Php-updater - a script to upgrade php in a safe way

php-updater is a script to upgrade (migrate php from one version to an other) on ā†’ debian based distributions ā†

my motivations

Iā€™ve been on this forum for quite some time now and have seen countless times how administrators get into trouble every time the php version needs to be changed.

Because a PHP version does not - as is common with many other packages - exclude other versions and several versions can easily be operated side by side - there are also several APIs that are used to communicate with PHP, each of which has its own configuration files one can easily imagine that switching from one version to an other using the usual means such as apt, apt-get, apt-fast, aptitude or even synaptic alone is not always successful.

Some admins have painstakingly optimized their php-fpm and, for example, adjusted the directories in which the log files should be written. For this alone, at least two, but usually three or more files have to be edited: /etc/php/<version>/fpm/php.ini, /etc/php/<version>/fpm/php-fpm.conf and /etc/logrotate.d/php<version>-fpm
Then some admins also made changes to the moduleā€™s own ini files under /etc/php/<version>/mods-available/*.ini
Itā€™s all too understandable when one or two adjustments are forgotten and then, after an update, the server suddenly becomes just as slow and unwieldy as it was before the last optimization or even no longer works at all.
So a long time ago I scripted the entire procedure and used it to carry out my up- and downgrades. Then I started making the script publicly available so that others can also benefit from it.

It is now the most downloaded script from my library. That motivated me to continue to expand and perfect it. To set it up for all eventualities that I donā€™t need for my own use because I always work according to the same scheme, but of course I canā€™t expect that if the script is used in other environments where Iā€™m not an admin.

It now comes with the information of all php.ini directives for as long as they can be looked up from the php.net website. An integrated awk driven function guarantees that this information is always up to date.

There are still features I want to add, such as a first installation, integrated tips for the best switches for a nextcloud system and the handling of the alternatives mechanism.

Installation of the script:

sudo wget -qO /usr/local/bin/php-updater https://global-social.net/script/php-updater
sudo chmod +x /usr/local/bin/php-updater
Explanation:
  • the first line downloads the script into the directory /usr/local/bin
  • the second line makes it executable

You only need to install it once.
As all of my scripts, it comes signed and does an integrity check on the first run and checks for updates on every startup.

Simply run it:

php-updater

meanwhile it is self explanatory and a source of good information about the complete php realm on your server.


Restriction:

This script is intended for use on conventional ā€œbarremetalā€ linux server installations or dedicated virtual machines running debian based Linux. It does not work on the Virtual Machines from HanssonIT and*) in containerized appliances like snap, lxc, docker, aio etc.

*) The virtual machines from HanssonIT are fully supported by this script.


If you have any difficulty with this script, donā€™t hesitate to ask me for help.


Much and good luck

ernolf

19 Likes

When I ran php-upgrader,I got some error message,why? What can I do?

root@nextcloud /var/www# php-updater 
.. loading modules - integrity
     First run, checking integrity:
     ===========================================================================
gpg:                using RSA key xxxxxxxxxxxx
     ---------------------------------------------------------------------------
     - Integrity check failed. The script may have been modified or tampered with!
     ---------------------------------------------------------------------------
     You should run:
     sudo wget -O /usr/local/bin/php-updater https://global-social.net/apps/raw/s/php-updater
     to fix this.
     ===========================================================================
exitingā€¦

I executed

sudo wget -O /usr/local/bin/php-updater https://global-social.net/apps/raw/s/php-updater

again and the result was still the same

Could you provide some more specs of your system please?
It looks like you have a problem with sed

What says

sed --version

ernolf

root@nextcloud ~# sed --version
sed (GNU sed) 4.7
Packaged by Debian
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

OK. Even though that version is a museum, it should work.

How about:

ā€¦ ?
And ā€¦
is any mandatory access control system like SELinux or AppArmor activated on your system?


ernolf

Hello dear users and not yet users of the php-updater script,

First of all, I would like to thank you for the many thousands of downloads and intensive use of this script. This shows me that I have started something for which there is obviously a huge need. I would also like to thank you for the few but very positive feedback that I received.

:heart:

it is with a little bit of pride that I can announce that php-updater has now significantly expanded its range of functionalities.
In addition to:

:white_check_mark: providing detailed informations about the installed php packages, which cannot be displayed at once in any other apt or dpkg tool

:white_check_mark: the function of installing a new php version that adapts all the settings from a freely selectable already installed version

ā€¦if you have several installed php versions:

:white_check_mark: switch back and forth from one to another php version including the web server, be it using libapache2-mod-php or php-fpm, be it apache2 or nginx

ā€¦if both, libapache2-mod-php and php-fpm are installed on a system with apache2

:white_check_mark: switch from one SAPI to the other.

ā€¦ extensive checks are carried out to identify known vulnerabilities in the configuration and suggest improvements. Where the script doesnā€™t find anything today, it may be able to make a valuable suggestion for improvement a week later, as it is constantly being developed further.

Every single step is explained and the user is free to take the step offered or simply stop at any point. It can be re-started over and over again as each step is executed instantly, just as the user decides. This means that completed steps are no longer queried and the search simply continues on next start until a step that has not been completed is found.

Users of the NcVM (from HanssonIT) can now let this script scan it. Optimizations that are not included in the VM are added. It will replace poorly built modules and sometimes unnecessary or even incorrectly placed configurations. The script can recognize and deal with custom fpm-pools, as they are used in the NcVM.

