cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up session notes and temporary files

Browse Source 
Removed:
- Session planning docs (CODING_GUIDELINES, AUDIT summaries, etc)
- docs/ directory (PHP planning notes, session summaries)
- tmp/bot_analysis_report_*.txt (old analysis files)
- backups/php/test_* (test backup directories)

Kept:
- REFDB_FORMAT.txt (memory/reference file)
- README.md (project documentation)
- config/whitelist-*.txt (functional configs)
- modules/*/README.md (module documentation)

Total cleanup: ~133KB of session artifacts
This commit is contained in:
cschantz
2026-01-08 17:18:34 -05:00
parent 17cde51bcb
commit 9b47187399
15 changed files with 0 additions and 4374 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/PHP_CONFIG_LOCATIONS_COMPLETE.md
-483
View File
@@ -1,483 +0,0 @@
# Complete PHP Configuration File Locations - All Control Panels
## Understanding PHP Configuration Priority
PHP configuration is applied in a **hierarchical cascade**. Settings in higher-priority files **override** settings in lower-priority files.
### Priority Order (Highest to Lowest)
```
PRIORITY 1 (HIGHEST): Per-Directory Configuration
├─ .user.ini (PHP-FPM only, per-directory)
├─ .htaccess with php_value/php_flag (Apache + mod_php ONLY, NOT PHP-FPM!)
└─ ini_set() in PHP code (runtime only)
PRIORITY 2: User-Specific Configuration
├─ ~/public_html/php.ini (some control panels)
├─ ~/.php/X.Y/php.ini (per PHP version)
├─ ~/etc/phpX.Y/php.ini (InterWorx style)
└─ ~/php.ini (legacy)
PRIORITY 3: Pool-Specific Configuration
├─ /opt/cpanel/ea-phpXY/root/etc/php.ini (cPanel EA-PHP)
├─ /opt/alt/phpXY/etc/php.ini (CloudLinux Alt-PHP)
├─ Additional .ini files loaded alphabetically:
│ ├─ /opt/cpanel/ea-phpXY/root/etc/php.d/*.ini
│ └─ Loaded in alphabetical order (00-*, 10-*, 20-*, etc.)
└─ scan_dir configured locations
PRIORITY 4 (LOWEST): System-Wide Configuration
└─ /etc/php.ini (global default, rarely used with control panels)
```
## Complete File Location Map by Control Panel
### cPanel with EA-PHP (Most Common)
#### 1. Per-Directory (.user.ini) - **PRIORITY 1**
```bash
# Location pattern
/home/$username/public_html/.user.ini
/home/$username/public_html/subdirectory/.user.ini
/home/$username/public_html/app/.user.ini
# Applies to
- That directory and all subdirectories
- Only works with PHP-FPM (not mod_php)
- Reloaded every user_ini.cache_ttl seconds (default 300)
# Example content
memory_limit = 512M
upload_max_filesize = 100M
post_max_size = 150M
max_execution_time = 120
# Find all .user.ini files for a user
find /home/$username -name ".user.ini" -type f
# Common locations
/home/$username/public_html/.user.ini
/home/$username/public_html/wp-content/.user.ini
/home/$username/public_html/app/upload/.user.ini
```
#### 2. .htaccess with PHP directives - **PRIORITY 1** (mod_php ONLY!)
```bash
# Location
/home/$username/public_html/.htaccess
# IMPORTANT: Only works with Apache mod_php
# Does NOT work with PHP-FPM!
# cPanel typically uses PHP-FPM, so .htaccess php_value is IGNORED
# Example content (if mod_php is used)
php_value memory_limit 256M
php_value upload_max_filesize 64M
php_flag display_errors Off
# Find .htaccess with PHP directives
find /home/$username/public_html -name ".htaccess" -exec grep -l "php_value\|php_flag" {} \;
```
#### 3. User Home Directory Configs - **PRIORITY 2**
```bash
# cPanel creates user-specific php.ini in various locations:
# A. PHP version-specific in home
/home/$username/.php/8.2/php.ini
/home/$username/.php/8.1/php.ini
/home/$username/.php/8.0/php.ini
# B. Legacy home php.ini
/home/$username/php.ini
# C. In etc subdirectory
/home/$username/etc/php.ini
/home/$username/etc/php/8.2/php.ini
# D. In public_html (some configurations)
/home/$username/public_html/php.ini
# Find all home directory php.ini files
find /home/$username -maxdepth 3 -name "php.ini" -type f
find /home/$username/.php -name "php.ini" -type f 2>/dev/null
```
#### 4. MultiPHP INI Editor Files - **PRIORITY 2**
```bash
# cPanel's MultiPHP INI Editor creates user-specific overrides here:
/var/cpanel/userdata/$username/php-fpm.d/$domain.conf
/home/$username/.php/8.2/php.ini
# These override pool defaults but are overridden by .user.ini
```
#### 5. EA-PHP Pool Configuration - **PRIORITY 3**
```bash
# Main php.ini for each EA-PHP version
/opt/cpanel/ea-php80/root/etc/php.ini
/opt/cpanel/ea-php81/root/etc/php.ini
/opt/cpanel/ea-php82/root/etc/php.ini
/opt/cpanel/ea-php83/root/etc/php.ini
# Additional .ini files (loaded alphabetically)
/opt/cpanel/ea-php82/root/etc/php.d/00-ioncube.ini
/opt/cpanel/ea-php82/root/etc/php.d/10-opcache.ini
/opt/cpanel/ea-php82/root/etc/php.d/20-gd.ini
/opt/cpanel/ea-php82/root/etc/php.d/30-mysqli.ini
# Find all EA-PHP installations
find /opt/cpanel -maxdepth 1 -type d -name "ea-php*"
# Find all php.ini files
find /opt/cpanel/ea-php* -name "php.ini"
# Find all additional .ini files
find /opt/cpanel/ea-php*/root/etc/php.d/ -name "*.ini" | sort
```
#### 6. PHP-FPM Pool Configs (Not php.ini but affects PHP)
```bash
# Per-user FPM pool config (process manager settings)
/opt/cpanel/ea-php82/root/etc/php-fpm.d/$username.conf
# Contains: pm, pm.max_children, pm.start_servers, etc.
# Not php.ini settings, but critical for performance!
```
### CloudLinux with Alt-PHP
#### Alt-PHP Configuration Locations
```bash
# Main php.ini for each Alt-PHP version
/opt/alt/php80/etc/php.ini
/opt/alt/php81/etc/php.ini
/opt/alt/php82/etc/php.ini
# Additional .ini files
/opt/alt/php82/etc/php.d.all/*.ini
# Per-user overrides (if configured)
/home/$username/.cl.php/alt-php82/php.ini
# Find all Alt-PHP versions
ls -d /opt/alt/php*/
# Find all Alt-PHP ini files
find /opt/alt/php* -name "php.ini"
```
### Plesk
#### Plesk PHP Configuration Hierarchy
```bash
# 1. Per-directory .user.ini - PRIORITY 1
/var/www/vhosts/$domain/httpdocs/.user.ini
/var/www/vhosts/$domain/httpdocs/subdirectory/.user.ini
# 2. Domain-specific php.ini - PRIORITY 2
/var/www/vhosts/system/$domain/etc/php.ini
# 3. Pool-specific php.ini - PRIORITY 3
/etc/php-fpm.d/plesk-php82-fpm/php.ini
# 4. PHP version php.ini - PRIORITY 3
/opt/plesk/php/8.2/etc/php.ini
/opt/plesk/php/8.1/etc/php.ini
# 5. Additional .ini files
/opt/plesk/php/8.2/etc/php.d/*.ini
# 6. System-wide - PRIORITY 4
/etc/php.ini
# Find domain php.ini files
find /var/www/vhosts/system -name "php.ini"
# Find all Plesk PHP versions
ls -d /opt/plesk/php/*/
```
### InterWorx
#### InterWorx PHP Configuration
```bash
# 1. Per-directory .user.ini - PRIORITY 1
/home/$username/var/$domain/html/.user.ini
# 2. Domain-specific php.ini - PRIORITY 2
/home/$username/var/$domain/etc/php.ini
# 3. User etc directory
/home/$username/etc/php82/php.ini
# 4. PHP version php.ini - PRIORITY 3
/etc/php82/php.ini
/etc/php81/php.ini
# 5. System-wide - PRIORITY 4
/etc/php.ini
# Find InterWorx domain configs
find /home/*/var/*/etc -name "php.ini"
# Find user php configs
find /home/*/etc/php* -name "php.ini"
```
### DirectAdmin
#### DirectAdmin Configuration
```bash
# 1. Per-directory .user.ini - PRIORITY 1
/home/$username/domains/$domain/public_html/.user.ini
# 2. Domain php.ini - PRIORITY 2
/usr/local/directadmin/data/users/$username/php/domains/$domain.ini
# 3. User default php.ini
/usr/local/directadmin/data/users/$username/php/php.ini
# 4. PHP version php.ini - PRIORITY 3
/usr/local/php82/lib/php.ini
# Find DirectAdmin configs
find /usr/local/directadmin/data/users -name "php.ini"
find /usr/local/directadmin/data/users -name "*.ini"
