mirror of
https://github.com/rvalitov/zabbix-php-fpm.git
synced 2023-11-05 03:30:27 +01:00
Merge branch 'master' into feature/parallel
This commit is contained in:
commit
14c12a8115
@ -1,6 +1,6 @@
|
|||||||
# PHP-FPM Zabbix Template with Auto Discovery and Multiple Pools
|
# PHP-FPM Zabbix Template with Auto Discovery and Multiple Pools
|
||||||
|
|
||||||
![Zabbix versions](https://img.shields.io/badge/Zabbix_versions-5.0,_4.4,_4.2,_4.0-green.svg?style=flat) ![PHP](https://img.shields.io/badge/PHP-5.3.3+-blue.svg?style=flat) ![PHP7](https://img.shields.io/badge/PHP7-supported-green.svg?style=flat) ![LLD](https://img.shields.io/badge/LLD-yes-green.svg?style=flat) ![ISPConfig](https://img.shields.io/badge/ISPConfig-supported-green.svg?style=flat) [![Build Status](https://travis-ci.com/rvalitov/zabbix-php-fpm.svg?branch=master)](https://travis-ci.com/rvalitov/zabbix-php-fpm) [![CodeFactor](https://www.codefactor.io/repository/github/rvalitov/zabbix-php-fpm/badge)](https://www.codefactor.io/repository/github/rvalitov/zabbix-php-fpm)
|
![Zabbix versions](https://img.shields.io/badge/Zabbix_versions-5.0,_4.4,_4.2,_4.0-green.svg?style=flat) ![PHP](https://img.shields.io/badge/PHP-5.3.3+-blue.svg?style=flat) ![PHP7](https://img.shields.io/badge/PHP7-supported-green.svg?style=flat) ![LLD](https://img.shields.io/badge/LLD-yes-green.svg?style=flat) ![ISPConfig](https://img.shields.io/badge/ISPConfig-supported-green.svg?style=flat) ![Apache](https://img.shields.io/badge/Apache-tested-green.svg?style=flat) ![nginx](https://img.shields.io/badge/Nginx-tested-green.svg?style=flat) [![Build Status](https://travis-ci.com/rvalitov/zabbix-php-fpm.svg?branch=master)](https://travis-ci.com/rvalitov/zabbix-php-fpm) [![CodeFactor](https://www.codefactor.io/repository/github/rvalitov/zabbix-php-fpm/badge)](https://www.codefactor.io/repository/github/rvalitov/zabbix-php-fpm)
|
||||||
|
|
||||||
![Banner](https://github.com/rvalitov/zabbix-php-fpm/wiki/media/repository-open-graph-template.png)
|
![Banner](https://github.com/rvalitov/zabbix-php-fpm/wiki/media/repository-open-graph-template.png)
|
||||||
|
|
||||||
@ -144,4 +144,6 @@ Please refer to [Wiki](https://github.com/rvalitov/zabbix-php-fpm/wiki/Testing-a
|
|||||||
- **Debian** 10, 9
|
- **Debian** 10, 9
|
||||||
- **Ubuntu** 18 Bionic, 16 Xenial, 14 Trusty
|
- **Ubuntu** 18 Bionic, 16 Xenial, 14 Trusty
|
||||||
- **CentOS** 7
|
- **CentOS** 7
|
||||||
- **ISPConfig** v.3.1.14p2
|
- [**Apache** web server](https://httpd.apache.org/)
|
||||||
|
- [**NGINX** web server](https://www.nginx.com/)
|
||||||
|
- [**ISPConfig**](https://www.ispconfig.org/) 3.1.14p2, 3.1.15p3
|
||||||
|
11
ispconfig/nginx.patch
Normal file
11
ispconfig/nginx.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- ../conf/nginx_vhost.conf.master 2020-08-05 22:13:51.469316718 +0300
|
||||||
|
+++ nginx_vhost.conf.master 2020-08-05 22:39:44.744479903 +0300
|
||||||
|
@@ -164,7 +164,7 @@
|
||||||
|
alias /usr/share/awstats/icon;
|
||||||
|
}
|
||||||
|
|
||||||
|
- location ~ \.php$ {
|
||||||
|
+ location ~ (\.php|^/php-fpm-status)$ {
|
||||||
|
try_files <tmpl_var name='rnd_php_dummy_file'> @php;
|
||||||
|
}
|
||||||
|
|
376
ispconfig/nginx_vhost.conf.master
Normal file
376
ispconfig/nginx_vhost.conf.master
Normal file
@ -0,0 +1,376 @@
|
|||||||
|
server {
|
||||||
|
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
|
||||||
|
<tmpl_if name='ipv6_enabled'>
|
||||||
|
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='ipv6_wildcard'>
|
||||||
|
listen [::]:<tmpl_var name='http_port'>;
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='ssl_enabled'>
|
||||||
|
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||||
|
# ssl_prefer_server_ciphers on;
|
||||||
|
<tmpl_if name='ipv6_enabled'>
|
||||||
|
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='ipv6_wildcard'>
|
||||||
|
listen [::]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
|
||||||
|
</tmpl_if>
|
||||||
|
