Jump to content
Froxlor Forum


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About sporkman

  • Rank
  1. I'm running a pre-0.10 version in production for quite some time now. The "libnss-extrausers" thing is kind of dumb, I don't recall my workaround. It would be nice to see a working port again, or even better, patches upstream as needed. Since Froxlor is mostly just a config generator, there's no real reason for most of the linuxisms other than people not knowing any better. I mean, all the software Froxlor configures has been running on FreeBSD forever (and in the case of that obscure webserver, nginx, developed on FreeBSD by a bunch of Russian FreeBSD nerds). If the porting project is still active I can look through my install here to see what I've been up to. I've been putting off the version jump to 0.10.x because I didn't see anything I needed in there, but I should probably see about updating and what I have to merge back in to make it work. Also as for nobody using FreeBSD, well more people should. Around 20% of worldwide internet traffic is coming off FreeBSD servers. It's a great platform to develop for - one distro, one way of doing things, and a clear cut line between base OS and 3rd party applications.
  2. This is some weird php/phpmailer/pcre2 issue apparently. For Froxlor, just updating phpmailer to a current version will resolve it (I tested with 6.0.7). For Wordpress, same thing, have to wait for them to sync up with the current version of phpmailer. Other workarounds: - downgrade to php 7.2 - manually build php 7.3 from source using a few specific versions of pcre that don't expose the bug - in Wordpress, add a filter to disable the regex: add_filter( 'wp_mail_from', function($from){PHPMailer::$validator = 'noregex'; return $from;} ) Just answering here for anyone wandering in from google... It's vexing because unless you turn on debugging in phpmailer, you get a very generic 'invalid address' error (sender? recipient? who knows?).
  3. I'm stumped by this. Code like this works both from the command line (php -f mailtest.php) and via the web. No errors, mail is seen hitting my local ssmtp instance (this host is not running the mail server portion of froxlor): <?php ini_set( 'display_errors', 1 ); error_reporting( E_ALL ); $from = "emailtest@YOURDOMAIN"; $to = "YOUREMAILADDRESS"; $subject = "PHP Mail Test script"; $message = "This is a test to check the PHP Mail functionality"; $headers = "From:" . $from; mail($to,$subject,$message, $headers); echo "Test email sent"; ?> WordPress, which uses PHPMailer fails to send mail silently. No errors in php-fpm's log, no errors in apache, and if I turn on php errors and WP_DEBUG, nothing, just silent failure. Also noticed that when I add new customers in froxlor, there is an error about not being able to send email. AND froxlor uses PHPMailer. So what might be stopping PHPMailer from working system-wide, but not php's mail() function?
  4. Pretty darn happy so far with php in worker mode with php-fpm via mod_proxy_fcgi (or is it fastcgi_proxy? or fcgid_proxy? anyhow, the "newest/best" one marked as being needed Deb Stretch in PHP-FPM config page). I have a few customers that don't even use PHP, is there a way to avoid starting up php-fpm processes for them?
