Bug Fixes

PDowney · web-flow · commit a205dcbe516b · 2025-07-15T03:02:04.000-04:00
Testing openssl configuration changes to reduce issues with version 3.5
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,21 @@
-# Changelog
+# Chan## 2025-07-14
+
+### 🚨 NGINX BUILD SYSTEM CRITICAL FIXES
+- **Permission Issues Resolved**: Fixed critical permission errors preventing nginx from starting
+  - **Directory Creation**: Ensured all nginx directories exist before setting permissions
+  - **SSL Certificate Permissions**: Added proper ownership and permissions for SSL certificate files
+  - **Service User Management**: Added www-data user creation if missing
+  - **Log Directory Access**: Fixed permission denied errors for nginx error and access logs
+- **Service Management**: Enhanced nginx service installation and startup process
+  - **Configuration Testing**: Added nginx configuration validation before service startup
+  - **Service Status Verification**: Implemented proper service status checking and error reporting
+  - **Startup Sequence**: Improved service start sequence with proper error handling
+- **Compilation Warnings Reduction**: Minimized OpenSSL compilation warnings
+  - **Padlock Engine**: Disabled problematic padlock engine causing buffer overflow warnings
+  - **Compiler Flags**: Added warning suppression flags for stringop-overflow in OpenSSL
+  - **Build Optimization**: Maintained security while reducing build noise
+
+### 🚨 ADMIN CONTROL PANEL CRITICAL FIXog
 
 All notable changes to EngineScript will be documented in this file.
 
diff --git a/scripts/functions/cron/permissions.sh b/scripts/functions/cron/permissions.sh
@@ -11,6 +11,8 @@
 source /usr/local/bin/enginescript/enginescript-variables.txt
 source /home/EngineScript/enginescript-install-options.txt
 
+# Source shared functions library
+source /usr/local/bin/enginescript/scripts/functions/shared/enginescript-common.sh
 
 
 #----------------------------------------------------------------------------------
@@ -43,28 +45,10 @@ do
 done
 
 # Assign Nginx Permissions
-chown -R www-data:www-data /etc/nginx
-chown -R www-data:www-data /tmp/nginx_proxy
-chown -R www-data:www-data /usr/lib/nginx/modules
-chown -R www-data:www-data /var/cache/nginx
-chown -R www-data:www-data /var/lib/nginx
-chown -R www-data:www-data /var/log/domains
-chown -R www-data:www-data /var/www
-chmod 775 /var/cache/nginx
+set_nginx_permissions
 
 # Assign PHP Permissions
-find /var/log/php -type d,f -exec chmod 775 {} \;
-find /var/log/opcache -type d,f -exec chmod 775 {} \;
-find /etc/php -type d,f -exec chmod 775 {} \;
-chmod 775 /var/cache/opcache
-chmod 775 /var/cache/php-sessions
-chmod 775 /var/cache/wsdlcache
-chown -R www-data:www-data /var/cache/opcache
-chown -R www-data:www-data /var/cache/php-sessions
-chown -R www-data:www-data /var/cache/wsdlcache
-chown -R www-data:www-data /var/log/opcache
-chown -R www-data:www-data /var/log/php
-chown -R www-data:www-data /etc/php
+set_php_permissions
 
