search

henryouly / filerun-alpine

3 stars 0 forks source link

Site error: the ionCube PHP Loader needs to be installed. #2

Open gabrielwhite opened 3 years ago

gabrielwhite commented 3 years ago

Build goes fine, and starts dockers without errors, but when I open up the URL, I get this error:

Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance.

Looking through the build log I can see this:

Step 6/8 : RUN apk add --no-cache --virtual .build-deps curl freetype-dev libjpeg-turbo-dev libzip-dev openldap-dev && docker-php-ext-configure zip --with-libzip && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && docker-php-ext-configure ldap && docker-php-ext-install -j$(nproc) pdo_mysql exif zip gd opcache ldap && PHP_EXT_DIR=$(php-config --extension-dir) && curl -sSL http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_armv7l.tar.gz | tar -xz --strip-components=1 -C $PHP_EXT_DIR ioncube/ioncube_loader_lin_7.3.so && echo "zend_extension=ioncube_loader_lin_7.3.so" >> /usr/local/etc/php/conf.d/00_ioncube_loader_lin_7.3.ini && apk del .build-deps ---> Running in 07d534865ca3

ngnix logfile shows this:

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration,
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/entrypoint.sh,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh,
10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh,
/docker-entrypoint.sh: Configuration complete; ready for start up,
2021/03/14 17:17:20 [error] 25#25: *3 FastCGI sent in stderr: "PHP message: PHP Warning:  realpath(): open_basedir restriction in effect. File(/usr/local/lib/php/extensions/no-debug-non-zts-20180731) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/nginx/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5" while reading response header from upstream, client: 10.0.0.13, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "nas.local:8088",
10.0.0.13 - - [14/Mar/2021:17:17:20 +0000] "GET / HTTP/1.1" 200 328 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
10.0.0.13 - - [14/Mar/2021:17:17:21 +0000] "GET /favicon.ico HTTP/1.1" 200 5430 "http://nas.local:8088/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
2021/03/14 17:17:22 [error] 25#25: *3 FastCGI sent in stderr: "PHP message: PHP Warning:  realpath(): open_basedir restriction in effect. File(/usr/local/lib/php/extensions/no-debug-non-zts-20180731) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/nginx/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5" while reading response header from upstream, client: 10.0.0.13, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "nas.local:8088",
10.0.0.13 - - [14/Mar/2021:17:17:22 +0000] "GET / HTTP/1.1" 200 328 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
10.0.0.13 - - [14/Mar/2021:17:17:22 +0000] "GET /favicon.ico HTTP/1.1" 200 5430 "http://nas.local:8088/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
2021/03/14 17:17:22 [error] 25#25: *3 FastCGI sent in stderr: "PHP message: PHP Warning:  realpath(): open_basedir restriction in effect. File(/usr/local/lib/php/extensions/no-debug-non-zts-20180731) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/nginx/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5" while reading response header from upstream, client: 10.0.0.13, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "nas.local:8088",
10.0.0.13 - - [14/Mar/2021:17:17:22 +0000] "GET / HTTP/1.1" 200 328 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
10.0.0.13 - - [14/Mar/2021:17:17:22 +0000] "GET /favicon.ico HTTP/1.1" 200 5430 "http://nas.local:8088/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
2021/03/14 17:17:25 [error] 25#25: *3 FastCGI sent in stderr: "PHP message: PHP Warning:  realpath(): open_basedir restriction in effect. File(/usr/local/lib/php/extensions/no-debug-non-zts-20180731) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/nginx/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/share/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5PHP message: PHP Warning:  file_exists(): open_basedir restriction in effect. File(/usr/ioncube/ioncube_loader_lin_7.3.so) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5" while reading response header from upstream, client: 10.0.0.13, server: localhost, request: "GET / HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "nas.local:8088",
10.0.0.13 - - [14/Mar/2021:17:17:25 +0000] "GET / HTTP/1.1" 200 328 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",
10.0.0.13 - - [14/Mar/2021:17:17:25 +0000] "GET /favicon.ico HTTP/1.1" 200 5430 "http://nas.local:8088/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36" "-",

Any thoughts?

henryouly commented 3 years ago

Surprisingly I didn't run into this error, but I would try to update https://github.com/henryouly/filerun-alpine/blob/master/php-fpm/filerun-optimization.ini, and set open_basedir to "/tmp:/usr/share/nginx/html:/user-files:/usr/local/lib/php/extensions/no-debug-non-zts-20180731"

The added path is where ioncube_loader_lin_7.3.so was extracted. Assuming you are using the DockerHub image henryouly/filerun-alpine-php-fpm it should be the right path. If you are building your own Docker image, you can double check if this is the right path by running docker run <your image> ls -l /usr/local/lib/php/extensions/no-debug-non-zts-20180731/ioncube_loader_lin_7.3.so. It should be the same as docker run php:7.3-fpm-alpine php-config --extension-dir.

henryouly commented 3 years ago

An alternative is to remove open_basedir entirely. I just replicate this entry from https://github.com/filerun/docker-arm32v7/blob/master/filerun-optimization.ini, and I'm not sure if this is necessary. If you don't concern about accessing files outside of a specific list I think it's fair to try relaxing this.

gabrielwhite commented 3 years ago

Thanks for the suggestions. I tried both, but to no avail.

