init PHP rewrite

2025-08-02 15:33:32 +00:00 · 2024-04-20 18:38:03 +02:00
parent 18ae902a04
commit 2323650863
178 changed files with 25163 additions and 286 deletions
--- a/rootfs/usr/local/bin/healthcheck.sh
+++ b/rootfs/usr/local/bin/healthcheck.sh
@@ -31,7 +31,7 @@ if [ "$GOA_IPV6_BINDING" != "[::]" ] && [ "$GOA_IPV4_BINDING" != "0.0.0.0" ]; th
    fi
 fi

-if (if [ "$GOA" = "true" ]; then [ -f /tmp/goa/index.html ] && nc -z "$HCGOA_IP" "$GOA_PORT"; fi && if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /run/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /run/php82.sock > /dev/null 2>&1; fi && if [ "$PHP83" = true ]; then cgi-fcgi -bind -connect /run/php83.sock > /dev/null 2>&1; fi && [ "$(curl -sk https://"$HCNPM_IP":"$NPM_PORT"/api/ | jq --raw-output .status)" = "OK" ]); then
+if (if [ "$GOA" = "true" ]; then [ -f /tmp/goa/index.html ] && nc -z "$HCGOA_IP" "$GOA_PORT"; fi && if [ "$PHP81" = true ]; then cgi-fcgi -bind -connect /run/php81.sock > /dev/null 2>&1; fi && if [ "$PHP82" = true ]; then cgi-fcgi -bind -connect /run/php82.sock > /dev/null 2>&1; fi && cgi-fcgi -bind -connect /run/php83.sock > /dev/null 2>&1 && [ "$(curl -sk https://"$HCNPM_IP":"$NPM_PORT"/status | jq -r .status)" = "ok" ]); then
 	echo "OK"
 	exit 0
 else
--- a/rootfs/usr/local/bin/launch.sh
+++ b/rootfs/usr/local/bin/launch.sh
@@ -36,19 +36,18 @@ if [ "$PHP82" = "true" ]; then
    fi
 fi

-if [ "$PHP83" = "true" ]; then
-    if ! PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FORt > /dev/null 2>&1; then
-        PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FORt
-        sleep inf
-    fi
+if ! PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FORt > /dev/null 2>&1; then
+    PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FORt
+    sleep inf
 fi

+nginx -e stderr &
 if [ "$PHP81" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/81/conf.d php-fpm81 -c /data/php/81 -y /data/php/81/php-fpm.conf -FOR; fi &
 if [ "$PHP82" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/82/conf.d php-fpm82 -c /data/php/82 -y /data/php/82/php-fpm.conf -FOR; fi &
-if [ "$PHP83" = "true" ]; then PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FOR; fi &
+PHP_INI_SCAN_DIR=/data/php/83/conf.d php-fpm83 -c /data/php/83 -y /data/php/83/php-fpm.conf -FOR &
 if [ "$LOGROTATE" = "true" ]; then while true; do logrotate --verbose --state /data/etc/logrotate.status /etc/logrotate; sleep 25h; done; fi &
 # shellcheck disable=SC2086
 if [ "$GOA" = "true" ]; then while true; do goaccess --no-global-config --num-tests=0 --tz="$TZ" --date-format="%d/%b/%Y" --time-format="%H:%M:%S" --log-format='[%d:%t %^] %v %h %T "%r" %s %b %b %R %u' --no-ip-validation --addr=127.0.0.1 --port="$GOAIWSP" \
                                -f /data/nginx/access.log --real-time-html -o /tmp/goa/index.html --persist --restore --db-path=/data/etc/goaccess/data -b /etc/goaccess/browsers.list -b /etc/goaccess/podcast.list $GOACLA; done; fi &
-aio.sh &
+#aio.sh &
 index.js
--- a/rootfs/usr/local/bin/start.sh
+++ b/rootfs/usr/local/bin/start.sh
@@ -51,11 +51,6 @@ if ! echo "$PGID" | grep -q "^[0-9]\+$"; then
    sleep inf
 fi

