Openbase_dir not allowing Invoice ninja to update using its internal mechanisms

I have invoice ninja (open source accounting platform) running on hestia and it works like a charm.

The only issue I have is that when trying to use its automatic update mechanisms I have observed the following:

[2023-09-23 08:16:55] production.ERROR: PharData::__construct(): open_basedir restriction in effect. File(/home/jaquilina/web/billing.eagleeyet.net) is not within the allowed path(s): (/home/jaquilina/.composer:/home/jaquilina/web/billing.eagleeyet.net/public_html:/home/jaquilina/web/billing.eagleeyet.net/private:/home/jaquilina/web/billing.eagleeyet.net/public_shtml:/home/jaquilina/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt) {“userId”:1,“exception”:"[object] (ErrorException(code: 0): PharData::__construct(): open_basedir restriction in effect. File(/home/jaquilina/web/billing.eagleeyet.net) is not within the allowed path(s): (/home/jaquilina/.composer:/home/jaquilina/web/billing.eagleeyet.net/public_html:/home/jaquilina/web/billing.eagleeyet.net/private:/home/jaquilina/web/billing.eagleeyet.net/public_shtml:/home/jaquilina/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt) at /home/jaquilina/web/billing.eagleeyet.net/public_html/app/Http/Controllers/SelfUpdateController.php:86)
[stacktrace]
#0 /home/jaquilina/web/billing.eagleeyet.net/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(254): Illuminate\Foundation\Bootstrap\HandleExceptions->handleError()
#1 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->Illuminate\Foundation\Bootstrap\{closure}()
#2 /home/jaquilina/web/billing.eagleeyet.net/public_html/app/Http/Controllers/SelfUpdateController.php(86): PharData->__construct()
#3 /home/jaquilina/web/billing.eagleeyet.net/public_html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\Http\Controllers\SelfUpdateController->update()

This seems to indicate an openbase_dir restriction is in place. How can I go about fixing this so I can use Invoice Ninja’s automatic update mechanisms?

To add /home/jaquilina/web/billing.eagleeyet.net to open_basedir directive you should create a new php-fpm backend template and once modified, assign it to your web site.

Example using php 8.2 and ninja as a new template name (new template name must have this format YOURNAME-PHP-X_Y.tpl, where X_Y is your PHP version).

cd /usr/local/hestia/data/templates/web/php-fpm/
cp PHP-8_2.tpl ninja-PHP-8_2.tpl

Now edit file ninja-PHP-8_2.tpl and modify this:

php_admin_value[open_basedir] = /home/%user%/.composer:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/private:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

by this:

php_admin_value[open_basedir] = /home/%user%/.composer:/home/%user%/web/%domain%:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/private:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

Save the file, edit your web site in Hestia and change its Backend Template to this new one.

I hope this helps.

Cheers,
sahsanu

1 Like

Is it possible to setup in a custom template also php memory usage instead of changing it at the global level?

Yes you can …

What would i need to add to the template for the memory consumption and even file upload size?

Sadly changing the line as you suggests breaks the software for me as I get an error 500.

Looking at the browser console I get an error 503 service unavailable. I am wondering if I should reach out to the software vendors about this?

But you get the error always or only when trying to update?

I suppose the problem is that dir /home/jaquilina/web/billing.eagleeyet.net doesn’t have write perms, you could add write perms to that directory but Hestia will change again perms to read only for security reasons.

I would try to reach the vendor to know why it needs to create dirs outside the docroot to update.

I was getting that error not when updating this was when trying to access the web application.

I got a reply from Invoice Ninja dev and he said it normally means one needs to increase php memory limits but still doesnt seem to resolve that issue.

Checking the log you will get more info about the reason for the internal error.

Just to test:

chmod 751 /home/jaquilina/web/billing.eagleeyet.net

And try to access your site again.

Morning,

Not sure if the chmod change you suggeted I do helped any.

Seems like with the template im getting

[Tue Oct 17 04:01:17.095554 2023] [proxy:error] [pid 1451866:tid 140201103353600] (111)Connection refused: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php8.1-fpm-billing.eagleeyet.net.sock (*:80) failed
[Tue Oct 17 04:01:17.095606 2023] [proxy_fcgi:error] [pid 1451866:tid 140201103353600] [client 195.158.94.198:0] AH01079: failed to make connection to backend: httpd-UDS

This template seems to be refusing the connection. Also How do I go about setting the Memory usage in the template?

Also the proxy template im using is the hosting template, is that fine?

There is no need to change the memory limit in the template, create a .user.ini (it has a dot in front) file in your public_html dir with the memory_limit you need, for example:

memory_limit = 256M

The only difference between default and hosting templates is this directive:

disable_symlinks if_not_owner from=%docroot%;

So, if you are not using symbolic links it is fine.

Did you create the right php-fpm template and changed it for your site? Show the output of these commands.

ls -l /usr/local/hestia/data/templates/web/php-fpm/
v-list-web-domain jaquilina billing.eagleeyet.net
1 Like

@eris any feedback on this please as I would like to reduce the memory footprint used by php on a global scale and manage this in the template.

A question can copy the php 8.1 template with a new name and make the changes there?

Also what happens when I update to a newer php version?

Yes you can they will remain untouched,…

Thanks for the confirmation. Would it make sense to add php memory limits in the template as well as it was sugested I create a user.ini

changing the template for open_basedir to

php_admin_value[open_basedir] = /home/%user%/.composer:/home/%user%/web/%domain%:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/private:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

I end up getting an error 500, then upon looking at the browser console more specifically it shows an error 503 service unavailable.

Reverting to the original open_base dir the application works.

There is a bit of an issue in the directive you had provided that i needed to place in the new template file

php_admin_value[open_basedir] = /home/%user%/.composer:/home/%user%/web/%domain%:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/private:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

I had another template which had the open_basedir in it with

php_admin_value[open_basedir] = /: /home/%user%/.composer:/home/%user%/web/%domain%:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/private:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/tmp:/var/www/html:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.