summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJon Pugh2016-08-21 10:16:59 -0400
committerJon Pugh2016-08-21 10:16:59 -0400
commitb97d16a79ddec8c54f4e87c3eae80d47665eb56a (patch)
tree985f5a55511ac38837cdcb55e60a48f40d33ee15
parent4b818613d5351f4aeab736903977068f0e4b49b2 (diff)
parent6efbda0fdcd9e6c0e4228543af6f50f0a71e87c9 (diff)
Merge branch '7.x-3.x' into decouple-installdecouple-install
-rw-r--r--.travis.yml49
-rw-r--r--Provision/Config/Drupal/Settings.php2
-rw-r--r--Provision/Config/Drupal/provision_drupal_settings_7.tpl.php4
-rw-r--r--Provision/Config/Drupal/provision_drupal_settings_8.tpl.php1
-rw-r--r--Provision/FileSystem.php3
-rw-r--r--db/Provision/Service/db.php23
-rw-r--r--db/Provision/Service/db/mysql.php33
-rw-r--r--debian/changelog7
-rw-r--r--http/Provision/Config/Nginx/Inc/vhost_include.tpl.php37
-rw-r--r--http/Provision/Config/Nginx/Ssl/vhost_ssl.tpl.php4
-rw-r--r--http/Provision/Config/Nginx/server.tpl.php7
-rw-r--r--http/Provision/Config/Nginx/subdir.tpl.php39
-rw-r--r--http/Provision/Config/Nginx/vhost.tpl.php4
-rw-r--r--http/Provision/Service/http/nginx.php90
-rw-r--r--http/Provision/Service/http/nginx/ssl.php21
-rw-r--r--platform/backup.provision.inc28
-rw-r--r--platform/deploy.provision.inc8
-rwxr-xr-xrelease.sh2
18 files changed, 296 insertions, 66 deletions
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..061dbf3
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,49 @@
+language: generic
+
+sudo: required
+
+# Only run test when committing to master branch.
+branches:
+ only:
+ - 7.x-3.x
+
+env:
+ global:
+ - AEGIR_HOSTING_VERSION=7.x-3.x
+ - AEGIR_TESTS_VERSION=master
+
+#env:
+# - test: Ubuntu 14.04 Apache
+# distribution: ubuntu
+# version: 14.04
+# init: /sbin/init
+# run_opts: ""
+
+addons:
+ hosts:
+ - aegir.local.computer
+ - sitetest.aegir.local.computer
+
+services:
+ - docker
+
+
+before_install:
+
+ # Get test scripts
+ - git clone http://github.com/aegir-project/tests.git /home/travis/build/aegir-project/tests
+ - cd /home/travis/build/aegir-project/tests
+ - git checkout $AEGIR_TESTS_VERSION
+
+ # Run docker prepare script.
+ - cd /home/travis/build/aegir-project/tests/travis
+ - sudo bash prepare-docker.sh
+
+ # Get aegir/hostmaster and database images.
+ - sudo docker pull aegir/hostmaster:local
+ - sudo docker pull mariadb
+
+script:
+
+ # Tests are included in the docker-compose.yml file in the tests repo.
+ - sudo docker-compose -f docker-compose-provision.yml run hostmaster --rm
diff --git a/Provision/Config/Drupal/Settings.php b/Provision/Config/Drupal/Settings.php
index b556894..1e90fa4 100644
--- a/Provision/Config/Drupal/Settings.php
+++ b/Provision/Config/Drupal/Settings.php
@@ -21,6 +21,8 @@ class Provision_Config_Drupal_Settings extends Provision_Config {
$this->data['file_directory_temp_var'] = 'file_temporary_path';
$this->data['file_directory_private_var'] = 'file_private_path';
$this->data['drupal_hash_salt_var'] = 'empty';
+ $this->data['utf8mb4_is_configurable'] = version_compare(drush_drupal_version(), '7.50', '>=');
+ $this->data['utf8mb4_is_supported'] = $this->db_server->utf8mb4_is_supported;
}
else {
$this->data['file_directory_path_var'] = 'file_directory_path';
diff --git a/Provision/Config/Drupal/provision_drupal_settings_7.tpl.php b/Provision/Config/Drupal/provision_drupal_settings_7.tpl.php
index 9e8dc81..049a2da 100644
--- a/Provision/Config/Drupal/provision_drupal_settings_7.tpl.php
+++ b/Provision/Config/Drupal/provision_drupal_settings_7.tpl.php
@@ -48,6 +48,10 @@ if (isset($_SERVER['db_name'])) {
* should probably be fixed in Drush.