 # Ensure correct socket ownership and permissions
 chown redis:redis /run/redis/redis-server.sock 2>/dev/null || true
diff --git a/scripts/functions/shared/enginescript-common.sh b/scripts/functions/shared/enginescript-common.sh
@@ -258,4 +258,44 @@ function set_enginescript_frontend_permissions() {
     find /etc/enginescript -type d -print0 | sudo xargs -0 chmod 0755
     find /etc/enginescript -type f -print0 | sudo xargs -0 chmod 0644
     chown -R www-data:www-data /etc/enginescript
-}
+}
+
+# Set permissions for Nginx directories and files
+function set_nginx_permissions() {
+    chown -R www-data:www-data /etc/nginx
+    chown -R www-data:www-data /tmp/nginx_proxy
+    chown -R www-data:www-data /usr/lib/nginx/modules
+    chown -R www-data:www-data /var/cache/nginx
+    chown -R www-data:www-data /var/lib/nginx
+    chown -R www-data:www-data /var/log/domains
+    chown -R www-data:www-data /var/log/nginx
+    chown -R www-data:www-data /var/www
+    chmod 775 /var/cache/nginx
+    chmod 755 /var/log/nginx
+    chmod 755 /var/log/domains
+
+    # Set proper permissions for SSL certificates
+    if [ -d "/etc/nginx/ssl" ]; then
+        chown -R root:www-data /etc/nginx/ssl
+        chmod -R 750 /etc/nginx/ssl
+        find /etc/nginx/ssl -name "*.key" -exec chmod 640 {} \;
+        find /etc/nginx/ssl -name "*.crt" -exec chmod 644 {} \;
+        find /etc/nginx/ssl -name "*.pem" -exec chmod 644 {} \;
+    fi
+}
+
+# Set permissions for PHP directories and files
+function set_php_permissions() {
+    find "/var/log/php" -type d,f -exec chmod 775 {} \;
+    find "/var/log/opcache" -type d,f -exec chmod 775 {} \;
+    find "/etc/php" -type d,f -exec chmod 775 {} \;
+    chmod 775 /var/cache/opcache
+    chmod 775 /var/cache/php-sessions
+    chmod 775 /var/cache/wsdlcache
+    chown -R www-data:www-data /var/cache/opcache
+    chown -R www-data:www-data /var/cache/php-sessions
+    chown -R www-data:www-data /var/cache/wsdlcache
+    chown -R www-data:www-data /var/log/opcache
+    chown -R www-data:www-data /var/log/php
+    chown -R www-data:www-data /etc/php
+}
diff --git a/scripts/install/nginx/nginx-compile.sh b/scripts/install/nginx/nginx-compile.sh
@@ -111,7 +111,7 @@ if [[ "${INSTALL_HTTP3}" == "1" ]];
       --builddir=nginx-${NGINX_VER} \
       --with-cc-opt="$CPU_SPECIFIC_FLAGS -DTCP_FASTOPEN=23 -O3 -fcode-hoisting -flto=auto -fPIC -fstack-protector-strong $LD_FLAG -Werror=format-security -Wformat -Wimplicit-fallthrough=0 -Wno-error=pointer-sign -Wno-implicit-function-declaration -Wno-int-conversion -Wno-cast-function-type -Wno-deprecated-declarations -Wno-error=date-time -Wno-error=strict-aliasing -Wno-format-extra-args --param=ssp-buffer-size=4" \
       --with-ld-opt="-Wl,-z,relro -Wl,-z,now -Wl,-s -fPIC -flto=auto $LD_FLAG" \
-      --with-openssl-opt="enable-ec_nistp_64_gcc_128 enable-ktls no-ssl3-method no-tls1_1-method no-tls-deprecated-ec no-weak-ssl-ciphers -fPIC -march=native" \
+      --with-openssl-opt="enable-ec_nistp_64_gcc_128 enable-ktls no-ssl3-method no-tls1_1-method no-tls-deprecated-ec no-weak-ssl-ciphers no-engine-padlock -fPIC -march=native" \
       --with-openssl=/usr/src/openssl-${OPENSSL_VER} \
       --with-libatomic \
       --with-file-aio \
@@ -158,7 +158,7 @@ if [[ "${INSTALL_HTTP3}" == "1" ]];
       --builddir=nginx-${NGINX_VER} \
       --with-cc-opt="$CPU_SPECIFIC_FLAGS -DTCP_FASTOPEN=23 -O3 -fcode-hoisting -flto=auto -fPIC -fstack-protector-strong $LD_FLAG -Werror=format-security -Wformat -Wimplicit-fallthrough=0 -Wno-error=pointer-sign -Wno-implicit-function-declaration -Wno-int-conversion -Wno-cast-function-type -Wno-deprecated-declarations -Wno-error=date-time -Wno-error=strict-aliasing -Wno-format-extra-args --param=ssp-buffer-size=4" \
       --with-ld-opt="-Wl,-z,relro -Wl,-z,now -Wl,-s -fPIC -flto=auto $LD_FLAG" \
-      --with-openssl-opt="enable-ec_nistp_64_gcc_128 enable-ktls no-ssl3-method no-tls1_1-method no-tls-deprecated-ec no-weak-ssl-ciphers -fPIC -march=native" \
+      --with-openssl-opt="enable-ec_nistp_64_gcc_128 enable-ktls no-ssl3-method no-tls1_1-method no-tls-deprecated-ec no-weak-ssl-ciphers no-engine-padlock -fPIC -march=native" \
       --with-openssl=/usr/src/openssl-${OPENSSL_VER} \
       --with-libatomic \
       --with-file-aio \
diff --git a/scripts/install/nginx/nginx-install.sh b/scripts/install/nginx/nginx-install.sh
@@ -14,6 +14,7 @@ source /home/EngineScript/enginescript-install-options.txt
 # Source shared functions library
 source /usr/local/bin/enginescript/scripts/functions/shared/enginescript-common.sh
 
