Rogue site control and php-fpm modification

Discussion in 'Developers' Forum' started by ispcomm, Aug 30, 2017.

  1. ispcomm

    ispcomm Member

    Just checking if there's an update on what I wrote for the fpm isolation. @till ??
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Sorry, completely missed your posts. I'll look through the code the next few days.
  3. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    thank you for contributing.
    I just had a (really quick) look at the diff to master and have some notes:
    You seem to have created an update sql file (0085). All development code should go to upd_dev_collection.sql instead so it can be merged prior to release (otherwise we'll get conflicts).
    If I got it right, there are two DB modifications inside the upd_0085 file but only 1 of them in the ispconfig3.sql.
    Regarding the sysctl/systemd system calls I think you have to wait for tills comments :)
  4. ispcomm

    ispcomm Member

    Note taken on the sql files. I'll wait for comments on the rest.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The ISPConfig updater has an option to run a php file for a specific database update. You can find these files in install/patches/ folder. The name must match the sql incremental file. Currently, the name would have be upd_0085.php so that it gets run when with the 0085 sql file (when we create it by moving the code from dev collection to a file with that name. see the existing two files for the file structure, basically it just contains a function that is called before the sql insert and one that is called after insert.

    I would say that we should add the path as an option somewhere under System > server config (web ?). The paths from the distribution specific conf array are written in installer_base.lib.php and update.lib.php. see installer_base.lib.php around line 300+

    One thing that we should consider is to add an option under System > server config to hide the php_fpm_isolated_process option in the website settings completely as not all systems have systemd installed and this options won't work without systemd. That way we can hide it on older systems. But that's something that I can add myself later as well so you don't have to find out how to implement that in the interface :)
  6. ispcomm

    ispcomm Member

    Yes, I'll appreciate of @till can do some of the finer touches (like settings and handling multiple distros) because it takes *me* a lot of time to find where things are and how to properly code stuff for ispconfig.
    If you don't mind, I would proceed to update the nginx plugin now to reimplement the same functionality as in apache.
    It would be nice if somebody can do a little testing (beside the testing I do while coding) so perhaps we could catch bugs early.
    Also, I use debian and derivatives almost exclusively, so I'm not sure what happens in centos with my patches. I guess aside from the path the rest will work the same way.
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    That would be great!

    That's my guess as well. Most likely it's just a difference in the paths.
  8. ispcomm

    ispcomm Member

    I apologize for not being too active lately. I have to finish this work as I'd like to see it in ispconfig stable and propagate it to my servers.
  9. topogigio

    topogigio Member

    I was pointed here from
    I think that this improvement may be the most important in any future roadmap, because a shared environment as a ISPConfig server may protect itself from single tenant (website), and to allow resource throttling. Is this task still alive?

    I cannot help with development, but if I can help in other way to "recover" this task and to have it completed, I'm here.

Share This Page