*/
'port' => (string) $_SERVER['db_port'],
+<?php if ($utf8mb4_is_configurable && $utf8mb4_is_supported): ?>
+ 'charset' => 'utf8mb4',
+ 'collation' => 'utf8mb4_general_ci',
+<?php endif; ?>
);
$db_url['default'] = $_SERVER['db_type'] . '://' . $_SERVER['db_user'] . ':' . $_SERVER['db_passwd'] . '@' . $_SERVER['db_host'] . ':' . $_SERVER['db_port'] . '/' . $_SERVER['db_name'];
}
diff --git a/Provision/Config/Drupal/provision_drupal_settings_8.tpl.php b/Provision/Config/Drupal/provision_drupal_settings_8.tpl.php
index 4d33126..041bb5e 100644
--- a/Provision/Config/Drupal/provision_drupal_settings_8.tpl.php
+++ b/Provision/Config/Drupal/provision_drupal_settings_8.tpl.php
@@ -48,6 +48,7 @@ if (isset($_SERVER['db_name'])) {
* should probably be fixed in Drush.
*/
'port' => (string) $_SERVER['db_port'],
+ 'collation' => 'utf8mb4_general_ci',
);
$db_url['default'] = $_SERVER['db_type'] . '://' . $_SERVER['db_user'] . ':' . $_SERVER['db_passwd'] . '@' . $_SERVER['db_host'] . ':' . $_SERVER['db_port'] . '/' . $_SERVER['db_name'];
}
diff --git a/Provision/FileSystem.php b/Provision/FileSystem.php
index dfe7ad6..6fe36dc 100644
--- a/Provision/FileSystem.php
+++ b/Provision/FileSystem.php
@@ -300,6 +300,9 @@ class Provision_FileSystem extends Provision_ChainedState {
// same here: some do not support -z
$command = 'gunzip -c %s | tar pxf -';
}
+ elseif (substr($path, -2) == 'bz2') {
+ $command = 'bunzip -c %s | tar pxf -';
+ }
else {
$command = 'tar -pxf %s';
}
diff --git a/db/Provision/Service/db.php b/db/Provision/Service/db.php
index 026f7d2..bce81db 100644
--- a/db/Provision/Service/db.php
+++ b/db/Provision/Service/db.php
@@ -21,11 +21,17 @@ class Provision_Service_db extends Provision_Service {
function init_server() {
parent::init_server();
$this->server->setProperty('master_db');
+ $this->server->setProperty('utf8mb4_is_supported', FALSE);
$this->creds = array_map('urldecode', parse_url($this->server->master_db));
return TRUE;
}
+ function save_server() {
+ // Check database 4 byte UTF-8 support and save it for later.
+ $this->server->utf8mb4_is_supported = $this->utf8mb4_is_supported();
+ }
+
/**
* Verifies database connection and commands
*/
@@ -43,6 +49,12 @@ class Provision_Service_db extends Provision_Service {
else {
drush_set_error('PROVISION_GRANT_DB_USER_FAILED');
}
+ if ($this->server->utf8mb4_is_supported) {
+ drush_log(dt('Provision can activate multi-byte UTF-8 support on Drupal 7 sites.'), 'success');
+ }
+ else {
+ drush_log(dt('Multi-byte UTF-8 for Drupal 7 is not supported on your system. See the <a href="@url">documentation on adding 4 byte UTF-8 support</a> for more information.', array('@url' => 'https://www.drupal.org/node/2754539')), 'warning');
+ }
} else {
drush_set_error('PROVISION_CONNECT_DB_FAILED');
}
@@ -240,4 +252,15 @@ class Provision_Service_db extends Provision_Service {
function grant_host(Provision_Context_server $server) {
return $server->remote_host;
}
+
+ /**
+ * Checks whether utf8mb4 support is available on the current database system.
+ *
+ * @return bool
+ */
+ function utf8mb4_is_supported() {
+ // By default we assume that the database backend may not support 4 byte
+ // UTF-8.
+ return FALSE;
+ }
}
diff --git a/db/Provision/Service/db/mysql.php b/db/Provision/Service/db/mysql.php
index 582a718..ffda0eb 100644
--- a/db/Provision/Service/db/mysql.php
+++ b/db/Provision/Service/db/mysql.php
@@ -303,4 +303,37 @@ port=%s
}
return ($return_value == 0);
}
+
+ function utf8mb4_is_supported() {
+ // Ensure that provision can connect to the database.
+ if (!$this->connect()) {
+ return FALSE;
+ }
+
+ // Ensure that the MySQL driver supports utf8mb4 encoding.
+ $version = $this->conn->getAttribute(PDO::ATTR_CLIENT_VERSION);
+ if (strpos($version, 'mysqlnd') !== FALSE) {
+ // The mysqlnd driver supports utf8mb4 starting at version 5.0.9.
