Update logrotate file permissions

README.md

@@ -131,7 +131,7 @@ The following scripts are used "per site" that you want to setup on your server.
    --deploy-key-private-file=mysite-deploy-key
    --php-pools=true
    --nginx-with-php=true
-   --nginx-site-conf-path=/var/www/LEMP-setup-guide/config/site.nginx.conf (or site.vueapp.nginx.conf)
+   --nginx-site-conf-path=/var/www/LEMP-setup-guide/config/site.nginx.conf (or site.nginx.vueapp.conf)
    --php-with-mysql=true
    --php-site-conf-path=/var/www/LEMP-setup-guide/config/site.php-fpm.conf
    --mysql-create-db=true
@@ -155,7 +155,7 @@ The following scripts are used "per site" that you want to setup on your server.
   | `--deploy-key-private-file=PATH`| Specify the path to the private deploy key file                                                                                                                       | None                                                              |
   | `--php-pools`                  | Specify if you want to set up PHP pools. Possible values: `true` or `false`                                                                                            | `false`                                                           |
   | `--nginx-with-php`             | Specify if you want to set up Nginx with PHP upstreams. Possible values: `true` or `false`                                                                             | `false`                                                           |
-  | `--nginx-site-conf-path=PATH`  | Specify the path to the Nginx site conf file                                                                                                                          | `/var/www/LEMP-setup-guide/config/site.nginx.conf` (or `site.vueapp.nginx.conf`) |
+  | `--nginx-site-conf-path=PATH`  | Specify the path to the Nginx site conf file                                                                                                                          | `/var/www/LEMP-setup-guide/config/site.nginx.conf` (or `site.nginx.vueapp.conf`) |
   | `--php-with-mysql`             | Specify if you want to set up PHP with MySQL env vars. Possible values: `true` or `false`                                                                              | `false`                                                           |
   | `--php-site-conf-path=PATH`    | Specify the path to the PHP site conf file                                                                                                                            | `/var/www/LEMP-setup-guide/config/site.php-fpm.conf`              |
   | `--mysql-create-db`            | Specify if you want to set up a MySQL database. Possible values: `true` or `false`                                                                                     | `false`                                                           |
@@ -183,6 +183,7 @@ There are also **components** in the `install` folder, which allow you to instal
 - redis
 - postgressql
 - custom
+- upgrade-php (see [Upgrade PHP Readme for help](./install/components/upgrade-php/UPGRADE_PHP_README.md))
 
 ### Custom Scripts
 

config/nginx/mod_pagespeed

@@ -2,6 +2,8 @@ pagespeed on;
 pagespeed RewriteLevel PassThrough;
 pagespeed FetchHttps enable;
 pagespeed EnableFilters add_head;
+pagespeed CriticalImagesBeaconEnabled false;
+pagespeed RespectXForwardedProto on;
 # pagespeed EnableFilters combine_css;
 # pagespeed EnableFilters rewrite_css;
 # pagespeed EnableFilters fallback_rewrite_css_urls;
@@ -36,9 +38,9 @@ pagespeed EnableFilters rewrite_images;
 #pagespeed EnableFilters insert_image_dimensions;
 pagespeed EnableFilters inline_images;
 pagespeed EnableFilters recompress_images;
-pagespeed EnableFilters recompress_jpeg;
-pagespeed EnableFilters recompress_png;
-pagespeed EnableFilters recompress_webp;
+#pagespeed EnableFilters recompress_jpeg;
+#pagespeed EnableFilters recompress_png;
+#pagespeed EnableFilters recompress_webp;
 #pagespeed EnableFilters convert_gif_to_png;
 pagespeed EnableFilters strip_image_color_profile;
 pagespeed EnableFilters strip_image_meta_data;

config/site.nginx.proxy.conf

@@ -6,7 +6,7 @@ server {
 
 server {
     listen 80;
-    server_name SITEDOTCOM www.SITEDOTCOM;
+    server_name SITEDOTCOM;
     root /var/www/SITEDOTCOM/WEBROOTPATH;
     index index.php index.html;
 

config/site.php-fpm.conf

@@ -7,12 +7,12 @@ group = www-data
 catch_workers_output = yes
 clear_env = no
 pm = static
-pm.max_children = 20
-pm.start_servers = 20
-pm.min_spare_servers = 20
-pm.max_spare_servers = 20
-pm.max_requests = 1000
-request_terminate_timeout = 1200
+pm.max_children = 10
+pm.start_servers = 2
+pm.min_spare_servers = 2
+pm.max_spare_servers = 3
+pm.max_requests = 500
+request_terminate_timeout = 300
 