+
 #----------------------------------------------------------------------------------
 # Start Main Script
 
@@ -82,6 +83,9 @@ debug_pause "SSL"
 print_last_errors
 debug_pause "Admin Password"
 
+# Assign Permissions BEFORE nginx tries to start
+set_nginx_permissions
+
 # Install Nginx Service
 /usr/local/bin/enginescript/scripts/install/nginx/nginx-service.sh 2>> /tmp/enginescript_install_errors.log
 print_last_errors
diff --git a/scripts/install/nginx/nginx-misc.sh b/scripts/install/nginx/nginx-misc.sh
@@ -11,6 +11,8 @@
 source /usr/local/bin/enginescript/enginescript-variables.txt
 source /home/EngineScript/enginescript-install-options.txt
 
+#Source shared functions library
+source /usr/local/bin/enginescript/scripts/functions/shared/enginescript-common.sh
 
 
 #----------------------------------------------------------------------------------
@@ -20,16 +22,21 @@ source /home/EngineScript/enginescript-install-options.txt
 cp -a /usr/local/bin/enginescript/config/etc/nginx/. /etc/nginx/
 sed -i "s|SEDPHPVER|${PHP_VER}|g" /etc/nginx/globals/php-fpm.conf
 
-# Assign Permissions
-chown -R www-data:www-data /etc/nginx
-chown -R www-data:www-data /tmp/nginx_proxy
-chown -R www-data:www-data /usr/lib/nginx/modules
-chown -R www-data:www-data /var/cache/nginx
-chown -R www-data:www-data /var/lib/nginx
-chown -R www-data:www-data /var/log/domains
-chown -R www-data:www-data /var/log/nginx
-chown -R www-data:www-data /var/www
-chmod 775 /var/cache/nginx
+# Create nginx user and group if they don't exist
+if ! id "www-data" &>/dev/null; then
+    useradd -r -s /bin/false www-data
+fi
+
+# Ensure all necessary directories exist
+mkdir -p /var/log/nginx
+mkdir -p /var/log/domains
+mkdir -p /var/cache/nginx
+mkdir -p /var/lib/nginx/{body,fastcgi,proxy}
+mkdir -p /tmp/nginx_proxy
+mkdir -p /usr/lib/nginx/modules
+
+# Assign Permissions BEFORE nginx tries to start
+set_nginx_permissions
 
 # Logrotate - Nginx and Domains
 cp -rf /usr/local/bin/enginescript/config/etc/logrotate.d/nginx /etc/logrotate.d/nginx
diff --git a/scripts/install/nginx/nginx-service.sh b/scripts/install/nginx/nginx-service.sh
@@ -30,6 +30,28 @@ fi
 rm -rf /usr/lib/systemd/system/nginx.service
 cp -rf /usr/local/bin/enginescript/config/etc/systemd/system/nginx.service /etc/systemd/system/nginx.service
 chmod 644 /etc/systemd/system/nginx.service
+
+# Reload systemd and enable nginx
 systemctl daemon-reload
 systemctl enable nginx
+
+# Verify nginx configuration before starting
+echo "Testing nginx configuration..."
+if ! /usr/sbin/nginx -t; then
+    echo "ERROR: Nginx configuration test failed!"
+    echo "Please check the configuration and fix any issues before starting nginx."
+    exit 1
+fi
+
+# Start nginx service
+echo "Starting nginx service..."
 systemctl start nginx
+
+# Verify nginx is running
+if systemctl is-active --quiet nginx; then
+    echo "PASSED: Nginx is running."
+else
+    echo "ERROR: Failed to start nginx service."
+    systemctl status nginx
+    exit 1
+fi
diff --git a/scripts/install/php/php-install.sh b/scripts/install/php/php-install.sh
@@ -15,7 +15,6 @@ source /home/EngineScript/enginescript-install-options.txt
 source /usr/local/bin/enginescript/scripts/functions/shared/enginescript-common.sh
 