+ $version = preg_replace('/^\D+([\d.]+).*/', '$1', $version);
+ if (version_compare($version, '5.0.9', '<')) {
+ return FALSE;
+ }
+ }
+ else {
+ // The libmysqlclient driver supports utf8mb4 starting at version 5.5.3.
+ if (version_compare($version, '5.5.3', '<')) {
+ return FALSE;
+ }
+ }
+
+ // Ensure that the MySQL server supports large prefixes and utf8mb4.
+ $dbname = uniqid(drush_get_option('aegir_db_prefix', 'site_'));
+ $this->create_database($dbname);
+ $success = $this->query("CREATE TABLE `%s`.`drupal_utf8mb4_test` (id VARCHAR(255), PRIMARY KEY(id(255))) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci ROW_FORMAT=DYNAMIC", $dbname);
+ if (!$this->drop_database($dbname)) {
+ drush_log(dt("Failed to drop database @dbname", array('@dbname' => $dbname)), 'warning');
+ }
+
+ return ($success !== FALSE);
+ }
}
diff --git a/debian/changelog b/debian/changelog
index e32c5e6..68bcde6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+aegir3-provision (3.7) unstable; urgency=medium
+
+ * Eighth stable release of the 3.x series.
+ * Many bugfixes and UI improvements, see http://aegir.readthedocs.org/en/3.x/release-notes/3.7
+
+ -- Herman van Rink <helmo@initfour.nl> Wed, 17 Aug 2016 13:33:37 +0200
+
aegir3-provision (3.6) unstable; urgency=medium
* Seventh stable release of the 3.x series.
diff --git a/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php b/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
index 6785d08..16f4e34 100644
--- a/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
+++ b/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
@@ -19,11 +19,20 @@ if (!$phpfpm_mode && $server->phpfpm_mode) {
$phpfpm_mode = $server->phpfpm_mode;
}
+// We can use $server here once we have proper inheritance.
+// See Provision_Service_http_nginx_ssl for details.
+$phpfpm_socket_path = Provision_Service_http_nginx::getPhpFpmSocketPath();
+
$nginx_is_modern = drush_get_option('nginx_is_modern');
if (!$nginx_is_modern && $server->nginx_is_modern) {
$nginx_is_modern = $server->nginx_is_modern;
}
+$nginx_has_etag = drush_get_option('nginx_has_etag');
+if (!$nginx_has_etag && $server->nginx_has_etag) {
+ $nginx_has_etag = $server->nginx_has_etag;
+}
+
$nginx_has_http2 = drush_get_option('nginx_has_http2');
if (!$nginx_has_http2 && $server->nginx_has_http2) {
$nginx_has_http2 = $server->nginx_has_http2;
@@ -164,7 +173,11 @@ location ^~ /cdn/farfuture/ {
tcp_nodelay off;
access_log off;
log_not_found off;
+<?php if ($nginx_has_etag): ?>
etag off;
+<?php else: ?>
+ add_header ETag "";
+<?php endif; ?>
gzip_http_version 1.0;
if_modified_since exact;
set $nocache_details "Skip";
@@ -227,7 +240,7 @@ location = /fpm-status {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -243,7 +256,7 @@ location = /fpm-ping {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
<?php endif; ?>
@@ -266,7 +279,7 @@ location = /cron.php {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -658,7 +671,7 @@ location ~* wysiwyg_fields/(?:plugins|scripts)/.*\.(?:js|css) {
location ~* files/advagg_(?:css|js)/ {
expires max;
access_log off;
-<?php if ($nginx_is_modern): ?>
+<?php if ($nginx_has_etag): ?>
etag off;
<?php else: ?>
add_header ETag "";
@@ -915,7 +928,7 @@ location ~* /(?:modules|libraries)/(?:contrib/)?(?:ad|tinybrowser|f?ckeditor|tin
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -1054,7 +1067,6 @@ location ~ ^/(?<esi>esi/.*)"$ {
add_header X-GeoIP-Country-Name "$geoip_country_name";
add_header X-This-Proto "$http_x_forwarded_proto";
add_header X-Server-Name "$main_site_name";
- add_header X-Response-Status "$status";
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
###
### Set correct, local $uri.
@@ -1066,7 +1078,7 @@ location ~ ^/(?<esi>esi/.*)"$ {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
###
### Use Nginx cache for all visitors.
@@ -1078,7 +1090,7 @@ location ~ ^/(?<esi>esi/.*)"$ {
fastcgi_cache speed;
fastcgi_cache_methods GET HEAD;
fastcgi_cache_min_uses 1;
- fastcgi_cache_key "$is_bot$device$host$request_method$uri$is_args$args$cache_uid$http_x_forwarded_proto$status";
+ fastcgi_cache_key "$is_bot$device$host$request_method$uri$is_args$args$cache_uid$http_x_forwarded_proto";
fastcgi_cache_valid 200 301 404 5s;
fastcgi_cache_valid 302 1m;
fastcgi_cache_lock on;
@@ -1209,7 +1221,6 @@ location = /index.php {
add_header X-NoCache "$nocache_details";
add_header X-This-Proto "$http_x_forwarded_proto";
add_header X-Server-Name "$main_site_name";
- add_header X-Response-Status "$status";
<?php endif; ?>
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
tcp_nopush off;
@@ -1220,7 +1231,7 @@ location = /index.php {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
<?php if ($nginx_has_upload_progress): ?>
track_uploads uploads 60s; ### required for upload progress
@@ -1235,7 +1246,7 @@ location = /index.php {
fastcgi_cache speed;
fastcgi_cache_methods GET HEAD; ### Nginx default, but added for clarity
fastcgi_cache_min_uses 1;
- fastcgi_cache_key "$is_bot$device$host$request_method$key_uri$cache_uid$http_x_forwarded_proto$sent_http_x_local_proto$cookie_respimg$status";
+ fastcgi_cache_key "$is_bot$device$host$request_method$key_uri$cache_uid$http_x_forwarded_proto$sent_http_x_local_proto$cookie_respimg";
fastcgi_cache_valid 200 10s;
fastcgi_cache_valid 302 1m;
fastcgi_cache_valid 301 403 404 5s;
@@ -1274,7 +1285,7 @@ location ~* ^/(?:index|cron|boost_stats|update|authorize|xmlrpc)\.php$ {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -1304,7 +1315,7 @@ location @allowupdate {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
<?php endif; ?>
diff --git a/http/Provision/Config/Nginx/Ssl/vhost_ssl.tpl.php b/http/Provision/Config/Nginx/Ssl/vhost_ssl.tpl.php
index 9d032b3..772171d 100644
--- a/http/Provision/Config/Nginx/Ssl/vhost_ssl.tpl.php
+++ b/http/Provision/Config/Nginx/Ssl/vhost_ssl.tpl.php
@@ -58,6 +58,10 @@ server {
server {
include fastcgi_params;
+
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param MAIN_SITE_NAME <?php print $this->uri; ?>;
set $main_site_name "<?php print $this->uri; ?>";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
diff --git a/http/Provision/Config/Nginx/server.tpl.php b/http/Provision/Config/Nginx/server.tpl.php
index f436369..256f71f 100644
--- a/http/Provision/Config/Nginx/server.tpl.php
+++ b/http/Provision/Config/Nginx/server.tpl.php
@@ -30,6 +30,11 @@ if (!$nginx_is_modern && $server->nginx_is_modern) {
$nginx_is_modern = $server->nginx_is_modern;
}
+$nginx_has_etag = drush_get_option('nginx_has_etag');
+if (!$nginx_has_etag && $server->nginx_has_etag) {
+ $nginx_has_etag = $server->nginx_has_etag;
+}
+
$nginx_has_http2 = drush_get_option('nginx_has_http2');
if (!$nginx_has_http2 && $server->nginx_has_http2) {
$nginx_has_http2 = $server->nginx_has_http2;
@@ -92,6 +97,8 @@ if ($nginx_has_upload_progress) {
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_index index.php;
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
<?php endif; ?>
## Size Limits
diff --git a/http/Provision/Config/Nginx/subdir.tpl.php b/http/Provision/Config/Nginx/subdir.tpl.php
index e9638ab..ca65cbe 100644
--- a/http/Provision/Config/Nginx/subdir.tpl.php
+++ b/http/Provision/Config/Nginx/subdir.tpl.php
@@ -19,11 +19,20 @@ if (!$phpfpm_mode && $server->phpfpm_mode) {
$phpfpm_mode = $server->phpfpm_mode;
}
+// We can use $server here once we have proper inheritance.
+// See Provision_Service_http_nginx_ssl for details.