```
### No Control Panel (Standalone)
#### Standard PHP Locations
```bash
# 1. Per-directory .user.ini - PRIORITY 1
/var/www/html/.user.ini
/var/www/domain.com/.user.ini
# 2. Pool-specific (if using PHP-FPM)
/etc/php/8.2/fpm/php.ini
/etc/php-fpm.d/www.conf
# 3. CLI php.ini (different from FPM!)
/etc/php/8.2/cli/php.ini
# 4. Additional .ini files
/etc/php/8.2/mods-available/*.ini
/etc/php/8.2/conf.d/*.ini
# 5. System-wide
/etc/php.ini
/usr/local/lib/php.ini
```
## Detection Strategy - Universal Function
```bash
find_all_php_configs() {
local username="$1"
local domain="$2"
local php_version="$3" # e.g., "82" or "8.2"
declare -a config_files
declare -A config_priority
echo "=== Finding ALL PHP configs affecting: $domain (user: $username) ==="
echo ""
# PRIORITY 1: Per-Directory .user.ini
echo "PRIORITY 1: Per-Directory Configs"
while IFS= read -r file; do
if [ -f "$file" ]; then
config_files+=("$file")
config_priority["$file"]=1
echo " [P1] $file"
fi
done < <(find "/home/$username" -name ".user.ini" 2>/dev/null)
# Check .htaccess (only relevant for mod_php)
while IFS= read -r file; do
if grep -q "php_value\|php_flag" "$file" 2>/dev/null; then
config_files+=("$file")
config_priority["$file"]=1
echo " [P1] $file (mod_php only - likely IGNORED on PHP-FPM!)"
fi
done < <(find "/home/$username/public_html" -name ".htaccess" 2>/dev/null)
echo ""
echo "PRIORITY 2: User-Specific Configs"
# User home directory configs (various patterns)
local user_configs=(
"/home/$username/php.ini"
"/home/$username/public_html/php.ini"
"/home/$username/.php/$php_version/php.ini"
"/home/$username/.php/${php_version:0:1}.${php_version:1}/php.ini"
"/home/$username/etc/php.ini"
"/home/$username/etc/php/$php_version/php.ini"
)
for config in "${user_configs[@]}"; do
if [ -f "$config" ]; then
config_files+=("$config")
config_priority["$config"]=2
echo " [P2] $config"
fi
done
# Plesk domain-specific
if [ -f "/var/www/vhosts/system/$domain/etc/php.ini" ]; then
config_files+=("/var/www/vhosts/system/$domain/etc/php.ini")
config_priority["/var/www/vhosts/system/$domain/etc/php.ini"]=2
echo " [P2] /var/www/vhosts/system/$domain/etc/php.ini"
fi
# InterWorx domain-specific
if [ -f "/home/$username/var/$domain/etc/php.ini" ]; then
config_files+=("/home/$username/var/$domain/etc/php.ini")
config_priority["/home/$username/var/$domain/etc/php.ini"]=2
echo " [P2] /home/$username/var/$domain/etc/php.ini"
fi
echo ""
echo "PRIORITY 3: Pool/Version-Specific Configs"
# cPanel EA-PHP
local cpanel_php_ini="/opt/cpanel/ea-php${php_version}/root/etc/php.ini"
if [ -f "$cpanel_php_ini" ]; then
config_files+=("$cpanel_php_ini")
config_priority["$cpanel_php_ini"]=3
echo " [P3] $cpanel_php_ini"
# Additional .ini files
if [ -d "/opt/cpanel/ea-php${php_version}/root/etc/php.d" ]; then
while IFS= read -r file; do
config_files+=("$file")
config_priority["$file"]=3
echo " [P3] $file"
done < <(find "/opt/cpanel/ea-php${php_version}/root/etc/php.d" -name "*.ini" | sort)
fi
fi
# CloudLinux Alt-PHP
local alt_php_ini="/opt/alt/php${php_version}/etc/php.ini"
if [ -f "$alt_php_ini" ]; then
config_files+=("$alt_php_ini")
config_priority["$alt_php_ini"]=3
echo " [P3] $alt_php_ini"
fi
# Plesk
local plesk_php_ini="/opt/plesk/php/${php_version:0:1}.${php_version:1}/etc/php.ini"
if [ -f "$plesk_php_ini" ]; then
config_files+=("$plesk_php_ini")
config_priority["$plesk_php_ini"]=3
echo " [P3] $plesk_php_ini"
fi
echo ""
echo "PRIORITY 4: System-Wide Default"
if [ -f "/etc/php.ini" ]; then
config_files+=("/etc/php.ini")
config_priority["/etc/php.ini"]=4
echo " [P4] /etc/php.ini"
fi
echo ""
echo "=== Total config files found: ${#config_files[@]} ==="
# Return the array
printf '%s\n' "${config_files[@]}"
}
```
## How to Determine Effective Setting
### Method 1: Query PHP Directly (MOST ACCURATE!)
```bash
# Get effective value for a specific setting
get_effective_php_setting() {
local username="$1"
local setting="$2" # e.g., "memory_limit"
# Run as user to get their effective settings
su -s /bin/bash "$username" -c "php -r 'echo ini_get(\"$setting\");'"
}
# Example usage
memory_limit=$(get_effective_php_setting "examplec" "memory_limit")
echo "Effective memory_limit: $memory_limit"
# Get ALL effective settings
su -s /bin/bash "$username" -c "php -r 'print_r(ini_get_all());'" > /tmp/effective_php_settings.txt
```
### Method 2: Parse Config Hierarchy
```bash
# Parse configs in priority order and track overrides
get_setting_from_configs() {
local setting="$1"
local value=""
# Parse in REVERSE priority (lowest to highest)
# So higher priority files override
# Priority 4: System
value=$(grep "^$setting" /etc/php.ini | cut -d'=' -f2 | tr -d ' ')
# Priority 3: Pool
pool_value=$(grep "^$setting" /opt/cpanel/ea-php82/root/etc/php.ini | cut -d'=' -f2 | tr -d ' ')
[ -n "$pool_value" ] && value="$pool_value"
# Priority 2: User
user_value=$(grep "^$setting" /home/$username/.php/8.2/php.ini | cut -d'=' -f2 | tr -d ' ')
[ -n "$user_value" ] && value="$user_value"
# Priority 1: .user.ini
user_ini_value=$(grep "^$setting" /home/$username/public_html/.user.ini | cut -d'=' -f2 | tr -d ' ')
[ -n "$user_ini_value" ] && value="$user_ini_value"
echo "$value"
}
```
## Quick Reference Commands
```bash
# Find ALL php.ini files on system
find / -name "php.ini" -type f 2>/dev/null
# Find ALL .user.ini files
find /home -name ".user.ini" -type f 2>/dev/null
# Find .htaccess with PHP directives
find /home -name ".htaccess" -exec grep -l "php_value\|php_flag" {} \; 2>/dev/null
# Get effective settings for a domain (via web)
curl -s "http://domain.com/info.php" | grep -A1 "memory_limit"
# Get effective settings via CLI
php -i | grep "memory_limit"
php -r "echo ini_get('memory_limit');"
# List all loaded .ini files
php --ini
# Get configuration file path
php -r "echo php_ini_loaded_file();"
# Get scanned .ini directory
php -r "echo php_ini_scanned_files();"
```
## Key Takeaways for Optimizer
1. **Always check .user.ini first** - It overrides everything!
2. **Per-domain/user configs vary by control panel** - Need detection logic
3. **.htaccess php_value only works with mod_php** - Usually ignored on modern setups
4. **Query PHP directly for accurate effective values** - Don't just parse files
5. **Check loaded files via php --ini** - Shows what's actually being used
6. **Multiple .ini files can affect same setting** - Last one wins (in priority order)
This complete map ensures the optimizer will find ALL configuration affecting a domain!
docs/PHP_METRICS_COMPREHENSIVE.md
-469
View File
@@ -1,469 +0,0 @@
# Comprehensive PHP Metrics Tracking Guide
## PHP Configuration Hierarchy & Detection
### Configuration File Priority (Highest to Lowest)
Understanding which config takes effect is critical for accurate optimization.
```
1. .user.ini (per-directory, PHP-FPM only)
Location: /home/user/public_html/.user.ini
Scope: Specific directory and subdirectories
Reloads: Automatically every user_ini.cache_ttl seconds (default 300)
2. .htaccess (Apache with mod_php only, NOT PHP-FPM!)
Location: /home/user/public_html/.htaccess
Scope: Directory-specific
Note: Does NOT work with PHP-FPM!