-if ! echo "$NIBEP" | grep -q "^[0-9]\+$"; then
-    echo "NIBEP needs to be a number."
-    sleep inf
-fi
-
 if ! echo "$GOAIWSP" | grep -q "^[0-9]\+$"; then
    echo "GOAIWSP needs to be a number."
    sleep inf
@@ -221,6 +216,11 @@ if [ -n "$PHP82_APKS" ] && ! echo "$PHP82_APKS" | grep -q "^[a-z0-9 _-]\+$"; the
    sleep inf
 fi

+if [ -n "$PHP83_APKS" ] && ! echo "$PHP83_APKS" | grep -q "^[a-z0-9 _-]\+$"; then
+    echo "PHP83_APKS can consist of lower letters a-z, numbers 0-9, spaces, underscores and hyphens."
+    sleep inf
+fi
+

 if [ -n "$NC_AIO" ] && ! echo "$NC_AIO" | grep -q "^true$\|^false$"; then
    echo "NC_AIO needs to be true or false."
@@ -263,28 +263,21 @@ if [ -s /data/etc/goaccess/geoip/GeoLite2-Country.mmdb ] && [ -s /data/etc/goacc
 fi


-if [ "$PHP81" = "true" ] || [ "$PHP82" = "true" ] || [ "$PHP83" = "true" ]; then
+# From https://github.com/nextcloud/all-in-one/pull/1377/files
+if [ -n "$PHP_APKS" ]; then
+    for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
+        if ! echo "$apk" | grep -q "^php-.*$"; then
+            echo "$apk is a non allowed value."
+            echo "It needs to start with \"php-\"."
+            echo "It is set to \"$apk\"."
+            sleep inf
+        fi

-    apk add --no-cache fcgi
-
-    # From https://github.com/nextcloud/all-in-one/pull/1377/files
-    if [ -n "$PHP_APKS" ]; then
-        for apk in $(echo "$PHP_APKS" | tr " " "\n"); do
-
-            if ! echo "$apk" | grep -q "^php-.*$"; then
-                echo "$apk is a non allowed value."
-                echo "It needs to start with \"php-\"."
-                echo "It is set to \"$apk\"."
-                sleep inf
-            fi
-
-            echo "Installing $apk via apk..."
-            if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
-                echo "The apk \"$apk\" was not installed!"
-            fi
-
-        done
-    fi
+        echo "Installing $apk via apk..."
+        if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
+            echo "The apk \"$apk\" was not installed!"
+        fi
+    done
 fi

 if [ "$PHP81" = "true" ]; then
@@ -294,7 +287,6 @@ if [ "$PHP81" = "true" ]; then
    # From https://github.com/nextcloud/all-in-one/pull/1377/files
    if [ -n "$PHP81_APKS" ]; then
        for apk in $(echo "$PHP81_APKS" | tr " " "\n"); do
-
            if ! echo "$apk" | grep -q "^php81-.*$"; then
                echo "$apk is a non allowed value."
                echo "It needs to start with \"php81-\"."
@@ -306,7 +298,6 @@ if [ "$PHP81" = "true" ]; then
            if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
                echo "The apk \"$apk\" was not installed!"
            fi
-
        done
    fi

@@ -327,7 +318,6 @@ if [ "$PHP82" = "true" ]; then
    # From https://github.com/nextcloud/all-in-one/pull/1377/files
    if [ -n "$PHP82_APKS" ]; then
        for apk in $(echo "$PHP82_APKS" | tr " " "\n"); do
-
            if ! echo "$apk" | grep -q "^php82-.*$"; then
                echo "$apk is a non allowed value."
                echo "It needs to start with \"php82-\"."
@@ -339,7 +329,6 @@ if [ "$PHP82" = "true" ]; then
            if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
                echo "The apk \"$apk\" was not installed!"
            fi
-
        done
    fi

@@ -353,38 +342,27 @@ elif [ "$FULLCLEAN" = "true" ]; then
    rm -vrf /data/php/82
 fi

-if [ "$PHP83" = "true" ]; then
+# From https://github.com/nextcloud/all-in-one/pull/1377/files
+if [ -n "$PHP83_APKS" ]; then
+    for apk in $(echo "$PHP83_APKS" | tr " " "\n"); do
+        if ! echo "$apk" | grep -q "^php83-.*$"; then
+            echo "$apk is a non allowed value."
+            echo "It needs to start with \"php83-\"."
+            echo "It is set to \"$apk\"."
+            sleep inf
+        fi