ssl_certificate <tmpl_var name='ssl_crt_file'>;
|
||||||
|
ssl_certificate_key <tmpl_var name='ssl_key_file'>;
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
|
||||||
|
|
||||||
|
root <tmpl_var name='web_document_root_www'>;
|
||||||
|
|
||||||
|
<tmpl_if name='ssl_enabled'>
|
||||||
|
<tmpl_if name='rewrite_to_https' op='==' value='y'>
|
||||||
|
if ($scheme != "https") {
|
||||||
|
rewrite ^ https://$http_host$request_uri? permanent;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='seo_redirect_enabled'>
|
||||||
|
if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
|
||||||
|
rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_loop name="alias_seo_redirects">
|
||||||
|
if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
|
||||||
|
rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
|
||||||
|
}
|
||||||
|
</tmpl_loop>
|
||||||
|
<tmpl_loop name="local_redirects">
|
||||||
|
if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
|
||||||
|
rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
|
||||||
|
}
|
||||||
|
</tmpl_loop>
|
||||||
|
|
||||||
|
<tmpl_loop name="own_redirects">
|
||||||
|
<tmpl_if name='use_rewrite'>
|
||||||
|
<tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='use_proxy'>
|
||||||
|
location / {
|
||||||
|
proxy_pass <tmpl_var name='rewrite_target'>;
|
||||||
|
<tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
|
||||||
|
<tmpl_loop name="proxy_directives">
|
||||||
|
<tmpl_var name='proxy_directive'>
|
||||||
|
</tmpl_loop>
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
</tmpl_loop>
|
||||||
|
<tmpl_if name='use_proxy' op='!=' value='y'>
|
||||||
|
index index.html index.htm index.php index.cgi index.pl index.xhtml;
|
||||||
|
|
||||||
|
<tmpl_if name='ssi' op='==' value='y'>
|
||||||
|
location ~ \.shtml$ {
|
||||||
|
ssi on;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
<tmpl_if name='errordocs'>
|
||||||
|
error_page 400 /error/400.html;
|
||||||
|
error_page 401 /error/401.html;
|
||||||
|
error_page 403 /error/403.html;
|
||||||
|
error_page 404 /error/404.html;
|
||||||
|
error_page 405 /error/405.html;
|
||||||
|
error_page 500 /error/500.html;
|
||||||
|
error_page 502 /error/502.html;
|
||||||
|
error_page 503 /error/503.html;
|
||||||
|
recursive_error_pages on;
|
||||||
|
location = /error/400.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/401.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/403.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/404.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/405.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/500.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/502.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
location = /error/503.html {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
<tmpl_if name='logging' op='==' value='yes'>
|
||||||
|
error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
|
||||||
|
access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log combined;
|
||||||
|
</tmpl_var>
|
||||||
|
<tmpl_if name='logging' op='==' value='anon'>
|
||||||
|
error_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/error.log;
|
||||||
|
access_log /var/log/ispconfig/httpd/<tmpl_var name='domain'>/access.log anonymized;
|
||||||
|
</tmpl_var>
|
||||||
|
|
||||||
|
## Disable .htaccess and other hidden files
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
## Allow access for .well-known/acme-challenge
|
||||||
|
location ^~ /.well-known/acme-challenge/ {
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
auth_basic off;
|
||||||
|
root /usr/local/ispconfig/interface/acme/;
|
||||||
|
autoindex off;
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /favicon.ico {
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
expires max;
|
||||||
|
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /stats/ {
|
||||||
|
<tmpl_var name='web_document_root_www_proxy'>
|
||||||
|
index index.html index.php;
|
||||||
|
auth_basic "Members Only";
