Last active
June 15, 2023 06:04
-
-
Save rkok/b6fb6f1b2ad1603f5c6ed3e97ca448ae to your computer and use it in GitHub Desktop.
Plesk auto_prepend_file installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
############################################################ | |
# For every domain on a Plesk server: | |
# | |
# - Sets a desired PHP auto_prepend_file | |
# - Patches open_basedir (if necessary) | |
# - Strips any Wordfence WAF open_basedir override (make sure your custom prepend file re-includes it!) | |
# | |
# Only tested on RedHat-like servers with Plesk Obsidian 18.0.52 | |
# Use at your own risk | |
############################################################ | |
set -e | |
# CHANGE THESE AS DESIRED | |
prepend_dir="/var/www/myprepend" | |
prepend_file="$prepend_dir/myprepend.php" | |
if [ ! -d "/opt/plesk/php" ]; then | |
echo "Couldn't find PHP dir /opt/plesk/php" >&2 | |
exit 1 | |
fi | |
php_ini_changed=0 | |
echo "Configuring global auto_prepend_file ..." | |
for config in /opt/plesk/php/*/etc/php.ini; do | |
echo -n "$config: " | |
existing_prepend="$(cat $config | grep "^auto_prepend_file" | tr -d '\r' | cut -d= -f2)" | |
if [ -n "$existing_prepend" ]; then | |
if ! echo "$existing_prepend" | grep -q "$prepend_file"; then | |
echo "Conflicting prepend: '$existing_prepend'" >&2 | |
exit 1 | |
else | |
echo "Already configured" | |
fi | |
else | |
new_prepend="auto_prepend_file=$prepend_file" | |
echo "Adding $new_prepend ..." | |
echo "$new_prepend" >> "$config" | |
php_ini_changed=1 | |
fi | |
done | |
if [ "$php_ini_changed" == "1" ]; then | |
ps -ef | grep -q lsphp && killall -9 lsphp || true | |
systemctl | grep -q lshttpd && systemctl restart lshttpd | |
systemctl | grep fpm | awk '{print $1}' | while read -r service; do | |
systemctl restart "$service" | |
done | |
fi | |
echo -e "\nConfiguring domains ..." | |
plesk db -N -e ' | |
select d.name domain, dp.val setting_id, p.value as open_basedir | |
from psa.domains d | |
join psa.dom_param dp on d.id = dp.dom_id and dp.param = "phpSettingsId" | |
join psa.PhpSettingsParameters p on dp.val = p.id and p.name = "open_basedir"; | |
' | while read -r domain setting_id open_basedir; do | |
echo -e "\n********** $domain **********" | |
webroot="/var/www/vhosts/$domain/httpdocs" | |
if [ ! -d "$webroot" ]; then | |
echo "Webroot not found: $webroot, skipping ..." >&2 | |
continue | |
fi | |
if [ "$open_basedir" == "none" ] || echo "$open_basedir" | grep -q "$prepend_dir"; then | |
echo "Already configured" | |
else | |
new_open_basedir="$open_basedir{:}$prepend_dir" | |
echo "Setting open_basedir=$new_open_basedir ..." | |
plesk db -e "update PhpSettingsParameters set value='$new_open_basedir' where name = 'open_basedir' and id = $setting_id" | |
echo "Triggering settings update ..." | |
/usr/local/psa/bin/domain --update-php-settings "$domain" | |
fi | |
for file in $webroot/.{htaccess,user.ini}; do | |
if [ -f "$file" ] && grep -q 'Wordfence WAF' "$file"; then | |
echo "Stripping Wordfence WAF from $file ..." | |
sed -i '/^[;#] Wordfence WAF/,/[;#] END Wordfence WAF/d' "$file" | |
fi | |
done | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment