With EasyApache3 and Php5.4, the server was setup whereby the parameter values in the master php.ini file could be adjusted per account using a local php.ini file located in the account root. Having upgraded to EasyApache4 and Php 5.6 this configuration structure does not seem to be working, the local php.ini file shows as loaded in phpinfo.php but the parameters set do not change the master values eg:
post_max_size 20M
And ideas please?
With EA4 by default there's one server-wide php.ini located at /opt/cpanel/ea-php56/root/etc/php.ini but when the MultiPhp Editor is used I believe it creates ini files at /opt/cpanel/ea-php56/root/etc/php.d/local.ini, public_html/php.ini, and public_html/.user.ini where the hierarchy is:
php.ini > local.ini > .user.ini
So .user.ini over-rides local.ini which over-rides the server-wide php.ini
Although the MultiPhp editor creates it, public_html/php.ini seems not to be used as long as user_ini.filename is not set, since the default for user_ini.filename is .user.ini, and as long as there is not a directive in .htaccess
Ref: https://forums.cpanel.net/threads/ea4-php-ini-local-ini-behavior.559871/
Related
Running on Ubuntu 20.04, I have php8.2-fpm installed and running under Apache 2.4 with the following call: SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost".
I have a vhost, with <Directory /var/www/html/somesite/>. There also exists a file /var/www/html/somesite/.user.ini which contains the following:
mail.force_extra_parameters="-f me#mydomain.com"
mail.log="/tmp/dmail.log"
But when I view the details on the web page using phpinfo() I see that only mail.log has changed.
In the docs I see that:
PHP_INI_PERDIR Entry can be set in php.ini, .htaccess, httpd.conf or .user.ini
Also both these settings share the same permissions in terms of where they're allowed to be set:
mail.log PHP_INI_SYSTEM|PHP_INI_PERDIR
mail.force_extra_parameters PHP_INI_SYSTEM|PHP_INI_PERDIR
I have tested other settings, such as mail.add_x_header, max_execution_time, etc, and these have worked as expected, but for some reason the mail.force_extra_parameters one just won't change from no value (null) in the phpinfo(); output.
I have also tested this in other versions of php-fpm. I've also set it manually in the main php.ini file and that did change it in the output, leading me to believe it's also not any loaded mods/config - though I also grepped those directories searching for references to this setting too with no luck.
Why is PHP ignoring this particular setting from .user.ini?
I'm trying to run a php website with nginx using php8.1 and php8.1-fpm, in a Ubuntu 20.04 vps.
phpinfo reports that the config file in use is: /etc/php/8.1/fpm/php.ini
It also reports that allow_url_fopen is Off (both Local Value and Master Value).
Examining /etc/php/8.1/fpm/php.ini shows:
allow_url_fopen = On
I suppose that's the default setting. But I need this value to reflect in phpinfo and I can't get that to work.
I've tried changing the value, restarting nginx and fpm, changing it back and restarting again, but nothing works. Feels like phpinfo is getting its values elsewhere. I've checked all files in /etc/php/8.1/fpm/conf.d (the config folder reported by phpinfo) and there is no allow_url_fopen in any of those.
How do I get allow_url_fopen to be On?
Type “php --ini” command to find the location of the PHP configuration file.
On the above server, you can see that the PHP configuration file is in location “/usr/local/lib/php.ini”
Edit the php.ini file to enable allow_url_fopen.
root#server [~]# vi /usr/local/lib/php.ini
allow_url_fopen = On
Change the line “allow_url_fopen = Off” to “allow_url_fopen = On”
Save the php.ini file after changing allow_url_fopen to On.
Restart the apache service after enabling allow_url_fopen.
Now, allow_url_fopen is enabled globally for all domains on your Server. allow_url_include = On
On some systems there's a file /etc/php.d/security.ini or /etc/php/8.1/fpm/conf.d/99-security.conf in which allow_url_fopen is turned of. If present it overrides the settings in php.ini system wide.
Unfortunately this file isn't listed by php_ini_scanned_files().
I have a clean install of a CentOs with php 5.2.13.
In php.ini that is loaded and present in the header of phpinfo() I have
safe_mode=off
in the phpinfo() information I have
// local value - safe_mode: On
// master value - safe_mode: off
the php file has only a phpinfo() function.
I am still looking for vhost file to see if any directives are there overwriting this, but still then any sugggestions?
Look for "Additional ini files parsed" in phpinfo() output. This setting can also be changed in the Apache config (including .htaccess files).
"Master Value" (from php.ini) could be overridden with "Local Value" in httpd.conf, .htaccess or other Apache configuration with php_value directive.
I found the problem/solution to be in the extra config file that is added in the vhosts folder.
The file is named httpd.include and it has this line
php_admin_flag safe_mode on
PS. I really hate when other systems create files on the fly like this, especially with values they want.
We could override the default php.ini settings using the
PHPINIDir /var/www/web1
directive in <VirtualHost> decription.
But I have seen php_value statements which is applied to all the sites in the httpd.conf files. For example :
php_value upload_max_filesize somevalue
Will the general settings like above override the custom php.ini settings?
Pardon me that I don't have an environment to test this out at present.
PHP configuration precedence order is as follows:
The php.ini
The conf.d directory. On some distros, there is a modularized conf.d directory. values specified in there override php.ini
The directive PHPINIDir /var/www/web1 replaces 1 and 2 with your custom php.ini
Apache virtual host configuration. e.g. "php_value error_reporting " overrides any php.ini
.htaccess files placed inside your webspace override the above configuration
Source code values specified in the source code override all other configuration
Some (security critical) options can only be set in higher level config files
I have a clean install of a CentOs with php 5.2.13.
In php.ini that is loaded and present in the header of phpinfo() I have
safe_mode=off
in the phpinfo() information I have
// local value - safe_mode: On
// master value - safe_mode: off
the php file has only a phpinfo() function.
I am still looking for vhost file to see if any directives are there overwriting this, but still then any sugggestions?
Look for "Additional ini files parsed" in phpinfo() output. This setting can also be changed in the Apache config (including .htaccess files).
"Master Value" (from php.ini) could be overridden with "Local Value" in httpd.conf, .htaccess or other Apache configuration with php_value directive.
I found the problem/solution to be in the extra config file that is added in the vhosts folder.
The file is named httpd.include and it has this line
php_admin_flag safe_mode on
PS. I really hate when other systems create files on the fly like this, especially with values they want.