|
||||||
|
auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ^~ /awstats-icon {
|
||||||
|
alias /usr/share/awstats/icon;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ (\.php|^/php-fpm-status)$ {
|
||||||
|
try_files <tmpl_var name='rnd_php_dummy_file'> @php;
|
||||||
|
}
|
||||||
|
|
||||||
|
<tmpl_if name='php' op='==' value='php-fpm'>
|
||||||
|
location @php {
|
||||||
|
try_files $uri =404;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
<tmpl_if name='use_tcp'>
|
||||||
|
fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='use_socket'>
|
||||||
|
fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
|
||||||
|
</tmpl_if>
|
||||||
|
fastcgi_index index.php;
|
||||||
|
<tmpl_if name='php_fpm_chroot' op='==' value='y'>
|
||||||
|
fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
|
||||||
|
<tmpl_else>
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
</tmpl_if>
|
||||||
|
#fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
}
|
||||||
|
</tmpl_else>
|
||||||
|
<tmpl_if name='php' op='==' value='hhvm'>
|
||||||
|
location @php {
|
||||||
|
try_files $uri =404;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/hhvm/hhvm.<tmpl_var name='system_user'>.sock;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
<tmpl_if name='php_fpm_chroot'>
|
||||||
|
fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
|
||||||
|
<tmpl_else>
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
</tmpl_if>
|
||||||
|
#fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
error_page 500 501 502 503 = @phpfallback;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @phpfallback {
|
||||||
|
try_files $uri =404;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
<tmpl_if name='use_tcp'>
|
||||||
|
fastcgi_pass 127.0.0.1:<tmpl_var name='fpm_port'>;
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='use_socket'>
|
||||||
|
fastcgi_pass unix:<tmpl_var name='fpm_socket'>;
|
||||||
|
</tmpl_if>
|
||||||
|
fastcgi_index index.php;
|
||||||
|
<tmpl_if name='php_fpm_chroot'>
|
||||||
|
fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
|
||||||
|
<tmpl_else>
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
</tmpl_if>
|
||||||
|
#fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
}
|
||||||
|
</tmpl_else>
|
||||||
|
|
||||||
|
location @php {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
<tmpl_if name='cgi' op='==' value='y'>
|
||||||
|
location /cgi-bin/ {
|
||||||
|
try_files $uri =404;
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
root <tmpl_var name='document_root'>;
|
||||||
|
gzip off;
|
||||||
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||||
|
fastcgi_index index.cgi;
|
||||||
|
<tmpl_if name='php_fpm_chroot'>
|
||||||
|
fastcgi_param DOCUMENT_ROOT <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param HOME <tmpl_var name='php_fpm_chroot_web_folder'>;
|
||||||
|
fastcgi_param SCRIPT_FILENAME <tmpl_var name='php_fpm_chroot_web_folder'>$fastcgi_script_name;
|
||||||
|
<tmpl_else>
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
</tmpl_if>
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
<tmpl_loop name="rewrite_rules">
|
||||||
|
<tmpl_var name='rewrite_rule'>
|
||||||
|
</tmpl_loop>
|
||||||
|
|
||||||
|
<tmpl_loop name="nginx_directives">
|
||||||
|
<tmpl_var name='nginx_directive'>
|
||||||
|
</tmpl_loop>
|
||||||
|
|
||||||
|
<tmpl_if name='enable_pagespeed' op='==' value='y'>
|
||||||
|
pagespeed on;
|
||||||
|
pagespeed FileCachePath /var/ngx_pagespeed_cache;
|
||||||
|
<tmpl_if name='ssl_enabled'>pagespeed FetchHttps enable,allow_self_signed;</tmpl_if>
|
||||||
|
|
||||||
|
|
||||||
|
# let's speed up PageSpeed by storing it in the super duper fast memcached
|
||||||
|
pagespeed MemcachedThreads 1;
|
||||||
|
pagespeed MemcachedServers "localhost:11211";
|
||||||
|
|
||||||
|
# Filter settings
|
||||||
|
pagespeed RewriteLevel CoreFilters;
|
||||||
|
pagespeed EnableFilters collapse_whitespace,remove_comments;