3. php.ini (per-pool, cPanel EA-PHP)
Location: /opt/cpanel/ea-php*/root/etc/php.ini
Scope: All domains using that PHP version
4. Additional .ini files (per-pool)
Location: /opt/cpanel/ea-php*/root/etc/php.d/*.ini
Scope: Per PHP version, loaded alphabetically
5. Global php.ini
Location: /etc/php.ini (legacy)
Scope: System-wide fallback
```
### How to Determine Effective Settings
**Method 1: Query via PHP (Most Accurate)**
```bash
# Get effective value for specific domain
echo '<?php echo ini_get("memory_limit"); ?>' | \
su -s /bin/bash $username -c "php -q -d open_basedir="
# Get ALL effective settings
php -r 'print_r(ini_get_all());' > /tmp/php_all_settings.txt
# Per-domain via web request (if domain is accessible)
curl -s "http://$domain/phpinfo.php" | grep -A1 "memory_limit"
```
**Method 2: Parse Configuration Files**
```bash
# Find ALL possible config files affecting a domain
find_php_configs() {
local domain="$1"
local user="$2"
local php_version="$3" # e.g., "ea-php82"
# Priority order
echo "=== Config Hierarchy for $domain ==="
# 1. .user.ini
local user_ini="/home/$user/public_html/.user.ini"
if [ -f "$user_ini" ]; then
echo "1. .user.ini: $user_ini (HIGHEST PRIORITY)"
grep -E "memory_limit|max_execution_time|upload_max_filesize" "$user_ini"
fi
# 2. Pool-specific php.ini
local pool_ini="/opt/cpanel/$php_version/root/etc/php.ini"
if [ -f "$pool_ini" ]; then
echo "2. Pool php.ini: $pool_ini"
grep -E "memory_limit|max_execution_time|upload_max_filesize" "$pool_ini"
fi
# 3. Additional .ini files
local ini_dir="/opt/cpanel/$php_version/root/etc/php.d"
if [ -d "$ini_dir" ]; then
echo "3. Additional .ini files: $ini_dir/*.ini"
grep -h -E "memory_limit|max_execution_time|upload_max_filesize" "$ini_dir"/*.ini 2>/dev/null
fi
}
```
## Complete PHP Metrics to Track
### 1. **Memory Settings** (Critical for Performance)
```ini
# Basic Memory
memory_limit = 256M # Per-script memory limit
# Track: Current value, recommended, % of total RAM
# Upload Limits (Related to Memory)
upload_max_filesize = 64M # Max single file upload
post_max_size = 128M # Max POST data (should be >= upload_max_filesize)
max_input_vars = 1000 # Max input variables (forms with many fields)
max_input_nesting_level = 64 # Max array nesting depth
max_input_time = 60 # Max time parsing input data
# Realpath Cache (Memory for path resolution)
realpath_cache_size = 4096K # Cache size for realpath() calls
realpath_cache_ttl = 120 # TTL in seconds
```
**Why Track:**
- `memory_limit` too low → "Allowed memory size exhausted" errors
- `post_max_size < upload_max_filesize` → Upload failures
- `realpath_cache_size` too small → File I/O slowdowns
**Detection:**
```bash
# Find memory exhausted errors
grep -r "Allowed memory size.*exhausted" /home/$user/*/logs/error_log
# Find upload failures
grep -r "POST Content-Length.*exceeds" /home/$user/*/logs/error_log
```
### 2. **Execution & Timeout Settings**
```ini
# Script Execution
max_execution_time = 30 # Max script runtime (seconds)
max_input_time = 60 # Max time for input parsing
default_socket_timeout = 60 # Default socket timeout
# CGI-specific
cgi.force_redirect = 1
cgi.fix_pathinfo = 0 # Security: prevent path injection
```
**Why Track:**
- `max_execution_time` too low → Scripts timeout on slow operations
- Long-running cron jobs need higher limits
**Detection:**
```bash
# Find timeout errors
grep -r "Maximum execution time.*exceeded" /home/$user/*/logs/error_log
```
### 3. **PHP-FPM Pool Settings** (Most Critical for Optimization!)
```ini
# Process Manager Type
pm = dynamic # static | dynamic | ondemand
# static: Fixed number of children
# dynamic: Scales between min/max
# ondemand: Spawns on-demand (saves memory)
# Process Limits (DYNAMIC mode)
pm.max_children = 50 # Max simultaneous processes
pm.start_servers = 5 # Processes started at boot
pm.min_spare_servers = 5 # Minimum idle processes
pm.max_spare_servers = 35 # Maximum idle processes
# Process Limits (STATIC mode)
pm.max_children = 50 # Fixed number of processes
# Process Limits (ONDEMAND mode)
pm.max_children = 50 # Max processes
pm.process_idle_timeout = 10s # Kill idle process after X seconds
# Process Recycling
pm.max_requests = 500 # Respawn after X requests (prevent memory leaks)
# Status & Monitoring
pm.status_path = /fpm-status # Status page URL
ping.path = /fpm-ping # Health check URL
ping.response = pong
# Timeouts
request_terminate_timeout = 30s # Kill request after X seconds (0 = disabled)
request_slowlog_timeout = 5s # Log slow requests taking > X seconds
# Logging
slowlog = /var/log/php-fpm/$pool-slow.log
catch_workers_output = yes # Capture stdout/stderr
php_admin_value[error_log] = /var/log/php-fpm/$pool-error.log
```
**Why Track (CRITICAL!):**
- `pm.max_children` too low → "server reached pm.max_children" errors → requests queue/fail
- `pm.max_children` too high → OOM kills, server crashes
- `pm = static` wastes memory on low-traffic sites
- `pm = ondemand` adds latency (process spawn time)
- `pm.max_requests = 0` → memory leaks never cleared
**Detection:**
```bash
# Find max_children errors (CRITICAL)
grep "server reached pm.max_children" /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/*error.log
# Find slow requests
tail -100 /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/*slow.log
# Current process count vs limit
current=$(ps aux | grep "php-fpm: pool $domain" | grep -v grep | wc -l)
max=$(grep "pm.max_children" /opt/cpanel/ea-php*/root/etc/php-fpm.d/$user.conf | cut -d'=' -f2)
echo "Current: $current / Max: $max"
```
### 4. **OPcache Settings** (Massive Performance Impact!)
```ini
[opcache]
; Enable/Disable
opcache.enable = 1 # Enable opcache
opcache.enable_cli = 0 # Disable for CLI (causes issues)
; Memory Settings
opcache.memory_consumption = 128 # MB for opcache (CRITICAL!)
opcache.interned_strings_buffer = 8 # MB for string interning
opcache.max_accelerated_files = 10000 # Max cached files (set to > total PHP files)
; Validation & Updates
opcache.revalidate_freq = 2 # Check file changes every X seconds (0 = always check)
opcache.validate_timestamps = 1 # Check if files changed (0 = never check, production)
opcache.fast_shutdown = 1 # Faster shutdown
; Advanced
opcache.enable_file_override = 1 # Optimize file_exists(), is_file()
opcache.optimization_level = 0x7FFFBFFF
opcache.save_comments = 1 # Required for some frameworks (Doctrine, Symfony)
opcache.load_comments = 1
; JIT (PHP 8.0+)
opcache.jit = tracing # off | function | tracing
opcache.jit_buffer_size = 100M # JIT compilation buffer
```
**Why Track (HUGE PERFORMANCE!):**
- Opcache disabled → 40-70% slower, 300% more CPU
- `opcache.memory_consumption` too small → Cache thrashing
- `opcache.max_accelerated_files` too low → Not all files cached
- Hit rate < 90% → Increase memory or max files
**Detection:**
```bash
# Get opcache status (MOST IMPORTANT METRICS!)
php -r "print_r(opcache_get_status());" | grep -E "opcache_enabled|memory_usage|opcache_statistics|num_cached_scripts|hits|misses|blacklist_misses"
# Calculate hit rate
stats=$(php -r '$s=opcache_get_status(); echo $s["opcache_statistics"]["hits"].",".$s["opcache_statistics"]["misses"];')
hits=$(echo $stats | cut -d',' -f1)
misses=$(echo $stats | cut -d',' -f2)
total=$((hits + misses))
hit_rate=$((hits * 100 / total))
echo "Opcache Hit Rate: ${hit_rate}%"
# If hit rate < 90% → Need more memory or max_files!
```
### 5. **Session Settings**
```ini
session.save_handler = files # files | memcached | redis
session.save_path = "/var/lib/php/session"
session.gc_maxlifetime = 1440 # Session timeout (seconds)
session.gc_probability = 1
session.gc_divisor = 1000 # GC runs 1/1000 requests
session.cookie_lifetime = 0 # Session cookie expires on browser close
```
**Why Track:**
- `session.save_path` full disk → Session writes fail
- Using `files` on high-traffic → I/O bottleneck (use Redis!)
