WPCloudDeploy Documentation

Technical Upgrade Notes For V 5.2.x

Introduction

In version 5.2.0 of WPCD we’ve changed a few things that require some manual updates to servers and sites created with prior versions of version 5.x.  In particular:

  • We’ve changed the way certain security options are implemented in OLS to work around OLS bugs
  • We’ve tweaked our backup scripts to fix a couple of bugs introduced by the new remote database option

Unfortunately you need to make these changes manually using the command line.

Note: If you’re upgrading from 4.16 or 4.17 and have never installed 5.x, you should follow the 5.x upgrade instructions instead.  Nothing in this 5.2 upgrade document will apply in this case.

Changes for All Servers

Reset Your Backups

We have updated our backup scripts.  If you’re using our backups, you should disable and re-enable them.

Just a reminder that there are two places you can apply backups:

  • Servers: Automatically backs up all sites on the server
  • Sites: Backs up only the specified site

Please make sure you deactivate and reactivate in the places you are using them.

Changes for OpenLiteSpeed Sites and Servers

If you’re using OpenLiteSpeed servers and sites created with versions earlier than WPCD 5.2, then you will want to apply the following changes to each OLS server or site on the server.  (No changes are required for NGINX servers.)

Please note that all the following needs to be done under your root/sudo login.  This way all new files and folders created will be owned by the root user.

1. Update global PHP.INI file for all PHP versions

Open the PHP 8.1 global ini file using your favorite editor – the command for the NANO editor is:

sudo nano /usr/local/lsws/lsphp81/etc/php/8.1/litespeed/php.ini

Search for disable_functions

Replace that entire line with:

disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

Repeat for each of the following files:

  • /usr/local/lsws/lsphp80/etc/php/8.0/litespeed/php.ini
  • /usr/local/lsws/lsphp74/etc/php/7.4/litespeed/php.ini

If  you’re on Ubuntu 20.04, also repeat for the following files:

  • /usr/local/lsws/lsphp73/etc/php/7.3/litespeed/php.ini
  • /usr/local/lsws/lsphp72/etc/php/7.2/litespeed/php.ini
  • /usr/local/lsws/lsphp71/etc/php/7.1/litespeed/php.ini

2. Modify the vhconf.conf File for Each Site

Open your vhconf.conf file for one of your sites on your OLS server using your favorite editor – the command for the NANO editor is:

nano /usr/local/lsws/conf/vhosts/YOURDOMAIN.COM/vhconf.conf

Search for the keyword PHP_INI_SCAN_DIR.

Replace everything on the line where that was found with this:

env PHP_INI_SCAN_DIR=:$VH_ROOT/.phpini

Repeat for all your OLS sites.

3. Create a PHP.INI file for Each Site

Run the following command, replacing YOURDOMAIN.COM with your real domain:

mkdir /var/www/YOURDOMAIN.COM/.phpini

Then run the following to create the php.ini file and add contents:

nano /var/www/YOURDOMAIN.COM/.phpini/php.ini

This file should contain the following line:

disable_functions = dl, exec, fpassthru, getmypid, getmyuid, highlight_file, link, opcache_get_configuration, passthru, pcntl_exec, pcntl_get_last_error, pcntl_setpriority, pcntl_strerror, pcntl_wifcontinued, phpinfo, popen, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, source, system, virtual

Repeat for all your OLS sites

4. Restart your OLS server

Once all the changes in sections 1 – 3 above have been made, you need to restart your server so that the changes can take effect:

  • Navigate to the SERVICES tab for your OLS server
  • Under the CORE SERVICES STATUS section, click the RESTART button next to the OpenLiteSpeed Web Server label.

A Deep Dive Explanation of  Of The OLS Changes

(And an example of why OLS is still categorized as beta in 5.x).

If you’re really curious, you might be wondering about why the OLS changes described above are necessary.

In short, the phpIniOverride sections of a site’s vhconf.conf file did not respect ALL php directives.

Each site is given its own vhconf.conf file that contains everything needed to configure a site for use in OpenLiteSpeed.  Inside this file are multiple sections where we can specify php.ini directives.  In theory, directives in these phpIniOverride sections should apply to the site.

Unfortunately, this is not always the case and many important security related directives were just being ignored by OLS and its PHP handler.

After many frustrating communication rounds with OLS reps, it became obvious that they did not see this as an issue (or decided to hide it).  Regardless, we had to adopt a new approach.

The new approach is to place the directives in a php.ini file associated with the site.  But we need to do this in a way that a regular sFTP user cannot edit (otherwise they can simply remove the security directives).

So, a site’s php.ini file is now placed in a new folder /var/www/YOURDOMAIN.COM/.phpini and is owned by root.  Only root/sudo users can change this file.

 

 

Share: