diff --git a/install/production-filesystem/services/config/nginx/netalertx.conf.template b/install/production-filesystem/services/config/nginx/netalertx.conf.template index 97637e11..6a567056 100755 --- a/install/production-filesystem/services/config/nginx/netalertx.conf.template +++ b/install/production-filesystem/services/config/nginx/netalertx.conf.template @@ -1,3 +1,6 @@ +# Set user if running as root (substituted by start-nginx.sh) +${NGINX_USER_DIRECTIVE} + # Set number of worker processes automatically based on number of CPU cores. worker_processes auto; diff --git a/install/production-filesystem/services/config/php/php-fpm.d/www.conf b/install/production-filesystem/services/config/php/php-fpm.d/www.conf index ec0ede63..438af82a 100755 --- a/install/production-filesystem/services/config/php/php-fpm.d/www.conf +++ b/install/production-filesystem/services/config/php/php-fpm.d/www.conf @@ -491,9 +491,11 @@ env[TEMP] = /tmp/run/tmp ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com php_admin_value[sys_temp_dir] = /tmp/run/tmp php_admin_value[upload_tmp_dir] = /tmp/run/tmp -php_admin_value[session.save_path] = /tmp/run/tmp -php_admin_value[output_buffering] = 262144 +php_admin_value[upload_max_filesize] = 1M +php_admin_value[post_max_size] = 1M +php_admin_value[output_buffering] = 524288 php_admin_flag[implicit_flush] = off php_admin_value[realpath_cache_size] = 4096K +php_admin_value[session.save_path] = /tmp/run/tmp php_admin_value[realpath_cache_ttl] = 600 php_admin_value[memory_limit] = 256M diff --git a/install/production-filesystem/services/start-nginx.sh b/install/production-filesystem/services/start-nginx.sh index 881f8e6b..7f17fbac 100755 --- a/install/production-filesystem/services/start-nginx.sh +++ b/install/production-filesystem/services/start-nginx.sh @@ -35,9 +35,16 @@ done TEMP_CONFIG_FILE=$(mktemp "${TMP_DIR}/netalertx.conf.XXXXXX") +#In the event PUID is 0 we need to run nginx as root +#This is useful on legacy systems where we cannot provision root access to a binary +export NGINX_USER_DIRECTIVE="" +if [ "$(id -u)" -eq 0 ]; then + NGINX_USER_DIRECTIVE="user root;" +fi + # Shell check doesn't recognize envsubst variables # shellcheck disable=SC2016 -if envsubst '${LISTEN_ADDR} ${PORT}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then +if envsubst '${LISTEN_ADDR} ${PORT} ${NGINX_USER_DIRECTIVE}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then mv "${TEMP_CONFIG_FILE}" "${SYSTEM_SERVICES_ACTIVE_CONFIG_FILE}" else echo "Note: Unable to write to ${SYSTEM_SERVICES_ACTIVE_CONFIG_FILE}. Using default configuration." diff --git a/install/production-filesystem/services/start-php-fpm.sh b/install/production-filesystem/services/start-php-fpm.sh index 81a245ce..0f829650 100755 --- a/install/production-filesystem/services/start-php-fpm.sh +++ b/install/production-filesystem/services/start-php-fpm.sh @@ -28,6 +28,13 @@ trap forward_signal INT TERM echo "Starting /usr/sbin/php-fpm83 -y \"${PHP_FPM_CONFIG_FILE}\" -F (tee stderr to app.php_errors.log)" php_fpm_cmd=(/usr/sbin/php-fpm83 -y "${PHP_FPM_CONFIG_FILE}" -F) + +#In the event PUID is 0 we need to run php-fpm as root +#This is useful on legacy systems where we cannot provision root access to a binary +if [[ $(id -u) -eq 0 ]]; then + php_fpm_cmd+=(-R) +fi + "${php_fpm_cmd[@]}" 2> >(tee -a "${LOG_APP_PHP_ERRORS}" >&2) & php_fpm_pid=$!