Hestia open_basedir template breaks Laravel site

Vasya · November 28, 2023, 9:40am

this string breaks Laravel sites

/usr/local/hestia/data/templates/web/apache2/default.tpl: php_admin_value open_basedir %docroot%:%home%/%user%/tmp

why use %docroot% as open_basedir value? why not the …/public_html dir?

we have got sudden site failure recently - somehow hestia apllied the template open_basedir parameter and break our laravel site, which worked good for years

eris · November 28, 2023, 9:44am

We replace it to:

/home/xx/web/xxxxxx/public_html:/home/xxxx/web/xxxx/private:/home/xxx/web/xxxx/public_shtml:/home/xxxx/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

Please tell me the difference between
…/public_html
and
/home/xx/web/xxxxxx/public_html

Also I use multiple Laravel sites with out any issues

I know some scripts including opencart have some times issues with there template system where they also check / first

Vasya · November 28, 2023, 9:46am

yes, I mean /home/xx/web/xxxxxx/public_html

eris · November 28, 2023, 9:57am

What is then the issue it should work fine with set up and I am sure we can’t use relative paths…

Vasya · November 28, 2023, 10:20am

I mean the default template would break any Laravel site

eris · November 28, 2023, 10:25am

I am using the default template with Laravel without any issues…

Vasya · November 28, 2023, 10:34am

what is the open_basedir value in the default template on your server?

eris · November 28, 2023, 10:46am

I use the default hestia config …

/home/xx/web/xxxxxx/public_html:/home/xxxx/web/xxxx/private:/home/xxx/web/xxxx/public_shtml:/home/xxxx/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

Vasya · November 28, 2023, 11:02am

OK
but we have got Laravel site failure with open_basedir profibit public_html out of a sudden, why? today it happened again, one month after previous time, and I finally found it is Hestia problem

I guess if HestiaCP itself breaks our working site - it is a problem with Hestia default behaviour, or what?

eris · November 28, 2023, 11:08am

If you site doesn’t work with the default template

You can create a template that suits your needs:

For example:

github.com

jaapmarcus/web-templates/blob/master/templates/php-fpm/nobase-PHP-x_x.tpl

[%domain%]
listen = /run/php/php%backend_version%-fpm-%domain%.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

user = %user%
group = %user%

pm = ondemand
pm.max_children = 8
pm.max_requests = 4000
pm.process_idle_timeout = 10s
pm.status_path = /status

php_admin_value[upload_tmp_dir] = /home/%user%/tmp
php_admin_value[session.save_path] = /home/%user%/tmp
php_admin_value[open_basedir] = /
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%

This file has been truncated. show original

But it offers a way to relax open base dir policy…

As told I have seen alot sites that hand templates and cacheing wrong and the default folder they check is always /. Why I don’t know …

Vasya · November 28, 2023, 11:17am

OK, thanks
I’ll check this but still I see the problem with HestiaCP if we had long working site which suddenly broken by HestiaCP itself - do you agree?
I’m not sure if it was any HestiaCP update, I’m not familiar with Hestia

Vasya · November 28, 2023, 11:21am

please, don’t get me wrong, I am grateful to Hestia community and I want to find why this happened and eliminate the problem in the Hestia upstream

eris · November 28, 2023, 11:37am

We haven’t changed any thing we only released new version and we usually restart the services and in rare cases we rebuilld the config files…

Vasya · November 28, 2023, 11:44am

OK, could you please hint how to find then origin of the problem? any logs I should check?

Vasya · November 28, 2023, 11:50am

btw, the config file had modify timestamp 07:13 both time site was broken
/home/user/conf/web/xxxx/apache2.conf

I doubt it was human modified manually at the same clock time

Vasya · November 28, 2023, 10:03pm

btw, I’ve found the origin of apache2.conf change open_basedir value - it is in admin’s cron
13 7 * * * sudo /usr/local/hestia/bin/v-update-sys-hestia-all

eris · November 29, 2023, 10:23am

That is the update function in hestia…

So probally you did make manually config changes and then got over written…

; origin-src: deb/templates/web/php-fpm/default.tpl
;#=========================================================================#
;# Default Web Domain Template #
;# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
;# Web Templates and FastCGI/Proxy Cache | Hestia Control Panel #
;#=========================================================================#

Vasya · December 7, 2023, 1:16am

so after this manual config change the template was overwritten with an update of default.tpl file,
but the updates are not regular, but from time to time?

Deepak · December 7, 2023, 4:11am

@Vasya
You should turn the update function off on production site to avoid self-created surprises and problems. The execute this update function first on testing server. If everything goes well, repeat it on the production server.

Regardless of this, you need to create a new template for that specific account in which you want custon configuration. Then, rebuild the domains and have the new template active.

During the updating, your custom template will remain activated even if the default configuration is overwritten.

Based on above, you are then no longer dependend on changes in the dafult templates and not even updates.

Vasya · December 7, 2023, 9:22am

interesting, thanks