├── .cache └── roles │ ├── ansible_role_php │ └── role-php ├── .github └── workflows │ ├── galaxy.yml │ ├── lint.yml │ └── readme.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .yamllint ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── composer.yml ├── configure.yml ├── install.yml └── main.yml ├── templates └── config │ ├── mods-available │ └── apcu.ini │ ├── php.ini │ └── pool.d │ ├── queue.conf │ ├── upstream.conf │ └── www.conf └── vars └── main.yml /.cache/roles/ansible_role_php: -------------------------------------------------------------------------------- 1 | ../.. -------------------------------------------------------------------------------- /.cache/roles/role-php: -------------------------------------------------------------------------------- 1 | ../.. -------------------------------------------------------------------------------- /.github/workflows/galaxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Release to Ansible Galaxy 3 | 4 | 'on': 5 | push: 6 | tags: 7 | - '*' 8 | 9 | jobs: 10 | release: 11 | runs-on: ubuntu-18.04 12 | steps: 13 | - name: galaxy 14 | uses: robertdebock/galaxy-action@1.0.1 15 | with: 16 | galaxy_api_key: ${{ secrets.galaxy_api_key }} 17 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Lint 3 | 'on': 4 | pull_request: 5 | push: 6 | branches: 7 | - master 8 | 9 | jobs: 10 | 11 | yamllint: 12 | name: yamllint 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Check out the codebase. 16 | uses: actions/checkout@v2 17 | 18 | - name: Set up Python 3.7. 19 | uses: actions/setup-python@v2 20 | with: 21 | python-version: '3.x' 22 | 23 | - name: Install yamllist 24 | run: pip3 install yamllint 25 | 26 | - name: Run yamllint. 27 | run: yamllint . 28 | 29 | ansible-lint: 30 | name: ansible-lint 31 | runs-on: ubuntu-latest 32 | steps: 33 | - name: Checkout the codebase. 34 | uses: actions/checkout@v2 35 | 36 | - name: Set up Python 3.7. 37 | uses: actions/setup-python@v2 38 | with: 39 | python-version: '3.x' 40 | 41 | - name: Install ansible and other packages 42 | run: pip3 install ansible ansible-lint 43 | 44 | - name: Run ansible-lint. 45 | run: ansible-lint 46 | 47 | pre-commit: 48 | name: 'Pre-Commit' 49 | needs: 50 | - yamllint 51 | - ansible-lint 52 | runs-on: ubuntu-latest 53 | steps: 54 | - name: 'Checkout' 55 | uses: actions/checkout@v2.3.4 56 | 57 | - name: Install ansible-lint 58 | run: pip3 install ansible-lint 59 | 60 | - name: 'Pre-Commit 🔎' 61 | uses: pre-commit/action@v2.0.3 62 | continue-on-error: true 63 | 64 | - name: 'Slack Notification' 65 | uses: clouddrove/action-slack@v2 66 | with: 67 | status: ${{ job.status }} 68 | fields: repo,author 69 | author_name: 'CloudDrove Inc.' 70 | env: 71 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 72 | SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ANSIBLE }} 73 | if: always() 74 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: 'Create README.md file' 3 | 'on': 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | readme-create: 10 | name: 'Autogenerate Readme file' 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: 'Checkout' 14 | uses: actions/checkout@master 15 | 16 | - name: Set up Python 3.7. 17 | uses: actions/setup-python@v2 18 | with: 19 | python-version: '3.x' 20 | 21 | - name: 'Generate readme.md from readme.yaml' 22 | uses: 'clouddrove/github-actions@v8.0' 23 | with: 24 | actions_subcommand: 'readme' 25 | github_token: '${{ secrets.GITHUB }}' 26 | env: 27 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 28 | 29 | - name: Install ansible-lint 30 | run: pip3 install ansible-lint 31 | 32 | - name: pre-commit check errors 33 | uses: pre-commit/action@v2.0.0 34 | continue-on-error: true 35 | 36 | - name: pre-commit fix errors 37 | uses: pre-commit/action@v2.0.0 38 | continue-on-error: true 39 | 40 | - name: 'push readme' 41 | uses: 'clouddrove/github-actions@v8.0' 42 | continue-on-error: true 43 | with: 44 | actions_subcommand: 'push' 45 | env: 46 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 47 | 48 | - name: 'Slack Notification' 49 | uses: clouddrove/action-slack@v2 50 | with: 51 | status: ${{ job.status }} 52 | fields: repo,author 53 | author_name: 'CloudDrove Inc.' 54 | env: 55 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 56 | SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_ANSIBLE }} 57 | if: always() 58 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | .idea 3 | *.iml 4 | *.zip 5 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | repos: 3 | 4 | - repo: https://github.com/pre-commit/pre-commit-hooks.git 5 | rev: v3.4.0 6 | hooks: 7 | - id: end-of-file-fixer 8 | - id: trailing-whitespace 9 | - id: mixed-line-ending 10 | - id: check-byte-order-marker 11 | - id: check-executables-have-shebangs 12 | - id: check-merge-conflict 13 | - id: debug-statements 14 | - id: check-yaml 15 | - id: check-added-large-files 16 | 17 | - repo: https://github.com/ansible/ansible-lint.git 18 | rev: v5.0.8 19 | hooks: 20 | - id: ansible-lint 21 | files: \.(yaml|yml)$ 22 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | line-length: 6 | max: 153 7 | level: warning 8 | truthy: 9 | allowed-values: ['true', 'false', 'yes', 'no'] 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Cloud Drove 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | 3 | include $(GENIE_PATH)/Makefile 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |

5 | 6 |

7 | Ansible Role PHP 8 |

9 | 10 |

11 | This ansible role is used to install PHP server on Debian. 12 |

13 | 14 |

15 | 16 | 17 | Ansible 18 | 19 | 20 | Licence 21 | 22 | 23 | Distribution 24 | 25 | 26 | Distribution 27 | 28 | 29 | 30 |

31 |

32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 |

44 |
45 | 46 | 47 | 48 | We eat, drink, sleep and most importantly love **DevOps**. DevOps always promotes automation and standardisation. While setting up various environments like local, dev, testing, production, etc. it is critical to maintain the same environment across. This can easily be achieved using automating the environment setup & installation with the help of ansible-playbooks. 49 | 50 | Smaller roles are created for each environment elements; which also include tasks & tests. These roles can then be grouped together in [ansible-playbook](https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html) to achieve the desired yet consistent results. 51 | 52 | 53 | 54 | ## Prerequisites 55 | 56 | This module has a few dependencies: 57 | 58 | - [Ansible2.8](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) 59 | - [Python](https://www.python.org/downloads) 60 | 61 | 62 | 63 | 64 | ## What Includes 65 | 66 | Following things includes in this role: 67 | 68 | - Php-7.3 69 | - Php-fpm 70 | - Pecl 71 | - Composer 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | ## Example Playbook 80 | 81 | **IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/ansible-role-php/releases). 82 | 83 | 84 | ```yaml 85 | - hosts: localhost 86 | remote_user: ubuntu 87 | become: true 88 | roles: 89 | - clouddrove.ansible_role_php 90 | ``` 91 | 92 | 93 | ## Variables 94 | 95 | ```yaml 96 | php_version: 7.3 97 | php_dir: "/etc/php/{{ php_version }}" 98 | php_fpm_dir: "/etc/php/{{ php_version }}/fpm" 99 | log_path: /var/log/php 100 | state: present 101 | is_web_server_is_apache: true 102 | ``` 103 | 104 | 105 | ## Installation 106 | 107 | ```console 108 | $ ansible-galaxy install clouddrove.ansible_role_php 109 | ``` 110 | 111 | 112 | 113 | 114 | 115 | 116 | ## Feedback 117 | If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/ansible-role-php/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). 118 | 119 | If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/ansible-role-php)! 120 | 121 | ## About us 122 | 123 | At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. 124 | 125 |

We are The Cloud Experts!

126 |
127 |

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

