tom/ansible
1
0
Fork 0
forked from infra/ansible
Code Issues Pull Requests Projects Releases Wiki Activity

web: split php pools into www and spaceapi

Browse Source 
prevent deadloks from crawlers that open lots of wiki pages which in
turn query the spaceapi
discovery and fix by voidptr
This commit is contained in:
Markus 2024-05-17 22:32:51 +02:00
parent b9e886fd01
commit d8e1e6edf4
7 changed files with 1147 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all/vars.yml
View File

@ -25,6 +25,9 @@ dhcp_omapi_key: "{{ vault_dhcp_omapi_key }}"
dss_domain: dss.binary-kitchen.de
dss_secret: "{{ vault_dss_secret }}"
fpm_status_user: admin
fpm_status_pass: "{{ vault_fpm_status_pass }}"
gitea_domain: git.binary-kitchen.de
gitea_dbname: gogs
gitea_dbuser: gogs

213
group_vars/all/vault.yml
View File

@ -1,106 +1,109 @@
$ANSIBLE_VAULT;1.1;AES256
61333062333563653966393334326633643564313063346266663461633538366662623937373738
3732396164303638643362316564393236353737346235380a666361396631656563303733343032
66396531313139343062363639636334373836306237363733393635346261313832366330303436
6362383638363931380a323066343834363138356662656439343131353330366532626538653434
64663834333563333263356532326262333938613432356233656238313365663661636334333066
63653561316239356638653834646261643564316535306133633832666365383238303364346466
63393164646330623061633039316638656566346663616661633464303237386261316262623533
63306266333063373333323030666264323564663032333637343134306231373964666630333538
63626363383836363639663830643530376361613466613666303933363563663763636635363132
36666432646233313663613563663565313537316164313964656461666336326331303035343062
35323363373130333935373035663635626666613236376261623934366235633738323430666330
33323130363839386331613334636531396665316336376265333231343763656637396437653733
64366565336132333131346463356236343934663332633830373939616434613561613564313837
34333039363962643333343961636165323766343531336465306438306365636137636662303165
35346530313134346432303862643735376331376432616136306537653266333434336663373931
35373235333937646165663238636232656336393330386161636435666637356632333832646137
30333233636266623165663538303639663466363337323330383962383139643532623462663564
63313262366236623232303732373136393139323562313733623763363864646432653037316465
34306261303035306436396262333131366562643166333130393438393636623034656163653131
65363530613064633462633238343834336538353766353766336132303333383164326363316365
31303532363838306338626662313234343134306531353765333237303962303339366233366632
35643565353766353962386135323765356130393731363633373238626332356637363339356437
30386361363837373434363939373361343862393364316537633463653862666164613730306565
36343762326337333235643862626566346235333934656631306461633934306230333365343731
64643835323061613230336234343438383938653761393133656137626434653532636466313439
31363362306539643635386237353466343733616334303762343964636533636662333661653839
34663264613033373965336635663131396334616432653462346634626535393761666237623936
31666439356261303134343938333433323538653337653937333830656163633965353235653539
65353937333463343236636237313736313565613833653530333135623233363564393266353363
33323236643634616263303133663631386638356561373730653930646265616634356364366361
37666362363230313664343633343464383334386539616132636562626465326364353436356338
61383736663733643132656266633837646366343637303264363465633536633962353235303336
38376430343733386631623334386564616264386234613664366631313334626436313865356565
33663433663963653835376666303664656438623337663536376234356465396534306362346162
62323262323933336232376636353831633834656536633666643961396365306464303730626463
36363631336236353730393035613333666465653861373766393731373863353330656366306263
62316636333230366563623836316232323831393233366539363662646564373436623230343761
61626235656438373566646365353761376139383962353635393439666365333332313035653433
64316638363061613561306534616465646661326637633332333734626562353664666432616137
32643636356261613430376535633837646437626132373735323366313738633134303962306163
30366230333533663433616664343862346232363733623239353035656134366437313662353933
32663261663937663437643233383562656537333364643435356639616136623036306231633839
38386631643264636535323766643661626566323661313831326530636532383330633066336130
39306631636433376361636637633135316662306636306137366531333662303238613434333534
35633162316363333934623663303839343366376263343536333563663833323734356566623663
64646437343935306230333034636431396439366237643839363035313164393666616235393034
33323333626537633730303961613263363835343030363331633165663035336633613831326632
35363738336534663934616338363764353562306139613464663533323863326331646464333533
36363962653830613864393565623561646233313135386163623932363865343861313534663234
32313466656532616638376238363937613264346265316135336137363961386161376364343063
33316662343066336438336137353262646264656434333364343334373762303062386165663530
63313666356633633936366162366332333163656164306533356530666166353635616364643830
66336339663737616664616430373162386238636134303137386331393837353462623336663335
34303038323037363165613935376262376464383265323462373638313530396537633031653530
63613135373639623138333635343035303734383932336333303063666662333164643430393637
64393262363235616666303366346137633132313066613731333064346139646361363832343730
39666338303339663665363033653735346130313431306131306261636430396465323937623062
32343433376438623965363338633639383738326561376665623461653539383666636535656663
37353665363663356464366331313236653430313034613733363665633239656361623931646432
30653632643062366333663830326663623766646535666534613933663333366466333033383165
33373039303564656562636432303934383132666665656161323535333930346265623639316366
38393764346265653734373136636538346361363966393732323362323733386631623762313366
63313733653730336536393335623138383365303934303730343136613734663062326166316461
35313363656335643531343561336662663434353031623733353035633063396366376664303364
