├── .gitignore ├── README.md ├── composer.json ├── playbook.yml ├── roles ├── ANXS.mysql │ ├── .gitignore │ ├── .travis.yml │ ├── LICENSE │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ ├── configure.yml │ │ ├── databases.yml │ │ ├── install.yml │ │ ├── main.yml │ │ ├── monit.yml │ │ ├── secure.yml │ │ └── users.yml │ ├── templates │ │ ├── etc_monit_conf.d_mysql.j2 │ │ ├── etc_mysql_my.cnf.j2 │ │ └── root_dot_my.cnf.j2 │ ├── test.yml │ └── vars │ │ └── debian.yml ├── MaximeThoonsen.automysqlbackup │ ├── .travis.yml │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── role.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── automysqlbackup.j2 ├── MaximeThoonsen.php5-xdebug │ ├── .travis.yml │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── xdebug.ini.j2 │ └── tests │ │ ├── Makefile │ │ ├── Vagrantfile │ │ ├── inventory │ │ └── playbook.yml ├── Stouts.iptables │ ├── .travis.yml │ ├── LICENSE │ ├── Makefile │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ ├── iptables.yml │ │ └── main.yml │ ├── templates │ │ ├── iptables.rules.j2 │ │ └── iptables_load.j2 │ └── test.yml ├── common │ ├── files │ │ └── etc │ │ │ ├── sudoers.d │ │ │ └── 10-www-data │ │ │ └── sysctl.d │ │ │ └── 99-network-tweaks.conf │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── base_packages.yml │ │ ├── main.yml │ │ ├── network_tweaks.yml │ │ ├── sudo.yml │ │ ├── time.yml │ │ └── users.yml │ └── templates │ │ └── etc │ │ └── timezone ├── kosssi.composer │ ├── .gitignore │ ├── .travis.yml │ ├── LICENSE │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ ├── install.yml │ │ ├── main.yml │ │ ├── test.yml │ │ └── update.yml │ └── tests │ │ ├── Makefile │ │ ├── Vagrantfile │ │ ├── inventory │ │ ├── playbook.yml │ │ └── roles │ │ └── common │ │ └── tasks │ │ └── main.yml ├── nginx-symfony │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── etc │ │ │ └── nginx │ │ │ └── mime.types │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── etc │ │ └── nginx │ │ └── conf.d │ │ ├── conf │ │ └── vagrantconf ├── nickjj.fail2ban │ ├── .gitignore │ ├── .travis.yml │ ├── LICENSE │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── etc │ │ │ └── fail2ban │ │ │ ├── fail2ban.local.j2 │ │ │ └── jail.local.j2 │ └── tests │ │ ├── inventory │ │ └── main.yml └── php │ ├── .travis.yml │ ├── README.md │ ├── defaults │ └── main.yml │ ├── meta │ └── main.yml │ ├── tasks │ └── main.yml │ ├── templates │ ├── apc.ini.j2 │ └── php.ini.j2 │ └── tests │ ├── inventory │ └── test.yml └── vars ├── main.yml └── vagrant └── xdebug.yml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # /!\ Deprecated /!\ 2 | See https://github.com/fansible/tywin for the newer version. 3 | 4 | 5 | # Ansible provisioning for Symfony project using composer 6 | This project is meant to make the provisioning of servers running one Symfony app as easy and fast as possible. 7 | 8 | ## Requirements 9 | 10 | You should have on your server installed: 11 | * [Ansible](http://docs.ansible.com/intro_installation.html) 12 | * [Composer](https://getcomposer.org/download/) 13 | 14 | ## How to use it 15 | 16 | 1) Require fansible/symfony-ansible in your composer.json: `composer require --dev "fansible/symfony-ansible"` 17 | 18 | 2) Add the file ansible.cfg in your root directory with 19 | 20 | [defaults] 21 | hostfile = app/config/ansible/hosts 22 | roles_path = vendor/fansible/symfony-ansible/roles 23 | 24 | 3) Add your hosts configurations. For vagrant, create a file called `vagrant` in `app/config/ansible/hosts`: 25 | 26 | [vagrant] 27 | vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 is_vagrant=true 28 | 29 | 4) Add the specific vars of your host. For vagrant, create a file called `vagrant` in `app/config/ansible/hosts/group_vars`: 30 | 31 | --- 32 | # File: app/config/ansible/hosts/group_vars/vagrant 33 | 34 | # Write here the vars that are specific to your host 35 | host_name: "vagrant-{{ name }}" 36 | web: 37 | server_name: "vagrant.project.com" 38 | iptables_allowed_tcp_ports: [22, 80, 443] 39 | 40 | mysql_users: 41 | - name: "{{ name }}" 42 | host: "%" 43 | pass: "{{ name }}" 44 | 45 | 5) If you have already installed Ansible, you can now run your provisioning. 46 | 47 | For your vagrant: `vagrant provision` 48 | 49 | For any hosts: `ansible-playbook -i app/config/ansible/hosts/HOSTNAME vendor/fansible/symfony-ansible/playbook.yml -u root`. 50 | 51 | ## Bonus step for Vagrant 52 | 53 | 1) You need to create Here is a Vagrantfile you can use for your project: 54 | 55 | # -*- mode: ruby -*- 56 | # vi: set ft=ruby : 57 | 58 | # TODO: Change the name 59 | projectname = 'projectname' 60 | 61 | Vagrant.configure("2") do |config| 62 | config.vm.hostname = projectname 63 | config.vm.box = "ubuntu/trusty64" 64 | # TODO: Change the directory 65 | config.vm.network :private_network, ip: "10.0.0.7" 66 | 67 | # TODO: Change the directory 68 | config.vm.synced_folder "./", "/var/www/" + projectname + "/current", type: "nfs" 69 | 70 | config.vm.provider "virtualbox" do |v| 71 | v.customize ["modifyvm", :id, "--cpuexecutioncap", "100"] 72 | v.customize ["modifyvm", :id, "--memory", 2048] 73 | v.customize ["modifyvm", :id, "--cpus", 2] 74 | end 75 | 76 | config.ssh.forward_agent = true 77 | 78 | # Ansible see https://docs.vagrantup.com/v2/provisioning/ansible.html 79 | config.vm.provision "ansible" do |ansible| 80 | ansible.sudo = true 81 | ansible.playbook = "vendor/fansible/symfony-ansible/playbook.yml" 82 | ansible.limit = 'vagrant' 83 | ansible.inventory_path = "app/config/ansible/hosts/vagrant" 84 | ansible.verbose = "v" #Use vvvv to get more log 85 | end 86 | end 87 | 88 | 2) Change your web/app_dev.php to allow remote connection. You can copy/paste: 89 | 90 | loadClassCache(); 102 | $request = Request::createFromGlobals(); 103 | $response = $kernel->handle($request); 104 | $response->send(); 105 | $kernel->terminate($request, $response); 106 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "fansible/symfony-ansible", 3 | "license": "MIT", 4 | "type": "Provisioning", 5 | "description": "This will help you to provision and maintain your server up to date to run your Symfony apps", 6 | "keywords": ["Provisioning Server Ansible Security"], 7 | "authors": [ 8 | { 9 | "name": "Maxime Thoonsen", 10 | "email": "maximet@theodo.fr" 11 | } 12 | ],"require": { 13 | "symfony/symfony": ">=2.3.1" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Provisioning for a Symfony project 3 | hosts: all 4 | vars_files: 5 | - vars/main.yml 6 | - ../../../app/config/parameters.yml 7 | sudo: yes 8 | gather_facts: true 9 | roles: 10 | - common # Common packages to update 11 | - nginx-symfony 12 | - { role: ANXS.mysql, tags: mysql } # Database 13 | - php 14 | - { role: kosssi.composer } 15 | - Stouts.iptables 16 | - nickjj.fail2ban 17 | - MaximeThoonsen.automysqlbackup 18 | 19 | #NB: The inventory files used by ansible is located in .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory 20 | #This inventory is generated by vagrant 21 | - name: Vagrant provisioning 22 | hosts: vagrant 23 | vars_files: 24 | - vars/vagrant/xdebug.yml 25 | sudo: yes 26 | gather_facts: true 27 | roles: 28 | - MaximeThoonsen.php5-xdebug 29 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .AppleDouble 3 | .LSOverride 4 | Icon 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | .vagrant 9 | test 10 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | before_install: 5 | - sudo apt-get update -qq 6 | - sudo apt-get install -qq python-apt python-pycurl 7 | install: 8 | - pip install ansible==1.5.0 9 | script: 10 | - echo localhost > inventory 11 | - ansible-playbook --syntax-check -i inventory test.yml 12 | - ansible-playbook -i inventory test.yml --connection=local --sudo 13 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2014 Pieterjan Vandaele 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/README.md: -------------------------------------------------------------------------------- 1 | ## ANXS - MySQL [![Build Status](https://travis-ci.org/ANXS/mysql.png)](https://travis-ci.org/ANXS/mysql) 2 | 3 | Ansible role that installs MySQL on (for now) Ubuntu variants. 4 | Features include: 5 | - Installation of MySQL and it's dependencies 6 | - Basic configuration 7 | - Standard hardening (root password, removal of test databases) 8 | - Add databases 9 | - Add users 10 | - Setup of monit process supervision 11 | 12 | 13 | #### Requirements & Dependencies 14 | - Tested on Ansible 1.4 or higher. 15 | - ANXS.monit if you want monit protection (in that case, you should set `monit_protection: true`) 16 | 17 | 18 | #### Variables 19 | 20 | ```yaml 21 | # Basic settings 22 | mysql_port: 3306 # The port on which mysql listens 23 | mysql_bind_address: "0.0.0.0" # The address the mysql server binds on 24 | mysql_root_password: 'pass' # The root password 25 | 26 | # Fine Tuning 27 | mysql_key_buffer: '16M' 28 | mysql_max_allowed_packet: '128M' 29 | mysql_thread_stack: '192K' 30 | mysql_cache_size: 8 31 | mysql_myisam_recover: 'BACKUP' 32 | mysql_max_connections: 100 33 | mysql_table_cache: 64 34 | mysql_thread_concurrency: 10 35 | mysql_query_cache_limit: '1M' 36 | mysql_query_cache_size: '16M' 37 | mysql_character_set_server: 'utf8' 38 | mysql_collation_server: 'utf8_general_ci' 39 | mysql_mysqldump_max_allowed_packet: '128M' 40 | mysql_isamchk_key_buffer: '16M' 41 | 42 | # InnoDB tuning 43 | mysql_innodb_file_per_table: 'innodb_file_per_table' 44 | mysql_innodb_flush_method: 'fdatasync' 45 | mysql_innodb_buffer_pool_size: '128M' 46 | mysql_innodb_flush_log_at_trx_commit: 1 47 | mysql_innodb_lock_wait_timeout: 50 48 | mysql_innodb_log_buffer_size: '1M' 49 | mysql_innodb_log_file_size: '5M' 50 | 51 | # List of databases to be created (optional) 52 | mysql_databases: 53 | - name: foobar 54 | collation: "utf8_general_ci" # optional, defaults to "utf8_general_ci" 55 | encoding: "utf8" # optional, defaults to "utf8" 56 | 57 | # List of users to be created (optional) 58 | mysql_users: 59 | - name: baz 60 | pass: pass 61 | priv: "*.*:ALL" # optional, defaults to "*.*:ALL" 62 | host: "%" # optional, defaults to "localhost" 63 | 64 | # GLOBAL Setting 65 | monit_protection: false # true or false, requires ANXS.monit 66 | ``` 67 | 68 | 69 | #### License 70 | 71 | Licensed under the MIT License. See the LICENSE file for details. 72 | 73 | 74 | #### Feedback, bug-reports, requests, ... 75 | 76 | Are [welcome](https://github.com/ANXS/mysql/issues)! 77 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/defaults/main.yml 2 | 3 | # Basic settings 4 | mysql_port: 3306 5 | mysql_bind_address: "0.0.0.0" 6 | mysql_root_password: 'pass' 7 | mysql_language: '/usr/share/mysql/' 8 | 9 | # Fine Tuning 10 | mysql_key_buffer: '16M' 11 | mysql_max_allowed_packet: '128M' 12 | mysql_thread_stack: '192K' 13 | mysql_cache_size: 8 14 | mysql_myisam_recover: 'BACKUP' 15 | mysql_max_connections: 100 16 | mysql_table_cache: 64 17 | mysql_thread_concurrency: 10 18 | mysql_query_cache_limit: '1M' 19 | mysql_query_cache_size: '16M' 20 | mysql_innodb_file_per_table: 'innodb_file_per_table' 21 | mysql_character_set_server: 'utf8' 22 | mysql_collation_server: 'utf8_general_ci' 23 | mysql_mysqldump_max_allowed_packet: '128M' 24 | mysql_isamchk_key_buffer: '16M' 25 | 26 | # InnoDB tuning 27 | mysql_innodb_file_per_table: 'innodb_file_per_table' 28 | mysql_innodb_flush_method: 'fdatasync' 29 | mysql_innodb_buffer_pool_size: '128M' 30 | mysql_innodb_flush_log_at_trx_commit: 1 31 | mysql_innodb_lock_wait_timeout: 50 32 | mysql_innodb_log_buffer_size: '1M' 33 | mysql_innodb_log_file_size: '5M' 34 | 35 | # List of databases to be created 36 | mysql_databases: [] 37 | 38 | # List of users to be created 39 | mysql_users: [] 40 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/handlers/main.