+$phpfpm_socket_path = Provision_Service_http_nginx::getPhpFpmSocketPath();
+
$nginx_is_modern = drush_get_option('nginx_is_modern');
if (!$nginx_is_modern && $server->nginx_is_modern) {
$nginx_is_modern = $server->nginx_is_modern;
}
+$nginx_has_etag = drush_get_option('nginx_has_etag');
+if (!$nginx_has_etag && $server->nginx_has_etag) {
+ $nginx_has_etag = $server->nginx_has_etag;
+}
+
$nginx_has_http2 = drush_get_option('nginx_has_http2');
if (!$nginx_has_http2 && $server->nginx_has_http2) {
$nginx_has_http2 = $server->nginx_has_http2;
@@ -282,6 +291,9 @@ location ^~ /<?php print $subdir; ?> {
include fastcgi_params;
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param db_type <?php print urlencode($db_type); ?>;
fastcgi_param db_name <?php print urlencode($db_name); ?>;
fastcgi_param db_user <?php print urlencode($db_user); ?>;
@@ -312,7 +324,7 @@ location ^~ /<?php print $subdir; ?> {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -643,7 +655,7 @@ location ^~ /<?php print $subdir; ?> {
location ~* ^/<?php print $subdir; ?>/(.*/files/advagg_(?:css|js).*) {
expires max;
access_log off;
-<?php if ($nginx_is_modern): ?>
+<?php if ($nginx_has_etag): ?>
etag off;
<?php else: ?>
add_header ETag "";
@@ -745,6 +757,9 @@ location ^~ /<?php print $subdir; ?> {
include fastcgi_params;
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param db_type <?php print urlencode($db_type); ?>;
fastcgi_param db_name <?php print urlencode($db_name); ?>;
fastcgi_param db_user <?php print urlencode($db_user); ?>;
@@ -775,7 +790,7 @@ location ^~ /<?php print $subdir; ?> {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -944,6 +959,9 @@ location ^~ /<?php print $subdir; ?> {
include fastcgi_params;
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param db_type <?php print urlencode($db_type); ?>;
fastcgi_param db_name <?php print urlencode($db_name); ?>;
fastcgi_param db_user <?php print urlencode($db_user); ?>;
@@ -971,7 +989,7 @@ location ^~ /<?php print $subdir; ?> {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
@@ -1013,13 +1031,15 @@ location ^~ /<?php print $subdir; ?> {
add_header X-NoCache "$nocache_details";
add_header X-This-Proto "$http_x_forwarded_proto";
add_header X-Server-Sub-Name "$subdir_main_site_name";
- add_header X-Response-Status "$status";
<?php endif; ?>
root <?php print "{$this->root}"; ?>;
include fastcgi_params;
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param db_type <?php print urlencode($db_type); ?>;
fastcgi_param db_name <?php print urlencode($db_name); ?>;
fastcgi_param db_user <?php print urlencode($db_user); ?>;
@@ -1047,7 +1067,7 @@ location ^~ /<?php print $subdir; ?> {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
<?php if ($nginx_has_upload_progress): ?>
track_uploads uploads 60s; ### required for upload progress
@@ -1063,7 +1083,7 @@ location ^~ /<?php print $subdir; ?> {
fastcgi_cache speed;
fastcgi_cache_methods GET HEAD; ### Nginx default, but added for clarity
fastcgi_cache_min_uses 1;
- fastcgi_cache_key "$is_bot$device$host$request_method$key_uri$cache_uid$http_x_forwarded_proto$sent_http_x_local_proto$cookie_respimg$status";
+ fastcgi_cache_key "$is_bot$device$host$request_method$key_uri$cache_uid$http_x_forwarded_proto$sent_http_x_local_proto$cookie_respimg";
fastcgi_cache_valid 200 10s;
fastcgi_cache_valid 302 1m;
fastcgi_cache_valid 301 403 404 5s;
@@ -1165,6 +1185,9 @@ location @allowupdate_<?php print $subdir_loc; ?> {
<?php endif; ?>
include fastcgi_params;
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param db_type <?php print urlencode($db_type); ?>;
fastcgi_param db_name <?php print urlencode($db_name); ?>;
fastcgi_param db_user <?php print urlencode($db_user); ?>;
@@ -1192,7 +1215,7 @@ location @allowupdate_<?php print $subdir_loc; ?> {
<?php elseif ($phpfpm_mode == 'port'): ?>
fastcgi_pass 127.0.0.1:9000;
<?php else: ?>
- fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_pass unix:<?php print $phpfpm_socket_path; ?>;
<?php endif; ?>
}
<?php endif; ?>
diff --git a/http/Provision/Config/Nginx/vhost.tpl.php b/http/Provision/Config/Nginx/vhost.tpl.php
index b69d2b4..654c86e 100644
--- a/http/Provision/Config/Nginx/vhost.tpl.php
+++ b/http/Provision/Config/Nginx/vhost.tpl.php
@@ -24,6 +24,10 @@ if ($this->redirection) {
server {
include fastcgi_params;
+
+ # Block https://httpoxy.org/ attacks.
+ fastcgi_param HTTP_PROXY "";
+
fastcgi_param MAIN_SITE_NAME <?php print $this->uri; ?>;
set $main_site_name "<?php print $this->uri; ?>";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
diff --git a/http/Provision/Service/http/nginx.php b/http/Provision/Service/http/nginx.php
index e146a1f..0711850 100644
--- a/http/Provision/Service/http/nginx.php
+++ b/http/Provision/Service/http/nginx.php
@@ -1,6 +1,11 @@
<?php
class Provision_Service_http_nginx extends Provision_Service_http_public {
+
+ // Define socket file locations for various PHP versions.