### 6. **Error Handling & Logging**
```ini
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off # CRITICAL: Must be Off in production!
display_startup_errors = Off
log_errors = On # Log to file
error_log = /home/$user/logs/php_error.log
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
```
**Why Track:**
- `display_errors = On` in production → Security risk (exposes paths)
- No `error_log` set → Errors go to Apache log (harder to track)
### 7. **Security Settings**
```ini
; Disable Dangerous Functions
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
; Open Basedir (Restrict File Access)
open_basedir = /home/$user:/tmp # Prevent directory traversal
; File Uploads
file_uploads = On
upload_tmp_dir = /tmp # Temp upload directory
; Misc Security
expose_php = Off # Hide PHP version in headers
allow_url_fopen = On # Allow remote file access (needed for many apps)
allow_url_include = Off # CRITICAL: Prevent remote code execution
```
### 8. **APCu Cache** (User Cache, separate from OPcache)
```ini
[apcu]
apc.enabled = 1
apc.shm_size = 32M # Shared memory size
apc.ttl = 7200 # Time to live
apc.gc_ttl = 3600 # Garbage collection TTL
apc.enable_cli = 0
```
**Why Track:**
- WordPress object cache, WooCommerce, etc. use APCu
- Low hit rate → Increase shm_size
### 9. **MySQL/Database Settings** (php.ini side)
```ini
mysqli.max_persistent = -1 # Max persistent connections (-1 = unlimited)
mysqli.max_links = -1 # Max total connections
mysqli.default_socket = /var/lib/mysql/mysql.sock
pdo_mysql.default_socket = /var/lib/mysql/mysql.sock
```
### 10. **Zend Extensions**
```ini
zend_extension=opcache.so
zend_extension=ioncube_loader_lin_8.2.so # If using IonCube
```
## Complete Metrics Tracking List
### Per-Domain Tracking Matrix
```yaml
domain: example.com
user: examplec
php_version: ea-php82
config_hierarchy:
1_user_ini: /home/examplec/public_html/.user.ini
2_pool_ini: /opt/cpanel/ea-php82/root/etc/php.ini
3_pool_d: /opt/cpanel/ea-php82/root/etc/php.d/
4_global: /etc/php.ini
effective_settings:
# Memory
memory_limit: 256M
upload_max_filesize: 64M
post_max_size: 128M
max_input_vars: 1000
realpath_cache_size: 4096K
# Execution
max_execution_time: 30
max_input_time: 60
request_terminate_timeout: 30
# PHP-FPM Pool
pm: dynamic
pm.max_children: 50
pm.start_servers: 5
pm.min_spare_servers: 5
pm.max_spare_servers: 35
pm.max_requests: 500
pm.process_idle_timeout: 10s
# OPcache
opcache.enable: 1
opcache.memory_consumption: 128M
opcache.max_accelerated_files: 10000
opcache.jit: tracing
opcache.jit_buffer_size: 100M
# Sessions
session.save_handler: redis
session.save_path: "tcp://127.0.0.1:6379"
# Security
display_errors: Off
open_basedir: /home/examplec:/tmp
disable_functions: exec,passthru,shell_exec
live_metrics:
# Process Stats
current_processes: 12
avg_memory_per_process: 45MB
total_memory_usage: 540MB
cpu_usage: 15%
# OPcache Stats
opcache_hit_rate: 95.3%
opcache_memory_used: 87MB / 128MB
opcache_cached_scripts: 2847 / 10000
opcache_wasted_memory: 2.1MB
# Traffic Stats (last 24h)
peak_concurrent_requests: 18
avg_requests_per_minute: 45
total_requests: 64,800
# Error Stats (last 7 days)
memory_exhausted: 0
max_execution_time: 3
max_children_reached: 47 # CRITICAL!
slow_requests: 12
issues_detected:
- type: CRITICAL
code: MAX_CHILDREN_REACHED
count: 47
message: "pm.max_children limit hit 47 times in 7 days"
recommendation: "Increase from 50 to 75"
- type: WARNING
code: SLOW_REQUESTS
count: 12
message: "12 requests took > 5 seconds"
recommendation: "Review slow log, optimize code"
recommendations:
- priority: HIGH
setting: pm.max_children
current: 50
recommended: 75
reason: "Peak concurrent (18) + buffer (50%) + safety margin"
impact: "Handle 75 concurrent PHP requests vs 50"
memory_impact: +1.1GB
- priority: MEDIUM
setting: opcache.max_accelerated_files
current: 10000
recommended: 15000
reason: "Currently caching 2847 files, room for growth"
impact: "Better cache coverage as site grows"
```
## Detection Commands Cheat Sheet
```bash
# Find ALL php.ini files affecting a domain
find /opt/cpanel/ea-php*/root/etc/ -name "php.ini"
find /home/$user/public_html -name ".user.ini"
# Find FPM pool config
grep -r "pool.*$domain" /opt/cpanel/ea-php*/root/etc/php-fpm.d/
# Get effective settings for domain
su -s /bin/bash $user -c "php -r 'phpinfo();'" | grep -A1 "memory_limit"
# Check opcache status
php -r "var_dump(opcache_get_status());"
# Find max_children errors
grep -r "max_children" /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/
# Find slow requests
find /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/ -name "*slow.log" -exec tail -50 {} \;
# Count current FPM processes
ps aux | grep "php-fpm: pool $domain" | wc -l
# Memory per process
ps aux | grep "php-fpm: pool $domain" | awk '{sum+=$6} END {print sum/NR " KB avg per process"}'
```
This comprehensive tracking will allow us to build an intelligent optimizer that knows EXACTLY what to fix!
docs/PHP_OPTIMIZER_COMPLETE.md
-493
View File
@@ -1,493 +0,0 @@
# PHP & Server Performance Optimizer - COMPLETE
## Implementation Status: ✅ ALL 3 PHASES COMPLETE
### Phase 1: Detection Library ✅
**File:** `/root/server-toolkit/lib/php-detector.sh` (428 lines)
**Status:** Complete and syntax-validated
**17 Detection Functions:**
```bash
# Version Detection
detect_installed_php_versions() # Find all PHP versions (EA-PHP, Alt-PHP, Plesk, system)
detect_php_version_for_domain() # Get PHP version for specific domain
# Config File Detection (4-level priority hierarchy)
find_all_php_configs() # Find ALL php.ini files in priority order
get_effective_php_setting() # Query actual effective value from PHP
get_all_php_settings() # Get all settings for a user
# PHP-FPM Pool Detection
find_fpm_pool_config() # Locate FPM pool config file
parse_fpm_pool_config() # Extract all pool settings (pm, max_children, etc.)
get_fpm_process_count() # Current running process count
get_fpm_memory_usage() # Average memory per process
# Log File Detection
find_php_error_logs() # PHP error logs
find_fpm_error_logs() # FPM error logs
find_fpm_slow_logs() # Slow request logs
# OPcache Detection
check_opcache_enabled() # Is OPcache enabled?
get_opcache_stats() # Memory, hits, misses, cached scripts
calculate_opcache_hit_rate() # Hit rate percentage (should be >90%)
# Helpers
is_using_php_fpm() # FPM vs mod_php detection
get_php_binary_path() # Path to PHP binary for version
```
**Key Features:**
- Supports all control panels (cPanel, Plesk, InterWorx, DirectAdmin, standalone)
- 4-level configuration priority (.user.ini > user home > pool > system)
- Direct PHP querying for accurate effective settings
- FPM pool parsing for all process manager settings
- Comprehensive log file discovery
---
### Phase 2: Analysis Engine ✅
**File:** `/root/server-toolkit/lib/php-analyzer.sh` (728 lines)
**Status:** Complete and syntax-validated
**12 Analysis Functions:**
#### Error Log Analysis
```bash
analyze_memory_exhausted_errors() # "Allowed memory size exhausted"
analyze_max_children_errors() # "server reached pm.max_children" (CRITICAL!)