|
||||||
|
|
||||||
|
# Ensure requests for pagespeed optimized resources go to the pagespeed
|
||||||
|
# handler and no extraneous headers get set.
|
||||||
|
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
|
||||||
|
add_header "" "";
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location ~ "^/ngx_pagespeed_static/" {
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location ~ "^/ngx_pagespeed_beacon$" {
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location /ngx_pagespeed_statistics {
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location /ngx_pagespeed_global_statistics {
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location /ngx_pagespeed_message {
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location /pagespeed_console {
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
<tmpl_loop name="basic_auth_locations">
|
||||||
|
location <tmpl_var name='htpasswd_location'> { ##merge##
|
||||||
|
auth_basic "Members Only";
|
||||||
|
auth_basic_user_file <tmpl_var name='htpasswd_path'>.htpasswd;
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
try_files <tmpl_var name='rnd_php_dummy_file'> @php;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</tmpl_loop>
|
||||||
|
</tmpl_if>
|
||||||
|
}
|
||||||
|
|
||||||
|
<tmpl_loop name="redirects">
|
||||||
|
server {
|
||||||
|
listen <tmpl_var name='ip_address'>:80;
|
||||||
|
<tmpl_if name='ipv6_enabled'>
|
||||||
|
listen [<tmpl_var name='ipv6_address'>]:80;
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
<tmpl_if name='ssl_enabled'>
|
||||||
|
listen <tmpl_var name='ip_address'>:443 ssl;
|
||||||
|
<tmpl_if name='ipv6_enabled'>
|
||||||
|
listen [<tmpl_var name='ipv6_address'>]:443 ssl;
|
||||||
|
</tmpl_if>
|
||||||
|
ssl_certificate <tmpl_var name='ssl_crt_file'>;
|
||||||
|
ssl_certificate_key <tmpl_var name='ssl_key_file'>;
|
||||||
|
</tmpl_if>
|
||||||
|
|
||||||
|
server_name <tmpl_var name='rewrite_domain'>;
|
||||||
|
|
||||||
|
<tmpl_if name='alias_seo_redirects2'>
|
||||||
|
<tmpl_loop name="alias_seo_redirects2">
|
||||||
|
if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
|
||||||
|
rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
|
||||||
|
}
|
||||||
|
</tmpl_loop>
|
||||||
|
</tmpl_if>
|
||||||
|
## no redirect for acme
|
||||||
|
location ^~ /.well-known/acme-challenge/ {
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
root /usr/local/ispconfig/interface/acme/;
|
||||||
|
autoindex off;
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
<tmpl_if name='use_rewrite'>
|
||||||
|
location / {
|
||||||
|
rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
<tmpl_if name='use_proxy'>
|
||||||
|
location / {
|
||||||
|
proxy_pass <tmpl_var name='rewrite_target'>;
|
||||||
|
<tmpl_if name='rewrite_subdir'>rewrite ^/<tmpl_var name='rewrite_subdir'>(.*) /$1;</tmpl_if>
|
||||||
|
<tmpl_loop name="proxy_directives">
|
||||||
|
<tmpl_var name='proxy_directive'>
|
||||||
|
</tmpl_loop>
|
||||||
|
}
|
||||||
|
</tmpl_if>
|
||||||
|
}
|
||||||
|
</tmpl_loop>
|
17
tests/all.sh
17
tests/all.sh
@ -562,6 +562,23 @@ testZabbixGetVersion() {
|
|||||||
printSuccess "${FUNCNAME[0]}"
|
printSuccess "${FUNCNAME[0]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
testNonRootUserPrivilegesDiscovery() {
|
||||||
|
#Run the script under non root user
|
||||||
|
DATA=$(sudo -u zabbix "/etc/zabbix/zabbix_php_fpm_discovery.sh")
|
||||||
|
IS_OK=$(echo "$DATA" | grep -F 'Insufficient privileges')
|
||||||
|
assertNotNull "The discovery script must not work for non root user" "$IS_OK"
|
||||||
|
