Custom vhost template ignored

[egifford_corexcel]

We discovered an issue on our server yesterday and wanted to see if anyone had a line of investigation that might lead me to figure out what happened.

The Problem

A customization to our httpd.conf got blown away and I'm trying to track down what happened. I don't know exactly when this happened, but it was discovered yesterday (2017_10_25).

The customization instructed Apache to process .htm and .html files through PHP-FPM for the SSL version of our website (we have a few .htm/.html files with PHP code).

I think I made the customization in such a way that it would be safe from EasyApache4's httpd.conf regeneration script.

If interested, here is the approach I used to make this change:
PHP-FPM: Add file extensions to proxy_fcgi_module configuration

Ideas

I don't know what caused our customized config to disappear. Here are some ideas:

1. Did an update to WHM reverted the change? I made the customizations on 2017-10-10. cPanel released updates on 2017-10-10, 2017-10-17, and 2017-10-23.
2. I've been working on the server and tweaking PHP configuration. Perhaps I triggered something that undid my customization.
3. Our security team went through the server hardening process last week. Maybe that triggered something that undid my customization. I have a query in with them about this.

I appreciate in any advice or help in advance.

Thanks,
Ed Gifford

 

[cPanelMichael]

Hi Ed,

Was this system updated to cPanel version 68? If so, note the following sections in the cPanel 68 Release Notes:

SSL storage modification
Custom SSL template configuration

Thank you.

 

[egifford_corexcel]

Hi Michael,

Thanks for your help. I should have included my version number for cPanel: 66.0.27. We're not on version 68 (yet). I'll keep these notes in mind for when we upgrade.

I should also include that when I noticed the issue with httpd.conf, rerunning /usr/local/cpanel/scripts/rebuildhttpdconf fixed it.

I'm still digging to see if I can replicate what happened. Some things I'm trying:

1. Changing Apache config through EasyApache4 UI. (This didn't replicate the issue.)
2. Change the installed packages via EasyApache4. (This didn't replicate the issue.)
3. Tweak PHP settings for vhosts through their cPanel accounts. (Haven't tried it yet.)
4. Go out and a few beers. (Haven't tried it yet for this particular problem.)

I'll update this thread if I figure this out.

 

[egifford_corexcel]

Here is what I think happened...

I've been busy customizing our PHP-FPM settings found in /var/cpanel/userdata/{user}/{domain}.php-fpm.yaml and then using /usr/local/cpanel/scripts/php_fpm_config --rebuild to deploy/regenerate my settings into /opt/cpanel/ea-php70/root/etc/php-fpm.d/{domain}.conf.

It is looking like that script is not respecting the VirtualHost changes that I made.

I've verified this by looking at httpd.conf before and after running the php_fpm_config script. The customizations go away after running the script.

My work around is to always run /usr/local/cpanel/scripts/rebuildhttpdconf after running the php_fpm_config script.

Am I using the php_fpm_config script incorrectly?

 

[cPanelMichael]

I've been busy customizing our PHP-FPM settings found in /var/cpanel/userdata/{user}/{domain}.php-fpm.yaml and then using /usr/local/cpanel/scripts/php_fpm_config --rebuild to deploy/regenerate my settings into /opt/cpanel/ea-php70/root/etc/php-fpm.d/{domain}.conf.

This looks to relate to internal case EA-5615, which is open to address a similiar report referenced on the following thread:

PHP-FPM PHP.ini configuration

Thank you.