LSAPI PHP Handler fails if php.ini is present in cPanel
Our WHM server is using LSAPI php handler. Previously PHP-FPM. During deployment all user.ini and php.ini in cPanels were removed.
According to cPanel Documentation here:
https://docs.cpanel.net/ea4/php/advanced-php-configuration/
LSAPI
LSAPI provides a fast and stable way to serve PHP applications. cPanel & WHM’s version of LSAPI differs from the one that CloudLinux provides. This version disables Checkpoint/Restore in Userspace (CRIU), connection pooling, and opcache preservation.
The system only uses the values that the /opt/cpanel/ea-php##/root/etc/php.ini file or the .ini files in the /opt/cpanel/ea-php##/root/etc/php.d/ directory specify. The system reads the files in the /opt/cpanel/ea-php##/root/etc/php.d/ directory in alphabetical order.
Whilst it is working fine, if a user of cPanel goes and adds a php.ini in the /home/username/public_html/php.ini then the LSAPI handler is no longer used and it will load PHP but with different settings unknown where they are coming from. Example different mem limit and most of all it will not load the additional settings in PHP
| Loaded Configuration File | /opt/cpanel/ea-php74/root/etc/php.ini |
| Scan this dir for additional .ini files | /opt/cpanel/ea-php74/root/etc/php.d |
these 2 fields will be empty in PHP information output display script.
Also the
Configuration File (php.ini) Path will be /home/username/public_html/php.ini
Is this standard behaviour or a bug? Is there any way that can ensure LSAPI does not read the php.ini from public_html of users.
I ideally would still llike cPanel users to be able to select their php version via multi php manager
-
I may have resolved issue
# The value of PHPRC env variable.
# Special values are "No", "Env", "Auto" and "DocRoot".
# Default value is "No" - without PHPRC at all.
# "Auto" value stands for php.ini from DocumentRoot of the corresponding VirtualHost if it is present,
# or from user's home directory otherwise
# "DocRoot" value stands for php.ini from DocumentRoot of the corresponding VirtualHost
# "Env" value for using PHPRC from the environment, to set it with SetEnv config option, for example
# lsapi_phprc No
lsapi_phprc Auto
# lsapi_phprc Env
# lsapi_phprc /etc//etc/apache2/conf.d/lsapi.conf
lsapi_phprc Auto was setting
They advise in here https://support.cpanel.net/hc/en-us/community/posts/19132947023767--CloudLinux-Case-EA4D-84-ea-php72-not-loading-additional-ini-files however it should be set to No as a workaround.
However removing this from lsapi.conf which then defaults to no then restart apache and it all seems to be working. Wondering from cPanel what is the formal process and settings for this please.
0 -
Hey there! I'm glad you found a workaround, and there's nothing wrong at all with doing things that way so you're good!
0 -
hi cPRex I was hoping that I could get some further information from cPanel regarding the lsapi.conf as the documentation online is very rare and conflicting. Ie I cant quite recall or be sure but I believe your documentation had advised or in a forum advised to set it to Auto.
Can I please possibly have a copy of the default lsapi.conf via used by Cpanel iinitially with the recommended default settings. The entire lsapi.conf for reference would be great, if not at least the below section will do for now.
# The value of PHPRC env variable.
# Special values are "No", "Env", "Auto" and "DocRoot".
# Default value is "No" - without PHPRC at all.
# "Auto" value stands for php.ini from DocumentRoot of the corresponding VirtualHost if it is present,
# or from user's home directory otherwise
# "DocRoot" value stands for php.ini from DocumentRoot of the corresponding VirtualHost
# "Env" value for using PHPRC from the environment, to set it with SetEnv config option, for example
# lsapi_phprc No
lsapi_phprc Auto
# lsapi_phprc Env
# lsapi_phprc /etc/Thank you
0 -
Sure thing! I created a brand new AlmaLinux 9 system, installed LSAPI for Apache (https://support.cpanel.net/hc/en-us/articles/360055690934-How-to-install-and-enable-cPanel-s-LSPHP-API) and pulled the default file with no other changes. Here you go!