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/handlers/main.yml 2 | 3 | - name: restart mysql 4 | service: 5 | name: mysql 6 | state: restarted 7 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Feb 8 22:53:24 2015', version: v1.0.3} 2 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/meta/main.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/meta/main.yml 2 | 3 | galaxy_info: 4 | author: pjan vandaele 5 | company: ANXS 6 | description: "MySQL install and configuration (hardening, databases, users, ...)" 7 | min_ansible_version: 1.4 8 | license: MIT 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - all 13 | categories: 14 | - system 15 | 16 | dependencies: [] 17 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/configure.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/configure.yml 2 | 3 | - name: MySQL | Update the my.cnf 4 | template: 5 | src: etc_mysql_my.cnf.j2 6 | dest: /etc/mysql/my.cnf 7 | owner: root 8 | group: root 9 | mode: 0644 10 | notify: 11 | - restart mysql 12 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/databases.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/databases.yml 2 | 3 | - name: MySQL | Make sure the MySQL databases are present 4 | mysql_db: 5 | name: "{{ item.name }}" 6 | collation: "{{ item.collation | default('utf8_general_ci') }}" 7 | encoding: "{{ item.encoding | default('utf8') }}" 8 | state: present 9 | with_items: mysql_databases 10 | when: mysql_databases|length > 0 11 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/install.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/install.yml 2 | 3 | - name: MySQL | Load the os specific variables 4 | include_vars: "{{ansible_os_family | lower}}.yml" 5 | 6 | - name: MySQL | Make sure the MySql packages are installed 7 | apt: 8 | pkg: "{{item}}" 9 | update_cache: yes 10 | with_items: mysql_packages 11 | 12 | - name: MySQL | Ensure MySQL is running 13 | service: 14 | name: mysql 15 | state: started 16 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/main.yml 2 | 3 | - include: install.yml 4 | - include: configure.yml 5 | - include: secure.yml 6 | - include: databases.yml 7 | - include: users.yml 8 | - include: monit.yml 9 | when: monit_protection is defined and monit_protection == true 10 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/monit.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/monit.yml 2 | 3 | - name: MySQL | (Monit) Copy the mysql monit service file 4 | template: 5 | src: etc_monit_conf.d_mysql.j2 6 | dest: /etc/monit/conf.d/mysql 7 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/secure.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/secure.yml 2 | 3 | - name: MySQL | Set the root password. 4 | mysql_user: 5 | user: root 6 | host: "{{item}}" 7 | password: "{{mysql_root_password}}" 8 | with_items: 9 | - "{{ansible_hostname}}" 10 | - 127.0.0.1 11 | - ::1 12 | - localhost 13 | when: ansible_hostname != 'localhost' 14 | 15 | - name: MySQL | Set the root password. 16 | mysql_user: 17 | user: root 18 | host: "{{item}}" 19 | password: "{{mysql_root_password}}" 20 | with_items: 21 | - 127.0.0.1 22 | - ::1 23 | - localhost 24 | when: ansible_hostname == 'localhost' 25 | 26 | - name: MySQL | Configure MySql for easy access as root user 27 | template: 28 | src: root_dot_my.cnf.j2 29 | dest: /root/.my.cnf 30 | owner: root 31 | group: root 32 | mode: 0600 33 | 34 | - name: MySQL | Remove anonymous MySQL server user 35 | mysql_user: 36 | name: "" 37 | host: "{{item}}" 38 | state: absent 39 | with_items: 40 | - "{{ansible_hostname}}" 41 | - localhost 42 | 43 | - name: MySQL | Remove the MySQL test database 44 | mysql_db: 45 | name: test 46 | state: absent 47 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/tasks/users.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/tasks/users.yml 2 | 3 | - name: MySQL | Make sure the MySQL users are present 4 | mysql_user: 5 | name: "{{item.name}}" 6 | password: "{{item.pass | default('pass')}}" 7 | priv: "{{item.priv | default('*.*:ALL')}}" 8 | state: present 9 | host: "{{item.host | default('localhost')}}" 10 | with_items: mysql_users 11 | when: mysql_users|length > 0 12 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/templates/etc_monit_conf.d_mysql.j2: -------------------------------------------------------------------------------- 1 | check process mysqld with pidfile /var/run/mysqld/mysqld.pid 2 | group database 3 | start program = "/etc/init.d/mysql start" 4 | stop program = "/etc/init.d/mysql stop" 5 | if failed host localhost port {{ mysql_port }} protocol mysql then restart 6 | if 5 restarts within 5 cycles then timeout 7 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/templates/etc_mysql_my.cnf.j2: -------------------------------------------------------------------------------- 1 | # 2 | # The MySQL database server configuration file. 3 | # 4 | # For explanations see 5 | # http://dev.mysql.com/doc/mysql/en/server-system-variables.html 6 | 7 | [client] 8 | port = {{ mysql_port }} 9 | socket = /var/run/mysqld/mysqld.sock 10 | 11 | [mysqld_safe] 12 | socket = /var/run/mysqld/mysqld.sock 13 | nice = 0 14 | 15 | [mysqld] 16 | # * Basic Settings 17 | user = mysql 18 | pid-file = /var/run/mysqld/mysqld.pid 19 | socket = /var/run/mysqld/mysqld.sock 20 | port = {{ mysql_port }} 21 | basedir = /usr 22 | datadir = /var/lib/mysql 23 | tmpdir = /tmp 24 | # language is for pre-5.5. In 5.5 it is an alias for lc_messages_dir. 25 | language = {{ mysql_language }} 26 | bind-address = {{ mysql_bind_address }} 27 | skip-external-locking 28 | 29 | 30 | # * Fine Tuning 31 | key_buffer = {{ mysql_key_buffer }} 32 | max_allowed_packet = {{ mysql_max_allowed_packet }} 33 | thread_stack = {{ mysql_thread_stack }} 34 | thread_cache_size = {{ mysql_cache_size }} 35 | myisam-recover = {{ mysql_myisam_recover }} 36 | max_connections = {{ mysql_max_connections }} 37 | table_open_cache = {{ mysql_table_cache }} 38 | thread_concurrency = {{ mysql_thread_concurrency }} 39 | 40 | # ** Query Cache Configuration 41 | query_cache_limit = {{ mysql_query_cache_limit }} 42 | query_cache_size = {{ mysql_query_cache_size }} 43 | 44 | # ** Logging and Replication 45 | #general_log_file = /var/log/mysql/mysql.log 46 | #general_log = 1 47 | # 48 | #log_slow_queries = /var/log/mysql/mysql-slow.log 49 | #long_query_time = 2 50 | #log-queries-not-using-indexes 51 | # 52 | # The following can be used as easy to replay backup logs or for replication. 53 | #server-id = 1 54 | #log_bin = /var/log/mysql/mysql-bin.log 55 | expire_logs_days = 10 56 | max_binlog_size = 100M 57 | #binlog_do_db = include_database_name 58 | #binlog_ignore_db = include_database_name 59 | 60 | # ** InnoDB 61 | # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. 62 | # Read the manual for more InnoDB related options. There are many! 63 | innodb_flush_log_at_trx_commit = {{ mysql_innodb_flush_log_at_trx_commit }} 64 | innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }} 65 | {% if mysql_innodb_flush_method != 'fdatasync': %} 66 | innodb_flush_method = {{ mysql_innodb_flush_method }} 67 | {% endif %} 68 | innodb_lock_wait_timeout = {{ mysql_innodb_lock_wait_timeout }} 69 | innodb_log_buffer_size = {{ mysql_innodb_log_buffer_size }} 70 | innodb_log_file_size = {{ mysql_innodb_log_file_size }} 71 | {{ mysql_innodb_file_per_table }} 72 | 73 | # ** Security Features 74 | # Read the manual, too, if you want chroot! 75 | # chroot = /var/lib/mysql/ 76 | # 77 | # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". 78 | # ssl-ca=/etc/mysql/cacert.pem 79 | # ssl-cert=/etc/mysql/server-cert.pem 80 | # ssl-key=/etc/mysql/server-key.pem 81 | 82 | character_set_server = {{ mysql_character_set_server }} 83 | collation_server = {{ mysql_collation_server }} 84 | 85 | [mysqldump] 86 | quick 87 | quote-names 88 | max_allowed_packet = {{ mysql_mysqldump_max_allowed_packet }} 89 | 90 | [mysql] 91 | #no-auto-rehash # faster start of mysql but no tab completition 92 | 93 | [isamchk] 94 | key_buffer = {{ mysql_isamchk_key_buffer }} 95 | 96 | # 97 | # * IMPORTANT: Additional settings that can override those from this file! 98 | # The files must end with '.cnf', otherwise they'll be ignored. 99 | # 100 | !includedir /etc/mysql/conf.d/ 101 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/templates/root_dot_my.cnf.j2: -------------------------------------------------------------------------------- 1 | [client] 2 | user=root 3 | password={{ mysql_root_password }} 4 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/test.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | vars_files: 3 | - 'defaults/main.yml' 4 | tasks: 5 | - include: 'tasks/main.yml' 6 | handlers: 7 | - include: 'handlers/main.yml' 8 | -------------------------------------------------------------------------------- /roles/ANXS.mysql/vars/debian.yml: -------------------------------------------------------------------------------- 1 | # file: mysql/vars/debian.yml 2 | 3 | mysql_packages: 4 | - mysql-server 5 | - mysql-client 6 | - python-mysqldb 7 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | language: python 4 | 5 | services: mysql 6 | 7 | python: "2.7" 8 | 9 | before_install: 10 | - sudo apt-get update -qq 11 | - sudo apt-get install -qq aptitude python-apt python-pycurl 12 | 13 | install: 14 | - pip install ansible 15 | 16 | script: 17 | - echo localhost > inventory 18 | - ansible-playbook --syntax-check -i inventory role.yml 19 | - ansible-playbook -i inventory role.yml --connection=local --sudo -vvvv 20 | - /usr/sbin/automysqlbackup 21 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/README.md: -------------------------------------------------------------------------------- 1 | Automysqlbackup 2 | =============== 3 | 4 | [![Build Status](https://travis-ci.org/lyrasis/ansible-automysqlbackup-role.svg?branch=master)](https://travis-ci.org/MaximeThoonsen/ansible-automysqlbackup-role) 5 | 6 | Install the automysqlbackup utility. 7 | 8 | ## Requirements 9 | 10 | None. 11 | 12 | --- 13 | 14 | **Variables** 15 | 16 | ``` 17 | # database username and password that will perform the backups 18 | automysqlbackup_username: "$(grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d'=' -f2 | awk '{print $1}')" 19 | automysqlbackup_password: "$(grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d'=' -f2 | awk '{print $1}')" 20 | 21 | # hostname or ip address of the database server 22 | automysqlbackup_host: localhost 23 | 24 | # space separated string of databases to include or ignore in the backup 25 | automysqlbackup_dbames: "all" 26 | automysqlbackup_dbexclude: "" 27 | 28 | # whether to include a create database statement 29 | automysqlbackup_createdb_stmt: "yes" 30 | 31 | automysqlbackup_backup_directory: /var/lib/automysqlbackup 32 | 33 | # backup each database in a separate directory or everything to a single file 34 | automysqlbackup_sepdir: "yes" 35 | 36 | # day of the week for weekly backbackups (6 - Saturday) 37 | automysqlbackup_doweekly: 6 38 | 39 | # output location (log, files, stdout, quiet) and where output is sent (user / email address) 40 | automysqlbackup_mailcontent: quiet 41 | automysqlbackup_mailaddr: root 42 | 43 | # default cron configuration 44 | automysqlbackup_cron: 45 | minute: 0 46 | hour: 0 47 | day: "*" 48 | month: "*" 49 | weekday: "*" 50 | 51 | # latest 52 | automysqlbackup_latest: "no" 53 | 54 | ``` 55 | 56 | ## License 57 | 58 | MIT 59 | 60 | ## Author Information 61 | 62 | This role was created in 2014 by [Maxime Thoonsen](https://twitter.com/MaximeThoonsen). 