[horde] Successful Horde migration to PHP7.0 - can we compare configs?

Andy Dorman adorman at ironicdesign.com
Mon Apr 3 14:56:44 UTC 2017 

On 04/03/2017 08:40 AM, Torben Dannhauer wrote:
> Dear Horde Devs, Dear Community,
>
> Recently I finished my horde migration to a PHP7.0 machine using Apache 2.4
> and PHP7.0 FPM via mod_proxy_fcgi.
>
> It required some manual patching of non-horde pear packages (trivial
> changes). Additionally some Horde packages had to installed using the -force
> switch.
>
> Besides this minor issues, it works like a charm. Even some bugs and itches
> I encountered with PHP 5.6 disappeared using PHP 7.0.
>
> Many thanks to Mike and the whole Horde dev Team for the very fast and
> highly supportive debugging sessions - your service was great (as always..)
>
> When talking about PHP 7.0: What is the current status of Horde 5.3 / 6.0
> release? What are your plans? Are there ways to push things forward
> (funding, crownd sourcing)?
>
> Thanks again,
>
> Torben
>

Thanks.  That is encouraging news.

Would it be possible for you to share what version of Apache you are 
using and what the applicable Apache 2.4 config files look like?

Our Debian dev server is successfully using PHP 7, but we have an Apache 
2.4.xx issue that needs to be fixed before we update our production servers.

We have not been able to use any Apache version past 2.4.22 since last 
summer (fetching IMAP folders fails).  It appears to be a security issue 
with Apache not passing required info to PHP FPM, and I thought it was 
fixed with a patch in Apache 2.4.25.  But about a day after thinking it 
fixed and upgrading Apache on our dev server, fetching the IMAP folders 
stopped working again after rebooting.

So if PHP 7 FPM and a later Apache version are working for you, then I 
may have something mis-configured in my Apache php fpm config files. 
Here is what I am currently using successfully with Apache 2.4.10 and 
PHP FPM 7.0.16 on our dev server that fails when Apache upgraded to 2.4.25:

Apache2.conf
=====================
...
> <Directory /var/www>
> 	Options Indexes FollowSymLinks
> 	AllowOverride None
> 	Require all granted
> </Directory>
>
> # AccessFileName: The name of the file to look for in each directory
> # for additional configuration directives.  See also the AllowOverride
> # directive.
> #
> AccessFileName .htaccess
...

Security.conf
=====================
...
> # specify a preference for specific speed-optimized ciphers (which will be
> # selected by mod_ssl, provided that they are supported by the client):
> SSLProtocol All -SSLv2 -SSLv3
> SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
> SSLHonorCipherOrder on


php-horde.conf (Debian stores horde in /usr/share/horde/)
=====================
> Alias /horde /usr/share/horde
>
> # http://wiki.horde.org/ActiveSync
> Alias /Microsoft-Server-ActiveSync /usr/share/horde/rpc.php
> Alias /autodiscover/autodiscover.xml /usr/share/horde/rpc.php
> Alias /Autodiscover/Autodiscover.xml /usr/share/horde/rpc.php
> Alias /AutoDiscover/AutoDiscover.xml /usr/share/horde/rpc.php
>
> <Directory /usr/share/horde>
>     AllowOverride Limit FileInfo AuthConfig
> </Directory>


z.anydomain.anymail.com.conf (for many domains using Horde webmail)
======================
> <VirtualHost *:80>
>   ServerName mail.fanmail.com
>   ServerAlias *mail.*.*
>   ServerAlias *mail.*.*.*
>   ServerAlias beta.*mail.*.*
>   DirectoryIndex index.php
>   DocumentRoot /usr/share/horde/
>   SuexecUserGroup antespam antespam
>   IPCCommTimeout 120
>   Redirect permanent /.well-known/caldav /rpc.php
>   ProxyPassMatch ^/Microsoft-Server-ActiveSync$ fcgi://127.0.0.1:9000/usr/share/horde/rpc.php$1
>
>   ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/horde/$1
> </VirtualHost>


Thanks for sharing your configs or pointing out any glaring differences 
you see between the above and yours.

Sincere regards,

-- 
Andy Dorman

More information about the horde mailing list