  5. Yep. "www" is who the user runs as. As best I can tell it's not part of the user groups though. libnss-mysql seems to be working fine. 'bgreen' and 'css' are both "virtual" users. The "ls" shows that the ids (10000 and 10001) are being mapped properly by libnss-mysql. "css" group mapping seems fine. [root@nj2 /var/customers/webs]# ls -la total 32 drwxr-xr-x 4 root wheel 512 Apr 1 20:05 . drwxr-xr-x 6 root wheel 512 Apr 1 03:15 .. drwxr-xr-x 4 bgreen bgreen 512 Apr 1 20:05 bgreen drwxr-xr-x 4 css css 512 Apr 1 06:10 css [root@nj2 /var/customers/webs]# id www uid=80(www) gid=80(www) groups=80(www),9999(froxlorlocal) [root@nj2 /var/customers/webs]# groups www www froxlorlocal [root@nj2 /var/customers/webs]# id css uid=10000(css) gid=10000(css) groups=10000(css) [root@nj2 /var/customers/webs]# groups css css [root@nj2 /var/customers/webs]# Process ownership all seems fine and you can see uid->uname mapping: [root@nj2 /var/customers/webs]# ps auxw|grep http root 17913 0.0 0.5 19460 9380 - Ss 22:38 0:04.90 /usr/local/sbin/httpd -DNOHTTPACCEPT www 17914 0.0 0.6 29104 13312 - I 22:38 0:00.76 /usr/local/sbin/httpd -DNOHTTPACCEPT www 17915 0.0 0.6 29104 13212 - I 22:38 0:00.74 /usr/local/sbin/httpd -DNOHTTPACCEPT www 17916 0.0 0.6 27056 12848 - I 22:38 0:00.65 /usr/local/sbin/httpd -DNOHTTPACCEPT www 17918 0.0 0.7 29104 13504 - I 22:38 0:00.75 /usr/local/sbin/httpd -DNOHTTPACCEPT root 25473 0.0 0.1 6660 2548 1 S+ 20:13 0:00.00 grep http [root@nj2 /var/customers/webs]# ps auxww|grep fpm root 17886 0.0 0.8 166652 17216 - Ss 22:38 0:06.10 php-fpm: master process (/usr/local/etc/php-fpm.conf) (php-fpm) froxlorlocal 17890 0.0 1.9 169040 38388 - I 22:38 0:01.68 php-fpm: pool nj2.example.com (php-fpm) froxlorlocal 17891 0.0 0.8 166604 17236 - I 22:38 0:00.00 php-fpm: pool nj2.example.com (php-fpm) css 17892 0.0 0.8 166624 17404 - I 22:38 0:00.02 php-fpm: pool example.us (php-fpm) css 17893 0.0 0.8 166624 17236 - I 22:38 0:00.00 php-fpm: pool example.us (php-fpm) css 17894 0.0 0.8 166624 17236 - I 22:38 0:00.00 php-fpm: pool example.us (php-fpm) bgreen 24214 0.0 2.3 171364 47808 - I 14:56 0:00.44 php-fpm: pool example.org (php-fpm) bgreen 24215 0.0 2.3 171236 46840 - I 14:56 0:00.69 php-fpm: pool example.org (php-fpm) bgreen 24216 0.0 2.0 168804 40904 - I 14:56 0:00.22 php-fpm: pool example.org (php-fpm) root 25481 0.0 0.0 408 324 1 R+ 20:13 0:00.00 grep fpm [root@nj2 /var/customers/webs]# For now, I just altered the code to put php-fpm's group socket ownership to the web user's group. When I have the time I'll dig for the config variable for the www group instead of hard-coding. I'll just keep this on my little local changes list. if ($this->_domain['loginname'] == 'froxlor.panel') { $fpm_config .= 'listen.owner = ' . $this->_domain['guid'] . "\n"; //$fpm_config .= 'listen.group = ' . $this->_domain['guid'] . "\n"; $fpm_config .= 'listen.group = www' . "\n"; } else { $fpm_config .= 'listen.owner = ' . $this->_domain['loginname'] . "\n"; //$fpm_config .= 'listen.group = ' . $this->_domain['loginname'] . "\n"; $fpm_config .= 'listen.group = www' . "\n"; } // see #1418 why this is 0660 $fpm_config .= 'listen.mode = 0660' . "\n"; if ($this->_domain['loginname'] == 'froxlor.panel') { $fpm_config .= 'user = ' . $this->_domain['guid'] . "\n"; //$fpm_config .= 'group = ' . $this->_domain['guid'] . "\n"; $fpm_config .= 'listen.group = www' . "\n"; } else { $fpm_config .= 'user = ' . $this->_domain['loginname'] . "\n"; //$fpm_config .= 'group = ' . $this->_domain['loginname'] . "\n"; $fpm_config .= 'listen.group = www' . "\n"; }