63 | It was forked from [Mark Cooper's role](https://github.com/lyrasis/ansible-automysqlbackup-role) 64 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # database username and password that will perform the backups 4 | automysqlbackup_username: "$(grep user /etc/mysql/debian.cnf | tail -n 1 | cut -d'=' -f2 | awk '{print $1}')" 5 | automysqlbackup_password: "$(grep password /etc/mysql/debian.cnf | tail -n 1 | cut -d'=' -f2 | awk '{print $1}')" 6 | 7 | # hostname or ip address of the database server 8 | automysqlbackup_host: localhost 9 | 10 | # space separated string of databases to include or ignore in the backup 11 | automysqlbackup_dbames: "all" 12 | automysqlbackup_dbexclude: "" 13 | 14 | # whether to include a create database statement 15 | automysqlbackup_createdb_stmt: "yes" 16 | 17 | automysqlbackup_backup_directory: /var/lib/automysqlbackup 18 | 19 | # backup each database in a separate directory or everything to a single file 20 | automysqlbackup_sepdir: "yes" 21 | 22 | # day of the week for weekly backbackups (6 - Saturday) 23 | automysqlbackup_doweekly: 6 24 | 25 | # output location (log, files, stdout, quiet) and where output is sent (user / email address) 26 | automysqlbackup_mailcontent: quiet 27 | automysqlbackup_mailaddr: root 28 | 29 | # default cron configuration 30 | automysqlbackup_cron: 31 | minute: 0 32 | hour: 0 33 | day: "*" 34 | month: "*" 35 | weekday: "*" 36 | 37 | automysqlbackup_latest: "no" -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Feb 8 22:53:40 2015', version: v1.0} 2 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | galaxy_info: 4 | author: Maxime Thoonsen 5 | description: Install and configure automysqlbackup utility 6 | license: MIT 7 | min_ansible_version: 1.4 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - all 12 | - name: Debian 13 | versions: 14 | - lenny 15 | - squeeze 16 | - wheezy 17 | - trusty 18 | categories: 19 | - database 20 | dependencies: [] 21 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/role.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: localhost 4 | remote_user: root 5 | vars_files: 6 | - 'defaults/main.yml' 7 | tasks: 8 | - include: 'tasks/main.yml' 9 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: check for unsupported target operating system 4 | fail: 5 | msg: "The operating system of the target machine ({{ inventory_hostname }}) is not currently supported" 6 | when: not (ansible_os_family == 'Debian' or ansible_distribution == 'Ubuntu') 7 | 8 | - name: Debian | run apt update 9 | sudo: yes 10 | apt: update_cache=yes 11 | tags: 12 | - automysqlbackup 13 | 14 | - name: Debian | install automysqlbackup 15 | sudo: yes 16 | apt: pkg=automysqlbackup state=latest 17 | tags: 18 | - automysqlbackup 19 | 20 | - name: apply automysqlbackup configuration 21 | sudo: yes 22 | template: 23 | src: automysqlbackup.j2 24 | dest: /etc/default/automysqlbackup 25 | group: root 26 | owner: root 27 | mode: 0600 28 | tags: 29 | - automysqlbackup 30 | 31 | - name: remove the cron.daily file 32 | sudo: yes 33 | file: path=/etc/cron.daily/automysqlbackup state=absent 34 | tags: 35 | - automysqlbackup 36 | 37 | - name: add automysqlbackup cron job 38 | sudo: yes 39 | cron: 40 | name: "automysqlbackup" 41 | minute: "{{ automysqlbackup_cron.minute }}" 42 | hour: "{{ automysqlbackup_cron.hour }}" 43 | day: "{{ automysqlbackup_cron.day }}" 44 | month: "{{ automysqlbackup_cron.month }}" 45 | weekday: "{{ automysqlbackup_cron.weekday }}" 46 | user: root 47 | job: "/usr/sbin/automysqlbackup" 48 | tags: 49 | - automysqlbackup 50 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.automysqlbackup/templates/automysqlbackup.j2: -------------------------------------------------------------------------------- 1 | # By default, the Debian version of automysqlbackup will use: 2 | # mysqldump --defaults-file=/etc/mysql/debian.cnf 3 | # but you might want to overwrite with a specific user & pass. 4 | # To do this, simply edit bellow. 5 | 6 | # Username to access the MySQL server e.g. dbuser 7 | USERNAME={{ automysqlbackup_username }} 8 | 9 | # Username to access the MySQL server e.g. password 10 | PASSWORD={{ automysqlbackup_password }} 11 | 12 | # Host name (or IP address) of MySQL server e.g localhost 13 | DBHOST={{ automysqlbackup_host }} 14 | 15 | # List of DBNAMES for Daily/Weekly Backup e.g. "DB1 DB2 DB3" 16 | # Note that it's absolutely normal that the db named "mysql" is not in this 17 | # list, as it's added later by the script. See the MDBNAMES directives below 18 | # in this file (advanced options). 19 | # This is ONLY a convenient default, if you don't like it, don't complain 20 | # and write your own. 21 | # The following is a quick hack that will find the names of the databases by 22 | # reading the mysql folder content. Feel free to replace by something else. 23 | # DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ ` 24 | # This one does a list of dbs using a MySQL statement. 25 | DBNAMES="{{ automysqlbackup_dbames }}" 26 | 27 | # Backup directory location e.g /backups 28 | # Folders inside this one will be created (daily, weekly, etc.), and the 29 | # subfolders will be database names. Note that backups will be owned by 30 | # root, with Unix rights 0600. 31 | BACKUPDIR="{{ automysqlbackup_backup_directory }}" 32 | 33 | # Mail setup 34 | # What would you like to be mailed to you? 35 | # - log : send only log file 36 | # - files : send log file and sql files as attachments (see docs) 37 | # - stdout : will simply output the log to the screen if run manually. 38 | # - quiet : Only send logs if an error occurs to the MAILADDR. 39 | MAILCONTENT="{{ automysqlbackup_mailcontent }}" 40 | 41 | # Set the maximum allowed email size in k. (4000 = approx 5MB email [see 42 | # docs]) 43 | MAXATTSIZE="4000" 44 | 45 | # Email Address to send mail to? (user@domain.com) 46 | MAILADDR="{{ automysqlbackup_mailaddr }}" 47 | 48 | # ============================================================ 49 | # === ADVANCED OPTIONS ( Read the doc's below for details )=== 50 | #============================================================= 51 | 52 | # List of DBBNAMES for Monthly Backups. 53 | MDBNAMES="mysql $DBNAMES" 54 | 55 | # List of DBNAMES to EXLUCDE if DBNAMES are set to all (must be in " quotes) 56 | DBEXCLUDE="{{ automysqlbackup_dbexclude }}" 57 | 58 | # Include CREATE DATABASE in backup? 59 | CREATE_DATABASE={{ automysqlbackup_createdb_stmt }} 60 | 61 | # Separate backup directory and file for each DB? (yes or no) 62 | SEPDIR={{ automysqlbackup_sepdir }} 63 | 64 | # Which day do you want weekly backups? (1 to 7 where 1 is Monday) 65 | DOWEEKLY={{ automysqlbackup_doweekly }} 66 | 67 | # Choose Compression type. (gzip or bzip2) 68 | COMP=gzip 69 | 70 | # Compress communications between backup server and MySQL server? 71 | COMMCOMP=no 72 | 73 | # Additionally keep a copy of the most recent backup in a seperate 74 | # directory. 75 | LATEST={{ automysqlbackup_latest }} 76 | 77 | # The maximum size of the buffer for client/server communication. e.g. 16MB 78 | # (maximum is 1GB) 79 | MAX_ALLOWED_PACKET= 80 | 81 | # For connections to localhost. Sometimes the Unix socket file must be 82 | # specified. 83 | SOCKET= 84 | 85 | # Command to run before backups (uncomment to use) 86 | #PREBACKUP="/etc/mysql-backup-pre" 87 | 88 | # Command run after backups (uncomment to use) 89 | #POSTBACKUP="/etc/mysql-backup-post" 90 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | 3 | php: 4 | - 5.5 5 | 6 | before_install: 7 | - sudo apt-get update -y -q 8 | 9 | install: 10 | - sudo apt-get install python-pip -y 11 | - sudo pip install ansible==1.4.0 12 | 13 | script: 14 | - cd tests 15 | - ansible-playbook -i inventory playbook.yml --syntax-check 16 | - ansible-playbook -i inventory playbook.yml --connection=local --sudo 17 | - > 18 | ansible-playbook -i inventory playbook.yml --connection=local --sudo 19 | | grep -q 'changed=0.*failed=0' 20 | && (echo 'Idempotence test: pass' && exit 0) 21 | || (echo 'Idempotence test: fail' && exit 1) -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: PHP-XDebug 2 | 3 | [![Build Status](https://travis-ci.org/MaximeThoonsen/ansible-role-php-xdebug.svg?branch=master)](https://travis-ci.org/MaximeThoonsen/ansible-role-php-xdebug) 4 | 5 | Installs PHP [XDebug](http://xdebug.org/) on Ubuntu Trusty(14.04) or Precise(12.04). 6 | 7 | ## Requirements 8 | 9 | None. 10 | 11 | ## Role Variables 12 | 13 | Available variables are listed below, along with default values (see `vars/main.yml`): 14 | 15 | php_xdebug_remote_enable: "false" 16 | 17 | Whether remote debugging is enabled. 18 | 19 | php_xdebug_remote_connect_back: "false" 20 | 21 | If this is set to true, Xdebug will respond to any request from any IP address; use only for local development on non-public installations! 22 | 23 | php_xdebug_remote_host: localhost 24 | php_xdebug_remote_port: "9000" 25 | 26 | The host and port on which Xdebug will listen. 27 | 28 | php_xdebug_remote_log: /tmp/xdebug.log 29 | 30 | The location of the xdebug log (useful if you're having trouble connecting). 31 | 32 | php_xdebug_idekey: XDEBUG 33 | 34 | The IDE key to use in the URL when making Xdebug requests (e.g. `http://example.local/?XDEBUG_SESSION_START=XDEBUG`). 35 | 36 | ## Example Playbook 37 | 38 | - hosts: webservers 39 | roles: 40 | - { role: MaximeThoonsen.php5-xdebug } 41 | 42 | ## License 43 | 44 | MIT 45 | 46 | ## Author Information 47 | 48 | This role was created in 2014 by [Maxime Thoonsen](https://twitter.com/MaximeThoonsen). 49 | It was forked from [Jeff Geerling's role](https://github.com/geerlingguy/ansible-role-php-xdebug) 50 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | php_xdebug_remote_enable: "false" 3 | php_xdebug_remote_connect_back: "false" 4 | php_xdebug_remote_host: localhost 5 | php_xdebug_remote_port: "9000" 6 | php_xdebug_remote_log: /tmp/xdebug.log 7 | php_xdebug_idekey: XDEBUG 8 | php_max_nesting_level: 200 9 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Feb 8 22:53:45 2015', version: v1.0.5} 2 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Maxime Thoonsen 4 | description: PHP XDebug for Ubuntu Trusty and Precise 5 | company: "Theodo" 6 | license: "license (BSD, MIT)" 7 | min_ansible_version: 1.4 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - Trusty 12 | - Precise 13 | categories: 14 | - development 15 | - web 16 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: php5 - install xdebug 3 | apt: pkg=php5-xdebug state=latest update_cache=yes 4 | 5 | - name: Copy xdebug INI into mods-available folder. 6 | template: > 7 | src=xdebug.ini.j2 8 | dest=/etc/php5/mods-available/xdebug.ini 9 | owner=root group=root mode=644 10 | when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'trusty' 11 | 12 | - name: Copy xdebug INI into conf.d folder. 