36643262633832363362306263376135346632386631346432333137623631343234333337643536
35353135303330626663663963366139363265666434363364303266613564373337616564366566
30646635633834616536333361303361313934316434393330333231613038346466306531646537
39303131396562656334303536613964363936643435613035623065323963633764623432373235
37393564626239333761626131643366306131346339356364373061353865653966326362613164
62366562326234303865323934353734613364653161316131363964666439636561663361396239
30353266303764396265656635616462653563613630616537353530613835656333353364333632
39663939376633613133623839353133613066633333633135316132636435363330393966396431
30656638653662356164393038323538643661333734623937653430643931623061666330633631
63323834313733353635363535613666643361356363386465383961626331303435333363396230
37313835633136323134623261626432653965366230656266356333653437386463396563613563
62656562626131336230383965303962383464643832333361343838393338353365663766373031
31633265653262356139323564663834616164313439346133386135333563323264313261336336
39393166613865353164376130303536373931643436633133313361356166393432363631666361
36366537363630333830333432333466363266666636643932636565613738346239383736306533
32333838396638656134643538313033336137316638326232303837386537393737316237356237
62646561333430303765656537373738316131306664626533646461333261306665626336376537
35633736303262656236303230653564386130666362303132646166306432393962306366663432
64353366353839643366376433646661376434313266326665343063653534343531623033316461
37306439373366303236666338616364343163663165626665613761333838333366336238343633
38663066623532353464653164616237353464363539313762396162653139393133323438643331
66306562346136346363396235356264303164636662386166666436316338323462656537386335
36373763313935666539643834653237336130336530653834643263373264353233643938393965
30313637366236383433313161386531623936356161333462636566633036383635616638316434
66313434393365333633336231656536353138303235616439643535376338326262663632313564
65306534356531303835373231623234356337623234366137386437303864643764613731326137
65376337386133353739376661353766343931383135363038353839376666306337323835613935
33303730623132613462363538666638313533333564656164363731323463613230366230373664
31303331396264353162383138643063313737366635333664343836346338353537366362613937
35623934646239356339343339653337656330616565616232633232373036383562393362343332
39316661623563333234656633666365303964366338303862333730656366626533326334613038
39663332623862626230373135623235363064636163373737316262613233663031383366363563
34613730343564373230306237656662636130333736393136366138333864313636343362613631
64636266626637366530363763323930643336313339613930623835326431643663356365353865
35653238333131363262346565653066383834633131303466636232653234363366646635656338
31386163616237316361643134396230386338643339633562376436333238346665363938323462
32336435663138393230366632633132333834303539303439313764623163383661396536383461
31636365633765346262616235336666363932336366373438643531663539333431663231326362
32326230363965356434343833383662393430333535636536323066373439653330373937636565
61306565663734636630633730383736653736383765326638656433646637393033356665633831
66353338633833346436666134343465623236626339613363623834333261313531
63626562396631623335303064393137396262393239366236373634323333343264343335306330
3861326430303265376564306139323064356339653039330a613335323233356361303066663139
34386465306537666464643736656230356632633239363865386166373834653030363736613834
6339303364363166620a626134303835346130386238653232316663346633313631653164336336
34653639363635663537356639646333616438336438333463656537326134343531393435663266
64366333346130653730613865346134356161373237343539373965623036656231653939303365
62326638666431333265343639326461313433656639393839396366633431616435393263336231
66303634656536636165636462396637656331666336623734333139316533636664306262326566
36616366663933613561336164386463393635636264613737316464666535366361613065363362
30316566323663623133346130393032646237353934363531326530396263363130326638393032
30633832663134613964323733623230363831636664373661633966366264373766326161623862
39396331313231633237313735636261653531313961616230626565623633636638643936326237
62333066366439643163336233353361343662326237376332396461393663623761613962333237
65633039363636323235356632326563376163386161373362383466346339356463636437646262
38313164393036393661336633373265303536316165623330643236313936666139376237366164
31373364663136356139356433386132343630396531373961616131343333663463616262373439
34393161323334333732383866653463656265393761346533663530613530313062626330356535
65393037636665303564316536376531386561366466643961666439326462353864643635353934
66616432303966643731386133613430313737356539386331623832656132663461393538363962
64313935613063373832343862373734316634663333313835323836386466336663643661656436
61353663646165623165663035383461376331373439666433386433376234613163396234373632
61646230363163366338653332373834386534333436373737383463363335356436313463626333
63393166316663323066323863373830393937353864376366313535663565613031643932383364
62623633353662323965393563363261623564396632643662663032613032666162616132336130
39376430663833303264306135643832383231623336613734373964653736376235653334333639
63376661636561383236633365303031326630356661633062663564396133313633323738333539
66303235613562313636343766356263383132643962393232396263393665666334633438383632
38646635643030303464396634356161333836376364333361356461346664303563346463333838
34356139373233313631653533356633643730663438646630373331313065363136663938306439
38336563363966653632613436356530316234326365666438326635313537343665663233363731
36646565393937326336626333383863656565323832303937323536346366303839633236663566
32373632646463363634363031626635383233656361336532636366653434623562623937656137
66303663316165633932643365623732323430376334303036303961396264303664616433356361