  6. I'm a bit stumped on something here with the php-fpm setup... I'm seeing my virthosts not able to serve content because when apache connects to the php-fpm socket, it gets a "permission denied" error. The error does make sense - the web server runs as user "www" (whether in pre-fork or worker mpm modes), and there are no suexec overrides (not sure that's even available in worker mpm?) in the individual virtual host entries. And in the per-user php-fpm configs, the permissions are clearly set to the user/group of the the owner, and the mask is 0660 - meaning ONLY the owner of the site has access to those sockets. This does not seem like it should work - is something different supposed to be happening here? Should the www group be the group owner of the sockets? If I manually override that by doing a recursive "chgrp www" in the php-fpm socket directory, all is well. If I manually override the php-fpm config to make www the group owner all is well. What am I missing? I know I can just hack around this by modifying the code that generates the php-fpm config, but that feels wrong... Vhost config example: [root@panel /usr/local/etc/apache24]# cat sites-enabled/35_froxlor_normal_vhost_web1.example.com.conf # 35_froxlor_normal_vhost_web1.example.com.conf # Created 31.03.2019 00:59 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. # Domain ID: 2 - CustomerID: 1 - CustomerLogin: tester1 <VirtualHost> ServerName web1.example.com ServerAdmin css-test1@example.com DocumentRoot "/var/customers/webs/tester1/web1/" <FilesMatch \.(php)$> SetHandler proxy:unix:/var/run/apache2/fastcgi/1-tester1-web1.example.com-php-fpm.socket|fcgi://localhost </FilesMatch> <Directory "/var/customers/webs/tester1/web1/"> Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/tester1/webalizer/web1.example.com" ErrorLog "/var/customers/logs/tester1-web1.example.com-error.log" CustomLog "/var/customers/logs/tester1-web1.example.com-access.log" combined </VirtualHost> [root@panel /usr/local/etc/apache24]# PHP-FPM config example: [root@panel /usr/local/etc/apache24]# cat ../php-fpm.d/web1.example.com.conf ;PHP-FPM configuration for "web1.example.com" created on 2019.03.31 00:59:12 [web1.example.com] listen = /var/run/apache2/fastcgi/1-tester1-web1.example.com-php-fpm.socket listen.owner = tester1 listen.group = tester1 listen.mode = 0660 user = tester1 group = tester1 pm = dynamic pm.max_children = 1 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 1 pm.max_requests = 0 ;chroot = /var/customers/webs/tester1/web1/ security.limit_extensions = .php env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /var/customers/tmp/tester1/ env[TMPDIR] = /var/customers/tmp/tester1/ env[TEMP] = /var/customers/tmp/tester1/ php_admin_value[session.save_path] = /var/customers/tmp/tester1/ php_admin_value[upload_tmp_dir] = /var/customers/tmp/tester1/ php_admin_flag[allow_call_time_pass_reference] = Off php_admin_flag[allow_url_fopen] = Off [... snip tons of php flags ...] php_admin_value[open_basedir] = "/var/customers/webs/tester1/web1:/var/customers/tmp/tester1:/usr/local/share/php:/usr/share/php5:/tmp" php_admin_value[output_buffering] = 4096 [...] php_admin_value[opcache.restrict_api] = "/var/customers/webs/tester1/web1/" [root@panel /usr/local/etc/apache24]# Oh, maybe you don't want to just trust me, so some logs showing the permissions issue: [Sat Mar 30 