13 | template: > 14 | src=xdebug.ini.j2 15 | dest=/etc/php5/conf.d/xdebug.ini 16 | owner=root group=root mode=644 17 | when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise' -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/templates/xdebug.ini.j2: -------------------------------------------------------------------------------- 1 | [XDebug] 2 | zend_extension="xdebug.so" 3 | xdebug.remote_enable={{ php_xdebug_remote_enable }} 4 | xdebug.remote_connect_back={{ php_xdebug_remote_connect_back }} 5 | xdebug.remote_host={{ php_xdebug_remote_host }} 6 | xdebug.remote_port={{ php_xdebug_remote_port }} 7 | xdebug.remote_handler="dbgp" 8 | xdebug.remote_log={{ php_xdebug_remote_log }} 9 | xdebug.idekey="{{ php_xdebug_idekey }}" 10 | xdebug.max_nesting_level = {{ php_max_nesting_level }} 11 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/tests/Makefile: -------------------------------------------------------------------------------- 1 | test_ubuntu-14.04: 2 | VM_BOX='ubuntu/trusty64' vagrant up --provision 3 | VM_BOX='ubuntu/trusty64' vagrant provision 4 | VM_BOX='ubuntu/trusty64' vagrant destroy -f 5 | 6 | test_ubuntu-12.04: 7 | VM_BOX='hashicorp/precise64' vagrant up --provision 8 | VM_BOX='hashicorp/precise64' vagrant provision 9 | VM_BOX='hashicorp/precise64' vagrant destroy -f 10 | 11 | test_all: 12 | make test_ubuntu-12.04 13 | make test_ubuntu-14.04 14 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/tests/Vagrantfile: -------------------------------------------------------------------------------- 1 | $VM_BOX = ENV.has_key?('VM_BOX') ? ENV['VM_BOX'] : 'ubuntu/trusty64' 2 | 3 | Vagrant.configure('2') do |config| 4 | config.vm.box = $VM_BOX 5 | 6 | config.vm.provision :ansible do |ansible| 7 | ansible.playbook = 'playbook.yml' 8 | ansible.extra_vars = { ansible_ssh_user: 'vagrant', vagrant: true } 9 | 10 | ansible.verbose = 'v' 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /roles/MaximeThoonsen.php5-xdebug/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | sudo: true 3 | roles: 4 | - { role: ../../ansible-role-php-xdebug, tags: xdebug } 5 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | before_install: 5 | - sudo apt-get update -qq 6 | - sudo apt-get install -qq python-apt python-pycurl 7 | install: 8 | - pip install ansible>=1.6.0 9 | script: 10 | # Prepare tests 11 | - echo localhost > inventory 12 | 13 | # Check syntax 14 | - ansible-playbook --syntax-check -i inventory test.yml 15 | 16 | # First run 17 | - ansible-playbook -i inventory test.yml --connection=local --sudo 18 | 19 | # Second run Idempotence test 20 | - > 21 | ansible-playbook -i inventory test.yml --connection=local --sudo 22 | | grep -q 'changed=0.*failed=0' 23 | && (echo 'Idempotence test: pass' && exit 0) 24 | || (echo 'Idempotence test: fail' && exit 1) 25 | 26 | # Check for role is done 27 | - sudo iptables -L -n | grep tcp 28 | 29 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Stouts 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /roles/Stouts.iptables/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: release 2 | release: 3 | @git flow release finish `git flow release | cut -d ' ' -f2` 4 | @git push --all 5 | @git push --tags 6 | @git checkout develop 7 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/README.md: -------------------------------------------------------------------------------- 1 | Stouts.iptables 2 | =============== 3 | 4 | [![Build Status](https://travis-ci.org/Stouts/Stouts.iptables.png)](https://travis-ci.org/Stouts/Stouts.iptables) 5 | 6 | Ansible role which manage iptables 7 | 8 | #### Variables 9 | 10 | THe role variables and default values. 11 | 12 | ```yaml 13 | iptables_enabled: yes # The role is enabled 14 | iptables_logging: yes # Log dropped packets 15 | 16 | iptables_rule_path: /etc/iptables.rules # Path to rule file 17 | 18 | iptables_allowed_tcp_ports: [22, 25, 80, 443] # List of allowed tcp ports 19 | iptables_forwarded_tcp_ports: [] # Forward tcp ports 20 | # Ex. iptables_forwarded_tcp_ports: 21 | # - { from: 22, to: 2222 } 22 | 23 | iptables_allowed_udp_ports: [] # List of allowed udp ports 24 | iptables_forwarded_udp_ports: [] # Ex. iptables_forwarded_udp_ports: 25 | # - { from: 22, to: 2222 } 26 | 27 | iptables_raw_rules: [] # List of raw rules 28 | # Ex. iptables_raw_rules: 29 | # - -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT 30 | # - -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT 31 | ``` 32 | 33 | #### Usage 34 | 35 | Add `Stouts.iptables` to your roles and setup the variables in your playbook file. 36 | Example: 37 | 38 | ```yaml 39 | 40 | - hosts: all 41 | 42 | roles: 43 | - Stouts.iptables 44 | 45 | vars: 46 | iptables_allowed_tcp_ports: [22] 47 | iptables_forwarded_tcp_ports: 48 | - {from: 22, to: 2222} 49 | ``` 50 | 51 | #### License 52 | 53 | Licensed under the MIT License. See the LICENSE file for details. 54 | 55 | #### Feedback, bug-reports, requests, ... 56 | 57 | Are [welcome](https://github.com/Stouts/Stouts.iptables/issues)! 58 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | iptables_enabled: yes # The role is enabled 4 | iptables_logging: yes # Log dropped packets 5 | 6 | iptables_rule_path: /etc/iptables.rules # Path to rule file 7 | 8 | iptables_allowed_tcp_ports: [22, 25, 80, 443] # List of allowed tcp ports 9 | iptables_forwarded_tcp_ports: [] # Forward tcp ports 10 | # Ex. iptables_forwarded_tcp_ports: 11 | # - { from: 22, to: 2222 } 12 | 13 | iptables_allowed_udp_ports: [] # List of allowed udp ports 14 | iptables_forwarded_udp_ports: [] # Ex. iptables_forwarded_udp_ports: 15 | # - { from: 22, to: 2222 } 16 | 17 | iptables_raw_rules: [] # List of raw rules 18 | # Ex. iptables_raw_rules: 19 | # - -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT 20 | # - -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT 21 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: iptables load 4 | shell: "{{iptables_rule_path}}" 5 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Feb 8 22:53:34 2015', version: 1.0.0} 2 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | dependencies: [] 4 | 5 | galaxy_info: 6 | author: klen 7 | company: Stouts 8 | description: Manage iptables rules 9 | license: MIT 10 | categories: 11 | - system 12 | - networking 13 | 14 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/tasks/iptables.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure iptables is installed (debian) 4 | apt: pkg=iptables 5 | when: ansible_os_family == 'Debian' 6 | 7 | - name: Ensure iptables is installed (redhat) 8 | yum: pkg=iptables 9 | when: ansible_os_family == 'RedHat' 10 | 11 | - name: Prepare iptables rules 12 | template: dest={{iptables_rule_path}} src=iptables.rules.j2 owner=root group=root mode=0744 13 | notify: 14 | - iptables load 15 | 16 | - name: Autoload the rules 17 | template: src=iptables_load.j2 dest=/etc/network/if-up.d/iptables_load owner=root group=root mode=751 18 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: iptables.yml 4 | when: iptables_enabled 5 | tags: [iptables] 6 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/templates/iptables.rules.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file was generated by Ansible for {{ansible_fqdn}} 4 | # Do NOT modify this file by hand! 5 | 6 | # Clean all 7 | iptables -F 8 | iptables -X 9 | 10 | # Accept all from localhost 11 | iptables -A INPUT -i lo -j ACCEPT 12 | 13 | # Forwarded ports. 14 | {% for forward in iptables_forwarded_tcp_ports %} 15 | iptables -t nat -I PREROUTING -p tcp --dport {{forward.from}} -j REDIRECT --to-port {{forward.to}} 16 | {% endfor %} 17 | {% for forward in iptables_forwarded_udp_ports %} 18 | iptables -t nat -I PREROUTING -p udp --dport {{forward.from}} -j REDIRECT --to-port {{forward.to}} 19 | {% endfor %} 20 | 21 | # Allowed ports. 22 | {% for port in iptables_allowed_tcp_ports %} 23 | iptables -A INPUT -p tcp -m tcp --dport {{port}} -j ACCEPT 24 | {% endfor %} 25 | {% for port in iptables_allowed_udp_ports %} 26 | iptables -A INPUT -p tcp -m udp --dport {{port}} -j ACCEPT 27 | {% endfor %} 28 | 29 | # Accept icmp ping requests. 30 | iptables -A INPUT -p icmp -j ACCEPT 31 | 32 | # Allow NTP traffic for time synchronization. 33 | iptables -A OUTPUT -p udp --dport 123 -j ACCEPT 34 | iptables -A INPUT -p udp --sport 123 -j ACCEPT 35 | 36 | # Raw roles 37 | {% for rule in iptables_raw_rules %} 38 | {{rule}} 39 | {% endfor %} 40 | 41 | # Allow established connections: 42 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 43 | 44 | {% if iptables_logging %} 45 | # Logging 46 | iptables -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "Dropped by iptables: " 47 | {% endif %} 48 | 49 | # Drop all other 50 | iptables -A INPUT -j DROP 51 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/templates/iptables_load.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This file was generated by Ae for {{ansible_fqdn}} 4 | # Do NOT modify this file by hand! 5 | 6 | {{iptables_rule_path}} 7 | exit $? 8 | -------------------------------------------------------------------------------- /roles/Stouts.iptables/test.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | tasks: 3 | - include: 'tasks/main.yml' 4 | handlers: 5 | - include: 'handlers/main.yml' 6 | vars_files: 7 | - 'defaults/main.yml' 8 | -------------------------------------------------------------------------------- /roles/common/files/etc/sudoers.d/10-www-data: -------------------------------------------------------------------------------- 1 | www-data ALL=(ALL) NOPASSWD: ALL 2 | -------------------------------------------------------------------------------- /roles/common/files/etc/sysctl.d/99-network-tweaks.conf: -------------------------------------------------------------------------------- 1 | net.ipv6.conf.all.disable_ipv6 = 1 2 | net.ipv4.ip_nonlocal_bind = 1 3 | net.ipv4.conf.default.accept_source_route = 0 4 | net.ipv4.conf.lo.accept_source_route = 0 5 | net.ipv4.conf.eth0.accept_source_route = 0 6 | net.ipv4.icmp_echo_ignore_broadcasts = 1 7 | net.ipv4.conf.all.log_martians = 1 8 | net.ipv4.tcp_timestamps = 0 9 | -------------------------------------------------------------------------------- /roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # update tzdata 3 | - name: update-tzdata 4 | command: dpkg-reconfigure --frontend noninteractive tzdata 5 | 6 | # update kernel with network tweaks 7 | - name: apply-network-tweaks 8 | command: sysctl -p /etc/sysctl.d/99-network-tweaks.conf 9 | -------------------------------------------------------------------------------- /roles/common/tasks/base_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # basic system packages installation 3 | 4 | #- name: apt - dist upgrade 5 | # apt: upgrade=dist update_cache=yes cache_valid_time=3600 6 | 7 | - name: apt - install basic system packages 8 | apt: name={{item}} state=latest update-cache=yes cache_valid_time=3600 9 | with_items: 10 | - curl 11 | - git 12 | - g++ 13 | - gcc # for make install 14 | - ifupdown-extra 15 | - iotop 16 | - libfontconfig1 17 | - libwww-perl 18 | - libpq-dev # needed by ansible module postgresql_db 19 | - lynx 20 | - make 21 | - netcat-openbsd 22 | - ntp 23 | - nodejs 24 | - npm 25 | - python-pycurl # needed by ansible module apt_repository 26 | - python-psycopg2 # needed by ansible module postgresql_db 27 | - socat 28 | - strace 29 | - sysstat 30 | - tig 31 | - tree 32 | - tzdata 33 | - vim 34 | -------------------------------------------------------------------------------- /roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # wrapper for common tasks 3 | 4 | - include: base_packages.yml 5 | - include: time.yml 6 | - include: network_tweaks.yml 7 | - include: users.yml 8 | - include: sudo.yml 9 | -------------------------------------------------------------------------------- /roles/common/tasks/network_tweaks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # various network tweaks 3 | 4 | - name: copy network tweaks 5 | copy: dest=/etc/sysctl.d/99-network-tweaks.conf src=etc/sysctl.d/99-network-tweaks.conf owner=root group=root mode=0644 6 | notify: apply-network-tweaks 7 | -------------------------------------------------------------------------------- /roles/common/tasks/sudo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: sudo - change sudo group config 3 | lineinfile: "dest=/etc/sudoers regexp='^%sudo' line='%sudo ALL=(ALL:ALL) NOPASSWD: NOPASSWD: ALL'" 4 | -------------------------------------------------------------------------------- /roles/common/tasks/time.