64366135376232313265376563633163373933343066653939313433366539396163656163346663
30626331333034316131343361636364653936373235623562336366336237353966613536316637
61343530326139636365613434386263383430626663333932386431313164346532666562346537
32623538353365383030396332386133343464643732653038623337353135663964643566396439
64633435623763666461356331306539373638383034343735373765373333656562326338613763
63633732373765316238633539316665623431616333363364316531306630343735393335616630
36613362336566393866623566666430336639376662633233656130653837313161653462346335
63396532663633393363626136373161303235613761373235633831393736343630353031613364
32353463383934313961313638613533623638383062343936616336646431383935393938623138
31383032326365333136666165633832333836346231636332353830336264636235383162356630
38316137623935633863363162376239623932373233663663323830363162313665613830623763
63656237343662616130326339386231376564613164666163393232653762613932343561343031
66386431343139373734626430656139353635636233336236653438353066393732663637323435
63303434376634366262646662616162343664666365373934346530343239653330356234373065
31373934363731373136346665623334306631626134613334633135666461636462303164653662
36323132376532613431653063643965636233373165333639323966663333633563303438396466
64633761376164383835613038633630623439643364323232633437386334346138343361306638
38626632326137303839306531633536643161656231636662383461373964646333303936343733
36333863316162393134646563316235663164613062303734346662386466656461346364356564
35326234336439623961383938316136633037343863363933616663366536613866666165376664
30306438666365333333636632643832303463356533343033623938653365663732336164303033
65653936363839323239306463366533653439663437343536393564336163313962313935636534
34346330393637343834323931353762613839366166353139303535376230356466646261363464
33386337616230623537376665663835373766316332363433313234326461313935636666363261
30653433333436306564653461303165656163363331643536323535623062396561643662323334
35626565616538396566363433363732656538313531636632643163633637303339656431346466
61353030666638393361613833353532656130643866636135643434366562386363656434323366
36343764316136316630353338363735646533346362386266643136626366356331656363393133
35636633353662393435346365663432656166646136346331363563363539326162633166393164
34303164353632373437613564336266373934396236383962376530613631633932626431333864
64623439336638613337383763353531376133343436346330373362313034616166616537636366
30306132613333633261326630323038323431643163373365376662623339396136313531366332
66663037643036303836376632646132383563316262393438636432666661333836376663666130
31316135366562633134306633333834636132623739373131626161633636313737646334376434
33376337393630663338643366316465353266346365333830613533393139333235366237323339
66346465313462373334316535383633343165373733313230373461366336353664306537306538
32653538366565663764353031303763613835366461666163336665656436333563613835653438
65376265303131376239616536353933346633393438643466343439643039313236373033323034
64316364663139353664653564393262323565646235356431326331343433373639316234363938
65633034666532306137353431613732663166323936356433323733376261386161383265663264
35643038663565646135343233623530396165336263303931653037393934343833623337343834
31343631343563626561393763356463393930616338623861363835343635376238653337653133
31393834343536396536363533363739306639646333313836393331306566393534383265613234
31623238306531383936343836336466343336396530633033323063346261366633343936316637
30343165333861346635623934363537383531323637313461663964353338653639366562306236
30363265393038633564626463393166333665396538663639346665353736336134643862663630
62393037363963613263313939613865393066323830656362656464643730636535623639636131
63343263333134336364323236656639613635323165383164636465353438653134646334643962
35306463626336626664383638323865633631346437613139623239663538666363313237323663
39323734353363643334343538303635366637373530383832393861346164666666306631643563
63306565306337383539636330623933666266353635396238656435373563383830666636616335
39386134383938626439366437383138303062333236306436336163393832613532303332303833
39323539396235383765613234303765303136653064336361333035643365386232613766356362
30656437376537623165626530623365393463626337383139663734396331396363396162383330
31663636383037613563346330323063393637616334356439666263623662383666376265313732
63343837306336313264313934653836363665616264396662633761363237366437653962626664
38383462313435383133613465656435363563373765313361623565636564616236313666633264
37393165386163393666376636343963333932346463303661373339303765303938636135323363
35663731656431656330336366383330616163353934333564356633613165396463393066396533
32396264653265333865643365346233633863333335383735396134663062343166656233613931
35633133336337343531313266323663363830353236323035313031646434303761343737633139
30343439323330353531633337353365363031666635653364326235316435383835663139376136
39343361636662346166363432366162666631366431623563363936336164323836376232326162
39316337343436386363643064653337613131346266353636333664373262326563386264303831
65343534616464633232373532313865363732663235376534396436333531633261393066313263
38316437643232336234343663666536353134626139623138636234396661613261326437303065
36383331323061643632323339383530626430343132613039393434333939383065623464646362
65303135313962613564666261356533313961323464623535393631613337663366626136343364
61363035333636366439313961326462633463616237343133356437303234323363306337343237
61376138323336663839623539633866313133346338313165623039336335663666313532636261
36383332346636373936366632393364323331303866623533643062666361613133383262383538
64343665333761326134303566656638633362643031306535333661623437636139353565623435
39323631393132336636653731636264356637373031633037653466383163663865626339323731
34623137386338343038373464613832363761643362623434373136376638663537623762646266
63306439363039303461