20:26:49.653555 2019] [authz_core:debug] [pid 81616:tid 34494210816] mod_authz_core.c(817): [client 52] AH01626: authorization result of Require all granted: granted [Sat Mar 30 20:26:49.653688 2019] [authz_core:debug] [pid 81616:tid 34494210816] mod_authz_core.c(817): [client 52] AH01626: authorization result of <RequireAny>: granted [Sat Mar 30 20:26:49.653742 2019] [authz_core:debug] [pid 81616:tid 34494210816] mod_authz_core.c(817): [client 52] AH01626: authorization result of Require all granted: granted [Sat Mar 30 20:26:49.653747 2019] [authz_core:debug] [pid 81616:tid 34494210816] mod_authz_core.c(817): [client 52] AH01626: authorization result of <RequireAny>: granted [Sat Mar 30 20:26:49.653760 2019] [proxy:debug] [pid 81616:tid 34494210816] mod_proxy.c(1246): [client] AH011 43: Running scheme unix handler (attempt 0) [Sat Mar 30 20:26:49.653765 2019] [proxy_fcgi:debug] [pid 81616:tid 34494210816] mod_proxy_fcgi.c(1019): [client 052] AH01076: url: fcgi://localhost/var/customers/webs/tester1/web1/index.php proxyname: (null) proxyport: 0 [Sat Mar 30 20:26:49.653769 2019] [proxy_fcgi:debug] [pid 81616:tid 34494210816] mod_proxy_fcgi.c(1028): [client 052] AH01078: serving URL fcgi://localhost/var/customers/webs/tester1/web1/index.php [Sat Mar 30 20:26:49.653778 2019] [proxy:debug] [pid 81616:tid 34494210816] proxy_util.c(2317): AH00942: FCGI: has acquired c onnection for (*) [Sat Mar 30 20:26:49.653783 2019] [proxy:debug] [pid 81616:tid 34494210816] proxy_util.c(2371): [client] AH00 944: connecting fcgi://localhost/var/customers/webs/tester1/web1/index.php to localhost:8000 [Sat Mar 30 20:26:49.653805 2019] [proxy:debug] [pid 81616:tid 34494210816] proxy_util.c(2407): [client] AH02 545: fcgi: has determined UDS as /var/run/apache2/fastcgi/1-tester1-web1.morefoo.com-php-fpm.socket [Sat Mar 30 20:26:49.653833 2019] [proxy:debug] [pid 81616:tid 34494210816] proxy_util.c(2580): [client] AH00947: connected /var/customers/webs/tester1/web1/index.php to httpd-UDS:0 [Sat Mar 30 20:26:49.653852 2019] [proxy:error] [pid 81616:tid 34494210816] (13)Permission denied: AH02454: FCGI: attempt to connect to Unix domain socket /var/run/apache2/fastcgi/1-tester1-web1.morefoo.com-php-fpm.socket (*) failed [Sat Mar 30 20:26:49.653897 2019] [proxy_fcgi:error] [pid 81616:tid 34494210816] [client] AH01079: failed to make connection to backend: httpd-UDS [Sat Mar 30 20:26:49.653900 2019] [proxy:debug] [pid 81616:tid 34494210816] proxy_util.c(2332): AH00943: FCGI: has released c onnection for (*)
  7. Just an update for anyone else browsing this - had no issues updating to the latest. About to go in and attempt php-fpm (already have libnss-mysql setup, so that PITA is over with). Also surprisingly filesystem quotas work as well, just have to use '/usr/sbin/edquota' and your conditionals do the right thing in passing args to the command. And in FreeBSD the path is a bare path (ie: "/" or "/var"). I see there's a note here: lng/english.lng.php:$lng['serversettings']['system_cronconfig']['description'] = 'Path to the cron-service configuration-file. This file will be updated regularly and automatically by froxlor.<br />Note: Please <b>be sure</b> to use the same filename as for the main froxlor cronjob (default: /etc/cron.d/froxlor)!<br><br>If you are using <b>FreeBSD</b>, please specify <i>/etc/crontab</i> here!'; At least in FreeBSD 11.x, /etc/cron.d is totally valid and you can dump the froxlor cron file in there with no issues.
