diff --git a/README.md b/README.md index fb47bc8..8eb97b9 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,6 @@ Uninstall packages that may interfere with this setup: apt-get purge apache2* resolvconf exim4* && systemctl disable systemd-resolved.service ``` -If you are on Ubuntu, add the following PPA: -``` -LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php -``` -On debian this may be worth a look: https://deb.sury.org/ - To get the latest tor version, you should follow these instructions to add the official tor repository for your distribution: (https://www.torproject.org/docs/debian) To get the latest mariadb version, you should follow these instructions to add the official tor repository for your distribution: (https://downloads.mariadb.org/mariadb/repositories/) @@ -33,9 +27,8 @@ echo "deb https://deb.nodesource.com/node_11.x sid main" >> /etc/apt/sources.lis The following command will install all required packages: ``` -apt-get --no-install-recommends install apt-transport-tor aspell bzip2 clamav-daemon clamav-freshclam clamav-milter curl dovecot-imapd dovecot-pop3d git dnsmasq haveged hunspell iptables libsasl2-modules locales-all logrotate mariadb-server nano nodejs postfix postfix-mysql \ -php7.3-bcmath php7.3-bz2 php7.3-cli php7.3-curl php7.3-dba php7.3-enchant php7.3-fpm php7.3-gd php7.3-gmp php7.3-imap php7.3-intl php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-pspell php7.3-readline php7.3-recode php7.3-soap php7.3-sqlite3 php7.3-tidy php7.3-xml php7.3-xmlrpc php7.3-xsl php7.3-zip \ -php-apcu php-gnupg php-imagick quota quotatool rsync sasl2-bin ssh subversion tor unzip vim vsftpd wget yarn zip +apt-get --no-install-recommends install apt-transport-tor bzip2 clamav-daemon clamav-freshclam clamav-milter curl dovecot-imapd dovecot-pop3d git dnsmasq g++ gcc haveged iptables libsasl2-modules locales locales-all logrotate mariadb-server nano nodejs postfix postfix-mysql \ +quota quotatool rsync sasl2-bin ssh subversion tor unzip vim vsftpd wget yarn zip ``` Note that both, debian and the torproject have hidden service package archives, so you may want to edit /etc/apt/sources.list to load from those instead: @@ -138,7 +131,6 @@ D. > select dovecot 4. General Options > 9. Allow editing of identity > n Users should not be able to fake email addresses > y They should be able to change display name > y They should be able to set a reply to mail > y additional headers are not required 10. Language settings > 4. Enable aggressive decoding 11. Tweaks > 2. Ask user info on first login > n (commonly confuses users) -11. Tweaks > 4. Use php recode functions > y 11. Tweaks > 5. Use php iconv functions > y ``` @@ -168,6 +160,11 @@ git clone https://github.com/google/ngx_brotli make -j $(nproc) install ``` +Install custom optimized php +``` +./install_php.sh +``` + Last but not least setup the database by running ``` php /var/www/setup.php diff --git a/etc/systemd/system/php7.2-fpm.service b/etc/systemd/system/php7.2-fpm.service new file mode 100644 index 0000000..b0d238c --- /dev/null +++ b/etc/systemd/system/php7.2-fpm.service @@ -0,0 +1,17 @@ +# This service is actually a systemd target, +# but we are using a