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # time-related tasks 3 | 4 | - name: install system packages for time management 5 | apt: pkg=ntp,tzdata state=latest update-cache=yes cache_valid_time=3600 6 | 7 | - name: set timezone to {{ timezone }} 8 | template: src=etc/timezone dest=/etc/timezone 9 | notify: update-tzdata 10 | -------------------------------------------------------------------------------- /roles/common/tasks/users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # configure www-data user 3 | 4 | - name: update www-data shell 5 | user: name=www-data shell=/bin/bash 6 | 7 | - name: set correct permissions 8 | file: path=/var/www owner=www-data group=www-data mode=0755 state=directory 9 | 10 | - name: set correct permissions for ssh dir 11 | file: path=/var/www/.ssh owner=www-data group=www-data mode=0700 state=directory 12 | 13 | - name: set correct permissions for tmp dir 14 | file: path=/tmp mode=0777 state=directory 15 | 16 | - name: add www-data to sudoers 17 | copy: src=etc/sudoers.d/10-www-data 18 | dest=/etc/sudoers.d/10-www-data 19 | owner=root group=root 20 | mode=0440 validate="visudo -cf %s" 21 | when: inventory_hostname == "vagrant" 22 | 23 | # http://docs.ansible.com/authorized_key_module.html 24 | - name: Set up authorized_keys for the root user 25 | authorized_key: user=www-data 26 | key="{{ item }}" 27 | with_items: projects_keys 28 | when: projects_keys|length > 0 29 | 30 | - name: Set up authorized_keys for the root user 31 | authorized_key: user=root 32 | key="{{ item }}" 33 | with_items: projects_keys 34 | when: projects_keys|length > 0 35 | -------------------------------------------------------------------------------- /roles/common/templates/etc/timezone: -------------------------------------------------------------------------------- 1 | {{ timezone }} 2 | -------------------------------------------------------------------------------- /roles/kosssi.composer/.gitignore: -------------------------------------------------------------------------------- 1 | tests/.vagrant 2 | -------------------------------------------------------------------------------- /roles/kosssi.composer/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | language: python 4 | 5 | python: 6 | - 2.7 7 | 8 | install: 9 | - pip install ansible==1.4.0 10 | 11 | script: 12 | - cd tests 13 | - ansible-playbook -i inventory playbook.yml --syntax-check 14 | - ansible-playbook -i inventory playbook.yml --connection=local --sudo 15 | - > 16 | ansible-playbook -i inventory playbook.yml --connection=local --sudo 17 | | grep -q 'changed=0.*unreachable=0.*failed=0' 18 | && (echo 'Idempotence test: pass' && exit 0) 19 | || (echo 'Idempotence test: fail' && exit 1) 20 | -------------------------------------------------------------------------------- /roles/kosssi.composer/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2014 Simon Constans 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /roles/kosssi.composer/README.md: -------------------------------------------------------------------------------- 1 | # ansible-role-composer 2 | 3 | [![Build Status](https://travis-ci.org/kosssi/ansible-role-composer.svg?branch=master)](https://travis-ci.org/kosssi/ansible-role-composer) 4 | 5 | Installs Composer, the PHP Dependency Manager. 6 | 7 | ## Requirements 8 | 9 | - php (version 5.3+) should be installed. 10 | 11 | ## Role Defaults Variables 12 | 13 | composer_path: /usr/local/bin/composer 14 | composer_update: true 15 | composer_update_day: 20 16 | 17 | The path where composer will be installed and available to your system. Should be in your user's `$PATH` so you can run 18 | commands simply with `composer` instead of the full path. 19 | 20 | ## Example Playbook 21 | 22 | roles: 23 | - { role: kosssi.composer } 24 | 25 | ## Vagrant 26 | 27 | If you have vagrant, you can test this role: 28 | 29 | cd tests 30 | vagrant up 31 | 32 | ## License 33 | 34 | MIT 35 | -------------------------------------------------------------------------------- /roles/kosssi.composer/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | composer_path: /usr/local/bin/composer 4 | composer_update: true 5 | composer_update_day: 20 6 | -------------------------------------------------------------------------------- /roles/kosssi.composer/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Feb 8 22:53:51 2015', version: v1.0.3} 2 | -------------------------------------------------------------------------------- /roles/kosssi.composer/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | galaxy_info: 4 | author: kosssi 5 | description: Install and Update Composer PHP Dependency Manager 6 | license: license MIT 7 | min_ansible_version: 1.4 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - all 12 | - name: Debian 13 | versions: 14 | - all 15 | categories: 16 | - packaging 17 | - web 18 | - php 19 | - composer 20 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Download and install Composer into the current directory. 4 | shell: 5 | php -r "readfile('https://getcomposer.org/installer');" | php 6 | creates={{ composer_path }} 7 | 8 | - name: Move Composer into bin directory. 9 | shell: 10 | mv composer.phar {{ composer_path }} 11 | creates={{ composer_path }} 12 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: install.yml 4 | - include: test.yml 5 | - include: update.yml 6 | when: composer_update == true -------------------------------------------------------------------------------- /roles/kosssi.composer/tasks/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get stat of composer file 4 | stat: 5 | path="{{ composer_path }}" 6 | register: composer_stat 7 | 8 | - name: Test if composer file exist 9 | fail: 10 | msg="{{ composer_path }} isn't exist" 11 | when: composer_stat.stat.exists == false 12 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tasks/update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get date for composer update 4 | shell: 5 | date --date='{{ composer_update_day }} days ago' +'%s' 6 | register: composer_date 7 | changed_when: False 8 | 9 | - name: Update composer if necessary 10 | shell: 11 | "{{ composer_path }} selfupdate" 12 | when: composer_date.stdout|int > composer_stat.stat.mtime|int 13 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tests/Makefile: -------------------------------------------------------------------------------- 1 | test_ubuntu-14.04: 2 | VM_BOX='ubuntu/trusty64' vagrant up --provision 3 | VM_BOX='ubuntu/trusty64' vagrant provision 4 | VM_BOX='ubuntu/trusty64' vagrant destroy -f 5 | 6 | test_ubuntu-12.04: 7 | VM_BOX='hashicorp/precise64' vagrant up --provision 8 | VM_BOX='hashicorp/precise64' vagrant provision 9 | VM_BOX='hashicorp/precise64' vagrant destroy -f 10 | 11 | test_debian-7.5: 12 | VM_BOX='puphpet/debian75-x64' vagrant up --provision 13 | VM_BOX='puphpet/debian75-x64' vagrant provision 14 | VM_BOX='puphpet/debian75-x64' vagrant destroy -f 15 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tests/Vagrantfile: -------------------------------------------------------------------------------- 1 | $VM_BOX = ENV.has_key?('VM_BOX') ? ENV['VM_BOX'] : 'ubuntu/trusty64' 2 | 3 | Vagrant.configure('2') do |config| 4 | config.vm.box = $VM_BOX 5 | 6 | config.vm.provision :ansible do |ansible| 7 | ansible.playbook = 'playbook.yml' 8 | ansible.extra_vars = { ansible_ssh_user: 'vagrant', vagrant: true } 9 | 10 | ansible.verbose = 'v' 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tests/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: all 4 | sudo: true 5 | roles: 6 | - { role: common, tags: apt } 7 | - { role: ../../ansible-role-composer, tags: composer } 8 | -------------------------------------------------------------------------------- /roles/kosssi.composer/tests/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Update Apt cache 4 | apt: 5 | update_cache=yes 6 | cache_valid_time=3600 7 | 8 | - name: Install php packages 9 | apt: 10 | pkg=php5 11 | state=present 12 | -------------------------------------------------------------------------------- /roles/nginx-symfony/README.md: -------------------------------------------------------------------------------- 1 | # nginx-main-conf role for Ansible 2 | Install a main conf file taht listen to *.subconf files for partial configurations 3 | 4 | ## Set up 5 | - Add this role and eventually it's dependencies in your `roles` folder as git submodule: 6 | `git submodule add git://github.com/davinov/ansible-nginx-main-conf [path-to-roles]/nginx-main-conf` 7 | - Add it to your playbook's roles if it's not required by another one 8 | 9 | ## Variables 10 | `domain` default to `_` 11 | -------------------------------------------------------------------------------- /roles/nginx-symfony/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | domain: _ 3 | -------------------------------------------------------------------------------- /roles/nginx-symfony/files/etc/nginx/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml rss; 5 | text/cache-manifest appcache; 6 | image/gif gif; 7 | image/jpeg jpeg jpg; 8 | application/x-javascript js; 9 | application/atom+xml atom; 10 | 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | 17 | image/png png; 18 | image/tiff tif tiff; 19 | image/vnd.wap.wbmp wbmp; 20 | image/x-icon ico; 21 | image/x-jng jng; 22 | image/x-ms-bmp bmp; 23 | image/svg+xml svg svgz; 24 | 25 | application/java-archive jar war ear; 26 | application/json json; 27 | application/mac-binhex40 hqx; 28 | application/msword doc; 29 | application/pdf pdf; 30 | application/postscript ps eps ai; 31 | application/rtf rtf; 32 | application/vnd.ms-excel xls; 33 | application/vnd.ms-powerpoint ppt; 34 | application/vnd.wap.wmlc wmlc; 35 | application/vnd.google-earth.kml+xml kml; 36 | application/vnd.google-earth.kmz kmz; 37 | application/x-7z-compressed 7z; 38 | application/x-cocoa cco; 39 | application/x-java-archive-diff jardiff; 40 | application/x-java-jnlp-file jnlp; 41 | application/x-makeself run; 42 | application/x-perl pl pm; 43 | application/x-pilot prc pdb; 44 | application/x-rar-compressed rar; 45 | application/x-redhat-package-manager rpm; 46 | application/x-sea sea; 47 | application/x-shockwave-flash swf; 48 | application/x-stuffit sit; 49 | application/x-tcl tcl tk; 50 | application/x-x509-ca-cert der pem crt; 51 | application/x-xpinstall xpi; 52 | application/xhtml+xml xhtml; 53 | application/zip zip; 54 | 55 | application/octet-stream bin exe dll; 56 | application/octet-stream deb; 57 | application/octet-stream dmg; 58 | application/octet-stream eot; 59 | application/octet-stream iso img; 60 | application/octet-stream msi msp msm; 61 | application/ogg ogx; 62 | 63 | audio/midi mid midi kar; 64 | audio/mpeg mpga mpega mp2 mp3 m4a; 65 | audio/ogg oga ogg spx; 66 | audio/x-realaudio ra; 67 | audio/webm weba; 68 | 69 | video/3gpp 3gpp 3gp; 70 | video/mp4 mp4; 71 | video/mpeg mpeg mpg mpe; 72 | video/ogg ogv; 73 | video/quicktime mov; 74 | video/webm webm; 75 | video/x-flv flv; 76 | video/x-mng mng; 77 | video/x-ms-asf asx asf; 78 | video/x-ms-wmv wmv; 79 | video/x-msvideo avi; 80 | } 81 | -------------------------------------------------------------------------------- /roles/nginx-symfony/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart-nginx 3 | service: name=nginx state=restarted 4 | 5 | - name: reload-nginx 6 | service: name=nginx state=reloaded 7 | 8 | -------------------------------------------------------------------------------- /roles/nginx-symfony/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /roles/nginx-symfony/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install 3 | apt: name=nginx state=latest update_cache=true cache_valid_time=3600 4 | tags: 5 | - packages 6 | 7 | - name: enable service 8 | service: name=nginx enabled=yes state=started 9 | notify: restart-nginx 10 | 11 | - name: remove default conf 12 | file: state=absent path=/etc/nginx/conf.d/default.conf 13 | notify: reload-nginx 14 | 15 | - name: remove default site conf 16 | file: path=/etc/nginx/conf.d/default state=absent 17 | notify: reload-nginx 18 | 19 | - name: remove default site conf 20 | file: path=/etc/nginx/sites-available/default state=absent 21 | notify: reload-nginx 22 | 23 | - name: add virtual host conf 24 | template: src=etc/nginx/conf.d/conf dest=/etc/nginx/conf.d/main.conf 25 | notify: restart-nginx 26 | when: is_vagrant is not defined 27 | 28 | - name: add virtual host conf for vagrant (app_dev.php targeted instead of app_php) 29 | template: src=etc/nginx/conf.d/vagrantconf dest=/etc/nginx/conf.d/main.conf 30 | notify: restart-nginx 31 | when: is_vagrant is defined 32 | 33 | - name: nginx - update mime types 34 | copy: src=etc/nginx/mime.types dest=/etc/nginx/mime.types owner=root group=root mode=0644 35 | notify: restart-nginx 36 | -------------------------------------------------------------------------------- /roles/nginx-symfony/templates/etc/nginx/conf.d/conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{web.port}}; 3 | 4 | server_name {{ hostvars[inventory_hostname].web.server_name }}; 5 | root /var/www/{{ name }}/current/web; 6 | 7 | error_log /var/www/{{ name }}/current/app/logs/nginx.error.log; 8 | access_log /var/www/{{ name }}/current/app/logs/nginx.access.log; 9 | 10 | try_files $uri @rewrite; 11 | 12 | index app.php; 13 | 14 | location @rewrite { 15 | rewrite ^/?(.*)$ /app.php/$1 last; 16 | } 17 | 18 | location ~ ^/(app|app_dev)\.php { 19 | fastcgi_index $1.php; 20 | fastcgi_pass unix:/var/run/php5-fpm.sock; 21 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 22 | include fastcgi_params; 23 | 24 | # Added to avoid 502 Bad Gateway errors 25 | fastcgi_buffer_size 512k; 26 | fastcgi_buffers 16 512k; 27 | } 28 | 29 | location ~* \.(css|txt|xml|js|gif|jpe?g|png|ico)$ { 30 | expires 1y; 31 | log_not_found off; 32 | } 33 | 34 | gzip on; 35 | gzip_min_length 1000; 36 | gzip_comp_level 9; 37 | gzip_proxied any; 38 | gzip_types application/javascript application/x-javascript application/json text/css; 39 | 40 | add_header X-Robots-Tag "noindex, nofollow"; 41 | } -------------------------------------------------------------------------------- /roles/nginx-symfony/templates/etc/nginx/conf.d/vagrantconf: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{web.port}}; 3 | 4 | server_name {{ hostvars[inventory_hostname].web.server_name }}; 5 | root /var/www/{{ name }}/current/web; 6 | 7 | error_log /var/www/{{ name }}/current/app/logs/nginx.error.log; 8 | access_log /var/www/{{ name }}/current/app/logs/nginx.access.log; 9 | 10 | index app_dev.php; 11 | try_files $uri @rewrite; 12 | 13 | location @rewrite { 14 | rewrite ^/?(.*)$ /app_dev.php/$1 last; 15 | } 16 | 17 | location ~ ^/(app_dev|app_dev_dev)\.php { 18 | fastcgi_index $1.php; 19 | fastcgi_pass unix:/var/run/php5-fpm.sock; 20 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 21 | include fastcgi_params; 22 | 23 | # Added to avoid 502 Bad Gateway errors 24 | fastcgi_buffer_size 512k; 25 | fastcgi_buffers 16 512k; 26 | } 27 | 28 | location ~* \.(css|txt|xml|js|gif|jpe?g|png|ico)$ { 29 | expires 1y; 30 | log_not_found off; 31 | } 32 | 33 | gzip on; 34 | gzip_min_length 1000; 35 | gzip_comp_level 9; 36 | gzip_proxied any; 37 | gzip_types application/javascript application/x-javascript application/json text/css; 38 | 39 | add_header X-Robots-Tag "noindex, nofollow"; 40 | } -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | */**.DS_Store 3 | ._* 4 | .*.sw* 5 | *~ 6 | .idea/ -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: "python" 3 | python: "2.7" 4 | 5 | env: 6 | - SITE_AND_INVENTORY="tests/main.yml -i tests/inventory" 7 | 8 | install: 9 | - "pip install ansible==1.6.2" 10 | - "printf '[defaults]\nroles_path = ../' > ansible.cfg" 11 | 12 | script: 13 | - "ansible-playbook $SITE_AND_INVENTORY --syntax-check" 14 | - "ansible-playbook $SITE_AND_INVENTORY --connection=local -vvvv" 15 | - > 16 | ansible-playbook $SITE_AND_INVENTORY --connection=local 17 | | grep -q 'changed=0.*failed=0' 18 | && (echo 'Idempotence test: pass' && exit 0) 19 | || (echo 'Idempotence test: fail' && exit 1) 20 | - > 21 | sudo cat /etc/fail2ban/jail.local 22 | | grep -q '\[ssh\]\|\[postfix\]\|enabled = true\|maxretry = 3' 23 | && (echo 'Services added test: pass' && exit 0) 24 | || (echo 'Services added test: fail' && exit 1) -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Nick Janetakis nick.janetakis@gmail.com 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | 'Software'), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 20 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 21 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 22 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/README.md: -------------------------------------------------------------------------------- 1 | ## What is ansible-fail2ban? [![Build Status](https://secure.travis-ci.org/nickjj/ansible-fail2ban.png)](http://travis-ci.org/nickjj/ansible-fail2ban) 2 | 3 | It is an [ansible](http://www.ansible.com/home) role to install and configure fail2ban. 4 | 5 | ### What problem does it solve and why is it useful? 6 | 7 | Security is important and fail2ban is an excellent tool to harden your server with minimal or even no configuration. 8 | 9 | ## Role variables 10 | 11 | Below is a list of default values along with a description of what they do. 12 | 13 | ``` 14 | # Which log level should it be output as? 15 | # 1 = ERROR, 2 = WARN, 3 = INFO, 4 = DEBUG 16 | fail2ban_loglevel: 3 17 | 18 | # Where should log outputs be sent to? 19 | # SYSLOG, STDERR, STDOUT, file 20 | fail2ban_logtarget: /var/log/fail2ban.log 21 | 22 | # Where should the socket be created? 23 | fail2ban_socket: /var/run/fail2ban/fail2ban.sock 24 | 25 | # Which IP address, CIDR mark or DNS host should be ignored? 26 | fail2ban_ignoreip: 127.0.0.1/8 27 | 28 | # How long in seconds should the ban last for? 29 | fail2ban_bantime: 600 30 | 31 | # How many times can they try before getting banned? 32 | fail2ban_maxretry: 6 33 | 34 | # How should the file changes be detected? 35 | # gamin, polling, auto 36 | fail2ban_backend: polling 37 | 38 | # Where should e-mail reports be sent to? 39 | fail2ban_destemail: root@localhost 40 | 41 | # How should the ban be applied? 42 | # iptables, iptables-new, iptables-multiport, shorewall, etc. 43 | fail2ban_banaction: iptables-multiport 44 | 45 | # What e-mail action should be used? 46 | # sendmail or mail 47 | fail2ban_mta: sendmail 48 | 49 | # What should the default protocol be? 50 | fail2ban_protocol: tcp 51 | 52 | # Which chain would the JUMPs be added into iptables-*? 53 | fail2ban_chain: INPUT 54 | 55 | # What should the default ban action be? 56 | # action_, action_mw, action_mwl 57 | fail2ban_action: action_ 58 | 59 | # What services should fail2ban monitor? 60 | # You can define fail2ban_services as an empty string to not monitor anything. 61 | # You can define multiple services as a standard yaml list. 62 | fail2ban_services: 63 | # The name of the service 64 | # REQUIRED. 65 | - name: ssh 66 | 67 | # Is it enabled? 68 | # OPTIONAL: Defaults to "true" (must be a string). 69 | enabled: "true" 70 | 71 | # What port does the service use? 72 | # Separate multiple ports with a comma, no spaces. 73 | # REQUIRED. 74 | port: ssh 75 | 76 | # What protocol does the service use? 77 | # OPTIONAL: Defaults to the protocol listed above. 78 | protocol: tcp 79 | 80 | # What filter should it use? 81 | # REQUIRED. 82 | filter: sshd 83 | 84 | # Which log path should it monitor? 85 | # REQUIRED. 86 | logpath: /var/log/auth.log 87 | 88 | # How many times can they try before getting banned? 89 | # OPTIONAL: Defaults to the maxretry listed above. 90 | maxretry: 6 91 | 92 | # What should the default ban action be? 93 | # OPTIONAL: Defaults to the action listed above. 94 | action: action_ 95 | 96 | # How should the ban be applied? 97 | # OPTIONAL: Defaults to the banaction listed above. 98 | banaction: iptables-multiport 99 | 100 | # The amount in seconds to cache apt-update. 101 | apt_cache_valid_time: 86400 102 | ``` 103 | 104 | ## Example playbook 105 | 106 | For the sake of this example let's assume you have a group called **app** and you have a typical `site.yml` file. 107 | 108 | To use this role edit your `site.yml` file to look something like this: 109 | 110 | ``` 111 | --- 112 | - name: ensure app servers are configured 113 | - hosts: app 114 | 115 | roles: 116 | - { role: nickjj.fail2ban, tags: fail2ban } 117 | ``` 118 | 119 | Let's say you want to edit a few values, you can do this by opening or creating `group_vars/app.yml` which is located relative to your `inventory` directory and then making it look something like this: 120 | 121 | ``` 122 | --- 123 | fail2ban_services: 124 | - name: ssh 125 | port: ssh 126 | filter: sshd 127 | logpath: /var/log/auth.log 128 | - name: postfix 129 | port: smtp,ssmtp 130 | filter: postfix 131 | logpath: /var/log/mail.log 132 | ``` 133 | 134 | ## Installation 135 | 136 | `$ ansible-galaxy install nickjj.fail2ban` 137 | 138 | ## Requirements 139 | 140 | Tested on ubuntu 12.04 LTS but it should work on other versions that are similar. 141 | 142 | ## Ansible galaxy 143 | 144 | You can find it on the official [ansible galaxy](https://galaxy.ansible.com/list#/roles/1079) if you want to rate it. 145 | 146 | ## License 147 | 148 | MIT -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fail2ban_loglevel: 3 3 | fail2ban_logtarget: /var/log/fail2ban.log 4 | fail2ban_socket: /var/run/fail2ban/fail2ban.sock 5 | 6 | fail2ban_ignoreip: 127.0.0.1/8 7 | fail2ban_bantime: 600 8 | fail2ban_maxretry: 6 9 | 10 | fail2ban_backend: polling 11 | 12 | fail2ban_destemail: root@localhost 13 | fail2ban_banaction: iptables-multiport 14 | fail2ban_mta: sendmail 15 | fail2ban_protocol: tcp 16 | fail2ban_chain: INPUT 17 | 18 | fail2ban_action: action_ 19 | 20 | fail2ban_services: 21 | - name: ssh 22 | port: ssh 23 | filter: sshd 24 | logpath: /var/log/auth.log 25 | 26 | apt_cache_valid_time: 86400 -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart fail2ban 3 | service: name=fail2ban state=restarted -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/meta/.galaxy_install_info: -------------------------------------------------------------------------------- 1 | {install_date: 'Sun Feb 8 22:53:29 2015', version: v0.1.2} 2 | -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Nick Janetakis 4 | description: Install and configure fail2ban. 5 | company: 6 | license: license MIT 7 | min_ansible_version: 1.5 8 | 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - all 13 | 14 | categories: 15 | - networking 16 | - system 17 | - web 18 | 19 | dependencies: [] -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ensure fail2ban is installed 3 | apt: pkg=fail2ban state=latest update_cache=true cache_valid_time={{ apt_cache_valid_time }} 4 | notify: 5 | - restart fail2ban 6 | 7 | - name: ensure fail2ban is configured 8 | template: src={{ item }}.j2 dest=/{{ item }} 9 | with_items: 10 | - etc/fail2ban/jail.local 11 | - etc/fail2ban/fail2ban.local 12 | notify: 13 | - restart fail2ban 14 | 15 | - name: ensure fail2ban starts on a fresh reboot 16 | service: name=fail2ban state=started enabled=yes -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/templates/etc/fail2ban/fail2ban.local.j2: -------------------------------------------------------------------------------- 1 | [Definition] 2 | 3 | loglevel = {{ fail2ban_loglevel }} 4 | logtarget = {{ fail2ban_logtarget }} 5 | socket = {{ fail2ban_socket }} -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/templates/etc/fail2ban/jail.local.j2: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | 3 | ignoreip = {{ fail2ban_ignoreip }} 4 | bantime = {{ fail2ban_bantime }} 5 | maxretry = {{ fail2ban_maxretry }} 6 | 7 | backend = {{fail2ban_backend}} 8 | 9 | destemail = {{ fail2ban_destemail }} 10 | banaction = {{ fail2ban_banaction }} 11 | mta = {{ fail2ban_mta }} 12 | protocol = {{ fail2ban_protocol }} 13 | chain = {{ fail2ban_chain }} 14 | 15 | action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 16 | 17 | action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 18 | %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] 19 | 20 | action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] 21 | %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] 22 | 23 | action = %({{ fail2ban_action }})s 24 | 25 | {% if fail2ban_services is iterable %} 26 | {% for service in fail2ban_services %} 27 | [{{ service.name }}] 28 | 29 | enabled = {{ service.enabled|default("true") }} 30 | port = {{ service.port }} 31 | filter = {{ service.filter }} 32 | logpath = {{ service.logpath }} 33 | {% if service.maxretry is defined %} 34 | maxretry = {{ service.maxretry }} 35 | {% endif %} 36 | {% if service.protocol is defined %} 37 | protocol = {{ service.protocol }} 38 | {% endif %} 39 | {% if service.action is defined %} 40 | action = %({{ service.action }})s 41 | {% endif %} 42 | {% if service.banaction is defined %} 43 | banaction = {{ service.banaction }} 44 | {% endif %} 45 | 46 | {% endfor %} 47 | {% endif %} -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost -------------------------------------------------------------------------------- /roles/nickjj.fail2ban/tests/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: travis 4 | sudo: true 5 | 6 | vars: 7 | fail2ban_services: 8 | - name: ssh 9 | port: ssh 10 | filter: sshd 11 | logpath: /var/log/auth.log 12 | - name: postfix 13 | port: smtp,ssmtp 14 | filter: postfix 15 | logpath: /var/log/mail.log 16 | maxretry: 3 17 | 18 | roles: 19 | - ansible-fail2ban -------------------------------------------------------------------------------- /roles/php/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #TODO make test 3 | #language: python 4 | #python: "2.7" 5 | # 6 | #env: 7 | # - SITE=test.yml 8 | # 9 | #before_install: 10 | # - sudo apt-get update -qq 11 | # 12 | #install: 13 | # # Install Ansible. 14 | # - pip install ansible==1.5.0 15 | # 16 | # # Add ansible.cfg to pick up roles path. 17 | # - "printf '[defaults]\nroles_path = ../' > ansible.cfg" 18 | # 19 | # # Install required dependencies. 20 | # - ansible-galaxy install geerlingguy.apache 21 | # 22 | #script: 23 | # # Check the role/playbook's syntax. 24 | # - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" 25 | # 26 | # # Run the role/playbook with ansible-playbook. 27 | # - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" 28 | # 29 | # # Run the role/playbook again, checking to make sure it's idempotent. 30 | # - > 31 | # ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo 32 | # | grep -q 'changed=0.*failed=0' 33 | # && (echo 'Idempotence test: pass' && exit 0) 34 | # || (echo 'Idempotence test: fail' && exit 1) 35 | # 36 | # # Make sure PHP is running. 37 | # - > 38 | # php -v 39 | # | grep -q 'The PHP Group' 40 | # && (echo 'PHP is installed' && exit 0) 41 | # || (echo 'PHP is not installed' && exit 1) 42 | -------------------------------------------------------------------------------- /roles/php/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: PHP 2 | 3 | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php) 4 | 5 | Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. 6 | 7 | ## Requirements 8 | 9 | Must be running a separate web server, such as Nginx or Apache. 10 | 11 | ## Role Variables 12 | 13 | Available variables are listed below, along with default values (see `vars/main.yml`): 14 | 15 | php_memory_limit: "256M" 16 | php_max_execution_time: "60" 17 | php_upload_max_filesize: "64M" 18 | 19 | Some commonly-adjusted PHP ini directives. Adjust to suit your system. 20 | 21 | php_apc_cache_by_default: "1" 22 | php_apc_shm_size: "96M" 23 | 24 | Two APC ini directives that are often customized on a system. Set `php_apc_cache_by_default` to 0 to disable APC by default (so you could enable it on a host-by-host basis). Set the `php_apc_shm_size` so it will hold all your application code in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP dramatically). 25 | 26 | This Ansible role assumes you're including `php-pecl-apc` in the list of `php_packages` below. It's rarely a good idea to run a PHP < 5.5 installation without some kind of opcode cache, and APC works great for PHP 5.3 and 5.4. 27 | 28 | php_date_timezone: "America/Chicago" 29 | 30 | Explicitly set PHP's date timezone system-wide. 31 | 32 | php_packages: [] 33 | 34 | A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). 35 | 36 | php_enable_webserver: true 37 | 38 | If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. 39 | 40 | php_webserver_daemon: "httpd" 41 | 42 | The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. 43 | 44 | php_enable_php_fpm: false 45 | 46 | If you add `php-fpm` to the `php_packages` list, and would like to run PHP-fpm, as you would with Nginx or as an alternative to `mod_php` in Apache, you can set this variable to `true`, and the `php-fpm` daemon will be enabled and started. You will need to configure PHP-fpm on your own, by editing the config file in `/etc/php-fpm.d/www.conf` (for RedHat servers) or replacing it with your own template via Ansible. 47 | 48 | php_enablerepo: "" 49 | 50 | (RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install the latest version of PHP 5.4, which is in the Remi repository. 51 | 52 | ## Dependencies 53 | 54 | None. 55 | 56 | ## Example Playbook 57 | 58 | - hosts: webservers 59 | vars_files: 60 | - vars/main.yml 61 | roles: 62 | - { role: geerlingguy.php } 63 | 64 | *Inside `vars/main.yml`*: 65 | 66 | php_memory_limit: "128M" 67 | php_max_execution_time: "90" 68 | php_upload_max_filesize: "256M" 69 | php_packages: 70 | - php 71 | - php-cli 72 | - php-common 73 | - php-devel 74 | - php-gd 75 | - php-mbstring 76 | - php-pdo 77 | - php-pecl-apc 78 | - php-xml 79 | ... 80 | 81 | ## TODO 82 | 83 | - Make role more flexible, allowing APC to be excluded from `php_packages` list. 84 | - Use `lineinfile` rather than templates to make configuration changes. 85 | 86 | ## License 87 | 88 | MIT / BSD 89 | 90 | ## Author Information 91 | 92 | This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). 93 | -------------------------------------------------------------------------------- /roles/php/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Pass in a comma-separated list of repos to use (e.g. "remi,epel"). 3 | php_enablerepo: "" 4 | php_memory_limit: "256M" 5 | php_max_execution_time: "60" 6 | php_upload_max_filesize: "64M" 7 | php_apc_cache_by_default: "1" 8 | php_apc_shm_size: "96M" 9 | php_date_timezone: "Europe/Paris" 10 | php_enable_php_fpm: true 11 | 12 | php_conf_basepath: /etc/php5 13 | 14 | php_conf_files: 15 | - { name: php.ini, dest: /cli } 16 | - { name: apc.ini, dest: /mods-available } 17 | 18 | php_mods: 19 | - { name: apc.ini, dest: /cli, size: 20 } 20 | 21 | php_packages: 22 | - php5 23 | - php5-fpm 24 | - php5-mysql 25 | - php5-mcrypt 26 | - php5-cli 27 | - php5-common 28 | - php5-curl 29 | - php5-dev 30 | - php5-gd 31 | - php5-ldap 32 | - php-apc 33 | 34 | php_webserver_daemon: "nginx" 35 | -------------------------------------------------------------------------------- /roles/php/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: MaximeThoonsen 6 | description: PHP Ubuntu Trusty. 7 | license: "license MIT" 8 | min_ansible_version: 1.4 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - Trusty 13 | categories: 14 | - development 15 | - web 16 | -------------------------------------------------------------------------------- /roles/php/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure PHP packages are installed. 4 | apt: 5 | name={{ item }} 6 | state=installed 7 | with_items: php_packages 8 | 9 | - name: Create mods-available directory 10 | file: 11 | path={{ php_conf_basepath }}/mods-available 12 | state=directory 13 | when: php_mods is defined 14 | 15 | - name: Place PHP configuration files in place. 16 | template: 17 | src={{ item.name }}.j2 18 | dest={{ php_conf_basepath }}{{ item.dest }}/{{ item.name }} 19 | owner=root 20 | group=root 21 | mode=644 22 | with_items: php_conf_files 23 | 24 | - name: Create PHP modules symlinks 25 | file: 26 | src={{ php_conf_basepath }}/mods-available/{{ item.name }} 27 | dest={{ php_conf_basepath }}{{ item.dest }}/conf.d/{{ item.size }}-{{ item.name }} 28 | state=link 29 | owner=root 30 | group=root 31 | with_items: php_mods 32 | when: php_mods is defined 33 | 34 | - name: Ensure php-fpm is started and enabled at boot (if configured). 