When I drop inside the php docker, this is what I get:

/var/www/html # php-config --extension-dir
/usr/local/lib/php/extensions/no-debug-non-zts-20180731
/var/www/html # ls -al /usr/local/lib/php/extensions/
total 12
drwxr-xr-x    1 root     root          4096 Feb 18 00:16 .
drwxr-xr-x    1 root     root          4096 Feb 18 00:16 ..
drwxr-xr-x    1 root     root          4096 Mar 14 20:37 no-debug-non-zts-20180731
/var/www/html # ls -al /usr/local/lib/php/extensions/no-debug-non-zts-20180731/
total 2352
drwxr-xr-x    1 root     root          4096 Mar 14 20:37 .
drwxr-xr-x    1 root     root          4096 Feb 18 00:16 ..
-rwxr-xr-x    1 root     root         96928 Mar 14 20:35 exif.so
-rwxr-xr-x    1 root     root        437816 Mar 14 20:35 gd.so
-rw-rw-r--    1 507      507        1015520 Nov 24 09:00 ioncube_loader_lin_7.3.so
-rwxr-xr-x    1 root     root        103048 Mar 14 20:37 ldap.so
-rwxr-xr-x    1 root     root        524920 Mar 14 20:37 opcache.so
-rwxr-xr-x    1 root     root         34440 Mar 14 20:35 pdo_mysql.so
-rwxr-xr-x    1 root     root         90120 Feb 18 00:16 sodium.so
-rwxr-xr-x    1 root     root         79296 Mar 14 20:35 zip.so
/var/www/html #

Should "ioncube_loader_lin_7.3.so" be executable?

henryouly commented 3 years ago

Thanks this is helpful. The file is in the right path. It won't hurt to make it executable but I think the error message is suggesting something different.

PHP message: PHP Warning: realpath(): open_basedir restriction in effect. File(/usr/local/lib/php/extensions/no-debug-non-zts-20180731) is not within the allowed path(s): (/tmp:/usr/share/nginx/html:/user-files) in /usr/share/nginx/html/index.php on line 5

I am surprised if it is still reporting the same error if you removed open_basedir from filerun-optimization.ini. Have you tried to rebuild the image and make sure the newer image was used after making the change?

Another idea is turn on error message on webpage in filerun-optimization.ini by changing display_errors = Off to display_errors = On. The webpage you are visiting will then show the exact error and that might provide some useful information if this is a different one from the above PHP message.

gabrielwhite commented 3 years ago

Thanks for trying to help me sort this out.

I removed the open_basedir from filerun-optimization.ini and I'm still getting the same error.

Here are the console logs from each of the dockers:

ngnix

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/entrypoint.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
10.0.0.11 - - [16/Mar/2021:19:20:00 +0000] "GET / HTTP/1.1" 200 328 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "-"

php

[16-Mar-2021 19:19:44] NOTICE: fpm is running, pid 1
[16-Mar-2021 19:19:44] NOTICE: ready to handle connections
172.18.0.4 -  16/Mar/2021:19:20:00 +0000 "GET /index.php" 200
172.18.0.4 -  16/Mar/2021:19:20:15 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:20:46 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:21:16 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:21:46 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:22:16 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:22:47 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:23:17 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:23:47 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:24:17 +0000 "GET /fpm-ping" 200
172.18.0.4 -  16/Mar/2021:19:24:47 +0000 "GET /fpm-ping" 200

db

2021-03-16 19:19:43 0 [Note] /usr/bin/mysqld (mysqld 10.4.17-MariaDB) starting as process 1 ...,
2021-03-16 19:19:43 0 [Note] Plugin 'InnoDB' is disabled.,
2021-03-16 19:19:43 0 [Note] Plugin 'FEEDBACK' is disabled.,
2021-03-16 19:19:43 0 [Note] Server socket created on IP: '::'.,
2021-03-16 19:19:43 0 [Note] Reading of all Master_info entries succeeded,
2021-03-16 19:19:43 0 [Note] Added new Master_info '' to hash table,
2021-03-16 19:19:43 0 [Note] /usr/bin/mysqld: ready for connections.,
Version: '10.4.17-MariaDB'  socket: '/run/mysqld/mysqld.sock'  port: 3306  MariaDB Server,

I put the docker build log here:

https://gist.github.com/gabrielwhite/a13f675156e9ccd7f31e5c055996203f

For what it's worth, turning display_errors = On doesn't make any change to the error output in the web browser.

Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance.

just to be super clear, my filerun-optimization.ini looks like this:

display_errors = On
log_errors = On
error_log = "/srv/php_error_log.txt"
enable_dl = Off
expose_php = Off
date.timezone = UTC
upload_max_filesize = 80M
post_max_size = 80M
memory_limit = 256M
session.use_cookies = 1
session.use_only_cookies = 1
session.cookie_httponly = 1
ignore_repeated_errors  = Off
allow_url_fopen = On
allow_url_include = Off
allow_webdav_methods = On
max_execution_time = 300
output_buffering = Off
output_handler = ""
zlib.output_compression = Off
zlib.output_handler = ""

I suspect the error is being thrown by FileRun and not PHP?

Thanks,

Gabe