Does cPanel still require PostgreSQL to be installed?

[Spork Schivago]

Hi,

Long story short, I had to enable the Experimental Apache Jail option and because of this, disable Mod RUID2. I went into EasyApache 3 afterwards and was enabling the Symlink patch. I noticed the PostgreSQL PHP module was enabled but there was an exclamation point next to it because PostgreSQL isn't installed. Do I really need to install PostgreSQL for cPanel to function properly? I've been using MariaDB and didn't notice any problems with the PostgreSQL PHP module being enabled but PostgreSQL not being installed. If I uncheck the PHP module, EasyApache 3 fails.

If it is required, do I have to configure it and add a user, even though I'll never use it? I noticed in the Configure PostgreSQL option in cPanel this:

This utility will install a Postgres authentication configuration file that uses md5 passwords which works with cPanel. If you already have a working Postgres setup this will overwrite your current pg_hba.conf. You should not use this unless you are installing Postgres for the first time.

Isn't md5 passwords a horrible idea because of all the collisions with MD5? Thanks!

 

[Infopro]

Do I really need to install PostgreSQL for cPanel to function properly?

Not that I'm aware of. It's not installed on any of my servers with EA3.

If I uncheck the PHP module, EasyApache 3 fails.

Is there anything in the output that explains the fail? That part is important to know I think.

 

[Spork Schivago]

Not that I'm aware of. It's not installed on any of my servers with EA3.



Is there anything in the output that explains the fail? That part is important to know I think.

Yes. It says something about cpphp failing because of the PHP PostgreSQL module not being installed. I'll rebuild and give you the exact message. How can I go about removing PostgreSQL now? I installed via the cPanel script /usr/local/cpanel/scripts/installpostgres

I'm running CentOS 6.8 Final. Should I just try using yum to remove it? I notice yum info postgresql shows it's installed now (the x86_64 version). I'm wondering if the script installed other stuff though and maybe using yum alone isn't enough.

 

[Spork Schivago]

The PHP module is:

PGsql

The module says:

Requires PostgreSQL 7.3 or higher to already be installed. You can do that with /usr/local/cpanel/scripts/installpostgres

I uncheck PGsql and I get this message:

Info:
'PGsql' was enabled by 'Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp'

Somehow, before, I was able to disable the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp. I'll try finding that Save my profile with appropriate PHP 5 options set option and disable it to get the appropriate error message.

 

[Spork Schivago]

Okay, I found the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp. When I go to the Extensive Options list, it's listed near the end of the PHP 5.6.23 section. So, I uncheck that and I make sure PGsql is unchecked but everything else in the Save my profile with appropriate PHP 5 (etc) stuff is checked and I click save and build.

I'm letting it rebuild. Now that PostgreSQL is installed, it might not error out, I dunno. When I got the error, it tried contacting cPanel to let them know and I had to enter all my info but I canceled it and went here instead. I couldn't get back to the error window because the popup window was blocking it and couldn't be moved. Hopefully it's saving the output to some file and I can just look through that or read enough about the error to give helpful information.

 

[Spork Schivago]

It seems to work fine with that option turned off and the PGsql module not enabled but PostgreSQL installed. Let me try removing PostgreSQL and try again.

 

[Spork Schivago]

Hmm, interesting. I found the old build log, it was an issue with the suphp_paths.patch located under /home/cpeasyapache/src/cppatch/.

The error message was:

Patch test failed; ''../cppatch/01_suphp_paths.patch

It must have been some fluke or something, I can't seem to regenerate the error message. I removed PostgreSQL along with the library, devel packages, server, etc. I looked at the script to see what was installed and just used yum to remove it all. I can't figure out what happened, obviously suPHP doesn't have anything to do with PostgreSQL...

Out of curiosity, if cPanel doesn't break with PostgreSQL not being installed, should the PGsql module be enabled when the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp option is checked? Seems like it's no longer needed and someone just forgot to remove that PGsql option from the list...

 

[Infopro]

should the PGsql module be enabled when the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp option is checked?

I can't properly answer that. I've never checked that option ever, as far as I know.

Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp
     
This option will make the following changes to your profile prior to the build:

Enables:
  CurlSSL
  FTP
  GD
  Gettext
  Iconv
  Imap
  Mbregex
  Mbstring
  Mysql
  Mysql of the system
  PGsql
  Sockets
  System Timezone
  Zlib

Disables:
  MailHeaders

 

[Spork Schivago]

It just seems that cPanel does not break when the PHP PGsql module is disabled. The modules that are listed under the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp option list PGsql, implying without that module, cPanel will break. PGsql seems to require PostgreSQL and I haven't had that installed.

I wonder if one point in time cPanel did require PostgreSQL but no longer does? Maybe cPanel should remove the PGsql option from the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp option. Just a thought.

Thanks for trying to help! It's much appreciated

 

[cPanelMichael]

I wonder if one point in time cPanel did require PostgreSQL but no longer does? Maybe cPanel should remove the PGsql option from the Save my profile with appropriate PHP 5 options set so that it is compatible with cpphp option. Just a thought.

Hello,

You should no longer encounter this issue with EasyApache 4:

Introduction to EasyApache 4 - EasyApache 4 - cPanel Documentation

Thanks!

 

[Spork Schivago]

EasyApache 4 is nice. I question whether ModSecurity is setup and running properly because there's nothing in the logs like there usually is. I mean, when Apache starts up (or maybe shuts down), I see stuff in Apache's logs about modsecurity loading (or unloading) but I don't see anything in the modsecurity logs. It also seems I have no real options for protecting against symlink attacks. I can't update the kernel because I'm in a virtual environment, if I could afford to upgrade to CloudLinux, from reading the documentation, running CentOS 6 in a virtual environment doesn't really give me a lot of features, so I might not have symlink protection, the software patch is missing from EasyApache4 but isn't the best option either. I know I can add it and maybe I'll do that.

Either way, EasyApache4 seems to be the way to go. It automatically finds incompatible stuff, like ModRUID2 and modsecurity, etc.

 

[cPanelMichael]

I question whether ModSecurity is setup and running properly because there's nothing in the logs like there usually is. I mean, when Apache starts up (or maybe shuts down), I see stuff in Apache's logs about modsecurity loading (or unloading) but I don't see anything in the modsecurity logs.

Feel free to open a separate thread for this issue if you would like for us to take a closer look.

Thanks!

 

[Spork Schivago]

I created a ticket for it and the problem is now solved. I just wanted to update you on the outcome. As it turns out, somehow, modsecurity was disabled. The cPanel experts weren't able to figure out how it got uninstalled, nor were they able to duplicate the problem. It's still enabled under the ModSecurity Vendors, so that's good. We're thinking just some sort of fluke.

 

[cPanelMichael]

I created a ticket for it and the problem is now solved. I just wanted to update you on the outcome. As it turns out, somehow, modsecurity was disabled. The cPanel experts weren't able to figure out how it got uninstalled, nor were they able to duplicate the problem. It's still enabled under the ModSecurity Vendors, so that's good. We're thinking just some sort of fluke.

I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.