+ const SOCKET_PATH_PHP5 = '/var/run/php5-fpm.sock';
+ const SOCKET_PATH_PHP7 = '/var/run/php/php7.0-fpm.sock';
+
protected $application_name = 'nginx';
protected $has_restart_cmd = TRUE;
@@ -19,6 +24,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
$this->configs['site'][] = 'Provision_Config_Nginx_Site';
$this->server->setProperty('nginx_config_mode', 'extended');
$this->server->setProperty('nginx_is_modern', FALSE);
+ $this->server->setProperty('nginx_has_etag', FALSE);
$this->server->setProperty('nginx_has_http2', FALSE);
$this->server->setProperty('nginx_has_gzip', FALSE);
$this->server->setProperty('nginx_has_upload_progress', FALSE);
@@ -55,6 +61,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
// Check if some nginx features are supported and save them for later.
$this->server->shell_exec($path . ' -V');
$this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9|[1-9][0-9]+)\.))/", implode('', drush_shell_exec_output()), $match);
+ $this->server->nginx_has_etag = preg_match("/nginx\/1\.([12][0-9]|[3]\.([12][0-9]|[3-9]))/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_http2 = preg_match("/http_v2_module/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
@@ -71,14 +78,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
}
// Check if there is php-fpm listening on unix socket, otherwise use port 9000 to connect
- if (provision_file()->exists('/var/run/php5-fpm.sock')->status()) {
- $this->server->phpfpm_mode = 'socket';
- drush_log(dt('PHP-FPM unix socket mode detected -SAVE- YES socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
- else {
- $this->server->phpfpm_mode = 'port';
- drush_log(dt('PHP-FPM port mode detected -SAVE- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
+ $this->server->phpfpm_mode = $this->getPhpFpmMode('save');
// Check if there is BOA specific global.inc file to enable extra Nginx locations
if (provision_file()->exists('/data/conf/global.inc')->status()) {
@@ -117,6 +117,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
// Check if some nginx features are supported and save them for later.
$this->server->shell_exec($path . ' -V');
$this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9|[1-9][0-9]+)\.))/", implode('', drush_shell_exec_output()), $match);
+ $this->server->nginx_has_etag = preg_match("/nginx\/1\.([12][0-9]|[3]\.([12][0-9]|[3-9]))/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_http2 = preg_match("/http_v2_module/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
@@ -133,14 +134,7 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
}
// Check if there is php-fpm listening on unix socket, otherwise use port 9000 to connect
- if (provision_file()->exists('/var/run/php5-fpm.sock')->status()) {
- $this->server->phpfpm_mode = 'socket';
- drush_log(dt('PHP-FPM unix socket mode detected -VERIFY- YES socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
- else {
- $this->server->phpfpm_mode = 'port';
- drush_log(dt('PHP-FPM port mode detected -VERIFY- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
+ $this->server->phpfpm_mode = $this->getPhpFpmMode('verify');
// Check if there is BOA specific global.inc file to enable extra Nginx locations
if (provision_file()->exists('/data/conf/global.inc')->status()) {
@@ -162,6 +156,70 @@ class Provision_Service_http_nginx extends Provision_Service_http_public {
}
/**
+ * Determines the PHP FPM mode.
+ *
+ * @param string $server_task
+ * The server task type for logging purposes. Leave blank to skip logging.
+ * @return string
+ * The mode, either 'socket' or 'port'.
+ */
+ public static function getPhpFpmMode($server_task = NULL) {
+
+ // Search for socket files or fall back to port mode.
+ switch (TRUE) {
+ case provision_file()->exists(self::SOCKET_PATH_PHP5)->status():
+ $mode = 'socket';
+ $socket_path = self::SOCKET_PATH_PHP5;
+ break;
+ case provision_file()->exists(self::SOCKET_PATH_PHP7)->status():
+ $mode = 'socket';
+ $socket_path = self::SOCKET_PATH_PHP7;
+ break;
+ default:
+ $mode = 'port';
+ $socket_path = '';
+ break;
+ }
+
+ // Report results in the log if requested.
+ if (!empty($server_task)) {
+ drush_log(dt('PHP-FPM @mode mode detected -' . '@task' . '- @yes_or_no socket found @path.', array(
+ '@mode' => ($mode == 'socket') ? 'unix socket' : 'port',
+ '@task' => strtoupper($server_task),
+ '@yes_or_no' => ($mode == 'socket') ? 'YES' : 'NO',
+ '@path' => ($socket_path ? $socket_path : self::SOCKET_PATH_PHP5 . ' or ' . self::SOCKET_PATH_PHP7),
+ )));
+ }
+
+ // Return the discovered mode.