128 | 129 | [website]: https://clouddrove.com 130 | [github]: https://github.com/clouddrove 131 | [linkedin]: https://cpco.io/linkedin 132 | [twitter]: https://twitter.com/clouddrove/ 133 | [email]: https://clouddrove.com/contact-us.html 134 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 135 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name: Ansible Role PHP 9 | 10 | # License of this project 11 | license: "MIT" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/ansible-role-php 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Ansible" 19 | image: "https://img.shields.io/badge/Ansible-2.8-green?style=flat&logo=ansible" 20 | url: "https://www.ansible.com" 21 | - name: "Licence" 22 | image: "https://img.shields.io/badge/License-MIT-blue.svg" 23 | url: "LICENSE.md" 24 | - name: "Distribution" 25 | image: "https://img.shields.io/badge/ubuntu-16.x-orange?style=flat&logo=ubuntu" 26 | url: "https://ubuntu.com/" 27 | - name: "Distribution" 28 | image: "https://img.shields.io/badge/ubuntu-18.x-orange?style=flat&logo=ubuntu" 29 | url: "https://ubuntu.com/" 30 | 31 | # Prerequesties to display 32 | # yamllint disable 33 | prerequesties: 34 | - name: "Ansible2.8" 35 | url: "https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html" 36 | - name: "Python" 37 | url: "https://www.python.org/downloads" 38 | # yamllint enable 39 | # What Includes to display 40 | what_includes: 41 | - name: "Php-7.3" 42 | - name: "Php-fpm" 43 | - name: "Pecl" 44 | - name: "Composer" 45 | 46 | # description of this project 47 | description: |- 48 | This ansible role is used to install PHP server on Debian. 49 | 50 | # How to use this project 51 | usage: |- 52 | ```yaml 53 | - hosts: localhost 54 | remote_user: ubuntu 55 | become: true 56 | roles: 57 | - clouddrove.ansible_role_php 58 | ``` 59 | # Variables use in the project 60 | variables: |- 61 | ```yaml 62 | php_version: 7.3 63 | php_dir: "/etc/php/{{ php_version }}" 64 | php_fpm_dir: "/etc/php/{{ php_version }}/fpm" 65 | log_path: /var/log/php 66 | state: present 67 | is_web_server_is_apache: true 68 | ``` 69 | 70 | # How to install project 71 | installation: |- 72 | ```console 73 | $ ansible-galaxy install clouddrove.ansible_role_php 74 | ``` 75 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # php versions supported versions 7.0> 3 | php_version: 7.4 4 | 5 | # configurations 6 | php_dir: "/etc/php/{{ php_version }}" 7 | php_fpm_dir: "/etc/php/{{ php_version }}/fpm" 8 | log_path: /var/log/php 9 | 10 | # state 11 | state: present 12 | 13 | # install php for apache web server 14 | is_web_server_is_apache: true 15 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: start php-fpm 4 | service: 5 | name: "php{{ php_version }}-fpm" 6 | state: started 7 | 8 | - name: reload php-fpm 9 | service: 10 | name: "php{{ php_version }}-fpm" 11 | state: reloaded 12 | when: state == "present" 13 | 14 | - name: restart php-fpm 15 | service: 16 | name: "php{{ php_version }}-fpm" 17 | state: restarted 18 | 19 | - name: restart apache2 20 | service: 21 | name: apache2 22 | state: restarted 23 | enabled: ture 24 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | dependencies: [] 4 | 5 | galaxy_info: 6 | author: Anmol Nagpal 7 | description: This ansible role for install php. 8 | company: "CloudDrove Inc." 9 | role_name: ansible_role_php 10 | license: "license (BSD, MIT)" 11 | min_ansible_version: 2.4 12 | platforms: 13 | - name: Debian 14 | versions: 15 | - jessie 16 | - stretch 17 | - name: Ubuntu 18 | versions: 19 | - trusty 20 | - xenial 21 | - bionic 22 | galaxy_tags: 23 | - server 24 | - php 25 | - composer 26 | - apache 27 | - linux 28 | - ubuntu 29 | - debian 30 | - fpm 31 | -------------------------------------------------------------------------------- /tasks/composer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: download composer 4 | get_url: 5 | url: http://getcomposer.org/installer 6 | force: true 7 | dest: /tmp/composer 8 | mode: 0755 9 | 10 | # yamllint disable 11 | - name: install composer 12 | command: php /tmp/composer --install-dir=/usr/local/bin creates=/usr/local/bin/composer 13 | 14 | - name: rename composer.phar to composer 15 | command: mv /usr/local/bin/composer.phar /usr/local/bin/composer creates=/usr/local/bin/composer 16 | # yamllint enable 17 | 18 | - name: make composer executable 19 | file: 20 | path: /usr/local/bin/composer 21 | mode: a+x 22 | state: file 23 | -------------------------------------------------------------------------------- /tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: create phpfpm log is enabled 4 | file: 5 | path: "{{ log_path }}" 6 | mode: 0755 7 | state: directory 8 | 9 | - name: create phpfpm log is enabled 10 | changed_when: false 11 | file: 12 | path: "{{ item }}" 13 | mode: 0644 14 | state: touch 15 | with_items: 16 | - "{{ log_path }}/php-pool-upstream-error.log" 17 | - "{{ log_path }}/php-ini-error.log" 18 | - "{{ log_path }}/php-pool-www-error.log" 19 | 20 | - name: transfer pool.d php-fpm configuration 21 | template: 22 | src: "{{ item }}" 23 | dest: "{{ php_fpm_dir }}/pool.d/{{ item | basename }}" 24 | force: true 25 | mode: 0644 26 | with_fileglob: 27 | - ../templates/config/pool.d/*.conf 28 | 29 | - name: transfer mods-available php configuration 30 | template: 31 | src: "{{ item }}" 32 | dest: "{{ php_dir }}/mods-available/{{ item | basename }}" 33 | force: true 34 | mode: 0644 35 | with_fileglob: 36 | - ../templates/config/mods-available/*.ini 37 | 38 | - name: transfer php.ini php-fpm configuration 39 | template: 40 | src: config/php.ini 41 | dest: "{{ php_fpm_dir }}/php.ini" 42 | force: true 43 | mode: 0644 44 | 45 | - name: copy pecl extensions .ini files 46 | template: 47 | src: "{{ item }}" 48 | dest: "{{ php_dir }}/mods-available/{{ item | basename }}" 49 | force: true 50 | mode: 0644 51 | with_fileglob: 52 | - ../templates/config/mods-available/*.ini 53 | 54 | - name: transfer php.ini apache configuration 55 | template: 56 | src: config/php.ini 57 | dest: "{{ php_dir }}/apache2/php.ini" 58 | force: true 59 | mode: 0644 60 | when: is_web_server_is_apache 61 | notify: 62 | - restart apache2 63 | 64 | - name: change php-fpm ownership 65 | file: 66 | path: "{{ php_dir }}" 67 | state: directory 68 | owner: root 69 | group: root 70 | recurse: true 71 | changed_when: "False" 72 | 73 | - name: set is default inslled version 74 | changed_when: false 75 | command: update-alternatives --set php /usr/bin/php{{ php_version }} 76 | become: true 77 | 78 | - name: set is default inslled version for apache2 79 | changed_when: false 80 | command: a2enmod php{{ php_version }} 81 | when: is_web_server_is_apache 82 | become: true 83 | notify: 84 | - restart apache2 85 | 86 | - name: restart php 87 | changed_when: false 88 | command: /bin/true 89 | notify: 90 | - restart php-fpm 91 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: add php {{ php_version }} repo 4 | apt_repository: 5 | repo: 'ppa:ondrej/php' 6 | update_cache: true 7 | validate_certs: false 8 | 9 | - name: install/remove php-fpm and packages 10 | apt: 11 | name: [ 12 | 'php{{ php_version }}-fpm', 13 | 'php{{ php_version }}', 14 | 'php{{ php_version }}-common', 15 | 'php{{ php_version }}-cli', 16 | 'php{{ php_version }}-curl', 17 | 'php{{ php_version }}-gd', 18 | 'php{{ php_version }}-gmp', 19 | 'php{{ php_version }}-imap', 20 | 'php{{ php_version }}-intl', 21 | 'php{{ php_version }}-readline', 22 | 'php{{ php_version }}-opcache', 23 | 'php{{ php_version }}-mysql', 24 | 'php{{ php_version }}-json', 25 | 'php{{ php_version }}-apcu', 26 | 'php-redis', 27 | 'php{{ php_version }}-apcu', 28 | 'php{{ php_version }}-bz2', 29 | 'php{{ php_version }}-bcmath', 30 | 'php{{ php_version }}-mbstring', 31 | 'php{{ php_version }}-soap', 32 | 'php{{ php_version }}-xml', 33 | 'php{{ php_version }}-zip', 34 | 'php{{ php_version }}-dev', 35 | 'php{{ php_version }}-sqlite3', 36 | 'pkg-config', 37 | 'libssl-dev', 38 | 'libpcre3-dev', 39 | 'libsasl2-dev', 40 | 'libmcrypt-dev' 41 | ] 42 | state: "{{ state }}" 43 | update_cache: true 44 | cache_valid_time: 5400 45 | register: phpfpm_result 46 | notify: 47 | - reload php-fpm 48 | 49 | - name: enable php enable with apache 50 | apt: 51 | name: "libapache2-mod-php{{ php_version }}" 52 | state: "{{ state }}" 53 | update_cache: true 54 | when: is_web_server_is_apache 55 | notify: 56 | - reload php-fpm 57 | 58 | - name: update pecl channel 59 | changed_when: false 60 | command: pecl update-channels 61 | become: true 62 | when: state == "present" 63 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - import_tasks: install.yml 4 | 5 | - import_tasks: composer.yml 6 | when: state == "present" 7 | 8 | - import_tasks: configure.yml 9 | when: state == "present" 10 | -------------------------------------------------------------------------------- /templates/config/mods-available/apcu.ini: -------------------------------------------------------------------------------- 1 | ; {{ansible_managed}} 2 | extension=apcu.so 3 | 4 | apc.enabled = 1 5 | apc.enable_cli = 1 6 | apc.stat = 0 7 | apc.max_file_size = 4M 8 | apc.localcache = 1 9 | apc.localcache.size = 512 10 | apc.shm_segments = 1 11 | apc.ttl = 3600 12 | apc.user_ttl = 7200 13 | apc.gc_ttl = 3600 14 | apc.cache_by_default = 1 15 | apc.write_lock = 1 16 | apc.num_files_hint = 0 17 | apc.user_entries_hint = 0 18 | apc.shm_size = 512M 19 | apc.mmap_file_mask =/tmp/apc.XXXXXX 20 | apc.include_once_override = 0 21 | apc.file_update_protection = 2 22 | apc.canonicalize = 1 23 | apc.report_autofilter = 0 24 | apc.stat_ctime = 0 25 | -------------------------------------------------------------------------------- /templates/config/php.ini: -------------------------------------------------------------------------------- 1 | ;{{ ansible_managed }} 2 | [PHP] 3 | 4 | ;;;;;;;;;;;;;;;;;;; 5 | ; About this file ; 6 | ;;;;;;;;;;;;;;;;;;; 7 | ; PHP comes packaged with two INI files. One that is recommended to be used 8 | ; in production environments and one that is recommended to be used in 9 | ; development environments. 10 | 11 | ; php.ini-production contains settings which hold security, performance and 12 | ; best practices at its core. But please be aware, these settings may break 13 | ; compatibility with older or less security conscience applications. We 14 | ; recommending using the production ini in production and testing environments. 15 | 16 | ; php.ini-development is very similar to its production variant, except it is 17 | ; much more verbose when it comes to errors. We recommend using the 18 | ; development version only in development environments, as errors shown to 19 | ; application users can inadvertently leak otherwise secure information. 20 | 21 | ; This is the php.ini-production INI file. 22 | 23 | ;;;;;;;;;;;;;;;;;;;; 24 | ; php.ini Options ; 25 | ;;;;;;;;;;;;;;;;;;;; 26 | ;user_ini.filename = ".user.ini" 27 | ;user_ini.filename = 28 | ;user_ini.cache_ttl = 300 29 | 30 | ;;;;;;;;;;;;;;;;;;;; 31 | ; Language Options ; 32 | ;;;;;;;;;;;;;;;;;;;; 33 | engine = On 34 | short_open_tag = Off 35 | precision = 14 36 | output_buffering = 4096 37 | zlib.output_compression = Off 38 | disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, 39 | disable_classes = 40 | implicit_flush = Off 41 | unserialize_callback_func = 42 | serialize_precision = -1 43 | zend.enable_gc = On 44 | ;zlib.output_compression_level = -1 45 | ;zlib.output_handler = 46 | ;open_basedir = 47 | ;highlight.string = #DD0000 48 | ;highlight.comment = #FF9900 49 | ;highlight.keyword = #007700 50 | ;highlight.default = #0000BB 51 | ;highlight.html = #000000 52 | ;ignore_user_abort = On 53 | ;realpath_cache_size = 4096k 54 | ;realpath_cache_ttl = 120 55 | ;;;;;;;;;;;;;;;;; 56 | ; Miscellaneous ; 57 | ;;;;;;;;;;;;;;;;; 58 | expose_php = Off 59 | 60 | ;;;;;;;;;;;;;;;;;;; 61 | ; Resource Limits ; 62 | ;;;;;;;;;;;;;;;;;;; 63 | max_execution_time = 600 64 | max_input_time = -1 65 | max_input_vars = 5000 66 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 67 | ; Error handling and logging ; 68 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 69 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 70 | display_errors = Off 71 | display_startup_errors = Off 72 | log_errors = On 73 | log_errors_max_len = 1024 74 | ignore_repeated_errors = Off 75 | ignore_repeated_source = Off 76 | report_memleaks = On 77 | ;report_zend_debug = 0 78 | ;xmlrpc_errors = 0 79 | xmlrpc_error_number = 0 80 | html_errors = On 81 | 82 | ;;;;;;;;;;;;;;;;; 83 | ; Data Handling ; 84 | ;;;;;;;;;;;;;;;;; 85 | variables_order = "GPCS" 86 | request_order = "GP" 87 | register_argc_argv = Off 88 | auto_globals_jit = On 89 | post_max_size = 300M 90 | auto_prepend_file = 91 | auto_append_file = 92 | default_mimetype = "text/html" 93 | default_charset = "UTF-8" 94 | doc_root = 95 | user_dir = 96 | enable_dl = Off 97 | ;arg_separator.output = "&" 98 | ;arg_separator.input = ";&" 99 | 100 | ;;;;;;;;;;;;;;;; 101 | ; File Uploads ; 102 | ;;;;;;;;;;;;;;;; 103 | file_uploads = On 104 | upload_max_filesize = 500M 105 | max_file_uploads = 300 106 | 107 | ;;;;;;;;;;;;;;;;;; 108 | ; Fopen wrappers ; 109 | ;;;;;;;;;;;;;;;;;; 110 | allow_url_fopen = On 111 | allow_url_include = On 112 | default_socket_timeout = 60 113 | ;auto_detect_line_endings = Off 114 | 115 | ;;;;;;;;;;;;;;;;;;; 116 | ; Module Settings ; 117 | ;;;;;;;;;;;;;;;;;;; 118 | 119 | [CLI Server] 120 | ; Whether the CLI web server uses ANSI color coding in its terminal output. 121 | cli_server.color = On 122 | 123 | [Date] 124 | ;date.timezone = 125 | ;date.default_latitude = 31.7667 126 | ;date.default_longitude = 35.2333 127 | ;date.sunrise_zenith = 90.583333 128 | ;date.sunset_zenith = 90.583333 129 | [filter] 130 | ;filter.default = unsafe_raw 131 | ;filter.default_flags = 132 | 133 | [iconv] 134 | ;iconv.input_encoding 135 | ;iconv.internal_encoding = 136 | ;iconv.output_encoding = 137 | 138 | [imap] 139 | ;imap.enable_insecure_rsh=0 140 | 141 | [intl] 142 | ;intl.default_locale = 143 | ;intl.error_level = E_WARNING 144 | ;intl.use_exceptions = 0 145 | 146 | [sqlite3] 147 | ;sqlite3.extension_dir = 148 | ;sqlite3.defensive = 1 149 | 150 | [Pcre] 151 | ;pcre.backtrack_limit=100000 152 | ;pcre.recursion_limit=100000 153 | ;pcre.jit=1 154 | 155 | [Pdo] 156 | ;pdo_odbc.connection_pooling=strict 157 | ;pdo_odbc.db2_instance_name 158 | 159 | [Pdo_mysql] 160 | pdo_mysql.default_socket= 161 | 162 | [Phar] 163 | ;phar.readonly = On 164 | ;phar.require_hash = On 165 | ;phar.cache_list = 166 | 167 | [mail function] 168 | 169 | SMTP = localhost 170 | smtp_port = 25 171 | mail.add_x_header = Off 172 | ;sendmail_from = me@example.com 173 | ;sendmail_path = 174 | ;mail.force_extra_parameters = 175 | ;mail.log = 176 | ;mail.log = syslog 177 | 178 | [ODBC] 179 | odbc.allow_persistent = On 180 | odbc.check_persistent = On 181 | odbc.max_persistent = -1 182 | odbc.max_links = -1 183 | odbc.defaultlrl = 4096 184 | odbc.defaultbinmode = 1 185 | ;odbc.default_db = Not yet implemented 186 | ;odbc.default_user = Not yet implemented 187 | ;odbc.default_pw = Not yet implemented 188 | ;odbc.default_cursortype 189 | 190 | [Interbase] 191 | ibase.allow_persistent = 1 192 | ibase.max_persistent = -1 193 | ibase.max_links = -1 194 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 195 | ibase.dateformat = "%Y-%m-%d" 196 | ibase.timeformat = "%H:%M:%S" 197 | ;ibase.default_db = 198 | ;ibase.default_user = 199 | ;ibase.default_password = 200 | ;ibase.default_charset = 201 | 202 | 203 | [MySQLi] 204 | mysqli.max_persistent = -1 205 | mysqli.allow_persistent = On 206 | mysqli.max_links = -1 207 | mysqli.default_port = 3306 208 | mysqli.default_socket = 209 | mysqli.default_host = 210 | mysqli.default_user = 211 | mysqli.default_pw = 212 | mysqli.reconnect = Off 213 | ;mysqli.allow_local_infile = On 214 | 215 | 216 | [mysqlnd] 217 | mysqlnd.collect_statistics = On 218 | mysqlnd.collect_memory_statistics = Off 219 | sha256_server_public_key = 220 | ;mysqlnd.debug = 221 | ;mysqlnd.log_mask = 0 222 | ;mysqlnd.mempool_default_size = 16000 223 | ;mysqlnd.net_cmd_buffer_size = 2048 224 | ;mysqlnd.net_read_buffer_size = 32768 225 | ;mysqlnd.net_read_timeout = 31536000 226 | 227 | [OCI8] 228 | ;oci8.privileged_connect = Off 229 | ;oci8.max_persistent = -1 230 | ;oci8.persistent_timeout = -1 231 | ;oci8.ping_interval = 60 232 | ;oci8.connection_class = 233 | ;oci8.events = Off 234 | ;oci8.statement_cache_size = 20 235 | ;oci8.default_prefetch = 100 236 | ;oci8.old_oci_close_semantics = Off 237 | 238 | [PostgreSQL] 239 | pgsql.allow_persistent = On 240 | pgsql.auto_reset_persistent = Off 241 | pgsql.max_persistent = -1 242 | pgsql.max_links = -1 243 | pgsql.ignore_notice = 0 244 | pgsql.log_notice = 0 245 | 246 | [bcmath] 247 | bcmath.scale = 0 248 | 249 | [browscap] 250 | ;browscap = extra/browscap.ini 251 | 252 | [Session] 253 | session.save_handler = files 254 | session.sid_bits_per_character = 5 255 | session.use_strict_mode = 0 256 | session.use_cookies = 1 257 | session.use_only_cookies = 1 258 | session.name = PHPSESSID 259 | session.auto_start = 0 260 | session.cookie_lifetime = 0 261 | session.cookie_path = / 262 | session.cookie_domain = 263 | session.cookie_httponly = 264 | session.cookie_samesite = 265 | session.serialize_handler = php 266 | session.gc_probability = 0 267 | session.gc_divisor = 1000 268 | session.gc_maxlifetime = 1440 269 | session.referer_check = 270 | session.cache_limiter = nocache 271 | session.cache_expire = 180 272 | session.use_trans_sid = 0 273 | session.sid_length = 26 274 | session.trans_sid_tags = "a=href,area=href,frame=src,form=" 275 | ;session.save_path = "/var/lib/php/sessions" 276 | ;session.cookie_secure = 277 | ;session.trans_sid_hosts="" 278 | ;session.upload_progress.enabled = On 279 | ;session.upload_progress.cleanup = On 280 | ;session.upload_progress.prefix = "upload_progress_" 281 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" 282 | ;session.upload_progress.freq = "1%" 283 | ;session.upload_progress.min_freq = "1" 284 | ;session.lazy_write = On 285 | 286 | [Assertion] 287 | zend.assertions = -1 288 | ;assert.active = On 289 | ;assert.exception = On 290 | ;assert.warning = On 291 | ;assert.bail = Off 292 | ;assert.callback = 0 293 | ;assert.quiet_eval = 0 294 | 295 | [COM] 296 | ;com.typelib_file = 297 | ;com.allow_dcom = true 298 | ;com.autoregister_typelib = true 299 | ;com.autoregister_casesensitive = false 300 | ;com.autoregister_verbose = true 301 | ;com.code_page= 302 | 303 | [mbstring] 304 | ;mbstring.language = Japanese 305 | ;mbstring.internal_encoding = 306 | ;mbstring.http_input = 307 | ;mbstring.http_output = 308 | ;mbstring.encoding_translation = Off 309 | ;mbstring.detect_order = auto 310 | ;mbstring.substitute_character = none 311 | ;mbstring.func_overload = 0 312 | ;mbstring.strict_detection = On 313 | ;mbstring.http_output_conv_mimetype= 314 | ;mbstring.regex_stack_limit=100000 315 | 316 | [gd] 317 | ;gd.jpeg_ignore_warning = 1 318 | 319 | [exif] 320 | ;exif.encode_unicode = ISO-8859-15 321 | ;exif.decode_unicode_motorola = UCS-2BE 322 | ;exif.decode_unicode_intel = UCS-2LE 323 | ;exif.encode_jis = 324 | ;exif.decode_jis_motorola = JIS 325 | ;exif.decode_jis_intel = JIS 326 | 327 | [Tidy] 328 | tidy.clean_output = Off 329 | 330 | [soap] 331 | soap.wsdl_cache_enabled=1 332 | soap.wsdl_cache_dir="/tmp" 333 | soap.wsdl_cache_ttl=86400 334 | soap.wsdl_cache_limit = 5 335 | 336 | [sysvshm] 337 | ;sysvshm.init_mem = 10000 338 | 339 | [ldap] 340 | ldap.max_links = -1 341 | 342 | [dba] 343 | ;dba.default_handler= 344 | 345 | [opcache] 346 | ;opcache.enable=1 347 | ;opcache.enable_cli=0 348 | ;opcache.memory_consumption=128 349 | ;opcache.interned_strings_buffer=8 350 | ;opcache.max_accelerated_files=10000 351 | ;opcache.max_wasted_percentage=5 352 | ;opcache.use_cwd=1 353 | ;opcache.validate_timestamps=1 354 | ;opcache.revalidate_freq=2 355 | ;opcache.revalidate_path=0 356 | ;opcache.save_comments=1 357 | ;opcache.enable_file_override=0 358 | ;opcache.optimization_level=0x7FFFBFFF 359 | ;opcache.dups_fix=0 360 | ;opcache.blacklist_filename= 361 | ;opcache.max_file_size=0 362 | ;opcache.consistency_checks=0 363 | ;opcache.force_restart_timeout=180 364 | ;opcache.error_log= 365 | ;opcache.log_verbosity_level=1 366 | ;opcache.preferred_memory_model= 367 | ;opcache.protect_memory=0 368 | ;opcache.restrict_api= 369 | ;opcache.mmap_base= 370 | ;opcache.file_cache= 371 | ;opcache.file_cache_only=0 372 | ;opcache.file_cache_consistency_checks=1 373 | ;opcache.file_cache_fallback=1 374 | ;opcache.huge_code_pages=1 375 | ;opcache.validate_permission=0 376 | ;opcache.validate_root=0 377 | ;opcache.opt_debug_level=0 378 | 379 | [curl] 380 | ;curl.cainfo = 381 | 382 | [openssl] 383 | ;openssl.cafile= 384 | ;openssl.capath= 385 | ; End: 386 | -------------------------------------------------------------------------------- /templates/config/pool.d/queue.conf: -------------------------------------------------------------------------------- 1 | ;{{ansible_managed}} 2 | [queue] 3 | ; if we send this to /proc/self/fd/1, it never appears 4 | ; access.log = /proc/self/fd/2 5 | 6 | clear_env = no 7 | 8 | ; Ensure worker stdout and stderr are sent to the main error log. 9 | catch_workers_output = yes 10 | 11 | user = www-data 12 | group = www-data 