cloud-hosting-platform/cloud-apache-container
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: OLS tier images — cac-lsphp (detached lsphp) + shared-ols #19

Merged
jknapp merged 7 commits from feature/cac-lsphp-image into trunk 2026-06-10 16:56:38 +00:00
Conversation 2 Commits 7 Files Changed 11 +40
3 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 7552760ba0 - Show all commits

1
Dockerfile.lsphp
View File

@@ -41,6 +41,7 @@ RUN apt-get update && \
COPY ./scripts/entrypoint-lsphp.sh \ COPY ./scripts/entrypoint-lsphp.sh \
./scripts/detect-memory-lsphp.sh \ ./scripts/detect-memory-lsphp.sh \
./scripts/healthcheck-lsphp.sh \ ./scripts/healthcheck-lsphp.sh \
./scripts/cac-lsphp-normalize.php \
/scripts/ /scripts/
RUN chmod +x /scripts/entrypoint-lsphp.sh /scripts/detect-memory-lsphp.sh /scripts/healthcheck-lsphp.sh RUN chmod +x /scripts/entrypoint-lsphp.sh /scripts/detect-memory-lsphp.sh /scripts/healthcheck-lsphp.sh

30
scripts/cac-lsphp-normalize.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
/**
* cac-lsphp $_SERVER path normaliser (auto_prepend).
*
* The shared-ols container serves from its bulk /docker/users->/mnt/users mount,
* so OLS sends lsphp $_SERVER['DOCUMENT_ROOT'] / ['SCRIPT_FILENAME'] under
* /mnt/users/<user>/<domain>/... . The sidecar symlinks that back to the real
* /home/<user> mount, so file operations resolve and PHP's own __FILE__/__DIR__/
* realpath()/getcwd() already report /home/<user>/public_html. But the RAW env
* strings OLS set still read /mnt/users, which would leak to the (uncommon) apps
* that build or compare paths from $_SERVER['DOCUMENT_ROOT'].
*
* Canonicalise those two via realpath() so cac-lsphp is byte-for-byte 1:1 with
* cac-fpm/cac-litespeed (where DOCUMENT_ROOT is natively /home/<user>/public_html).
* Cheap (two realpath calls, cached by realpath_cache) and side-effect-free.
*
* Customer sites have no auto_prepend by default, so this is the only prepend in
* play. If a site sets its own auto_prepend_file via .user.ini it overrides this
* (theirs wins) — acceptable: paths still resolve via the symlink, only the raw
* string differs.
*/
foreach (array('DOCUMENT_ROOT', 'SCRIPT_FILENAME') as $__cl_key) {
if (!empty($_SERVER[$__cl_key]) && strncmp($_SERVER[$__cl_key], '/mnt/users/', 11) === 0) {
$__cl_real = realpath($_SERVER[$__cl_key]);
if ($__cl_real !== false) {
$_SERVER[$__cl_key] = $__cl_real;
}
}
}
unset($__cl_key, $__cl_real);

9
scripts/entrypoint-lsphp.sh
View File

@@ -90,6 +90,15 @@ if [ -n "$SCAN_DIR" ]; then
; rendered at container start by entrypoint-lsphp.sh ; rendered at container start by entrypoint-lsphp.sh
error_log = /home/${user}/logs/php-fpm/error.log error_log = /home/${user}/logs/php-fpm/error.log
log_errors = On log_errors = On
EOF
## Normalise \$_SERVER['DOCUMENT_ROOT']/['SCRIPT_FILENAME'] from the OLS-sent
## /mnt/users path back to /home/<user> so cac-lsphp is byte-for-byte 1:1 with
## cac-fpm. Customer sites have no auto_prepend by default, so this is safe; a
## site that sets its own .user.ini auto_prepend overrides it (paths still
## resolve via the symlink either way).
cat > "$SCAN_DIR/99-cac-lsphp-normalize.ini" <<'EOF'
; rendered at container start by entrypoint-lsphp.sh
auto_prepend_file = /scripts/cac-lsphp-normalize.php
EOF EOF
## Per-site opcache override (panel: Advanced Tuning → OpCache size); falls ## Per-site opcache override (panel: Advanced Tuning → OpCache size); falls
## back to the baked lsphp-overrides.ini defaults when unset. ## back to the baked lsphp-overrides.ini defaults when unset.