  8. Yeah, I'm working with the dumb, stock apache w/o FPM and it's actually not that bad at all. My concern was really that I haven't really tested much with apache in the last decade or so, but I did recently play around with nginx and a bunch of variations and was able to settle on a stack that seemed like a good fit for WP + a 1-2GB VPS. I'm just going to share a bit of that here because some of it is really not nginx-specific, but this is all WordPress-specific... Varnish is a bit of a pain and did not seem to be worth the trouble For caching at the http level, I found the built-in nginx caching to be almost indistinguishable (and easier to configure) than varnish Don't forget to enable the opcode cache! What a nice surprise to see that turning it on in Froxlor enables a nice built-in opcache monitor page PHP7 showed a general decrease in CPU usage, and the "stock" opcode cache is fine After a few days, mysqltuner does do a pretty decent job, but I did kind of crank anything that gobbles RAM down a bit because... A WordPress "object cache" makes a really substantial difference, in fact, for logged-in users (who do not get web caching), this was the most obvious speed bump I found. I used Redis and a very simple WP plugin that has a big "clear cache" button along with automatic purging when making edits. So my takeaway is that the WP object cache is really a big deal - you don't need to give Redis a ton of RAM, and it lets you dial down mysql's RAM usage a bit. Basically, as you know, WP bangs on the database a lot. If you install the super-helpful "Query Monitor" plugin (this or something else is essential when comparing hosting stacks), you'll see just how ridiculous the situation is. The WP object cache is basically an intelligent database cache that's orders of magnitude faster than MySQL and for reads, doesn't hardly touch MySQL. And since Froxlor seems to be very "hands-off" with things outside it's control, adding Redis isn't at all a big deal. You can manually add a password/namespace for a customer and they can load that info into whatever plugin they're using...
  9. I have to get about 5 or 6 low-traffic WP sites on a small (1GB RAM) VPS. Which web stack is the most efficient (mainly thinking of the memory footprint)? I'm a little put off by apache, but I've only used it with mod-php (and then I stick Varnish in front of it if needed). I think the alternatives are now more varied - apache worker w/fpm, etc... Any recommendations before I just start playing around with the various froxlor options?
  10. Awesome, thanks so much!
  11. sporkman

    FreeBSD support?

    Hi all, I really like the general direction of Froxlor - it seems to mostly stay away from touching the underlying OS and whatever package manager your OS is using and just concentrates on being a config generator for the services that are running. This actually seems to make it pretty OS-agnostic. I installed the version from FreeBSD ports ( and they (port maintainers) didn't really modify it - they just use the port to pull in postfix, apache/nginx, mysql, BIND, etc. and then leave you with a message that you should carefully review all the file paths. So far, the biggest bit of work I did was just relentlessly go through settings and change "/etc/XYZ" to "/usr/local/etc/XYX" and "/etc/init.d/XYZ" to "/usr/local/etc/rc.d/XYZ" or "/etc/rc.d/XYZ". And I have a working system. I also grabbed the Gentoo xml file and did a similar search/replace and that gets me like 80% of the way there - I have cut and pasteable configs with correct paths. I imagine I could also substitute out various apt-get commands with "pkg add". I know the developers aren't interested in officially supporting FreeBSD, but I'm going to update this version of Froxlor to the newest - I reviewed commits between (what I have installed) and the latest and the only system/OS level thing I see of note there is adding "libnss-extrausers" which is a linux-only thing, but seems not to be required. Assuming the upgrade goes well, I'm probably going to go ahead with Froxlor on some FreeBSD VPS instances regardless. Questions: Are there any non-obvious OS-level compatibility issues I'm not seeing in my quick review of the code and the changes? What tools, if any are used to enable/disable apache modules and similar that are actually from the OS (things similar to "a2enmod")? Outside of the OS XML files, I think I only saw some paths being set in the .sql file that populates the db on install, not sure I care about that as that's easily changed in the web UI after install Are there any plans currently to move Froxlor in a direction that does make it start to take control of the OS itself (firewall rules, managing packages, etc.)? Any other background I should know of? Thanks!
  • Create New...