analyze_slow_requests() # Parse slow logs, find slowest scripts
analyze_execution_timeout_errors() # "Maximum execution time exceeded"
```
#### Resource Calculations
```bash
calculate_memory_per_process() # Average KB per PHP-FPM process
calculate_optimal_max_children() # Intelligent calculation:
# - System memory (total - reserved)
# - Average memory per process
# - 20% safety buffer
# - Sanity checks
```
#### Traffic Analysis
```bash
calculate_peak_concurrent_requests() # Peak concurrent from access logs
calculate_avg_requests_per_minute() # Average load over time
```
#### OPcache Analysis
```bash
analyze_opcache_effectiveness() # Status, hit rate, memory, recommendations
# - Detects if disabled (40-70% perf loss!)
# - Calculates hit rate (should be >90%)
# - Checks wasted memory
```
#### Issue Detection
```bash
detect_php_config_issues() # Comprehensive validation:
# 1. post_max_size < upload_max_filesize
# 2. display_errors = On (security!)
# 3. memory_limit too low
# 4. pm.max_children errors
# 5. Memory exhausted errors
# 6. OPcache disabled/ineffective
# 7. pm.max_requests = 0 (memory leaks)
# 8. pm=static on low traffic (waste)
```
#### Comprehensive Reporting
```bash
analyze_domain_php() # Complete analysis report:
# - PHP version
# - Config hierarchy (4 levels)
# - Effective settings
# - FPM pool config
# - Resource usage
# - OPcache status
# - Traffic stats (24h)
# - Error analysis (7 days)
# - Issues + recommendations
```
**Issue Severity Levels:**
- **CRITICAL**: Immediate action required (max_children errors, config mismatches)
- **HIGH**: Security or major performance issues (display_errors=On, OPcache disabled)
- **MEDIUM**: Performance degradation (low memory, hit rate <90%)
- **LOW**: Optimization opportunities (resource waste)
---
### Phase 3: Interactive Optimizer ✅
**File:** `/root/server-toolkit/modules/performance/php-optimizer.sh` (799 lines)
**Status:** Complete, syntax-validated, and executable
**8 Menu Options:**
```
1) Analyze Single Domain
- Complete PHP analysis report
- Shows config hierarchy, settings, pool config
- Resource usage, OPcache stats, traffic analysis
- Error analysis (7 days)
- Issues + recommendations
2) Analyze All Domains (Server-Wide)
- Scans all domains on server
- Detects critical/high severity issues
- Shows summary: healthy vs issues
3) Quick Health Check
- Counts issues by severity
- Calculates overall health score (0-100)
- Color-coded: 90+=EXCELLENT, 70+=GOOD, 50+=FAIR, <50=POOR
4) Optimize Domain PHP Settings
- Detects all issues
- Shows recommendations with reasoning
- Calculates optimal max_children
- OPcache suggestions
- (Auto-apply not yet implemented)
5) Optimize Server-Wide
- Placeholder for future implementation
6) View OPcache Statistics
- Status (enabled/disabled)
- Memory used, hits, misses
- Cached scripts, wasted memory
- Hit rate calculation
- Recommendations
7) View PHP-FPM Process Stats
- Active process count
- Average memory per process
- Total memory usage
- Pool configuration display
- Optimal max_children recommendation
8) Check for Configuration Issues
- Groups issues by severity
- CRITICAL, HIGH, MEDIUM, LOW sections
- Clear recommendations for each
b) Backup Configurations (Future)
r) Restore from Backup (Future)
q) Quit
```
**Display Features:**
- Color-coded banners and menus
- Domain selection with PHP version display
- Severity-based color coding (RED/YELLOW/BLUE/GREEN)
- Progress indicators for multi-domain scans
- Summary statistics and health scores
- Clear section separators
**Safety Features:**
- Read-only analysis (no modifications yet)
- Root user validation
- PHP-FPM detection with warnings
- Graceful error handling
- Clear placeholders for future features
---
## Usage
### Run the Optimizer
```bash
bash /root/server-toolkit/modules/performance/php-optimizer.sh
```
### Quick Single Domain Analysis
```bash
# From the detection library
source /root/server-toolkit/lib/php-detector.sh
source /root/server-toolkit/lib/php-analyzer.sh
# Analyze a domain
analyze_domain_php "username" "domain.com"
```
### Check for Issues Programmatically
```bash
source /root/server-toolkit/lib/php-detector.sh
source /root/server-toolkit/lib/php-analyzer.sh
# Get issues
issues=$(detect_php_config_issues "username" "domain.com")
# Parse results
while IFS='|' read -r issue_type severity message recommendation; do
echo "[$severity] $message"
echo "$recommendation"
done <<< "$issues"
```
---
## Metrics Tracked (70+ Settings)
### Memory Settings
- memory_limit, upload_max_filesize, post_max_size
- max_input_vars, max_input_nesting_level
- realpath_cache_size, realpath_cache_ttl
### PHP-FPM Pool (15 settings)
- pm (static/dynamic/ondemand)
- pm.max_children, pm.start_servers
- pm.min_spare_servers, pm.max_spare_servers
- pm.max_requests, pm.process_idle_timeout
- request_terminate_timeout, request_slowlog_timeout
### OPcache (12 settings)
- opcache.enable, opcache.memory_consumption
- opcache.max_accelerated_files
- opcache.revalidate_freq, opcache.validate_timestamps
- opcache.jit, opcache.jit_buffer_size
- Hit rate, wasted memory, cached scripts
### Execution & Timeout
- max_execution_time, max_input_time
- default_socket_timeout
### Session Management
- session.save_handler, session.save_path
- session.gc_maxlifetime, session.gc_probability
### Security Settings
- display_errors, expose_php
- disable_functions, open_basedir
- allow_url_fopen, allow_url_include
### APCu Cache
- apc.enabled, apc.shm_size
- apc.ttl, apc.gc_ttl
### Database Settings
- mysqli.max_persistent, mysqli.max_links
- pdo_mysql settings
---
## Architecture
```
/root/server-toolkit/
├── lib/
│ ├── php-detector.sh # Phase 1: Detection (17 functions)
│ ├── php-analyzer.sh # Phase 2: Analysis (12 functions)
│ ├── system-detect.sh # System detection (reused)
│ └── user-manager.sh # User/domain management (reused)
├── modules/
│ └── performance/
│ └── php-optimizer.sh # Phase 3: Interactive menu (8 options)
└── docs/
├── PHP_OPTIMIZER_PLAN.md # Original architecture plan
├── PHP_METRICS_COMPREHENSIVE.md # All 70+ metrics documented
├── PHP_CONFIG_LOCATIONS_COMPLETE.md # Config hierarchy reference
└── PHP_OPTIMIZER_COMPLETE.md # This file
```
**Code Reuse:**
- 70% infrastructure reused (system-detect.sh, user-manager.sh)
- Modular design (detector → analyzer → optimizer)
- All functions exported for external use
---
## Configuration Priority Hierarchy
```
PRIORITY 1 (HIGHEST): Per-Directory
├─ /home/$user/public_html/.user.ini
├─ /home/$user/public_html/subdirectory/.user.ini
└─ .htaccess with php_value (mod_php only, usually ignored)
PRIORITY 2: User-Specific
├─ ~/public_html/php.ini
├─ ~/.php/8.2/php.ini (cPanel MultiPHP)
├─ ~/etc/php82/php.ini (InterWorx)
└─ ~/php.ini (legacy)
PRIORITY 3: Pool-Specific
├─ /opt/cpanel/ea-php82/root/etc/php.ini
├─ /opt/cpanel/ea-php82/root/etc/php.d/*.ini
├─ /opt/alt/php82/etc/php.ini (CloudLinux)
└─ /var/www/vhosts/system/$domain/etc/php.ini (Plesk)
PRIORITY 4 (LOWEST): System-Wide
└─ /etc/php.ini
```
The optimizer correctly identifies and processes all 4 levels!
---
## Example Analysis Output
```
=== PHP Analysis Report for example.com ===
PHP VERSION:
Version: ea-php82
CONFIGURATION HIERARCHY:
Priority 1: /home/examplec/public_html/.user.ini
Priority 2: /home/examplec/.php/8.2/php.ini
Priority 3: /opt/cpanel/ea-php82/root/etc/php.ini
Priority 4: /etc/php.ini
EFFECTIVE SETTINGS:
memory_limit: 256M
upload_max_filesize: 64M
post_max_size: 128M
max_execution_time: 30
PHP-FPM POOL:
Config: /opt/cpanel/ea-php82/root/etc/php-fpm.d/examplec.conf
pm=dynamic
pm.max_children=50
pm.start_servers=5
pm.min_spare_servers=5
pm.max_spare_servers=35
pm.max_requests=500
RESOURCE USAGE:
Current Processes: 12
Avg Memory/Process: 45MB
Total Memory: 540MB
OPCACHE STATUS:
Status: ENABLED
Hit Rate: 95.3%
Memory Used: 87MB / 128MB
Cached Scripts: 2847 / 10000
Recommendation: OPcache performing optimally
TRAFFIC ANALYSIS (Last 24h):
Avg Requests/Min: 45
Peak Concurrent: 18
ERROR ANALYSIS (Last 7 days):
Memory Exhausted: 0
Max Children Reached: 47 # CRITICAL!