printSuccess "${FUNCNAME[0]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
testNonRootUserPrivilegesStatus() {
|
||||||
|
#Run the script under non root user
|
||||||
|
assertNotNull "Test socket is not defined" "$TEST_SOCKET"
|
||||||
|
DATA=$(sudo -u zabbix "/etc/zabbix/zabbix_php_fpm_status.sh" "$TEST_SOCKET" "/php-fpm-status")
|
||||||
|
IS_OK=$(echo "$DATA" | grep -F 'Insufficient privileges')
|
||||||
|
assertNotNull "The status script must not work for non root user" "$IS_OK"
|
||||||
|
printSuccess "${FUNCNAME[0]}"
|
||||||
|
}
|
||||||
|
|
||||||
testPHPIsRunning() {
|
testPHPIsRunning() {
|
||||||
IS_OK=$(sudo ps ax | grep -F "php-fpm: pool " | grep -F -v "grep" | head -n1)
|
IS_OK=$(sudo ps ax | grep -F "php-fpm: pool " | grep -F -v "grep" | head -n1)
|
||||||
assertNotNull "No running PHP-FPM instances found" "$IS_OK"
|
assertNotNull "No running PHP-FPM instances found" "$IS_OK"
|
||||||
|
@ -136,6 +136,12 @@ if [[ ! -d "$CACHE_ROOT" ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
USER_ID=$(id -u)
|
||||||
|
if [[ $USER_ID -ne 0 ]]; then
|
||||||
|
echo "Insufficient privileges. This script must be run under 'root' user or with 'sudo'."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
function createCacheDirectory() {
|
function createCacheDirectory() {
|
||||||
if [[ ! -d "$CACHE_DIRECTORY" ]]; then
|
if [[ ! -d "$CACHE_DIRECTORY" ]]; then
|
||||||
mkdir "$CACHE_DIRECTORY"
|
mkdir "$CACHE_DIRECTORY"
|
||||||
@ -237,6 +243,7 @@ function UpdatePoolInCache() {
|
|||||||
local ITEM_POOL_TYPE
|
local ITEM_POOL_TYPE
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
ITEM_POOL_TYPE=$(echo "$CACHE_ITEM" | ${S_AWK} '{print $3}')
|
ITEM_POOL_TYPE=$(echo "$CACHE_ITEM" | ${S_AWK} '{print $3}')
|
||||||
|
|
||||||
if [[ $ITEM_NAME == "$POOL_NAME" && $ITEM_SOCKET == "$POOL_SOCKET" ]] || [[ -z $ITEM_POOL_TYPE ]]; then
|
if [[ $ITEM_NAME == "$POOL_NAME" && $ITEM_SOCKET == "$POOL_SOCKET" ]] || [[ -z $ITEM_POOL_TYPE ]]; then
|
||||||
PrintDebug "Pool $POOL_NAME $POOL_SOCKET is in cache, deleting..."
|
PrintDebug "Pool $POOL_NAME $POOL_SOCKET is in cache, deleting..."
|
||||||
#Deleting the pool first
|
#Deleting the pool first
|
||||||
@ -726,7 +733,6 @@ EOF
|
|||||||
ARG_ID=$((ARG_ID + 1))
|
ARG_ID=$((ARG_ID + 1))
|
||||||
shift 1
|
shift 1
|
||||||
done
|
done
|
||||||
|
|
||||||
PrintDebug "Current user is $ACTIVE_USER"
|
PrintDebug "Current user is $ACTIVE_USER"
|
||||||
PrintDebug "Status path to be used: $STATUS_PATH"
|
PrintDebug "Status path to be used: $STATUS_PATH"
|
||||||
|
|
||||||
@ -789,6 +795,7 @@ PrintDebug "Processing pools"
|
|||||||
PARALLEL_TASKS=0
|
PARALLEL_TASKS=0
|
||||||
TASK_LIST=()
|
TASK_LIST=()
|
||||||
LAST_PENDING_ITEM=${PENDING_LIST[${#PENDING_LIST[@]} - 1]}
|
LAST_PENDING_ITEM=${PENDING_LIST[${#PENDING_LIST[@]} - 1]}
|
||||||
|
|
||||||
for POOL_ITEM in "${PENDING_LIST[@]}"; do
|
for POOL_ITEM in "${PENDING_LIST[@]}"; do
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
POOL_NAME=$(echo "$POOL_ITEM" | $S_AWK '{print $1}')
|
POOL_NAME=$(echo "$POOL_ITEM" | $S_AWK '{print $1}')
|
||||||
|
@ -20,6 +20,12 @@ if [[ ! -x $S_GREP ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
USER_ID=$(id -u)
|
||||||
|
if [[ $USER_ID -ne 0 ]]; then
|
||||||
|
echo "Insufficient privileges. This script must be run under 'root' user or with 'sudo'."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -z $1 ]] || [[ -z $2 ]]; then
|
if [[ -z $1 ]] || [[ -z $2 ]]; then
|
||||||
$S_CAT <<EOF
|
$S_CAT <<EOF
|
||||||
No input data specified
|
No input data specified
|
||||||
|
Loading…
Reference in New Issue
Block a user