service since targets cannot be reloaded. + +[Unit] +Description=The PHP 7.2 FastCGI Process Manager (multi instance master) +Documentation=man:php-fpm7.2(8) +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true + +[Install] +WantedBy=multi-user.target + diff --git a/etc/systemd/system/php7.2-fpm@.service b/etc/systemd/system/php7.2-fpm@.service new file mode 100644 index 0000000..e0bdbdc --- /dev/null +++ b/etc/systemd/system/php7.2-fpm@.service @@ -0,0 +1,34 @@ +[Unit] +Description=The PHP 7.2 FastCGI Process Manager (instance %i) +Documentation=man:php-fpm7.2(8) +After=network.target +PartOf=php7.2-fpm.service +ReloadPropagatedFrom=php7.2-fpm.service + +[Service] +Type=notify +PIDFile=/run/php/php7.2-fpm-%i.pid +ExecStart=/usr/sbin/php-fpm7.2 --nodaemonize --fpm-config /etc/php/7.2/fpm/php-fpm-%i.conf +ExecReload=/bin/kill -USR2 $MAINPID +LimitNOFILE=100000 +TimeoutStartSec=300 +ProtectSystem=strict +PrivateTmp=true +# sendmail requires it... enable once chrooted +#NoNewPrivileges=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true +SystemCallArchitectures=native +ReadWritePaths=-/var/log/ +ReadWritePaths=-/var/run/ +ReadWritePaths=-/run/ +InaccessiblePaths=-/root/ +CPUQuota=100% +MemoryHigh=25% +MemoryMax=35% + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.2-fpm@default.service b/etc/systemd/system/php7.2-fpm@default.service new file mode 100644 index 0000000..aa04eac --- /dev/null +++ b/etc/systemd/system/php7.2-fpm@default.service @@ -0,0 +1,36 @@ +[Unit] +Description=The PHP 7.2 FastCGI Process Manager +Documentation=man:php-fpm7.2(8) +After=network.target +PartOf=php7.2-fpm.service +ReloadPropagatedFrom=php7.2-fpm.service + +[Service] +Type=notify +PIDFile=/run/php/php7.2-fpm.pid +ExecStart=/usr/sbin/php-fpm7.2 --nodaemonize --fpm-config /etc/php/7.2/fpm/php-fpm.conf +ExecReload=/bin/kill -USR2 $MAINPID +LimitNOFILE=100000 +TimeoutStartSec=300 +ProtectSystem=strict +PrivateTmp=true +# sendmail requires it... enable once chrooted +#NoNewPrivileges=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true +SystemCallArchitectures=native +ReadWritePaths=-/var/log/ +ReadWritePaths=-/var/run/ +ReadWritePaths=-/run/ +ReadWritePaths=-/var/local/squirrelmail/ +ReadWritePaths=-/var/www/ +InaccessiblePaths=-/root/ +CPUQuota=100% +MemoryHigh=25% +MemoryMax=35% + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.3-fpm@.service b/etc/systemd/system/php7.3-fpm@.service index abe64b7..298c878 100644 --- a/etc/systemd/system/php7.3-fpm@.service +++ b/etc/systemd/system/php7.3-fpm@.service @@ -22,10 +22,10 @@ ProtectKernelModules=true ProtectControlGroups=true LockPersonality=true SystemCallArchitectures=native -BindPaths=/var/log/ -BindPaths=/var/run/php/ -BindPaths=/run/php/ -InaccessiblePaths=/root/ +ReadWritePaths=-/var/log/ +ReadWritePaths=-/var/run/ +ReadWritePaths=-/run/ +InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% diff --git a/etc/systemd/system/php7.3-fpm@default.service b/etc/systemd/system/php7.3-fpm@default.service index a736c85..3d0a20d 100644 --- a/etc/systemd/system/php7.3-fpm@default.service +++ b/etc/systemd/system/php7.3-fpm@default.service @@ -22,13 +22,12 @@ ProtectKernelModules=true