For example, an installed PHP8.1 can be updated to PHP 8.2 or 8.3 in a few minutes without taking the machine offline. This is a huge improvement compared to stories from the past about sacrificed long weekends with many failed attempts and as result: a bricked server only throwing ā€œinternal server errorā€ :wink:

By expanding the functionality, the script is now also an advantage if you donā€™t want or needs to update your PHP version but if you just want to slim it down or have it scanned for errors or possible optimizations.


Much and good luck,
ernolf

5 Likes

Hello @ernolf
Thanks a lot for your script.
I was on debian 11 with NC25 until yesterday. I have upgraded php 7.4 to 8.0 with your php-updater. Then upgraded manually NC25 to NC26. Then it was possible to upgrade debian 11 to 12 with php 8.2, and finally NC26 to 27 to 28 to 29.
It was a bit tricky on debian to make the step from your packages of php to the official php8.2 and to delete your apt source. But it is possible, with little steps.
A big thanks to you.

2 Likes

Thanks a lot for your great and I mean great script @ernolf !

I struggled before to update PHP 7.4 to 8.1 in the HanssonIT image, but succeeded in the end through much trial and error (and frequent use of the snapshot restore function of ESXi), and an earlier version of your script.
Although I did document my steps (and shared them here as well), I dreaded the upgrade process for 8.1 to 8.3. But your script made it a breeze, especially the automatic ā€˜migrationā€™ of modified configuration entries in the .ini files.

You sir, are a lifesaver!

1 Like

Hi @ernolf. You are a godsend. :slight_smile:

I wanted to let you know I ran the updater for php-8.1 to php-8.3 and it worked nearly perfectly, the only issue was a missing module for redis after the updater. I installed it and now everything is perfect.

Love the GUI of the updater.

1 Like

Wow! Nice job. Works well and for those looking to improve their bash scripting skills a great learning tool! if it was on ā€œgit whateverā€ would follow and give stars.

1 Like

Thank you for your kind feedback. :heart:

Here you find it on ā€œgit whateverā€ :wink:

feel free to give :stars:


ernolf

1 Like

I used the script to add php 8.0 on system running 7.4. I switched to 8.0. Now i want to install 8.3 how can i ? Because whenever i run the php-updater it doesnā€™t give me option to install new version rather i can only switch between them.

BTW great script. I was doing a testing and found this to be very helpful

1 Like

Run

php-updater 8.0 8.3

Much and good luck,
ernolf

edited : Sorry too soon i repliedā€¦

It is going in loop


Donā€™t know why
i tried 7.4 8.0 same

Could you please send me the log echo from

ā€œ/tmp/ebtb-logfiles/php-updater.logā€

and the output of

php-updater --list-installed

Please send me per PM, not hereā€¦


ernolf

Sorry late replyā€¦ I deleted that instance (As it was test).
Today i will am recreating it will check the situation again.

Also want to update yesterday when i recreated the system (last 7 days doing this delete/recreate for testing)
I installed 8.2 on the system (7.4 was already there)
i did this ā€œapt remove 7.*ā€ and than i did ā€œphp-updater 8.2 8.3ā€ it worked
Yesterday i had 8.2 and 8.3 both still i deleted 8.2 with apt remove and got only 8.3.

Today will check this

Install 8.0 on 7.4 system
Than try to add 8.3 on it.

provide you privately output of below
ā€œ/tmp/ebtb-logfiles/php-updater.logā€
php-updater --list-installed

I will update soon. Just be patient.

I only offered to look in the log files so that I could possibly find out the cause of the strange loop behavior because you asked me to help you. I couldnā€™t reproduce the behavior in a single test instance here.
So if that doesnā€™t happen anymore, then all the better. You donā€™t have to provoke it. The script is intended to help transfer settings from one PHP version to the next, not as a computer game.

And thatā€™s exactly not what my help is for. I really put hundreds of hours into creating this script so that the need for active help becomes the exception. Not so that I have to spend extra time dealing with hypothetical test instances that will be demolished anyway.

I donā€™t understand why youā€™re still messing around with PHP 7.4. Why and where do you still need it today? Itā€™s long since end of life. So Nextcloud hasnā€™t been able to do anything with it for quite some time.

No, I donā€™t need that anymore. Itā€™s just a test anyway. My time is too valuable for that. Especially since you found a solution yourself to get rid of the problem by purging the old PHP version.
:wink:


Much and good luck,
ernolf

2 Likes

Thank you sir ! I appreciate your reply.

1 Like

Iā€™m getting an error when trying to update php from 8i.2 to 8.3 on my debian server running nginx and NextCloud (29.0.3):

  • Please be aware that a malicious configuration under php-8.2 will also be migrated.

Iā€™m trying to figure out how serious or not this issue is ?

Hi @salcoast,

That is not an error message. It is just to inform you that there is no magic to check if you have misconfigured directives at that point. The settings will be transferred to the new version exactly as they are. The only thing you get from the script, is the recommendations and changelogs to the apropriate directive as published on php.net So it is up to you to configure your PHP correctly and make the right choices. The script is just a help to transfer everything to a higher version without forgetting or overlooking any files or directives.

As i explained, it is no ā€œIssueā€ :wink:


Much and good luck,
ernolf