I read several post on it but cannot understand how do my custom setting on single php-fpm site. I have read: "The PHP-FPM mode supports custom settings as well, but these are stored inside the pool file and not a php.ini" but I do not understand this sentence. I have put my custom setting in site option and I see they are put in /var/www/conf/... I have understand this file are not for php-fpm but I haven't be able to find where are my custom setting be put form ISPConfig site option interface. In /etc/php/7.3/fpm/pool.d/ haven't see noting useful in /etc/php/7.3/fpm/conf.d/ are conf file not for single site. have to write a empty php.ini file and put in it my custom settings and then save the file in my site webroot like /var/www/clients/client1/web2 ...? how ISPConfig do the magic, where are the custom setting write for php-fmp single site? If ISPConfig is not enable to do custom setting for fpm, can I do by myself and How? Please if someone can help, post an example like where to write memory_limit=512M best regards, Leonardo P.s. Ubuntu 19.10 system ISPConfig 3.1.15p3
Open the site settings, go to the options tab, and put your custom settings in the "Custom php.ini settings" box.
Use the custom PHP.ini settings field on the options tab of the website. Editing any files is not necessary. 1) Login to ispconfig. 2) Go to the settings of that website, switch to options tab. 3) Paste the line: memory_limit=512M into the "custom php.ini settings" field and press save. That's all.
Then the change wasn't effective. Make sure the custom php setting is present, then maybe manually restart you php-fpm daemonand try again. If still a problem, you might have to enable debugging to see what is going on.
I have enabled debug log on server Code: 17-03-2020 17:36 gemini.algoritmica.net Debug Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 17-03-2020 17:36 gemini.algoritmica.net Debug Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. this log is due to info.php refresh. https://www.nextcloud.algoritmica.net/info.php in the php.ini setting is a memory limit to 512 but in php.info is to 256
According to that phpinfo, `grep memory_limit /etc/php/7.3/fpm/php.ini` should show your server is running 256M. What does `grep memory_limit /etc/php/7.3/fpm/pool.d/web2.conf` return? You seem to not have a correct vhost / php setup, as your phpinfo shows: where it should be: Ensure all your vhosts use the same ip address (either '*' or the actual ip address, but don't mix), and ensure you have an ssl certificate for this site.
Thanks a lot. Code: grep memory_limit /etc/php/7.3/fpm/pool.d/web2.conf not exist. Code: grep memory_limit /etc/php/7.3/fpm/pool.d/www.conf give Code: ;php_admin_value[memory_limit] = 32M in Code: /etc/apache2/sites-enabled/100-nextcloud.algoritmica.net.vhost is **not** present user Code: www-data but in Code: /etc/php/7.3/fpm/pool.d/www.conf there are this row: Code: ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. user = www-data group = www-data All vhost have Code: *.port I have install Let's Encrypt by hand and is working well. I have see later ISPConfig is handle this certificate configuration by itself. Can you help best regards, Leonardo
Doing this disables the ability to manage the website in ISPConfig, so if you did that, you can't use ISPConfig anymore to manage the site or change settings like PHP settings etc.
Yes Till, thanks. I have see ISPConfig let's encrypt capability too later. If I uninstall all let's encrypt, can then use ISPConfig to manage it or have to request change for my certificate on let's encrypt site too. Is here /etc/php/7.3/fpm/pool.d/web2.conf where ISPConfig have to save custom php.ini? if yes /etc/php/7.3/fpm/pool.d/ is all root permission. have any idea? best regards, Leonardo
Remove all your manual letencrypt installation. Upgrade ispconfig and choose "reconfigure services -> yes" at minimum reconfigure web (apache). This will rewrite all apache config (overwrites your local changes). Then activate letsencrypt in ispconfig. If you are already on the current ispc version, use this to force upgrade: Code: cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.1.15p3.tar.gz tar xvfz ISPConfig-3.1.15p3.tar.gz cd ispconfig3_install/install php -q update.php
Thanks, I like to know what ISPConfig is doing with custom php.ini option in case of fpm site installation. where put this value? in which file/files? I look in manual and haven't see it. best regards, Leonardo
This depends on the chosen PHP mode: mod_php: No custom PHP.inis settings at all as mod_php does not support that. php-fcgi, php-cgi and suphp: A custom php.ini file. php-fpm: Custom php.ini settings are stored in the fpm pool file.