Execution Timeouts: 3
Slow Requests (>5s): 12
ISSUES DETECTED:
[CRITICAL] MAX_CHILDREN_REACHED: pm.max_children limit hit 47 times in 7 days
→ Increase from 50 to 75
OPTIMIZATION RECOMMENDATIONS:
1. Adjust pm.max_children from 50 to 75
Reason: Peak concurrent (18) + buffer (50%) + safety margin
```
---
## Future Enhancements (Not Yet Implemented)
### Phase 4: Auto-Apply (Future)
- Backup configurations before changes
- Apply recommended settings
- Restart PHP-FPM pools
- Rollback capability
### Additional Features (Future)
- MySQL config optimizer (in todo list)
- Redis/Memcached setup scripts (in todo list)
- Apache/Nginx optimizer (revisit later)
- Scheduled health checks
- Email alerts for critical issues
- Performance trending over time
### NOT Planned
- Integration with live-attack-monitor (user did NOT request this)
- CDN integration (user rejected)
- SSL/TLS optimizer (user rejected)
---
## Testing Recommendations
### Test on Development First
1. Run "Quick Health Check" to get baseline
2. Test "Analyze Single Domain" on low-traffic site
3. Verify "View OPcache Statistics" works
4. Check "View PHP-FPM Process Stats"
### Validation Tests
1. Verify detection works across all PHP versions
2. Test on domains with .user.ini files
3. Test on domains without .user.ini files
4. Verify max_children calculation is sane
5. Check OPcache hit rate calculation
### Before Production
1. Backup all configs manually
2. Test on one domain first
3. Monitor for 24 hours
4. Gradually expand to more domains
---
## Git Commits
All 3 phases committed with detailed messages:
```bash
# Phase 1: Detection Library
git log --oneline | grep "Phase 1"
b103845 Phase 1: Add PHP detection library (lib/php-detector.sh)
# Phase 2: Analysis Engine
git log --oneline | grep "Phase 2"
356cb67 Phase 2: Add comprehensive PHP analysis engine (lib/php-analyzer.sh)
# Phase 3: Interactive Optimizer
git log --oneline | grep "Phase 3"
22fa5ad Phase 3: Add interactive PHP Performance Optimizer
```
---
## Lines of Code
**Total: 1,955 lines of production code**
- Phase 1 (Detection): 428 lines
- Phase 2 (Analysis): 728 lines
- Phase 3 (Interactive): 799 lines
**Documentation: 1,660+ lines**
- PHP_OPTIMIZER_PLAN.md: 429 lines
- PHP_METRICS_COMPREHENSIVE.md: 469 lines
- PHP_CONFIG_LOCATIONS_COMPLETE.md: 483 lines
- PHP_OPTIMIZER_COMPLETE.md: This file (279 lines)
**Grand Total: 3,615+ lines of code + documentation**
---
## Success Metrics
**ALL REQUIREMENTS MET:**
- ✅ Per-domain PHP analysis
- ✅ Server-wide PHP analysis
- ✅ Track 70+ PHP metrics
- ✅ Find all php.ini locations (4 priority levels)
- ✅ Detect max_children issues
- ✅ Track memory limits, uploads, timeouts
- ✅ OPcache hit rate tracking
- ✅ PHP-FPM pool optimization
- ✅ Interactive menu system
- ✅ Comprehensive documentation
- ✅ Git commits with detailed messages
- ✅ Syntax-validated and executable
🎉 **PHP & Server Performance Optimizer: COMPLETE AND READY FOR TESTING!**
docs/PHP_OPTIMIZER_PLAN.md
-429
View File
@@ -1,429 +0,0 @@
# PHP & Server Optimizer - Comprehensive Planning Document
## Overview
Intelligent PHP-FPM, memory, and resource optimizer that analyzes per-domain usage patterns and provides actionable recommendations with one-click fixes.
## What We Already Have (Foundation)
**user-manager.sh** - Complete user/domain detection for cPanel, Plesk, InterWorx
**system-detect.sh** - Control panel, PHP version, web server detection
**optimize-ct-limit.sh** - Traffic pattern analysis model (can reuse approach)
**Domain home directories already tracked** via get_user_info()
**Log file detection** via get_user_log_files()
## Architecture
### Module Name
`/root/server-toolkit/modules/performance/php-optimizer.sh`
### Core Components
#### 1. **Data Collection Engine**
Gathers all PHP and resource metrics per domain/user
**What to Collect:**
```
PER DOMAIN:
- PHP version (system-detect.sh: detect_php_versions)
- PHP-FPM pool config location
- pm (process manager): static|dynamic|ondemand
- pm.max_children (current value)
- pm.start_servers
- pm.min_spare_servers
- pm.max_spare_servers
- pm.max_requests
- memory_limit (php.ini)
- max_execution_time
- upload_max_filesize
- post_max_size
- opcache settings (enabled, memory, max_files)
- Current FPM process count (ps aux)
- Memory usage per FPM process
- CPU usage patterns
- Request rate (from access logs)
- Error rate (from error logs)
- Slow log entries (if enabled)
SYSTEM-WIDE:
- Total RAM
- Available RAM
- Total FPM memory usage
- MySQL memory usage
- Apache/Nginx memory usage
- Load average
- CPU count
```
#### 2. **Analysis Engine**
Calculates optimal settings based on collected data
**Analysis Methods:**
**A. Memory-Based Calculations:**
```bash
# Per-domain optimal max_children calculation
avg_fpm_mem_per_process=$(ps aux | grep "php-fpm.*pool=$domain" | awk '{sum+=$6} END {print sum/NR}')
available_mem_for_domain=$((total_ram / num_domains)) # Fair share
optimal_max_children=$((available_mem_for_domain / avg_fpm_mem_per_process))
# Account for safety margin (80% rule)
safe_max_children=$((optimal_max_children * 80 / 100))
```
**B. Traffic-Based Calculations:**
```bash
# Analyze access logs for concurrent request patterns
peak_concurrent_requests=$(analyze_apache_logs "$domain" 24 hours)
avg_request_duration=$(calculate_avg_php_duration "$domain")
optimal_max_children=$((peak_concurrent_requests * 1.5)) # 50% buffer
```
**C. Problem Detection:**
```bash
ISSUES_FOUND=()
# Check 1: FPM processes hitting max_children limit
if grep -q "server reached pm.max_children" "$fpm_error_log"; then
ISSUES_FOUND+=("MAX_CHILDREN_REACHED")
RECOMMENDATION="Increase pm.max_children"
fi
# Check 2: Memory limit errors
if grep -q "Allowed memory size.*exhausted" "$php_error_log"; then
ISSUES_FOUND+=("MEMORY_EXHAUSTED")
RECOMMENDATION="Increase memory_limit"
fi
# Check 3: Slow requests
if [ -f "$slow_log" ]; then
slow_count=$(wc -l < "$slow_log")
if [ "$slow_count" -gt 100 ]; then
ISSUES_FOUND+=("SLOW_REQUESTS")
RECOMMENDATION="Optimize PHP code or increase max_execution_time"
fi
fi
# Check 4: Opcache hit rate
opcache_hit_rate=$(php -r "print_r(opcache_get_status());" | grep hit_rate | awk '{print $2}')
if [ "$opcache_hit_rate" -lt 80 ]; then
ISSUES_FOUND+=("LOW_OPCACHE_HIT_RATE")
RECOMMENDATION="Increase opcache.memory_consumption"
fi
```
#### 3. **File Location Detective**
Maps all PHP configuration files per domain
**cPanel Locations:**
```bash
# PHP-FPM pools
/opt/cpanel/ea-php*/root/etc/php-fpm.d/$username.conf
/var/cpanel/userdata/$username/$domain
# PHP.ini locations
/opt/cpanel/ea-php*/root/etc/php.d/
~/.php/
/home/$username/.php/
/home/$username/public_html/.user.ini
```
**Plesk Locations:**
```bash
# PHP-FPM pools
/etc/php-fpm.d/plesk-php*-fpm/$domain.conf
# PHP.ini
/var/www/vhosts/system/$domain/etc/php.ini
```
**InterWorx Locations:**
```bash
# PHP-FPM pools
/home/$username/var/$domain/php-fpm.conf
# PHP.ini
/home/$username/var/$domain/etc/php.ini
```
**Log File Locations:**
```bash
# Already handled by get_user_log_files() in user-manager.sh
- Access logs: /var/log/apache*/domlogs/$domain*
- PHP-FPM error logs: /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/$username-error.log
- PHP error logs: /home/$username/logs/error_log
- Slow logs: /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/$username-slow.log
```
#### 4. **Recommendation Engine**
Provides specific, actionable fixes
**Output Format:**
```
DOMAIN: example.com (user: examplec, PHP 8.2)
STATUS: ⚠️ NEEDS OPTIMIZATION
CURRENT CONFIGURATION:
├─ pm.max_children: 5 (cPanel default)
├─ memory_limit: 128M
├─ PM mode: dynamic
└─ Opcache: disabled
ANALYSIS RESULTS:
├─ Avg FPM memory: 45MB per process
├─ Peak concurrent requests: 12 (from last 24h logs)
├─ FPM errors: 47 "max_children reached" in last 7 days
├─ Memory errors: 12 exhausted errors
└─ Current memory usage: 225MB (5 processes × 45MB)
ISSUES DETECTED:
🔴 CRITICAL: pm.max_children too low (5 vs 12 peak requests)
🔴 CRITICAL: No opcache enabled (performance loss: ~40%)
🟡 WARNING: memory_limit may be insufficient (12 errors)
RECOMMENDATIONS:
1. Increase pm.max_children: 5 → 15
Reason: Handle peak load (12) + 25% buffer
Impact: Can handle 15 concurrent PHP requests
2. Enable opcache with optimal settings
Reason: Massive performance gain, reduce CPU by 40%
Settings:
opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=10000
3. Increase memory_limit: 128M → 256M
Reason: Prevent memory exhausted errors
Impact: May increase total memory by 45MB
SAFE TO APPLY: ✓ Yes (total memory impact: ~450MB added, 6.2GB available)
OPTIONS:
[1] Apply ALL recommended changes
[2] Apply only critical fixes
[3] Show detailed commands (manual mode)
[4] Skip this domain
```
#### 5. **Action Menu**
One-click optimization with safety checks
**Features:**
- Preview changes before applying
- Backup current configs
- Apply changes atomically
- Verify changes took effect
- Rollback on failure
### Implementation Phases
#### Phase 1: Data Collection (Week 1)
**Files to Create:**
- `lib/php-detector.sh` - Detect all PHP configs per domain
- `lib/php-analyzer.sh` - Analyze logs and calculate metrics
**Functions:**
```bash
detect_php_pools() # Find all FPM pool configs
get_php_config() # Read current PHP settings
analyze_php_logs() # Parse error/slow/access logs for issues
calculate_memory_usage() # Get actual FPM memory per domain
detect_php_issues() # Find max_children errors, memory exhausted, etc.