ProtectControlGroups=true LockPersonality=true SystemCallArchitectures=native -BindPaths=/var/log/ -BindPaths=/var/run/php/ -BindPaths=/run/php/ -BindPaths=/var/lib/php/sessions -BindPaths=/var/local/squirrelmail/ -BindPaths=/var/www/ -InaccessiblePaths=/root/ +ReadWritePaths=-/var/log/ +ReadWritePaths=-/var/run/ +ReadWritePaths=-/run/ +ReadWritePaths=-/var/local/squirrelmail/ +ReadWritePaths=-/var/www/ +InaccessiblePaths=-/root/ CPUQuota=100% MemoryHigh=25% MemoryMax=35% diff --git a/etc/systemd/system/php7.4-fpm.service b/etc/systemd/system/php7.4-fpm.service new file mode 100644 index 0000000..e6cab3b --- /dev/null +++ b/etc/systemd/system/php7.4-fpm.service @@ -0,0 +1,17 @@ +# This service is actually a systemd target, +# but we are using a service since targets cannot be reloaded. + +[Unit] +Description=The PHP 7.3 FastCGI Process Manager (multi instance master) +Documentation=man:php-fpm7.3(8) +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true + +[Install] +WantedBy=multi-user.target + diff --git a/etc/systemd/system/php7.4-fpm@.service b/etc/systemd/system/php7.4-fpm@.service new file mode 100644 index 0000000..e376881 --- /dev/null +++ b/etc/systemd/system/php7.4-fpm@.service @@ -0,0 +1,34 @@ +[Unit] +Description=The PHP 7.4 FastCGI Process Manager (instance %i) +Documentation=man:php-fpm7.4(8) +After=network.target +PartOf=php7.4-fpm.service +ReloadPropagatedFrom=php7.4-fpm.service + +[Service] +Type=notify +PIDFile=/run/php/php7.4-fpm-%i.pid +ExecStart=/usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/php-fpm-%i.conf +ExecReload=/bin/kill -USR2 $MAINPID +LimitNOFILE=100000 +TimeoutStartSec=300 +ProtectSystem=strict +PrivateTmp=true +# sendmail requires it... enable once chrooted +#NoNewPrivileges=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true +SystemCallArchitectures=native +ReadWritePaths=-/var/log/ +ReadWritePaths=-/var/run/ +ReadWritePaths=-/run/ +InaccessiblePaths=-/root/ +CPUQuota=100% +MemoryHigh=25% +MemoryMax=35% + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/php7.4-fpm@default.service b/etc/systemd/system/php7.4-fpm@default.service new file mode 100644 index 0000000..b1f356c --- /dev/null +++ b/etc/systemd/system/php7.4-fpm@default.service @@ -0,0 +1,36 @@ +[Unit] +Description=The PHP 7.4 FastCGI Process Manager +Documentation=man:php-fpm7.4(8) +After=network.target +PartOf=php7.4-fpm.service +ReloadPropagatedFrom=php7.4-fpm.service + +[Service] +Type=notify +PIDFile=/run/php/php7.4-fpm.pid +ExecStart=/usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/php-fpm.conf +ExecReload=/bin/kill -USR2 $MAINPID +LimitNOFILE=100000 +TimeoutStartSec=300 +ProtectSystem=strict +PrivateTmp=true +# sendmail requires it... enable once chrooted +#NoNewPrivileges=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +LockPersonality=true +SystemCallArchitectures=native +ReadWritePaths=-/var/log/ +ReadWritePaths=-/var/run/ +ReadWritePaths=-/run/ +ReadWritePaths=-/var/local/squirrelmail/ +ReadWritePaths=-/var/www/ +InaccessiblePaths=-/root/ +CPUQuota=100% +MemoryHigh=25% +MemoryMax=35% + +[Install] +WantedBy=multi-user.target diff --git a/install_php.sh b/install_php.sh new file mode 100755 index 0000000..aa5c1a2 --- /dev/null +++ b/install_php.sh @@ -0,0 +1,140 @@ +#!