blog
Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notes PHP
Le module xdebug est-il activé ?
php -m |grep xdebug
Sur Debian Jessie /etc/php5/mods-available/xdebug.ini
Sur RedHat 7 /etc/php.d/xdebug.ini
xdebug.ini
;Debian ; zend_extension=xdebug.so ;RedHat ; zend_extension=/usr/lib64/php/modules/xdebug.so
Logs
error_log = /var/log/php-fpm/error.log log_level = notice
Notes php.ini
; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized. short_open_tag = Off ; Decides whether PHP may expose the fact that it is installed on the server ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. ; http://php.net/expose-php expose_php = Off date.timezone = 'Europe/Paris' Voir https://www.dokuwiki.org/install:php et https://www.zabbix.com/documentation/2.0/manual/installation/install Apparemment le "safe mode" et remplacé par : disable_functions = http://php.net/disable-functions http://php.net/disable-classes max_execution_time memory_limit = max_input_time = default_socket_timeout = ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT ; http://php.net/error-reporting error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT sql.safe_mode =
http://www.thonky.com/how-to/prevent-base-64-decode-hack/
allow_url_fopen=Off allow_url_include=Off open_basedir = On register_globals = Off exec = Off shell_exec = Off allow_url_fopen = Off allow_url_include = Off allow_url_fopen = off allow_url_include = off display_errors = Off //safe to disable on live site register_globals = Off //off by default but a good reminder to check expose_php = Off //safe to disable allow_url_fopen = Off //might break something allow_url_include = Off //might break something log_errors = On //logging errors is always a good idea if you check them error_log = /var/log/phperror.log enable_dl = Off //might break something file_uploads = Off //will most likely break something disable_functions="popen,exec,system,passthru,proc_open,shell_exec,show_source,php disable_functions = =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,popen,proc_open,allow_url_fopen exec, passthru, shell_exec, system, proc_open, posix_mkfifo, pg_lo_import, dbmopen, dbase_open, popen, chgrp, chown, chmod, symlink, pcntl_exec, apache_child_terminate, apache_setenv, define_syslog_variables, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, pclose, proc_nice, proc_terminate, shell_exec disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen, phpinfo, gzinflate, fsockopen, pfsockopen apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, syslog, system, xmlrpc_entity_decode, ini_set disable_functions = "ln, cat, popen, pclose, posix_getpwuid, posix_getgrgid, posix_kill, parse_perms, system, dl, passthru, exec, shell_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, mysql_list_dbs, get_current_user, getmyuid, pconnect, link, symlink, pcntl_exec, ini_alter, pfsockopen, leak, apache_child_terminate, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, stream_select, socket_select, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, virtual, chmod, file_upload, delete, deleted, edit, fwrite, cmd, rename, unlink, mkdir, mv, touch, cp, cd, pico" disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" disable_functions = exec,passthru,shell_exec,system,proc_open,popen,parse_ni_file,show_source,phpinfo,proc_open,base64_decode,base64_encodem,proc_terminate; base64_decode disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
allow_url_include = Off allow_url_fopen = Off session.use_only_cookies = 1 session.cookie_httponly = 1 expose_php = Off display_errors = Off register_globals = Off disable_functions = escapeshellarg, escapeshellcmd,passthru, proc_close, proc_get_status, proc_nice, proc_open,proc_terminate
Socket Listen
Voir :
/etc/php-fpm.d/www.conf
listen.backlog = -1
man 2 listen php-fpm -tt -y /etc/php-fpm.conf
cat /proc/sys/net/core/somaxconn
sysctl net.core.somaxconn=1024
Valeur possibles :
- 128
- 1024
- 65535
Pb boot LVM
Tapez dans le menu grub :
lvm vgchange -aly
Si cela ne marche pas, démarrer avec une Debian rescue
https://github.com/r1k0/kigen/blob/master/scripts/boot.sh
