From c8e019b6a331a14d868a952ffab07bded2315390 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 8 Jan 2019 00:45:37 +0100 Subject: [PATCH] Move each php session to a private destination --- virtual/eldiron.nix | 6 ++++++ virtual/packages/adminer.nix | 3 +++ virtual/packages/aten.nix | 2 ++ virtual/packages/chloe.nix | 2 ++ virtual/packages/connexionswing.nix | 2 ++ virtual/packages/ludivinecassal.nix | 2 ++ virtual/packages/mantisbt.nix | 1 + virtual/packages/nextcloud.nix | 2 ++ virtual/packages/piedsjaloux.nix | 2 ++ 9 files changed, 22 insertions(+) diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 96efddc..6237e06 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -228,6 +228,9 @@ # FIXME: move session files to separate dirs # /!\ phppackage is used in nextcloud configuation phpOptions = '' + session.save_path = "/var/lib/php/sessions" + session.gc_maxlifetime = 60*60*24*15 + session.cache_expire = 60*24*30 ; For nextcloud extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so ; For nextcloud @@ -269,6 +272,9 @@ nextcloud = mypkgs.nextcloud.activationScript; httpd = '' install -d -m 0755 /var/lib/acme/acme-challenge + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt ''; redis = '' mkdir -p /run/redis diff --git a/virtual/packages/adminer.nix b/virtual/packages/adminer.nix index 034f0d4..d2800aa 100644 --- a/virtual/packages/adminer.nix +++ b/virtual/packages/adminer.nix @@ -26,7 +26,10 @@ let pm.max_children = 5 pm.process_idle_timeout = 60 ;php_admin_flag[log_errors] = on + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = AdminerPHPSESSID php_admin_value[open_basedir] = "${webRoot}:/tmp" + php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" ''; }; apache = { diff --git a/virtual/packages/aten.nix b/virtual/packages/aten.nix index 8251b31..d67f7b7 100644 --- a/virtual/packages/aten.nix +++ b/virtual/packages/aten.nix @@ -16,6 +16,7 @@ let php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" ${if environment == "dev" then '' pm = ondemand pm.max_children = 5 @@ -80,6 +81,7 @@ let deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions if [ ! -f "${varDir}/currentWebappDir" -o \ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then pushd ${webappDir} > /dev/null diff --git a/virtual/packages/chloe.nix b/virtual/packages/chloe.nix index a867bf2..8633317 100644 --- a/virtual/packages/chloe.nix +++ b/virtual/packages/chloe.nix @@ -22,6 +22,7 @@ let php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on php_admin_value[open_basedir] = "${./spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" env[SPIP_CONFIG_DIR] = "${configDir}" env[SPIP_VAR_DIR] = "${varDir}" env[SPIP_SITE] = "chloe-${environment}" @@ -92,6 +93,7 @@ let deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; configDir = ./chloe_config; diff --git a/virtual/packages/connexionswing.nix b/virtual/packages/connexionswing.nix index 7f7dc16..199c893 100644 --- a/virtual/packages/connexionswing.nix +++ b/virtual/packages/connexionswing.nix @@ -38,6 +38,7 @@ let php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" ${if environment == "dev" then '' pm = ondemand pm.max_children = 5 @@ -135,6 +136,7 @@ let ${varDir}/medias \ ${varDir}/uploads \ ${varDir}/var + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions if [ ! -f "${varDir}/currentWebappDir" -o \ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then pushd ${webappDir} > /dev/null diff --git a/virtual/packages/ludivinecassal.nix b/virtual/packages/ludivinecassal.nix index c078722..eabb8fa 100644 --- a/virtual/packages/ludivinecassal.nix +++ b/virtual/packages/ludivinecassal.nix @@ -53,6 +53,7 @@ let php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" ${if environment == "dev" then '' pm = ondemand pm.max_children = 5 @@ -137,6 +138,7 @@ let deps = [ "wrappers" ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions if [ ! -f "${varDir}/currentWebappDir" -o \ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then pushd ${webappDir} > /dev/null diff --git a/virtual/packages/mantisbt.nix b/virtual/packages/mantisbt.nix index 82fc8ad..335cb7d 100644 --- a/virtual/packages/mantisbt.nix +++ b/virtual/packages/mantisbt.nix @@ -116,6 +116,7 @@ let php_admin_value[upload_max_filesize] = 5000000 php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" ''; }; }; diff --git a/virtual/packages/nextcloud.nix b/virtual/packages/nextcloud.nix index e39868a..5e9a927 100644 --- a/virtual/packages/nextcloud.nix +++ b/virtual/packages/nextcloud.nix @@ -198,6 +198,7 @@ let deps = [ ]; text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions ''; }; apache = { @@ -253,6 +254,7 @@ let php_admin_value[memory_limit] = 512M php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" ''; }; }; diff --git a/virtual/packages/piedsjaloux.nix b/virtual/packages/piedsjaloux.nix index 819bafb..1c3d8b7 100644 --- a/virtual/packages/piedsjaloux.nix +++ b/virtual/packages/piedsjaloux.nix @@ -38,6 +38,7 @@ let php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" ${if environment == "dev" then '' pm = ondemand pm.max_children = 5 @@ -123,6 +124,7 @@ let text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ ${varDir}/tmp + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions if [ ! -f "${varDir}/currentWebappDir" -o \ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then pushd ${webappDir} > /dev/null -- 2.41.0