 env[DB_HOST]="DATABASEHOST"
 env[DB_PORT]="DATABASEPORT"
@@ -49,12 +49,12 @@ group = www-data
 catch_workers_output = yes
 clear_env = no
 pm = static
-pm.max_children = 20
-pm.start_servers = 20
-pm.min_spare_servers = 20
-pm.max_spare_servers = 20
-pm.max_requests = 1000
-request_terminate_timeout = 1200
+pm.max_children = 10
+pm.start_servers = 2
+pm.min_spare_servers = 2
+pm.max_spare_servers = 3
+pm.max_requests = 500
+request_terminate_timeout = 300
 
 env[DB_HOST]="DATABASEHOST"
 env[DB_PORT]="DATABASEPORT"

install/components/redis/install

@@ -4,6 +4,12 @@
 REDIS_CONF=$(<redis.conf)
 REDIS_CONF_PATH='/etc/redis/redis.conf'
 
+# Figure out PHP Version from php-version or override-php-version in this repo's root config/versions
+PHP_VERSION=$(<../../../config/versions/php-version)
+if [ -f "../../../config/versions/override-php-version" ]; then
+    PHP_VERSION=$(<../../../config/versions/override-php-version)
+fi
+
 # Update
 sudo apt update
 
@@ -25,8 +31,8 @@ fi
 # Restart
 sudo systemctl restart redis-server.service
 
-# Add php redis
-sudo apt-get install php-redis
+# Add php redis depending on PHP_VERSION
+sudo apt-get install -y php"$PHP_VERSION"-redis
 
 # Test it with: redis-cli
 # Default host:port - 127.0.0.1:6379

install/components/upgrade-php/UPGRADE_PHP_README.md

@@ -0,0 +1,77 @@
+# Upgrade PHP
+
+## Overview
+
+This script will upgrade PHP from one version to another, and make all changes that LEMP setup guide makes to the PHP and PHP-FPM configs as part of the initial/per-site setup.
+
+> Note:
+> - The script must be run as root (`sudo su` first if you're not already root)
+> - It will exit on the first error it encounters
+> - It assumes that at least 1 site has already been set up. You can run the LEMP setup guide to set up a site.
+
+It will do the following:
+
+1. Install new versions of PHP and php-fpm if they don't already exist
+1. Install all php packages
+1. Enable all php extensions
+1. Make edits to PHP.ini file
+1. Make edits to www.conf file if needed
+1. Copy all php-fpm configs but www.conf over to the new version
+1. Loop through each file in /etc/nginx/sites-enabled. Per site:
+    - Update php-fpm config
+    - Test php-fpm config
+    - Check that new php-fpm sockets have been created
+    - Update nginx site conf to point to new socket
+    - Test nginx config
+1. Update nginx fastcgicache conf to point to a new global socket
+1. Test nginx config and reload (this sets the new php version live)
+1. Update default PHP version
+1. Output next steps
+
+## Usage
+
+```sh
+upgrade-php.sh OLD_VERSION NEW_VERSION
+```
+
+Example: upgrade-php.sh 8.0 8.2
+
+> Note:
+> - Set $DEBUG for a verbose output - $DEBUG=true ./upgrade-php.sh [options]
+> - You can also run it without args to see the usage info: ./upgrade-php.sh
+
+## Troubleshooting
+
+- If you're having issues with the script, try running it with the $DEBUG variable set to true. This will output more verbose information about what the script is doing.
+
+```sh
+$DEBUG=true ./upgrade-php.sh OLD_VERSION NEW_VERSION
+```
+
+### Helpful commands
+<!-- Give people commands to check pool.d configs, nginx site configs, look for sockets -->
+
+- Get php version
+```sh
+php -v
+```
+
+- Check pool.d configs (this will show the old and new versions)
+```sh
+grep -R "listen = /var/run/php" /etc/php/*/fpm/pool.d/
+```
+
+- Look for sockets    
+```sh
+ls -al /var/run/ | grep php
+```
+
+- Check nginx site configs
+```sh
+grep -R "unix:/var/run/php" /etc/nginx/sites-enabled/
+```
+
+- Find running php-fpm processes
+```sh
+ps aux | grep php-fpm
+```