+ return $mode;
+ }
+
+ /**
+ * Gets the PHP FPM unix socket path.
+ *
+ * If we're running in port mode, there is no socket path. FALSE would be
+ * returned in this case.
+ *
+ * @return string
+ * The path, or FALSE if there isn't one.
+ */
+ public static function getPhpFpmSocketPath() {
+ // Simply return FALSE if we're in port mode.
+ if (self::getPhpFpmMode() == 'port') {
+ return FALSE;
+ }
+
+ // Return the socket path based on the PHP version.
+ if (strtok(phpversion(), '.') == 7) {
+ return self::SOCKET_PATH_PHP7;
+ }
+ else {
+ return self::SOCKET_PATH_PHP5;
+ }
+ }
+
+ /**
* Guess at the likely value of the http_restart_cmd.
*
* This method is a static so that it can be re-used by the nginx_ssl
diff --git a/http/Provision/Service/http/nginx/ssl.php b/http/Provision/Service/http/nginx/ssl.php
index 157bf8f..23c0646 100644
--- a/http/Provision/Service/http/nginx/ssl.php
+++ b/http/Provision/Service/http/nginx/ssl.php
@@ -39,6 +39,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
$this->configs['site'][] = 'Provision_Config_Nginx_Ssl_Site';
$this->server->setProperty('nginx_config_mode', 'extended');
$this->server->setProperty('nginx_is_modern', FALSE);
+ $this->server->setProperty('nginx_has_etag', FALSE);
$this->server->setProperty('nginx_has_http2', FALSE);
$this->server->setProperty('nginx_has_gzip', FALSE);
$this->server->setProperty('nginx_has_upload_progress', FALSE);
@@ -64,6 +65,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
// Check if some nginx features are supported and save them for later.
$this->server->shell_exec($path . ' -V');
$this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9|[1-9][0-9]+)\.))/", implode('', drush_shell_exec_output()), $match);
+ $this->server->nginx_has_etag = preg_match("/nginx\/1\.([12][0-9]|[3]\.([12][0-9]|[3-9]))/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_http2 = preg_match("/http_v2_module/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
@@ -80,14 +82,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
}
// Check if there is php-fpm listening on unix socket, otherwise use port 9000 to connect
- if (provision_file()->exists('/var/run/php5-fpm.sock')->status()) {
- $this->server->phpfpm_mode = 'socket';
- drush_log(dt('PHP-FPM unix socket mode detected -SAVE- YES socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
- else {
- $this->server->phpfpm_mode = 'port';
- drush_log(dt('PHP-FPM port mode detected -SAVE- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
+ $this->server->phpfpm_mode = Provision_Service_http_nginx::getPhpFpmMode('save');
// Check if there is BOA specific global.inc file to enable extra Nginx locations
if (provision_file()->exists('/data/conf/global.inc')->status()) {
@@ -117,6 +112,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
// Check if some nginx features are supported and save them for later.
$this->server->shell_exec($path . ' -V');
$this->server->nginx_is_modern = preg_match("/nginx\/1\.((1\.(8|9|(1[0-9]+)))|((2|3|4|5|6|7|8|9|[1-9][0-9]+)\.))/", implode('', drush_shell_exec_output()), $match);
+ $this->server->nginx_has_etag = preg_match("/nginx\/1\.([12][0-9]|[3]\.([12][0-9]|[3-9]))/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_http2 = preg_match("/http_v2_module/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/upload/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_gzip = preg_match("/http_gzip_static_module/", implode('', drush_shell_exec_output()), $match);
@@ -133,14 +129,7 @@ class Provision_Service_http_nginx_ssl extends Provision_Service_http_ssl {
}
// Check if there is php-fpm listening on unix socket, otherwise use port 9000 to connect
- if (provision_file()->exists('/var/run/php5-fpm.sock')->status()) {
- $this->server->phpfpm_mode = 'socket';
- drush_log(dt('PHP-FPM unix socket mode detected -VERIFY- YES socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
- else {
- $this->server->phpfpm_mode = 'port';
- drush_log(dt('PHP-FPM port mode detected -VERIFY- NO socket found @path.', array('@path' => '/var/run/php5-fpm.sock')));
- }
+ $this->server->phpfpm_mode = Provision_Service_http_nginx::getPhpFpmMode('verify');
// Check if there is BOA specific global.inc file to enable extra Nginx locations
if (provision_file()->exists('/data/conf/global.inc')->status()) {
diff --git a/platform/backup.provision.inc b/platform/backup.provision.inc
index c7b2425..3ac5999 100644
--- a/platform/backup.provision.inc
+++ b/platform/backup.provision.inc
@@ -36,20 +36,29 @@ function drush_provision_drupal_provision_backup_validate($backup_file = NULL) {
}
if (!$backup_file) {
- $suggested = d()->platform->server->backup_path . '/' . d()->uri . '-' . date("Ymd.His", time()) . '.tar.gz';
-
- // Use format of mysite.com-2008-01-02, if already existing, add number.