pkill cryptsetup sleep 2 || exit 1 /sbin/cryptsetup luksOpen $1 root || exit 1 sleep 2 || exit 1 /bin/lvm vgscan sleep 1 || exit 1 /bin/lvm vgchange -a y sleep 1 || exit 1 /sbin/ttyecho -n /dev/console q
2
Cette astuce ma aidé une fois. Partitions LVM chiffées (cryptsetup)
cryptsetup: evms_activate is not available
Create a new file /etc/initramfs-tools/scripts/local-top/workaround_mdadm :
/etc/initramfs-tools/scripts/local-top/workaround_mdadm
#!/bin/sh sleep 6 mdadm --stop /dev/md1 mdadm --stop /dev/md0 sleep 6 mdadm --assemble --scan
Make the file executable :
chmod 755 /etc/initramfs-tools/scripts/local-top/workaround_mdadm
Create new initrd files in /boot :
update-initramfs -k all -c
Reboot with just one disk and enjoy.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1003309/comments/70
Notes PHP symphony
Point à vérifier si MEP (Mise En Production)
symfony1 :
#composer require lexpress/symfony1 "1.5.*" composer create-project lexpress/symfony1 sf1 composer create-project symfony/framework-standard-edition sf2
Notes composer
#mkdir $HOME/htdocs/bin/ #export COMPOSER_HOME=$HOME/htdocs/bin/ cd /usr/local/bin/ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('sha384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php php -r "unlink('composer-setup.php');" mv composer.phar composer
Voir https://getcomposer.org/download/
Exemple :
composer.json
{ "require": { "monolog/monolog": "1.0.*" } }
Vider le cache
Une façon comme une autre
rm -rf /var/www/MonApp/cache/*
Pb PHP Symphony cache app.php
https://openclassrooms.com/forum/sujet/symfony2-app-php-ne-marche-pas-76345
Vider le cache sur Symphony 2
cd /var/www/MonApp php app/console cache:clear --env=prod chown -R apache: ./app/cache
Vider le cache sur Symphony 1
su - apache cd /var/www/MonApp php symfony cc exit
Autre
(Symfony 1)
symfony plugin:publish-assets
Notes PHP Capifony
Liens :
Si besoin renseigner le fichier auth.json
~/.composer/auth.json
{ "github-oauth": { "github.com": "fffffffffffffffff" } }
chmod 600 ~/.composer/auth.json
ou
composer config -g --unset github-oauth.api.github.com composer config -g github-oauth.github.com __TOKEN__
app/config/deploy.rb
set :stages, %w(preprod prod) set :default_stage, "preprod" set :stage_dir, "app/config" require 'capistrano/ext/multistage' # Be more verbose by uncommenting the following line logger.level = Logger::MAX_LEVEL
app/config/prod.rb
set :application, "Test1" #set :domain, "test.local" set :domain, "plop" set :deploy_to, "/var/www/#{domain}" set :app_path, "app" ssh_options[:port] = "22" #set :deploy_via, :rsync_with_remote_cache set :deploy_via, :capifony_copy_local #set :repository, "#{domain}:/var/repos/#{application}.git" set :repository, "https://nom:P@ssw0rd@github.com/acme/projet" set :scm, :git # Or: `accurev`, `bzr`, `cvs`, `darcs`, `subversion`, `mercurial`, `perforce`, or `none` set :model_manager, "doctrine" # Or: `propel` role :web, domain # Your HTTP server, Apache/etc role :app, domain, :primary => true # This may be the same as your `Web` server set :keep_releases, 3 # Be more verbose by uncommenting the following line #logger.level = Logger::MAX_LEVEL # http://capifony.org/reference/symfony.html # http://www.disko.fr/reflexions/technique/deploiement-capifony/ set :shared_files, ["app/config/parameters.yml"] # Les fichiers à conserver entre chaque déploiement set :shared_children, [app_path + "/logs", "vendor"] # Idem, mais pour les dossiers set :use_composer, true set :use_composer_tmp, true set :update_vendors, false #set :update_vendors, true set :writable_dirs, ["app/cache", "app/logs"] # Application des droits nécessaires en écriture sur les dossiers set :webserver_user, "apache" # L’utilisateur de votre serveur web (Apache, nginx, etc.) # Pas d'ACL donc chown set :permission_method, :chown #set :interactive_mode, false after "deploy", "deploy:cleanup" set :use_sudo, false #default_run_options[:pty] = true ssh_options[:forward_agent] = true #set :composer_options, "--no-dev --verbose --prefer-dist --optimize-autoloader --no-progress" #before "deploy:share_childs", "upload_parameters" after "symfony:cache:warmup", "symfony:doctrine:migrations:migrate" set :assets_install, true set :dump_assetic_assets, true
blog.txt · Dernière modification : de 127.0.0.1