I have some sites that make use of HTTP authorization headers inside of PHP (so not using htaccess/htpasswd, but an internal user database). For the moment I have simply added the required "-pass-header Authorization" to scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php @ 63 right after the "-socket" setting. But it would be nice if this was either always on by default or selectable as a switch in the GUI (could either be a global FCGI/FPM setting, but would be nicer if it was on a level with "PHP Configurations", since it's rarely needed).

Thanks

Günther

solution for one specific setup...what about mod_proxy users?

hi d00p... what about mod_proxy users? (I got no clue really ;-) )

Anyway, passing authentication headers is nothing "bad" or "wrong" either. If you find it to intrusive to add a switch for it, why not allowing it by default? As far as I can tell there are neither performance issues with it, nor security issues - in the end it is up to the developer who uses it.

already coding  Are you willing to test?

well sure!

Then go -> latest git-commit -> https://github.com/Froxlor/Froxlor/commit/ba58991d11f80ac28694f485b695c96d4659a586

Dont forget to always use the latest git state when testing

nice.... give me a little time to finish one more job and I'll be back with a feedback!

Going Out for Dinner now anyway

Hi d00p... have tried it out now (the option pops up in the PHP Configurations section) but when the tasks are run it stumbles over $phpconfig['pass_authorizationheader'] giving me an "Undefined index: pass_authorizationheader" in both task scripts...

Now I got to admit I only took and implemented your changes (all of them) in official 0.38.8 and was not using the latest git version. If you think that to be the cause then I will set up a new environment inside a VM.

Cheers and thanks again!

 

Well you need the Database Updates, i recommend the full git-version (its better than.0.9.38.8 anyway :p)

oh well I did an ALTER TABLE `panel_tasks` ADD `pass_authorizationheader` tinyint(1) NOT NULL default '0'; prior to anything else... so you'd recommend to go for that one.... btw. does it have these changes (https://github.com/Froxlor/Froxlor/pull/397) inside as well or is that in some other branch? (I'd really love to have PHP-FPM 5.6/7.0/7.1/7.2 running and choosable from within Froxlor!!) :-P

Do you also have the changes from https://github.com/Froxlor/Froxlor/commit/6b44dfe9b238e52572dc952e778d906a6060675c ? or else the setting won't be saved.

https://github.com/Froxlor/Froxlor/pull/397 has been implemented in another way in current git-master (another reason to use it :P)

Alright, you have me curious now - I'll give it a try today! 

Alright... here I am and it "nearly" works. There is just the  one glitch I noticed so far:

After "upgrading" to the current git version and re-generating all configuration files apache complained about missing a value for "-idle-timeout". Most of my configuration files had the following inside:

FastCgiExternalServer /var/www/php-fpm/froxlor.panel/panelname.domainname.tld/542e.fpm.external: invalid value for -idle-timeout: ""

I have tried updating the value once in the backend PHP-FPM versions -> (Edit) -> Idle Timeout: by setting the already existing value of 30 to 60 and re-generating the configuration files. But still the call to

Settings::Get('phpfpm.idle_timeout')

always returns empty. My quick fix was to add

$idle_timeout = Settings::Get('phpfpm.idle_timeout');
if (empty($idle_timeout)) {
	$idle_timeout = 60;
}

in both task-include-files (10.apache / 15.apache_fcgid), but that is not the proper way to do it. Since I'd like to avoid reading through all the code to get there, would you mind pointing me to the part which connects the backend-setting (which maintains the correct value after changing it) with the Settings-class?

I'll then be happy to test this for you.

Cheers!

ah, the timeout....that moved from global settings to fpm-daemon specific setting...thanks for noticing

You're quick... ok I get what you mean... as soon as you point out the function to be used to retrieve that value I'll be quick to test this too (just in case) 

Okay, git pull, and you should be good to go

Works, thanks d00p!!