# cat /etc/apache2/conf.d/lsapi.conf
<IfModule lsapi_module>
# Timeout to connect to backend, in usec.
# Optional, default value is 500000.
# Should be more than 0.
# In the case of wrong format default value will be used.
# lsapi_backend_connect_timeout 500000
# Number of tries to connect to backend.
# Optional, default value is 20.
# Should be more than 0.
# In the case of wrong format default value will be used.
# lsapi_backend_connect_tries 20
# Maximum number of simultaneously running child backend processes.
# Optional, default value is equal EP.
# Should be more than 1.
# In the case of wrong format default value will be used.
# In the case of value more than 10000, 10000 will be used.
# lsapi_backend_children 120
# How long an control backend process will wait for a new request before it exits, in sec.
# 0 stands for infinite.
# Optional, default value is 30.
# Should be more or equal to 0.
# In the case of wrong format default value will be used.
# lsapi_backend_pgrp_max_idle 30
# How long a backend child process will wait for a new request before it exits, in sec.
# 0 stands for infinite.
# Optional, default value is 300.
# Should be more or equal to 0.
# In the case of wrong format default value will be used.
# lsapi_backend_max_idle 300
# The maximum processing time allowed when processing a request, in sec.
# Optional, default value is 300.
# Should be more than 0.
# In the case of wrong format default value will be used.
# lsapi_backend_max_process_time 300
# How many requests each child process will handle before it exits automatically.
# Optional, default value is 10000.
# Should be more than 0.
# In the case of wrong format default value will be used.
# lsapi_backend_max_reqs 10000
# How many requests each backend master will handle before it exits automatically.
# Optional, default value is 0.
# 0 stands for infinite.
# In the case of wrong format default value will be used.
# lsapi_backend_pgrp_max_reqs 0
# backend master will exit after this amount of worker crashes
# Optional, default value is 0.
# 0 stands for infinite.
# In the case of wrong format default value will be used.
# lsapi_backend_pgrp_max_crashes 0
# oom_score_adj value for backend processes
# Optional, default value is 0
# Possible values from -1000 to 1000
# lsapi_backend_oom_score_adj 0
# To kill backend processes on Apache/mod_lsapi restart
# Default value is On.
# Set it to Off to allow graceful Apache restart
# lsapi_terminate_backends_on_exit On
lsapi_terminate_backends_on_exit Off
# Default value is /var/mod_lsapi
# lsapi_socket_path /var/mod_lsapi
# The value of PHPRC env variable.
# Special values are "No", "Env", "Auto" and "DocRoot".
# Default value is "No" - without PHPRC at all.
# "Auto" value stands for php.ini from DocumentRoot of the corresponding VirtualHost if it is present,
# or from user's home directory otherwise
# "DocRoot" value stands for php.ini from DocumentRoot of the corresponding VirtualHost
# "Env" value for using PHPRC from the environment, to set it with SetEnv config option, for example
# lsapi_phprc No
# lsapi_phprc Auto
# lsapi_phprc DocRoot
# lsapi_phprc Env
# lsapi_phprc /etc/
# To disable addition of PWD variable. If set to On, the PWD variable will not be added into backend's environment.
# Default value is Off
# lsapi_disable_forced_pwd_var Off
lsapi_debug Off
# Optional, default value is On.
# Check or not owner of DOCUMENT_ROOT.
# lsapi_check_document_root On
# Optional, default value is Off.
# Check or not owner of target script.
# lsapi_target_perm Off
# Optional, default value is Off.
# Check or not permissions of target script.
# lsapi_paranoid Off
# Optional, default value is On.
# Use or not apache uid/gid for request as fallback.
# lsapi_use_default_uid On
# uid/gid for requests
# lsapi_uid_gid 500 501
# or user/group for requests instead of lsapi_uid_gid
# lsapi_user_group user1 user1
# Backend core dump enabled or not.
# Print to error_log stacktrace and 'lsof' output for runaway process
# and before it is killed
# Default is Off
# lsapi_backend_coredump Off
# Enable mechanism to avoid creation of zombie process by lsphp processes
# Default is Off
# lsapi_avoid_zombies Off
# Timeout to poll backend.
# Optional, default value is equal to lsapi_backend_max_process_time.
# Should be >= 0.
# In the case of wrong format or exceed of lsapi_backend_max_process_time default value will be used.
# 0 stands for infinite poll.
# lsapi_poll_timeout 0
# Enable or disable processing of the following directives:
# php_value, php_flag, php_admin_value, php_admin_flag
# Optional, default value is On.
# lsapi_mod_php_behaviour On
# Use or not suexec to target user.
# Default is On
# lsapi_use_suexec On
# When On, invoke backend not per VirtualHost but per account.
# Default value is Off
# It is possible, for example, to set it to On in global config file
# and to Off in config files of some particular Virtual Hosts.