13 | 14 | listen = [::]:9003 15 | 16 | listen.backlog = -1 17 | 18 | pm = dynamic 19 | pm.max_children = 30 20 | pm.start_servers = 2 21 | pm.min_spare_servers = 2 22 | pm.max_spare_servers = 20 23 | pm.max_requests = 10000 24 | pm.status_path = /queue-php71-status 25 | 26 | ping.path = /ping-queue 27 | 28 | ping.response = pong-queue 29 | 30 | rlimit_core = 0 31 | 32 | ; Default Value: clean env 33 | env[HOSTNAME] = $HOSTNAME 34 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 35 | env[TMP] = /tmp 36 | env[TMPDIR] = /tmp 37 | env[TEMP] = /tmp 38 | 39 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 40 | ;php_flag[display_errors] = off 41 | ;php_admin_value[error_log] = /var/log/php-pool-queue.error.log 42 | php_admin_flag[log_errors] = on 43 | php_admin_value[memory_limit] = 2048M 44 | -------------------------------------------------------------------------------- /templates/config/pool.d/upstream.conf: -------------------------------------------------------------------------------- 1 | ;{{ ansible_managed }} 2 | [upstream] 3 | ; if we send this to /proc/self/fd/1, it never appears 4 | ; access.log = /proc/self/fd/2 5 | 6 | clear_env = no 7 | 8 | ; Ensure worker stdout and stderr are sent to the main error log. 9 | catch_workers_output = yes 10 | 11 | user = www-data 12 | group = www-data 13 | 14 | listen = [::]:9002 15 | 16 | listen.backlog = -1 17 | 18 | pm = dynamic 19 | pm.max_children = 200 20 | pm.start_servers = 4 21 | pm.min_spare_servers = 4 22 | pm.max_spare_servers = 180 23 | pm.max_requests = 10000 24 | pm.status_path = /upstream-php71-status 25 | 26 | ping.path = /ping-upstream 27 | 28 | ping.response = pong-upstream 29 | 30 | rlimit_core = 0 31 | 32 | ; Default Value: clean env 33 | env[HOSTNAME] = $HOSTNAME 34 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 35 | env[TMP] = /tmp 36 | env[TMPDIR] = /tmp 37 | env[TEMP] = /tmp 38 | 39 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 40 | ;php_flag[display_errors] = off 41 | ;php_admin_value[error_log] = /var/log/php-pool-upstream.error.log 42 | php_admin_flag[log_errors] = on 43 | php_admin_value[memory_limit] = 2048M 44 | -------------------------------------------------------------------------------- /templates/config/pool.d/www.conf: -------------------------------------------------------------------------------- 1 | ;{{ansible_managed}} 2 | ; Start a new pool named 'www'. 3 | ; the variable $pool can we used in any directive and will be replaced by the 4 | ; pool name ('www' here) 5 | 6 | [www] 7 | ;prefix = /path/to/pools/$pool 8 | user = www-data 9 | group = www-data 10 | listen = 127.0.0.1:9000 11 | listen.backlog = -1 12 | listen.owner = www-data 13 | listen.group = www-data 14 | ;listen.mode = 0660 15 | ;listen.acl_users = 16 | ;listen.acl_groups = 17 | ;listen.allowed_clients = 127.0.0.1 18 | ; process.priority = -19 19 | 20 | pm = dynamic 21 | pm.max_children = 50 22 | pm.start_servers = 4 23 | pm.min_spare_servers = 4 24 | pm.max_spare_servers = 40 25 | ;pm.process_idle_timeout = 10s; 26 | pm.max_requests = 1000 27 | pm.status_path = /www-php71-status 28 | 29 | ;ping.path = /ping 30 | ;ping.response = pong 31 | 32 | ;access.log = log/$pool.access.log 33 | access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" 34 | ;slowlog = log/$pool.log.slow 35 | ;request_slowlog_timeout = 0 36 | ;request_terminate_timeout = 0 37 | ;request_terminate_timeout = 300 38 | rlimit_files = 131072 39 | rlimit_core = 0 40 | ;chroot = 41 | ;chdir = /var/www 42 | ; catch_workers_output = yes 43 | ;clear_env = no 44 | ;security.limit_extensions = .php .php3 .php4 .php5 .php7 45 | 46 | env[HOSTNAME] = $HOSTNAME 47 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 48 | env[TMP] = /tmp 49 | env[TMPDIR] = /tmp 50 | env[TEMP] = /tmp 51 | 52 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 53 | ;php_flag[display_errors] = off 54 | php_admin_value[error_log] = /var/log/php-pool-www.error.log 55 | php_admin_flag[log_errors] = on 56 | php_admin_value[memory_limit] = 2048M 57 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-role-php 3 | --------------------------------------------------------------------------------