-    apk add --no-cache php83-fpm
-
-    # From https://github.com/nextcloud/all-in-one/pull/1377/files
-    if [ -n "$PHP83_APKS" ]; then
-        for apk in $(echo "$PHP83_APKS" | tr " " "\n"); do
-
-            if ! echo "$apk" | grep -q "^php83-.*$"; then
-                echo "$apk is a non allowed value."
-                echo "It needs to start with \"php83-\"."
-                echo "It is set to \"$apk\"."
-                sleep inf
-            fi
-
-            echo "Installing $apk via apk..."
-            if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
-                echo "The apk \"$apk\" was not installed!"
-            fi
-
-        done
-    fi
-
-    mkdir -vp /data/php
-    cp -varnT /etc/php83 /data/php/83
-    sed -i "s|listen =.*|listen = /run/php83.sock|" /data/php/83/php-fpm.d/www.conf
-    sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/83/php-fpm.conf
-    sed -i "s|include=.*|include=/data/php/83/php-fpm.d/*.conf|g" /data/php/83/php-fpm.conf
-
-elif [ "$FULLCLEAN" = "true" ]; then
-    rm -vrf /data/php/83
+        echo "Installing $apk via apk..."
+        if ! apk add --no-cache "$apk" > /dev/null 2>&1; then
+            echo "The apk \"$apk\" was not installed!"
+        fi
+    done
 fi
+mkdir -vp /data/php
+cp -varnT /etc/php83 /data/php/83
+sed -i "s|listen =.*|listen = /run/php83.sock|" /data/php/83/php-fpm.d/www.conf
+sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/83/php-fpm.conf
+sed -i "s|include=.*|include=/data/php/83/php-fpm.d/*.conf|g" /data/php/83/php-fpm.conf

 if [ "$LOGROTATE" = "true" ]; then
    apk add --no-cache logrotate
--- a/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
@@ -6,7 +6,7 @@ ssl_stapling_verify on;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
 ssl_session_tickets off;
-ssl_dhparam /etc/tls/dhparam;
+ssl_dhparam /etc/dhparam;

 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
--- a/rootfs/usr/local/nginx/conf/conf.d/npm.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npm.conf
@@ -1,36 +0,0 @@
-server {
-    http3 off;
-    listen 81 ssl default_server;
-    listen [::]:81 ssl default_server;
-
-    server_name _;
-    include conf.d/include/brotli.conf;
-    include conf.d/include/force-tls.conf;
-    include conf.d/include/tls-ciphers.conf;
-    include conf.d/include/block-exploits.conf;
-
-    modsecurity on;
-    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
-
-    #ssl_certificate ;
-    #ssl_certificate_key ;
-    #ssl_trusted_certificate ;
-
-    location /api {
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-
-        include conf.d/include/proxy-location.conf;
-
-        rewrite ^/api(/.*)$ $1 break;
-        proxy_pass http://127.0.0.1:48693;
-    }
-
-    location / {
-        root /html/frontend;
-        if ($request_uri ~ ^/(.*)\.html$) {
-            return 302 /$1;
-        }
-        try_files $uri $uri.html $uri/ /index.html;
-    }
-}
--- a/rootfs/usr/local/nginx/conf/conf.d/npmplus-no-server-name.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npmplus-no-server-name.conf
--- a/rootfs/usr/local/nginx/conf/conf.d/npmplus.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/npmplus.conf
@@ -0,0 +1,27 @@
+server {
+    http3 off;
+    listen 81 ssl default_server;
+    listen [::]:81 ssl default_server;
+
+    server_name _;
+    include conf.d/include/brotli.conf;
+    include conf.d/include/force-tls.conf;
+    include conf.d/include/tls-ciphers.conf;
+    include conf.d/include/block-exploits.conf;
+
+    #ssl_certificate ;
+    #ssl_certificate_key ;
+    #ssl_trusted_certificate ;
+
+    location / {
+        alias /html/app/public/;
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_pass php83;
+            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+            if (!-f $document_root$fastcgi_script_name) {
+                return 404;
+            }
+        }
+    }
+}