    io($subdomain_file)->print($txt2);
                }
                else {
                    say $diff =~ s/^/    /mgr;
                }
            }
        }
    }

    if ($notify and $self->do_correct) {
        my @cmd = (qw(systemctl restart httpd));
        say "--> run: @{[ shell_quote @cmd ]}";
        system @cmd;
        say Process::Status->as_string;
    }

    exit $notify;
}

sub _get_vsite_fpm_port {
    my ($self, $vsite) = @_;

    my $file = "/etc/httpd/conf/vhosts/@{[ $vsite->{name} ]}";
    my $txt  = io($file)->all;

    $txt =~ m{fcgi://127\.0\.0\.1:(\d+)} ? $1 : undef;
}

__PACKAGE__->new_with_options->run;


2024-07-09 11:14 に Michael Stauber via Blueonyx さんは書きました:
> Hi Rickard, hi Tomohiro,
>
> I just published updated base-subdomain RPMs for 5210R and 5211R which fix both reported issues:
>
> 1.) PHP-FPM port assignment:
>
> We now search for and parse the Vsites main PHP-FPM pool file and extract the correct port number from it to use it in the subdomain configuration.
>
> 2.) Vsite or siteAdmin over-quota issue:
>
> If a Vsite is over-quota (or the siteAdmin that owns the Vsite's /web), then the PHP configuration for the subdomains is now correctly configured with (working) PHP 'disable_functions' and 'disable_classes' settings to prevent further file creation or editing. The previous settings were written out in the format suitable for FPM pool files, but not for Apache and caused an error.
>
> Changelog:
>
> https://devel.blueonyx.it/trac/changeset/5368/

2024年7月9日(火) 11:20 Michael Stauber via Blueonyx <blueonyx at mail.blueonyx.it>:
>
> Hi Rickard, hi Tomohiro,
>
> I just published updated base-subdomain RPMs for 5210R and 5211R which
> fix both reported issues:
>
> 1.) PHP-FPM port assignment:
>
> We now search for and parse the Vsites main PHP-FPM pool file and
> extract the correct port number from it to use it in the subdomain
> configuration.
>
> 2.) Vsite or siteAdmin over-quota issue:
>
> If a Vsite is over-quota (or the siteAdmin that owns the Vsite's /web),
> then the PHP configuration for the subdomains is now correctly
> configured with (working) PHP 'disable_functions' and 'disable_classes'
> settings to prevent further file creation or editing. The previous
> settings were written out in the format suitable for FPM pool files, but
> not for Apache and caused an error.
>
> Changelog:
>
> https://devel.blueonyx.it/trac/changeset/5368/
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list