install/components/upgrade-php/upgrade-php.sh

@@ -0,0 +1,191 @@
+set -e
+
+# function to script_echo something in purple
+function script_echo() {
+	echo -e "\033[35m$1\033[0m"
+}
+
+# check that user is root
+if [ ! $EUID = 0 ]; then
+	script_echo "Please run this script as root!"
+	exit 1
+fi
+
+
+# If no args were passed, script_echo out some helpful info
+if [ $# -eq 0 ]; then
+	script_echo "Usage: upgrade-php.sh OLD_VERSION NEW_VERSION"
+	script_echo "Example: upgrade-php.sh 8.0 8.2"
+	script_echo "Notes:"
+	script_echo '- Set $DEBUG for a verbose output - $DEBUG=true ./upgrade-php.sh [options]'
+	exit 1
+fi
+
+# For debugging the script
+# set -v if
+if [ ! -z "$DEBUG" ]; then
+	set -v
+fi
+
+# Validate that the user passed at least two args
+if [ $# -lt 2 ]; then
+	script_echo "Please pass the version args (OLD_VERSION NEW_VERSION)"
+	script_echo "Example: upgrade-php.sh 8.0 8.2"
+	exit 1
+fi
+
+# Validate that the version args are valid
+# they should be numbers with a decimal point
+if [[ ! $1 =~ ^[0-9]+(\.[0-9]+)?$ ]] || [[ ! $2 =~ ^[0-9]+(\.[0-9]+)?$ ]]; then
+	script_echo "Please pass valid version args"
+	script_echo "Example: upgrade-php.sh 8.0 8.2"
+	exit 1
+fi
+
+OLD_PHP_VERSION=$1
+NEW_PHP_VERSION=$2
+
+# Install new versions of PHP and php-fpm but only if they don't already exist
+if [ -f /usr/bin/php${NEW_PHP_VERSION} ]; then
+	script_echo "ℹ️ php${NEW_PHP_VERSION} already exists, skipping install"
+else
+	script_echo "📦 Installing php${NEW_PHP_VERSION}"
+	sudo apt-get update
+	sudo apt-get -y --no-install-recommends install php${NEW_PHP_VERSION}
+fi
+
+if [ -f /usr/sbin/php-fpm${NEW_PHP_VERSION} ]; then
+	script_echo "ℹ️ php-fpm${NEW_PHP_VERSION} already exists, skipping install"
+else
+	script_echo "📦 Installing php-fpm${NEW_PHP_VERSION}"
+	sudo apt-get update
+	sudo apt-get -y --no-install-recommends install php${NEW_PHP_VERSION}-fpm
+fi
+
+# Install all php packages if they don't already exist
+script_echo "📦 Installing php packages"
+sudo apt-get update && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-curl && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-mysql && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-dev && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-zip && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-mbstring && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-memcached && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-pgsql && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-xml && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-intl && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-redis && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-bcmath && \
+	sudo apt-get -y install php${NEW_PHP_VERSION}-gd
+
+# make edits to PHP.ini file
+script_echo "🖊 Editing php.ini"
+sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/${NEW_PHP_VERSION}/fpm/php.ini
+
+# Enable all php extensions
+script_echo "📦 Enabling all php extensions"
+phpenmod -v $NEW_PHP_VERSION mbstring
+phpenmod -v $NEW_PHP_VERSION curl
+phpenmod -v $NEW_PHP_VERSION xml
+phpenmod -v $NEW_PHP_VERSION xmlreader
+phpenmod -v $NEW_PHP_VERSION simplexml
+phpenmod -v $NEW_PHP_VERSION gd
+
+# make edits to www.conf file if needed
+PHP_WWW_CONF=/etc/php/${NEW_PHP_VERSION}/fpm/pool.d/www.conf
+if [ ! -f $PHP_WWW_CONF ]; then
+	script_echo "ℹ️ www.conf not found, skipping edits"
+else
+	script_echo "🖊 Editing www.conf"
+	sed -i "s/^;listen.owner = www-data/listen.owner = www-data/g" $PHP_WWW_CONF
+	sed -i "s/^;listen.group = www-data/listen.group = www-data/g" $PHP_WWW_CONF
+	sed -i "s/^;listen.mode = 0660/listen.mode = 0660/" $PHP_WWW_CONF
+fi
+
+# Copy all php-fpm configs but www.conf over to the new version
+ls /etc/php/${OLD_PHP_VERSION}/fpm/pool.d/ | grep -v www.conf | while read -r line; do
+	# Copy the file to the new version