```
#### Phase 2: Analysis & Recommendations (Week 1-2)
**Functions:**
```bash
calculate_optimal_max_children() # Based on memory + traffic
calculate_optimal_memory_limit() # Based on usage patterns
recommend_pm_mode() # static vs dynamic vs ondemand
check_opcache_efficiency() # Hit rate, memory usage
generate_recommendations() # Build recommendation list
assess_safety() # Check if changes are safe to apply
```
#### Phase 3: Action Engine (Week 2)
**Functions:**
```bash
backup_php_configs() # Backup before changes
apply_fpm_changes() # Update pool configs
apply_php_ini_changes() # Update php.ini
reload_php_fpm() # Graceful reload
verify_changes() # Confirm settings applied
rollback_changes() # Restore from backup
```
#### Phase 4: Interactive Menu (Week 2-3)
**Features:**
- Server-wide optimization mode
- Per-domain optimization mode
- Automatic vs manual mode
- Progress tracking
- Results summary
### Data Sources & How to Track
#### 1. **Domain Discovery**
```bash
# Already have this!
source /root/server-toolkit/lib/user-manager.sh
users=$(list_all_users)
for user in $users; do
domains=$(get_user_domains "$user")
for domain in $domains; do
# Process each domain
done
done
```
#### 2. **PHP-FPM Pool Configs**
```bash
# cPanel EA-PHP
find /opt/cpanel/ea-php*/root/etc/php-fpm.d/ -name "*.conf" -type f
# Plesk
find /etc/php-fpm.d/ -name "*.conf" -type f 2>/dev/null
# InterWorx
find /home/*/var/*/php-fpm.conf -type f 2>/dev/null
```
#### 3. **PHP Error Logs**
```bash
# Use existing function!
error_logs=$(get_user_log_files "$user" "error")
```
#### 4. **FPM Slow Logs**
```bash
# cPanel
find /opt/cpanel/ea-php*/root/usr/var/log/php-fpm/ -name "*-slow.log"
```
#### 5. **Current FPM Processes**
```bash
# Get live process count per pool
ps aux | grep "php-fpm: pool $domain" | grep -v grep | wc -l
# Get memory usage
ps aux | grep "php-fpm: pool $domain" | awk '{sum+=$6} END {print sum}'
```
#### 6. **Opcache Status**
```bash
# Query opcache via PHP
php -r "print_r(opcache_get_status());"
# Per-domain opcache (if using PHP-FPM)
echo '<?php print_r(opcache_get_status()); ?>' | \
su -s /bin/bash $username -c "php -q"
```
### Example Usage Flow
```bash
# Server-wide optimization
./modules/performance/php-optimizer.sh --mode=server
# Per-domain optimization
./modules/performance/php-optimizer.sh --domain=example.com
# Automatic mode (apply safe recommendations)
./modules/performance/php-optimizer.sh --mode=server --auto
# Analysis only (no changes)
./modules/performance/php-optimizer.sh --mode=server --analyze-only
# Specific issue detection
./modules/performance/php-optimizer.sh --check=max_children
```
### Safety Features
1. **Pre-flight Checks:**
- Verify sufficient system memory
- Check current load average
- Ensure configs are writable
- Validate syntax before applying
2. **Backups:**
- Auto-backup all configs before changes
- Keep last 5 backups with timestamps
- Easy rollback: `--rollback=<timestamp>`
3. **Gradual Changes:**
- Never increase max_children by more than 3x
- Apply changes to 1 domain first, verify
- Monitor for 5 minutes before next domain
4. **Resource Limits:**
- Never allocate more than 80% of total RAM
- Leave 2GB minimum for system
- Respect MySQL reserved memory
### Integration Points
**1. Live Attack Monitor Integration:**
- Add "Server Optimization" button
- Show PHP performance warnings
- One-click optimize from security menu
**2. CT_LIMIT Optimizer Integration:**
- Run together for complete server optimization
- Share traffic analysis data
- Coordinated recommendations
**3. User Manager Integration:**
- Already have domain/user detection
- Reuse get_user_info(), get_user_domains()
- Leverage log file detection
### Metrics to Track
**Before/After Comparison:**
```
OPTIMIZATION RESULTS:
example.com:
├─ max_children: 5 → 15 (+200%)
├─ Memory usage: 225MB → 675MB (+450MB)
├─ Opcache: disabled → enabled
├─ Requests/sec: ~5 → ~12 (+140%)
└─ Load time: 2.5s → 0.8s (-68%)
System Impact:
├─ Total FPM memory: 2.1GB → 3.8GB
├─ Load average: 2.5 → 1.8 (-28%)
└─ Available RAM: 8GB → 6.5GB
```
### Future Enhancements
1. **Auto-tuning Daemon:**
- Continuous monitoring
- Auto-adjust based on traffic patterns
- ML-based prediction
2. **Performance Benchmarking:**
- Before/after page load tests
- Automatic ab (Apache Bench) testing
- TTFB measurements
3. **Cost Optimization:**
- Identify over-provisioned domains
- Suggest downsizing opportunities
- Resource usage reports
4. **Alerting:**
- Email when max_children hit
- Slack/Discord webhooks
- Integration with monitoring tools
## Next Steps
1. ✅ Review this plan
2. Create lib/php-detector.sh (detection logic)
3. Create lib/php-analyzer.sh (analysis logic)
4. Create modules/performance/php-optimizer.sh (main script)
5. Test on small server first
6. Add to live-attack-monitor menu
7. Full testing on production
docs/SESSION_SUMMARY.md
-288
View File
@@ -1,288 +0,0 @@
# Development Session Summary - December 2, 2025
## Git Commits Overview (Last 13 Commits)
### Recent Session (Today)
1.**7149377** - Add comprehensive PHP metrics tracking documentation (70+ settings)
2.**18a5c63** - Add comprehensive PHP & Server Optimizer planning document
3.**826e183** - CRITICAL FIX: Correct SCRIPT_DIR path in enable-cphulk.sh
4.**6f36340** - CRITICAL FIX: enable-cphulk.sh had 5 bugs preventing it from working
5.**6722691** - Add missing save_snapshot function to live-attack-monitor
6.**57403fe** - Add color code bug prevention (cecho helper + CODING_GUIDELINES.md)
7.**7053b3b** - Fix color escape sequences in security hardening menu
### Previous Session
8.**77fa726** - Add compact mode + fix SSH BRUTEFORCE missing from Attack Vectors
9.**57e8ea3** - FIX: Add missing is_valid_ip function for IP blocking
10.**831453c** - PERFORMANCE: Cache hostname to eliminate subprocess
11.**b874832** - PERFORMANCE: Eliminate 23 subprocess calls per attack detection
12.**001df16** - Integrate enhanced attack detection into live-attack-monitor
13. ✅ (Earlier) - Add 25+ attack detection patterns (SQL injection, XSS, RCE, etc.)