 
-
 #----------------------------------------------------------------------------------
 # Start Main Script
 
@@ -82,18 +81,8 @@ touch "/var/log/php/php${PHP_VER}-fpm.log"
 #touch /var/log/php/php-www.log
 #touch /var/log/php/php-fpm.log
 
-find "/var/log/php" -type d,f -exec chmod 775 {} \;
-find "/var/log/opcache" -type d,f -exec chmod 775 {} \;
-find "/etc/php" -type d,f -exec chmod 775 {} \;
-chmod 775 /var/cache/opcache
-chmod 775 /var/cache/php-sessions
-chmod 775 /var/cache/wsdlcache
-chown -R www-data:www-data /var/cache/opcache
-chown -R www-data:www-data /var/cache/php-sessions
-chown -R www-data:www-data /var/cache/wsdlcache
-chown -R www-data:www-data /var/log/opcache
-chown -R www-data:www-data /var/log/php
-chown -R www-data:www-data /etc/php
+# Assign PHP Permissions
+set_php_permissions
 
 # Restart PHP
 restart_service "php${PHP_VER}-fpm"
diff --git a/scripts/update/nginx-update.sh b/scripts/update/nginx-update.sh
@@ -109,6 +109,18 @@ rm -rf /etc/nginx/{*.default,*.dpkg-dist}
 # Remove debug symbols
 strip -s /usr/sbin/nginx*
 
+# Assign Nginx Permissions
+set_nginx_permissions
+
+# Verify nginx configuration before starting
+echo "Testing nginx configuration..."
+if ! /usr/sbin/nginx -t; then
+    echo "ERROR: Nginx configuration test failed!"
+    echo "Please check the configuration and fix any issues before starting nginx."
+    exit 1
+fi
+
+# Start Nginx Service
 systemctl start nginx
 
 echo -e "\n\n=-=-=-=-=-=-=-=-=-\nNginx Info\n=-=-=-=-=-=-=-=-=-\n"
@@ -124,5 +136,6 @@ if [[ "${STATUS}" == "active" ]]; then
   echo "NGINX=1" >> /var/log/EngineScript/install-log.txt
 else
   echo "FAILED: Nginx not running. Please diagnose this issue before proceeding."
+    systemctl status nginx
     exit 1
 fi
diff --git a/scripts/update/php-update.sh b/scripts/update/php-update.sh
@@ -136,19 +136,8 @@ mkdir -p /var/log/php
 touch "/var/log/opcache/opcache.log"
 touch "/var/log/php/php${NEW_PHP_VER}-fpm.log"
 
-# Set permissions
-find "/var/log/php" -type d,f -exec chmod 775 {} \;
-find "/var/log/opcache" -type d,f -exec chmod 775 {} \;
-find "/etc/php" -type d,f -exec chmod 775 {} \;
-chmod 775 /var/cache/opcache
-chmod 775 /var/cache/php-sessions
-chmod 775 /var/cache/wsdlcache
-chown -R www-data:www-data /var/cache/opcache
-chown -R www-data:www-data /var/cache/php-sessions
-chown -R www-data:www-data /var/cache/wsdlcache
-chown -R www-data:www-data /var/log/opcache
-chown -R www-data:www-data /var/log/php
-chown -R www-data:www-data /etc/php
+# Assign PHP Permissions
+set_php_permissions
 
 # Update Nginx configuration to use new PHP version
 echo "Updating Nginx configuration for PHP ${NEW_PHP_VER}..."