Ok let do an example: for web2 site on ubuntu, php 7.3 and php-fpm is this the file? /etc/php/7.3/fpm/pool.d/web2.conf best regards, Leonardo
The directory depends on the way the additional PHP versions are installed. if the pool files for the additional PHP version are in that directory, then the file will be thare.
Ok @till I have do it: remove all my stuff on letsencrypt ... and Code: cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.1.15p3.tar.gz tar xvfz ISPConfig-3.1.15p3.tar.gz cd ispconfig3_install/install php -q update.php and open ISPCionfig interface and click on site to enable letsencrypt and I see the php ini settings is done. but now site and ISPConfig certificate are NOT getting the letsencrypt but a self signed certificate create at update time. I try to delete it through ISPConfig setting 'action delete' on SSL tab, but it not delete it. on postfix main.cf there is the default: smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key and this are not symbolic link to /etc/letsencrypt/live/... and dovecot.conf point to the same certificate so mail is not working too. can help? (I can make work these service by myself but only changing configuration by myself by direct write it, and not using ISPConfig)
See: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ Show LetsEncrypt log If you have the newest version of ISPC and removed all(!) letsencrypt/certbot from your server, then ispc probably installed acme.sh. Would make sense to find out what is running.
If your services like postfix were using a LE cert before, then you have to redo the steps to install a LE cert for these services in the same way you installed it the first time.
Thank you Till. Ok I will set up postfix/dovecoad but for apache2 site I need some explanation. On /etc/apache2/sites-available/algoritmica.net.vhost ISPConfig had put at the end this: Code: <VirtualHost *:443> ... <IfModule mod_ssl.c> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 # SSLCipherSuite ... SSLHonorCipherOrder on # <IfModule mod_headers.c> # Header always add Strict-Transport-Security "max-age=15768000" # </IfModule> SSLCertificateFile /var/www/clients/client1/web2/ssl/algoritmica.net-le.crt SSLCertificateKeyFile /var/www/clients/client1/web2/ssl/algoritmica.net-le.key SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off </IfModule> </VirtualHost> #After virtual host close <IfModule mod_ssl.c> SSLStaplingCache shmcb:/var/run/ocsp(128000) </IfModule> I do: Code: ls -l /var/www/clients/client1/web2/ssl/algoritmica.net-le.crt /var/www/clients/client1/web2/ssl/algoritmica.net-le.crt -> /etc/letsencrypt/live/algoritmica.net/fullchain.pem ls -l /var/www/clients/client1/web2/ssl/algoritmica.net-le.key /var/www/clients/client1/web2/ssl/algoritmica.net-le.key -> /etc/letsencrypt/live/algoritmica.net/privkey.pem now site is working: I think there is some cache I have not erased yesterday... sorry There is a last problem: certificate is not working on ISPConfig interface. I look at apache conf for ISPConfig and see inside conf: Code: <VirtualHost _default_:8080> .... # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key this is not pointing to Code: /etc/letsencrypt/live/algoritmica.net/fullchain.pem 1 - have I to set it manually to this value? 2 - On postfix and dovecot after I have well configured by hand the right certificate link, after an system update, have I to write a hook to a script to let the certificate pointing on right value? Or ISPconfig do this? best regards, Leonardo
Looks like letsencrypt is not correctly working with ispconfig. You should investigate this, could lead to problems in the future (create a new web/subdomain and try letsencrypt) For other services. Maybe this helps: https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ (Since you hav already changed the default config, you should understand what the howto does and apply only what you need, instead of blindly following it)