/bin/sh +apt-get install --no-install-recommends -y bison ghostscript libreadline6-dev librecode-dev libmysqlclient-dev libargon2-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libedit-dev re2c libxml2-dev libsqlite3-dev libwebp-dev libgmp-dev libkrb5-dev libldap2-dev libsasl2-dev libonig-dev libtidy-dev libxslt1-dev libenchant-dev libpspell-dev libzip-dev libxpm-dev libffi-dev libgd-dev libmagickwand-dev libssh2-1-dev liblmdb-dev libpng-dev poppler-utils libqdbm-dev +ln -s /usr/include/qdbm/depot.h /usr/include/depot.h +git clone https://github.com/php/php-src +cd php-src +git checkout PHP-7.4 +cd ext +git clone https://github.com/krakjoe/apcu +git clone https://github.com/kjdev/php-ext-brotli +git clone https://github.com/Imagick/imagick +#git clone https://github.com/php-gnupg/php-gnupg && cd php-gnupg && git submodule update --init && cd .. +#git clone https://github.com/cataphract/php-rar +curl -sSf https://pecl.php.net/get/ssh2 | tar xzvf - --exclude package.xml +cd .. +./buildconf +CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/7.4/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/7.4 --program-suffix=7.4 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xmlrpc --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 +make -j $(nproc) install +make distclean +git checkout PHP-7.3 +cat | git apply - < +Date: Mon, 22 Oct 2018 06:54:31 +0000 +Subject: Use pkg-config for FreeType2 detection + +--- + ext/gd/config.m4 | 30 +++++++++++++++++++----------- + 1 file changed, 19 insertions(+), 11 deletions(-) + +diff --git a/ext/gd/config.m4 b/ext/gd/config.m4 +index 498d870..d28c6ae 100644 +--- a/ext/gd/config.m4 ++++ b/ext/gd/config.m4 +@@ -184,21 +184,29 @@ AC_DEFUN([PHP_GD_XPM],[ + AC_DEFUN([PHP_GD_FREETYPE2],[ + if test "\$PHP_FREETYPE_DIR" != "no"; then + +- for i in \$PHP_FREETYPE_DIR /usr/local /usr; do +- if test -f "\$i/bin/freetype-config"; then +- FREETYPE2_DIR=\$i +- FREETYPE2_CONFIG="\$i/bin/freetype-config" +- break ++ if test -z "\$PKG_CONFIG"; then ++ AC_PATH_PROG(PKG_CONFIG, pkg-config, no) ++ fi ++ if test -x "\$PKG_CONFIG" && \$PKG_CONFIG --exists freetype2 ; then ++ FREETYPE2_CFLAGS=\`\$PKG_CONFIG --cflags freetype2\` ++ FREETYPE2_LIBS=\`\$PKG_CONFIG --libs freetype2\` ++ else ++ for i in \$PHP_FREETYPE_DIR /usr/local /usr; do ++ if test -f "\$i/bin/freetype-config"; then ++ FREETYPE2_DIR=\$i ++ FREETYPE2_CONFIG="\$i/bin/freetype-config" ++ break ++ fi ++ done ++ ++ if test -z "\$FREETYPE2_DIR"; then ++ AC_MSG_ERROR([freetype-config not found.]) + fi +- done + +- if test -z "\$FREETYPE2_DIR"; then +- AC_MSG_ERROR([freetype-config not found.]) ++ FREETYPE2_CFLAGS=\`\$FREETYPE2_CONFIG --cflags\` ++ FREETYPE2_LIBS=\`\$FREETYPE2_CONFIG --libs\` + fi + +- FREETYPE2_CFLAGS=\`\$FREETYPE2_CONFIG --cflags\` +- FREETYPE2_LIBS=\`\$FREETYPE2_CONFIG --libs\` +- + PHP_EVAL_INCLINE(\$FREETYPE2_CFLAGS) + PHP_EVAL_LIBLINE(\$FREETYPE2_LIBS, GD_SHARED_LIBADD) + AC_DEFINE(HAVE_LIBFREETYPE,1,[ ]) +EOF +./buildconf +CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/7.3/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/7.3 --program-suffix=7.3 