- $count = 0;
- while (is_file($suggested)) {
- $count++;
- $suggested = d()->platform->server->backup_path . '/' . d()->uri . '-' . date('Ymd.His', time()) . '_' . $count . '.tar.gz';
- }
+ $suggested = drush_provision_drupal_provision_backup_suggest_filename();
drush_set_option('backup_file', $suggested);
}
}
/**
+ * Util function to suggest a filename for a new site backup.
+ */
+function drush_provision_drupal_provision_backup_suggest_filename() {
+ $suffix = drush_get_option('provision_backup_suffix', '.tar.gz');
+ $suggested = d()->platform->server->backup_path . '/' . d()->uri . '-' . date("Ymd.His", time()) . $suffix;
+
+ // Use format of mysite.com-2008-01-02, if already existing, add number.
+ $count = 0;
+ while (is_file($suggested)) {
+ $count++;
+ $suggested = d()->platform->server->backup_path . '/' . d()->uri . '-' . date('Ymd.His', time()) . '_' . $count . $suffix;
+ }
+ return $suggested;
+}
+
+/**
* Implentation of hook_provision_backup()
*/
function drush_provision_drupal_provision_backup() {
@@ -84,6 +93,9 @@ function drush_provision_drupal_provision_backup() {
}
if (substr($backup_file, -2) == 'gz') {
$command = 'tar cpfz %s .';
+ }
+ elseif (substr($backup_file, -3) == 'bz2') {
+ $command = 'tar cpfj %s .';
} else {
$command = 'tar cpf %s .';
}
diff --git a/platform/deploy.provision.inc b/platform/deploy.provision.inc
index bbf8936..f77fa39 100644
--- a/platform/deploy.provision.inc
+++ b/platform/deploy.provision.inc
@@ -4,7 +4,7 @@
* @file
* Deploy command implementation
*
- * This command when called will
+ * This command when called will
* 1. Extract the backup that is being deployed to the target folder in the sites directory.
* 2. Import the drushrc.php details.
* 3. Do some diagnostics to make sure all the needed packages are available.
@@ -48,10 +48,10 @@ function drush_provision_drupal_provision_deploy_validate($backup_file = NULL) {
/**
* Make a backup before making any changes, and add extract the file we are restoring from.
*
- * Implementats drush_hook_pre_COMMAND().
+ * Implements drush_hook_pre_COMMAND().
*/
function drush_provision_drupal_pre_provision_deploy($backup_file) {
- $extracted = provision_file()->extract($backup_file, drush_get_option('extract_path'))
+ $extracted = provision_file()->extract($backup_file, drush_get_option('extract_path'))
->succeed('Successfully extracted the contents of @path')
->fail('Failed to extract the contents of @path to @target', 'PROVISION_BACKUP_EXTRACTION_FAILED')
->status();
@@ -120,7 +120,7 @@ function drush_provision_drupal_pre_provision_deploy($backup_file) {
array('!name' => $name, '!versionA' => $module['schema_version'], '!versionB' => $merged_modules[$name]['schema_version'])));
}
else {
- drush_log(dt("Found a valid version of the !name module with schema version !schema_version",
+ drush_log(dt("Found a valid version of the !name module with schema version !schema_version",
array('!name' => $name, '!schema_version' => $merged_modules[$name]['schema_version'])));
}
}
diff --git a/release.sh b/release.sh
index aef8b26..efa1d7f 100755
--- a/release.sh
+++ b/release.sh
@@ -159,7 +159,7 @@ fi
golden_contribs="hosting_civicrm hosting_git hosting_remote_import hosting_site_backup_manager hosting_tasks_extra"
for shortname in $golden_contribs; do
rm -rf build-area/$shortname
- git clone --depth 1 --branch $CURRENT_BRANCH `git config remote.origin.url | sed "s/provision/$shortname/"` build-area/$shortname
+ git clone --branch $CURRENT_BRANCH `git config remote.origin.url | sed "s/provision/$shortname/"` build-area/$shortname
echo "Setting the tag $NEW_TAG in a clean $shortname clone."
git --work-tree=build-area/$shortname --git-dir=build-area/$shortname/.git tag -a $NEW_TAG -m 'Add a new release tag.'