491
roles/web/files/php/8.2/fpm/pool.d/spaceapi.conf Normal file
View File

@ -0,0 +1,491 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[spaceapi]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php/php8.2-fpm-spaceapi.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Set the associated the route table (FIB). FreeBSD only
; Default Value: -1
;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; pm.max_spawn_rate - the maximum number of rate to spawn child
; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 20
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 15
; The number of rate to spawn child processes at once.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
; Default Value: 32
;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/8.2/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
pm.status_path = /fpmstatus-spaceapi
; The address on which to accept FastCGI status request. This creates a new
; invisible pool that can handle requests independently. This is useful
; if the main pool is busy with long running requests because it is still possible
; to get the status before finishing the long running requests.
;
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Default Value: value of the listen option
;pm.status_listen = 127.0.0.1:9001
pm.status_listen = /run/php/php8.2-fpm-spaceapi-status.sock
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; A list of request_uri values which should be filtered from the access log.
;
; As a security precuation, this setting will be ignored if:
; - the request method is not GET or HEAD; or
; - there is a request body; or
; - there are query parameters; or
; - the response code is outwith the successful range of 200 to 299
;
; Note: The paths are matched against the output of the access.format tag "%r".
; On common configurations, this may look more like SCRIPT_NAME than the
; expected pre-rewrite URI.
;
; Default Value: not set
;access.suppress_path[] = /ping
;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