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --with-gd=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-xpm-dir=/usr --with-freetype-dir=/usr --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xmlrpc --with-xsl --with-enchant --with-pspell --enable-zip --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-pcre-regex --with-pcre-jit +make -j $(nproc) install +make distclean +git reset --hard +git checkout PHP-7.2 +cat | git apply - < +Date: Mon, 22 Oct 2018 06:54:31 +0000 +Subject: Use pkg-config for FreeType2 detection + +--- + ext/gd/config.m4 | 30 +++++++++++++++++++----------- + 1 file changed, 19 insertions(+), 11 deletions(-) + +diff --git a/ext/gd/config.m4 b/ext/gd/config.m4 +index 498d870..d28c6ae 100644 +--- a/ext/gd/config.m4 ++++ b/ext/gd/config.m4 +@@ -184,21 +184,29 @@ AC_DEFUN([PHP_GD_XPM],[ + AC_DEFUN([PHP_GD_FREETYPE2],[ + if test "\$PHP_FREETYPE_DIR" != "no"; then + +- for i in \$PHP_FREETYPE_DIR /usr/local /usr; do +- if test -f "\$i/bin/freetype-config"; then +- FREETYPE2_DIR=\$i +- FREETYPE2_CONFIG="\$i/bin/freetype-config" +- break ++ if test -z "\$PKG_CONFIG"; then ++ AC_PATH_PROG(PKG_CONFIG, pkg-config, no) ++ fi ++ if test -x "\$PKG_CONFIG" && \$PKG_CONFIG --exists freetype2 ; then ++ FREETYPE2_CFLAGS=\`\$PKG_CONFIG --cflags freetype2\` ++ FREETYPE2_LIBS=\`\$PKG_CONFIG --libs freetype2\` ++ else ++ for i in \$PHP_FREETYPE_DIR /usr/local /usr; do ++ if test -f "\$i/bin/freetype-config"; then ++ FREETYPE2_DIR=\$i ++ FREETYPE2_CONFIG="\$i/bin/freetype-config" ++ break ++ fi ++ done ++ ++ if test -z "\$FREETYPE2_DIR"; then ++ AC_MSG_ERROR([freetype-config not found.]) + fi +- done + +- if test -z "\$FREETYPE2_DIR"; then +- AC_MSG_ERROR([freetype-config not found.]) ++ FREETYPE2_CFLAGS=\`\$FREETYPE2_CONFIG --cflags\` ++ FREETYPE2_LIBS=\`\$FREETYPE2_CONFIG --libs\` + fi + +- FREETYPE2_CFLAGS=\`\$FREETYPE2_CONFIG --cflags\` +- FREETYPE2_LIBS=\`\$FREETYPE2_CONFIG --libs\` +- + PHP_EVAL_INCLINE(\$FREETYPE2_CFLAGS) + PHP_EVAL_LIBLINE(\$FREETYPE2_LIBS, GD_SHARED_LIBADD) + AC_DEFINE(HAVE_LIBFREETYPE,1,[ ]) +EOF +./buildconf +CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/7.2/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/7.2 --program-suffix=7.2 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --with-gd=/usr --with-jpeg-dir=/usr --with-webp-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-xpm-dir=/usr --with-freetype-dir=/usr --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xmlrpc --with-xsl --with-enchant --with-pspell --enable-zip --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-pcre-regex --with-pcre-jit +make -j $(nproc) install +make distclean +git reset --hard diff --git a/var/www/common.php b/var/www/common.php index d230fac..40b06ea 100644 --- a/var/www/common.php +++ b/var/www/common.php @@ -19,36 +19,42 @@ const INDEX_MD5S=[ //MD5 sums of index.hosting.html files that should be considd '7ae7e9bac6be76f00e0d95347111f037', //default file '703fac6634bf637f942db8906092d0ab', //new default file 'e109a5a44969c2a109aee0ea3565529e', //TOR HTML Site +'31ff0d6a1d280d610a700f3c1ec6d857', //MyHacker test page ]; const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false