+	script_echo "📦 Copying php-fpm configs for site pool: ${line}"
+	sudo cp /etc/php/${OLD_PHP_VERSION}/fpm/pool.d/${line} /etc/php/${NEW_PHP_VERSION}/fpm/pool.d/${line}
+done
+
+# loop through each file in sites-enabled
+ls /etc/nginx/sites-enabled/ | while read -r line; do
+	NGINX_SITE_CONF=${line}
+
+	# Remove the .conf from the end of the file name and save to SITE_NAME
+	SITE_NAME=${line%.conf}
+
+	# script_echo which file we're on
+	script_echo "🦾 Processing site: ${SITE_NAME}"
+
+	# Get the socket name from inside the nginx file. use that to replace the socket name in the php-fpm file
+	# This is the old socket name (get everything between unix: and .sock), and add .sock to the end
+	OLD_SOCKET_PREFIX=$(cat /etc/nginx/sites-enabled/${NGINX_SITE_CONF} | grep "unix:" | head -n 1 | grep -oP '(?<=unix:).*(?=sock)')sock
+	# replace / with \/ to get a sed friendly string
+	OLD_SOCKET_GLOB=$(echo ${OLD_SOCKET_PREFIX} | sed 's/\//\\\//g')
+
+	NEW_SOCKET_PREFIX="/var/run/php${NEW_PHP_VERSION}-fpm.${SITE_NAME}.sock"
+	# replace / with \/ to get a sed friendly string
+	NEW_SOCKET_GLOB=$(echo ${NEW_SOCKET_PREFIX} | sed 's/\//\\\//g')
+
+	# Do a recursive grep in pool.d to find all the files that have the old socket name
+	grep -rl ${OLD_SOCKET_GLOB} /etc/php/${NEW_PHP_VERSION}/fpm/pool.d/ | while read -r phpconfig; do
+		# Update php-fpm config
+		script_echo "🖊 Editing php-fpm config for site php-fpm config: ${phpconfig}"
+		sudo sed -i "s/^listen = ${OLD_SOCKET_GLOB}/listen = ${NEW_SOCKET_GLOB}/g" ${phpconfig}
+	done
+
+	# Test php-fpm config and restart
+	script_echo "🕵️‍♀️ Testing php-fpm config and restarting"
+	sudo php-fpm${NEW_PHP_VERSION} -t && sudo service php${NEW_PHP_VERSION}-fpm restart
+
+	# check that sockets have been created, exit if not
+	# there should be 2, sock1 and sock2
+	# pattern is /var/run/php${NEW_PHP_VERSION}-fpm.${SITE_NAME}.sock(1 or 2)
+	# the -S flag checks if the file exists and is a socket. -f fails bc it's not a regular file
+	script_echo "🕵️‍♀️ Checking for php-fpm sockets"
+	if [ ! -S ${NEW_SOCKET_PREFIX}1 ] || [ ! -S ${NEW_SOCKET_PREFIX}2 ]; then
+		script_echo "Missing php-fpm sockets"
+		script_echo "Expected: ${NEW_SOCKET_PREFIX}1"
+		script_echo "Expected: ${NEW_SOCKET_PREFIX}2"
+		exit 1
+	fi
+
+	# update nginx site conf to point to new socket
+	# Note! We always want to edit sites-available, not sites-enabled.
+	# sites-enabled containts symlinks to sites-available. Making changes there would break the symlink
+	script_echo "🖊 Editing nginx site conf"
+	sudo sed -i "s/unix:${OLD_SOCKET_GLOB}/unix:${NEW_SOCKET_GLOB}/g" /etc/nginx/sites-available/${NGINX_SITE_CONF}
+
+	# test nginx config
+	script_echo "🕵️‍♀️ Testing nginx config"
+	sudo nginx -t
+done
+
+# update nginx fastcgicache conf to point to a new global socket
+# replace any socket that starts with /var/run/php*.sock
+# with /var/run/php${NEW_PHP_VERSION}-fpm.sock
+if [ ! -f /etc/nginx/conf/fastcgicache.conf ]; then
+	script_echo "ℹ️ fastcgicache.conf not found, skipping edits"
+else
+	script_echo "🖊 Editing nginx fastcgicache conf"
+	# sudo sed -i "s/unix:${OLD_SOCKET_GLOB}/unix:${NEW_SOCKET_GLOB}/g" /etc/nginx/conf/fastcgicache.conf
+	sudo sed -i "s/\/var\/run\/php.*\.sock/\/var\/run\/php${NEW_PHP_VERSION}-fpm.sock/g" /etc/nginx/conf/fastcgicache.conf
+fi
+
+# test nginx config and reload
+script_echo "🕵️‍♀️ Testing nginx config and reloading"
+sudo nginx -t && sudo service nginx reload
+
+# # Set default PHP version
+script_echo "📦 Setting default php version to ${NEW_PHP_VERSION}"
+sudo update-alternatives --set php /usr/bin/php${NEW_PHP_VERSION}
+
+script_echo "
+✅ All done!
+--------------------
+📝 Next steps:
+- Restart any processes running the old php version, ex: pm2. Check with: \`ps aux | grep php${OLD_PHP_VERSION}\`
+- Shut down the old php-fpm service: \`sudo service php${OLD_PHP_VERSION}-fpm stop\`
+"