491
roles/web/files/php/8.2/fpm/pool.d/www.conf Normal file
View File

@ -0,0 +1,491 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php/php8.2-fpm-www.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Set the associated the route table (FIB). FreeBSD only
; Default Value: -1
;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; pm.max_spawn_rate - the maximum number of rate to spawn child
; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 20
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 15
; The number of rate to spawn child processes at once.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
; Default Value: 32
;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/8.2/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
pm.status_path = /fpmstatus-www
; The address on which to accept FastCGI status request. This creates a new
; invisible pool that can handle requests independently. This is useful
; if the main pool is busy with long running requests because it is still possible
; to get the status before finishing the long running requests.
;
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Default Value: value of the listen option
;pm.status_listen = 127.0.0.1:9001
pm.status_listen = /run/php/php8.2-fpm-www-status.sock
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; A list of request_uri values which should be filtered from the access log.
;
; As a security precuation, this setting will be ignored if:
; - the request method is not GET or HEAD; or
; - there is a request body; or
; - there are query parameters; or
; - the response code is outwith the successful range of 200 to 299
;
; Note: The paths are matched against the output of the access.format tag "%r".
; On common configurations, this may look more like SCRIPT_NAME than the
; expected pre-rewrite URI.
;
; Default Value: not set
;access.suppress_path[] = /ping
;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

37
roles/web/files/vhost
View File

@ -75,13 +75,48 @@ server {
rewrite ^/wiki/(.*) /wiki/doku.php?id=$1&$args last;
}
location ~ ^/fpmstatus-spaceapi {
auth_basic "Admin";
auth_basic_user_file /etc/nginx/fpm_status.htaccess;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php8.2-fpm-spaceapi-status.sock;
fastcgi_intercept_errors on;
fastcgi_read_timeout 10s;
}
location ~ ^/fpmstatus-www {
auth_basic "Admin";
auth_basic_user_file /etc/nginx/fpm_status.htaccess;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php8.2-fpm-www-status.sock;
fastcgi_intercept_errors on;
fastcgi_read_timeout 10s;
}
location ~ ^/spaceapi.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php8.2-fpm-spaceapi.sock;
fastcgi_intercept_errors on;
fastcgi_read_timeout 10s;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_pass unix:/var/run/php/php8.2-fpm-www.sock;
fastcgi_intercept_errors on;
# fastcgi_read_timeout intentionally not reduced, since Wiki etc. might perform long-running operations (file uploads etc.)
}
}

3
roles/web/handlers/main.yml
View File

@ -3,5 +3,8 @@
- name: Restart nginx
service: name=nginx state=restarted
- name: Restart php8.2-fpm
service: name=php8.2-fpm state=restarted
- name: Run acertmgr
command: /usr/bin/acertmgr

15
roles/web/tasks/main.yml
View File

@ -7,6 +7,7 @@
- php-ldap
- php-sqlite3
- php-xml
- python3-passlib
- name: Create vhost directories
file: path=/var/www/{{ item }} state=directory owner=www-data group=www-data
@ -36,6 +37,20 @@
- name: Place Thunderbird autoconfig file
template: src=auto_mail.xml.j2 dest=/var/www/autoconfig/mail/config-v1.1.xml
- name: Configure php-fpm
copy: src={{ item }} dest=/etc/php/8.2/fpm/pool.d/
notify: Restart php8.2-fpm
with_fileglob: "php/8.2/fpm/pool.d/*.conf"
- name: Configure htaccess for fpm status
htpasswd:
path: /etc/nginx/fpm_status.htaccess
name: "{{ fpm_status_user}}"
password: "{{ fpm_status_pass }}"
owner: root
group: www-data
mode: 0640
- name: Configure certificate manager
copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf
notify: Run acertmgr