# Then these Virtual Hosts will have a dedicated backend process,
# while others will have backend processes shared on account basis.
# lsapi_per_user Off
# Switch LSAPI_ACCEPT_NOTIFY mode for lsphp.
# This option can be used both in Global and VirtualHost scopes.
# Optional, default value is On.
# This mode is incompatible with PHP 4.4
# lsapi_backend_accept_notify On
# Enable user ini files for backend
# Default value is Off
# lsapi_enable_user_ini Off
# Try to read user ini file from home directory also.
# Default value is Off
# lsapi_user_ini_homedir Off
# Set variables in backend environment.
# Environment variables PATH, HTTP_* and LSAPI_* will be ignored.
# Special case: value begins with ${ and ends with }
# Value from the original environment willl be used. For example:
# lsapi_set_env ORIG_PATH "${PATH}"
lsapi_set_env TEMP "/tmp"
lsapi_set_env TMP "/tmp"
lsapi_set_env TMPDIR "/tmp"
# If On, PWD var won't be created forceibly in backend environment
# In this case you still can set it explicitly with lsapi_set_env
# Default value is Off
# lsapi_forced_pwd_var Off
# Dedicated option to set PATH variable in backend environment.
# Default path /usr/local/bin:/usr/bin:/bin will be used if not set.
# lsapi_set_env_path /usr/local/bin:/usr/bin:/bin
# If Off, use Apache error log file for backend output, or separate file otherwise.
# Default value is Off
lsapi_backend_use_own_log On
# It will be used only when lsapi_backend_use_own_log set to On
# If Off, use separate files for every backend process,
# use one common file for every backend master process otherwise.
# Default value is Off
lsapi_backend_common_own_log On
# LSAPIPath - Set template of path
# No default value
# LSAPIPath /storage/content/[0-9]/([^/])/
# For Apache 2.4 - mechanism of the mutex used by mod_lsapi is posixsem
# Default mechanism is posixmem.
# Mutex posixsem lsapi-pipe
# For Apache 2.2 - mechanism of the mutex used by mod_lsapi.
# Default value is posixsem.
# For Apache 2.4 this option will be silently ignored.
# lsapi_mutex_mech posixsem
# Set alternate request body temporary files directory.
# Default is "/tmp"
# lsapi_tmpdir "/var/tmp"
# Enable or disable phpini_* directive processing
# Default value is Off
# lsapi_process_phpini Off
# Enable or disable output buffering on Apache level
# Default value is On
# lsapi_output_buffering On
# When lsapi_process_phpini option switched to Off, these values will be silently ignored.
# lsapi_phpini values with absolute filename of php.ini file can be inserted into .htaccess files
# in order to set custom php.ini which will override/complement settings from system default php.ini
# lsapi_phpini /home/user/public_html/php.ini
# Change response codes from default ones
# Error codes should be in the range from 400 to 599
# Default values:
# 500 (HTTP_INTERNAL_SERVER_ERROR) for SERVER_* and SCRIPT_*
# 503 (HTTP_SERVICE_UNAVAILABLE) for LSAPI_* and BACKEND_* except BACKEND_REJECT
# 507 (HTTP_INSUFFICIENT_STORAGE) for BACKEND_REJECT
# 400 (HTTP_BAD_REQUEST) for CLIENT_*
# Some error with Document Root of Virtual Host
# lsapi_error_code SERVER_DOCROOT 500
# Cannot determine uid for the request
# lsapi_error_code SERVER_UID 500
# Some error with permissions of the script file
# lsapi_error_code SCRIPT_PERMS 500
# Error on creation of lsapi connection
# lsapi_error_code LSAPI_CREATE 503
# Internal error of liblsapi
# lsapi_error_code LSAPI_INTERNAL 503
# Error on acquiring backend connection
# lsapi_error_code LSAPI_CONN_ACQUIRE 503
# Error on determining backend connection
# lsapi_error_code LSAPI_CONN_DETERMINE 503
# Error on connecting to backend
# lsapi_error_code BACKEND_CONNECT 503
# Backend rejected connection due to lsapi_backend_children limitation
# lsapi_error_code BACKEND_REJECT 507
# Backend does not receive response headers
# lsapi_error_code BACKEND_NOHDRS 503
# Premature end of the response headers from backend
# lsapi_error_code BACKEND_ENDHDRS 503
# Error on sending request to backend
# lsapi_error_code BACKEND_SENDREQ 503
# Error on receiving response header from backend
# lsapi_error_code BACKEND_RECVHDR 503
# Error on receiving response from backend
# lsapi_error_code BACKEND_RECVRSP 503
# Error on ap_setup_client_block failed
# lsapi_error_code CLIENT_SETUP 400
# Default value is Off, can be inserted both in .conf and .htaccess files.
# If set to On, always keep backend's response status as mod_php do
# If set to Off, response status can be overridden by Apache as suphp do (in case of call via ErrorDocument directive)
# lsapi_keep_http200 Off
# Use hostname from the request_rec structure (if it's On).
# Default value is Off
# lsapi_use_req_hostname Off
# Use LOG_INFO level, instead of LOG_WARNING for non-fatal backend logs
# Default value is Off
# lsapi_backend_loglevel_info Off
</IfModule>0
Please sign in to leave a comment.
Comments
4 comments