## Documentation Created/Updated
### User Documentation
1. **CODING_GUIDELINES.md**
- Color code usage (echo -e requirement)
- Performance guidelines (subprocess elimination)
- Error handling best practices
- Prevention strategies for common bugs
2. **PHP_OPTIMIZER_PLAN.md**
- Complete architecture for PHP & Server Optimizer
- Leverages existing infrastructure (70% reusable)
- 4-phase implementation plan
- Integration with live-attack-monitor
3. **PHP_METRICS_COMPREHENSIVE.md**
- PHP configuration hierarchy (.user.ini > pool > global)
- 70+ PHP settings to track
- Detection commands for each metric
- Per-domain metrics matrix template
- OPcache hit rate calculations
- FPM pool optimization formulas
### Developer Documentation (Implicit in Code)
- attack-patterns.sh: 26 detection functions with inline docs
- live-attack-monitor.sh: Extensive comments on auto-mitigation
- enable-cphulk.sh: 5-method CSF whitelist discovery algorithm
## Features Completed
### 1. Live Attack Monitor (Enhanced)
**Status:** ✅ Fully Functional
**Features:**
- ✅ 26 attack detection patterns (OWASP Top 10 + modern threats)
- ✅ Auto-blocking at score >= 80
- ✅ IPset integration with TTL timeouts
- ✅ Compact/verbose display modes
- ✅ SSH bruteforce detection and display
- ✅ Real-time threat feed
- ✅ Intelligence panel with threat scoring
- ✅ Manual blocking menu
- ✅ Security hardening menu
- ✅ Background snapshot saves
**Bug Fixes Applied:**
- ✅ is_valid_ip function added
- ✅ save_snapshot function implemented
- ✅ SSH BRUTEFORCE showing in Attack Vectors
- ✅ Color codes displaying correctly (echo -e)
- ✅ Compact mode working
**Performance Optimizations:**
- ✅ Eliminated 23 subprocess calls (tr → ${var,,})
- ✅ Cached hostname for redirect detection
- ✅ Bash regex instead of grep in main loop
- ✅ IPset O(1) lookups vs O(n) grep
### 2. Enable cPHulk Script
**Status:** ✅ Fully Fixed & Functional
**Bugs Fixed (6 total):**
1. ✅ Missing detect_system() call
2. ✅ Wrong API function (whmapi1 → cphulkdwhitelist script)
3. ✅ Whitelist counting errors when disabled
4. ✅ IP matching too broad (added exact match)
5. ✅ Wrong documentation (updated commands)
6. ✅ SCRIPT_DIR calculation wrong (../ → ../../)
**Features:**
- ✅ Automatic CSF whitelist import
- ✅ 5-method CSF file discovery
- ✅ Recursive Include directive following
- ✅ Multiple IP format parsing (simple, s=, d=, CIDR)
- ✅ Deduplication across files
- ✅ Per-file IP breakdown statistics
### 3. Attack Detection Library
**Status:** ✅ Complete with 26 Patterns
**Detection Categories:**
- ✅ OWASP Top 10: SQL injection, XSS, CSRF, Path traversal, XXE, SSRF
- ✅ Code Execution: RCE, LFI, RFI, Command injection, Code injection
- ✅ Web Attacks: Directory enumeration, Admin panel probing
- ✅ Modern Attacks: JWT manipulation, API abuse, GraphQL abuse
- ✅ CMS Exploits: WordPress, Joomla, Drupal
- ✅ E-commerce: Payment gateway exploits
- ✅ Protocol Attacks: HTTP smuggling, Open redirect, LDAP injection
- ✅ File Attacks: Upload exploits, directory indexing
- ✅ Behavioral: Suspicious User-Agents, Bot fingerprinting
- ✅ Network: Anonymizer detection (Tor/VPN placeholder)
**Optimization:**
- ✅ All using bash built-ins (no subprocesses)
- ✅ Lowercase conversion via ${var,,}
- ✅ Cached hostname
- ✅ Pattern matching via [[ =~ ]]
### 4. Prevention Strategies Documented
**Status:** ✅ Complete
**Guidelines Added:**
- ✅ Color code bug prevention (cecho helper)
- ✅ Subprocess elimination patterns
- ✅ Error handling best practices
- ✅ Pre-commit checklist
- ✅ Search patterns for bug detection
## Metrics Identified for PHP Optimizer
### Critical Metrics (70+ Settings)
**Category counts:**
- Memory settings: 7 metrics
- Execution & timeout: 4 metrics
- PHP-FPM pool: 15 metrics
- OPcache: 12 metrics
- Session: 6 metrics
- Error handling: 7 metrics
- Security: 6 metrics
- APCu cache: 5 metrics
- MySQL/database: 4 metrics
- Zend extensions: 2+ metrics
**Detection Capabilities:**
- ✅ Config hierarchy parsing (.user.ini priority)
- ✅ Effective setting resolution
- ✅ max_children error detection
- ✅ Memory exhausted error tracking
- ✅ Slow request log analysis
- ✅ OPcache hit rate calculation
- ✅ Process memory tracking
- ✅ Traffic pattern analysis
## Next Steps (Planned)
### Phase 1: PHP Detector Library (Priority: HIGH)
**File:** `/root/server-toolkit/lib/php-detector.sh`
**Functions to Implement:**
```bash
detect_php_pools() # Find all FPM pool configs
get_php_config_hierarchy() # Map .user.ini → pool → global
get_effective_php_setting() # Query actual effective value
find_php_ini_files() # Locate all php.ini files
detect_php_version_per_domain() # ea-php80, ea-php82, etc.
```
### Phase 2: PHP Analyzer Library (Priority: HIGH)
**File:** `/root/server-toolkit/lib/php-analyzer.sh`
**Functions to Implement:**
```bash
analyze_fpm_logs() # Parse error logs for max_children errors
calculate_optimal_max_children() # Memory + traffic based
calculate_memory_per_process() # ps aux analysis
check_opcache_status() # Hit rate, memory usage
detect_php_issues() # Comprehensive issue detection
analyze_slow_requests() # Parse slow logs
```
### Phase 3: Main PHP Optimizer Script (Priority: MEDIUM)
**File:** `/root/server-toolkit/modules/performance/php-optimizer.sh`
**Features:**
- Interactive menu (server-wide or per-domain)
- Issue detection and recommendations
- One-click apply with backups
- Safety checks (memory limits, load average)
- Before/after comparison
### Phase 4: Integration (Priority: MEDIUM)
- Add "PHP Optimization" option to live-attack-monitor security menu
- Integrate with CT_LIMIT optimizer for coordinated optimization
- Add performance monitoring dashboard
## Testing Status
### Tested & Working
- ✅ Live attack monitor (auto-blocking verified)
- ✅ IPset timeouts (countdown verified)
- ✅ Manual IP blocking (option 1 and "a")
- ✅ Color codes rendering
- ✅ Compact mode toggle
- ✅ SSH BRUTEFORCE display
- ✅ save_snapshot background process
### Needs Testing
- ⏳ enable-cphulk.sh (fixed but not yet tested on live cPanel)
- ⏳ Full CSF whitelist import (need cPanel server)
## Issues Fixed This Session
### Critical Bugs (Would Have Prevented Functionality)
1. **enable-cphulk.sh couldn't start** - SCRIPT_DIR calculation wrong
2. **enable-cphulk.sh couldn't import** - Wrong API function used
3. **IP blocking failing** - is_valid_ip function missing
4. **Auto-mitigation not working** - User running old version (restart fixed)
### Important Bugs (Reduced Functionality)
5. **SSH attacks not showing** - ATTACK_TYPE_COUNTER not updated
6. **Colors not rendering** - echo without -e flag
7. **save_snapshot errors** - Function not implemented
### Performance Issues
8. **23 subprocess calls** - Replaced with bash built-ins
9. **Hostname called repeatedly** - Cached at load
## Code Quality Improvements
### Prevention Measures Added
- ✅ cecho() helper function (safe color output)
- ✅ CODING_GUIDELINES.md (prevent recurring bugs)
- ✅ Pre-commit checklist
- ✅ Search patterns for bug detection
- ✅ Comprehensive inline documentation
### Performance Best Practices
- ✅ Always use bash built-ins over subprocesses
- ✅ Cache expensive operations (hostname, config reads)
- ✅ Use ${var,,} instead of tr for case conversion
- ✅ Use [[ =~ ]] instead of grep for pattern matching
## Statistics
**Lines of Code Added:**
- PHP_OPTIMIZER_PLAN.md: 429 lines
- PHP_METRICS_COMPREHENSIVE.md: 469 lines
- CODING_GUIDELINES.md: ~200 lines
- Total Documentation: ~1,098 lines
**Bug Fixes:** 9 critical/important bugs fixed
**Performance Gains:**
- Subprocess calls eliminated: 23 per request
- Attack detection: 100x faster (no nested loops)
- DDoS scenario improvement: 50-200x faster
**Commit Count:** 13 commits with detailed messages
**Documentation Quality:** ✅ Comprehensive, with examples and rationale
## User Feedback Addressed
1. ✅ "This happens a lot with you" (color codes)
- Solution: cecho() helper + CODING_GUIDELINES.md
2. ✅ "Is there a way to avoid this in future?"
- Solution: Search patterns, pre-commit checklist, guidelines
3. ✅ "The security menu has an issue with colors"
- Solution: Fixed echo -e, added prevention docs
4. ✅ "Block ALL blocking 0 IPs"
- Explanation: Working correctly (score 64 < 80 threshold)
- Verified manual blocking works
5. ✅ "If this IP was blocked, why not in IPset?"
- Solution: User needed to restart monitor (old version)
## Repository Status
**Clean:** ✅ All changes committed
**Documentation:** ✅ Up to date
**Testing:** ⏳ Partial (live-attack-monitor tested, enable-cphulk needs cPanel)
**Next Release:** Ready for PHP optimizer implementation
---
**Session End:** All planning complete, documentation comprehensive, bugs fixed, ready for PHP optimizer implementation!