const ENABLE_SHELL_ACCESS=true; //allows users to login via ssh, when disabled only (s)ftp is allowed - run setup.php to migrate existing accounts const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface const SERVICE_INSTANCES=['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's']; //one character per instance - run multiple tor+php-fpm instances for load balancing, remove all but one instance if you expect less than 200 accounts. - run setup.php after change const DISABLED_PHP_VERSIONS=[]; //php versions still installed on the system but no longer offered for new accounts -const PHP_VERSIONS=[4 => '7.3']; //currently active php versions +const PHP_VERSIONS=[3 => '7.2', 4 => '7.3', 5 => '7.4']; //currently active php versions const DEFAULT_PHP_VERSION='7.3'; //default php version -const PHP_CONFIG='memory_limit = 256M +const PHP_CONFIG='zend_extension=opcache.so +memory_limit = 256M error_reporting = E_ALL +display_errors = Off +log_errors = On +expose_php = Off +variables_order = "GPCS" +request_order = "GP" post_max_size = 10G upload_max_filesize = 10G max_file_uploads = 100 date.timezone = UTC -pdo_odbc.connection_pooling=off +pdo_odbc.connection_pooling = Off odbc.allow_persistent = Off -ibase.allow_persistent = 0 mysqli.allow_persistent = Off pgsql.allow_persistent = Off -opcache.enable=1 -opcache.interned_strings_buffer=8 -opcache.max_accelerated_files=20000 -opcache.use_cwd=1 -opcache.validate_timestamps=1 -opcache.revalidate_freq=2 -opcache.revalidate_path=1 -opcache.save_comments=1 -opcache.optimization_level=0x7fffffff -opcache.validate_permission=1 -opcache.validate_root=1 +opcache.enable = 1 +opcache.interned_strings_buffer = 8 +opcache.max_accelerated_files = 20000 +opcache.use_cwd = 1 +opcache.validate_timestamps = 1 +opcache.revalidate_freq = 2 +opcache.revalidate_path = 1 +opcache.save_comments = 1 +opcache.optimization_level = 0x7fffffff +opcache.validate_permission = 1 +opcache.validate_root = 1 '; const NGINX_DEFAULT = 'server { listen unix:/var/run/nginx/suspended backlog=2048; diff --git a/var/www/html/files.php b/var/www/html/files.php index d53c53c..577cb7c 100644 --- a/var/www/html/files.php +++ b/var/www/html/files.php @@ -439,9 +439,9 @@ function ftp_recursive_delete($ftp, $file){ } } ftp_chdir($ftp, '..'); - ftp_rmdir($ftp, $file); + @ftp_rmdir($ftp, $file); }else{ - ftp_delete($ftp, $file); + @ftp_delete($ftp, $file); } } diff --git a/var/www/setup_chroot.sh b/var/www/setup_chroot.sh index d2412ac..68a5e21 100755 --- a/var/www/setup_chroot.sh +++ b/var/www/setup_chroot.sh @@ -107,7 +107,9 @@ BINARIES_GENERAL=( '/usr/bin/sftp' '/usr/bin/ssh' '/usr/bin/wget' + '/usr/bin/php7.2' '/usr/bin/php7.3' + '/usr/bin/php7.4' '/usr/bin/mysql' '/usr/bin/mysqldump' '/usr/bin/mysqlcheck' @@ -177,8 +179,6 @@ DIRECTORIES_GENERAL=( '/lib/terminfo' '/usr/share/terminfo' '/usr/lib/php' - '/etc/php/7.3/cli' - '/etc/php/7.3/mods-available' '/etc/profile.d' ) ### test variables/parameters @@ -237,4 +237,4 @@ done for BINARY in /usr/lib/php/*/*.so; do CHROOT_BINARY $BINARY done -cp -l $CHROOT_DIRECTORY/usr/bin/php7.3 $CHROOT_DIRECTORY/usr/bin/php +ln $CHROOT_DIRECTORY/usr/bin/php7.4 $CHROOT_DIRECTORY/usr/bin/php