35 | service: 36 | name=php5-fpm 37 | state=started 38 | enabled=yes 39 | when: php_enable_php_fpm 40 | -------------------------------------------------------------------------------- /roles/php/templates/apc.ini.j2: -------------------------------------------------------------------------------- 1 | apc.shm_size={{ php_apc_shm_size }} 2 | apc.enable_cli=0 3 | apc.rfc1867=1 4 | apc.cache_by_default={{ php_apc_cache_by_default }} 5 | -------------------------------------------------------------------------------- /roles/php/templates/php.ini.j2: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;;;;;;;;;;;;;;;;;;; 4 | ; About php.ini ; 5 | ;;;;;;;;;;;;;;;;;;; 6 | ; PHP's initialization file, generally called php.ini, is responsible for 7 | ; configuring many of the aspects of PHP's behavior. 8 | 9 | ; PHP attempts to find and load this configuration from a number of locations. 10 | ; The following is a summary of its search order: 11 | ; 1. SAPI module specific location. 12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0) 13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) 14 | ; 4. Current working directory (except CLI) 15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP 16 | ; (otherwise in Windows) 17 | ; 6. The directory from the --with-config-file-path compile time option, or the 18 | ; Windows directory (C:\windows or C:\winnt) 19 | ; See the PHP docs for more specific information. 20 | ; http://php.net/configuration.file 21 | 22 | ; The syntax of the file is extremely simple. Whitespace and lines 23 | ; beginning with a semicolon are silently ignored (as you probably guessed). 24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though 25 | ; they might mean something in the future. 26 | 27 | ; Directives following the section heading [PATH=/www/mysite] only 28 | ; apply to PHP files in the /www/mysite directory. Directives 29 | ; following the section heading [HOST=www.example.com] only apply to 30 | ; PHP files served from www.example.com. Directives set in these 31 | ; special sections cannot be overridden by user-defined INI files or 32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under 33 | ; CGI/FastCGI. 34 | ; http://php.net/ini.sections 35 | 36 | ; Directives are specified using the following syntax: 37 | ; directive = value 38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. 39 | ; Directives are variables used to configure PHP or PHP extensions. 40 | ; There is no name validation. If PHP can't find an expected 41 | ; directive because it is not set or is mistyped, a default value will be used. 42 | 43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one 44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression 45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a 46 | ; previously set variable or directive (e.g. ${foo}) 47 | 48 | ; Expressions in the INI file are limited to bitwise operators and parentheses: 49 | ; | bitwise OR 50 | ; ^ bitwise XOR 51 | ; & bitwise AND 52 | ; ~ bitwise NOT 53 | ; ! boolean NOT 54 | 55 | ; Boolean flags can be turned on using the values 1, On, True or Yes. 56 | ; They can be turned off using the values 0, Off, False or No. 57 | 58 | ; An empty string can be denoted by simply not writing anything after the equal 59 | ; sign, or by using the None keyword: 60 | 61 | ; foo = ; sets foo to an empty string 62 | ; foo = None ; sets foo to an empty string 63 | ; foo = "None" ; sets foo to the string 'None' 64 | 65 | ; If you use constants in your value, and these constants belong to a 66 | ; dynamically loaded extension (either a PHP extension or a Zend extension), 67 | ; you may only use these constants *after* the line that loads the extension. 68 | 69 | ;;;;;;;;;;;;;;;;;;; 70 | ; About this file ; 71 | ;;;;;;;;;;;;;;;;;;; 72 | ; PHP comes packaged with two INI files. One that is recommended to be used 73 | ; in production environments and one that is recommended to be used in 74 | ; development environments. 75 | 76 | ; php.ini-production contains settings which hold security, performance and 77 | ; best practices at its core. But please be aware, these settings may break 78 | ; compatibility with older or less security conscience applications. We 79 | ; recommending using the production ini in production and testing environments. 80 | 81 | ; php.ini-development is very similar to its production variant, except it's 82 | ; much more verbose when it comes to errors. We recommending using the 83 | ; development version only in development environments as errors shown to 84 | ; application users can inadvertently leak otherwise secure information. 85 | 86 | ;;;;;;;;;;;;;;;;;;; 87 | ; Quick Reference ; 88 | ;;;;;;;;;;;;;;;;;;; 89 | ; The following are all the settings which are different in either the production 90 | ; or development versions of the INIs with respect to PHP's default behavior. 91 | ; Please see the actual settings later in the document for more details as to why 92 | ; we recommend these changes in PHP's behavior. 93 | 94 | ; display_errors 95 | ; Default Value: On 96 | ; Development Value: On 97 | ; Production Value: Off 98 | 99 | ; display_startup_errors 100 | ; Default Value: Off 101 | ; Development Value: On 102 | ; Production Value: Off 103 | 104 | ; error_reporting 105 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 106 | ; Development Value: E_ALL 107 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 108 | 109 | ; html_errors 110 | ; Default Value: On 111 | ; Development Value: On 112 | ; Production value: On 113 | 114 | ; log_errors 115 | ; Default Value: Off 116 | ; Development Value: On 117 | ; Production Value: On 118 | 119 | ; max_input_time 120 | ; Default Value: -1 (Unlimited) 121 | ; Development Value: 60 (60 seconds) 122 | ; Production Value: 60 (60 seconds) 123 | 124 | ; output_buffering 125 | ; Default Value: Off 126 | ; Development Value: 4096 127 | ; Production Value: 4096 128 | 129 | ; register_argc_argv 130 | ; Default Value: On 131 | ; Development Value: Off 132 | ; Production Value: Off 133 | 134 | ; request_order 135 | ; Default Value: None 136 | ; Development Value: "GP" 137 | ; Production Value: "GP" 138 | 139 | ; session.bug_compat_42 140 | ; Default Value: On 141 | ; Development Value: On 142 | ; Production Value: Off 143 | 144 | ; session.bug_compat_warn 145 | ; Default Value: On 146 | ; Development Value: On 147 | ; Production Value: Off 148 | 149 | ; session.gc_divisor 150 | ; Default Value: 100 151 | ; Development Value: 1000 152 | ; Production Value: 1000 153 | 154 | ; session.hash_bits_per_character 155 | ; Default Value: 4 156 | ; Development Value: 5 157 | ; Production Value: 5 158 | 159 | ; short_open_tag 160 | ; Default Value: On 161 | ; Development Value: Off 162 | ; Production Value: Off 163 | 164 | ; track_errors 165 | ; Default Value: Off 166 | ; Development Value: On 167 | ; Production Value: Off 168 | 169 | ; url_rewriter.tags 170 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 171 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 172 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 173 | 174 | ; variables_order 175 | ; Default Value: "EGPCS" 176 | ; Development Value: "GPCS" 177 | ; Production Value: "GPCS" 178 | 179 | ;;;;;;;;;;;;;;;;;;;; 180 | ; php.ini Options ; 181 | ;;;;;;;;;;;;;;;;;;;; 182 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" 183 | ;user_ini.filename = ".user.ini" 184 | 185 | ; To disable this feature set this option to empty value 186 | ;user_ini.filename = 187 | 188 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) 189 | ;user_ini.cache_ttl = 300 190 | 191 | ;;;;;;;;;;;;;;;;;;;; 192 | ; Language Options ; 193 | ;;;;;;;;;;;;;;;;;;;; 194 | 195 | ; Enable the PHP scripting language engine under Apache. 196 | ; http://php.net/engine 197 | engine = On 198 | 199 | ; This directive determines whether or not PHP will recognize code between 200 | ; tags as PHP source which should be processed as such. It's been 201 | ; recommended for several years that you not use the short tag "short cut" and 202 | ; instead to use the full tag combination. With the wide spread use 203 | ; of XML and use of these tags by other languages, the server can become easily 204 | ; confused and end up parsing the wrong code in the wrong context. But because 205 | ; this short cut has been a feature for such a long time, it's currently still 206 | ; supported for backwards compatibility, but we recommend you don't use them. 207 | ; Default Value: On 208 | ; Development Value: Off 209 | ; Production Value: Off 210 | ; http://php.net/short-open-tag 211 | short_open_tag = Off 212 | 213 | ; Allow ASP-style <% %> tags. 214 | ; http://php.net/asp-tags 215 | asp_tags = Off 216 | 217 | ; The number of significant digits displayed in floating point numbers. 218 | ; http://php.net/precision 219 | precision = 14 220 | 221 | ; Output buffering is a mechanism for controlling how much output data 222 | ; (excluding headers and cookies) PHP should keep internally before pushing that 223 | ; data to the client. If your application's output exceeds this setting, PHP 224 | ; will send that data in chunks of roughly the size you specify. 225 | ; Turning on this setting and managing its maximum buffer size can yield some 226 | ; interesting side-effects depending on your application and web server. 227 | ; You may be able to send headers and cookies after you've already sent output 228 | ; through print or echo. You also may see performance benefits if your server is 229 | ; emitting less packets due to buffered output versus PHP streaming the output 230 | ; as it gets it. On production servers, 4096 bytes is a good setting for performance 231 | ; reasons. 232 | ; Note: Output buffering can also be controlled via Output Buffering Control 233 | ; functions. 234 | ; Possible Values: 235 | ; On = Enabled and buffer is unlimited. (Use with caution) 236 | ; Off = Disabled 237 | ; Integer = Enables the buffer and sets its maximum size in bytes. 238 | ; Note: This directive is hardcoded to Off for the CLI SAPI 239 | ; Default Value: Off 240 | ; Development Value: 4096 241 | ; Production Value: 4096 242 | ; http://php.net/output-buffering 243 | output_buffering = 4096 244 | 245 | ; You can redirect all of the output of your scripts to a function. For 246 | ; example, if you set output_handler to "mb_output_handler", character 247 | ; encoding will be transparently converted to the specified encoding. 248 | ; Setting any output handler automatically turns on output buffering. 249 | ; Note: People who wrote portable scripts should not depend on this ini 250 | ; directive. Instead, explicitly set the output handler using ob_start(). 251 | ; Using this ini directive may cause problems unless you know what script 252 | ; is doing. 253 | ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" 254 | ; and you cannot use both "ob_gzhandler" and "zlib.output_compression". 255 | ; Note: output_handler must be empty if this is set 'On' !!!! 256 | ; Instead you must use zlib.output_handler. 257 | ; http://php.net/output-handler 258 | ;output_handler = 259 | 260 | ; Transparent output compression using the zlib library 261 | ; Valid values for this option are 'off', 'on', or a specific buffer size 262 | ; to be used for compression (default is 4KB) 263 | ; Note: Resulting chunk size may vary due to nature of compression. PHP 264 | ; outputs chunks that are few hundreds bytes each as a result of 265 | ; compression. If you prefer a larger chunk size for better 266 | ; performance, enable output_buffering in addition. 267 | ; Note: You need to use zlib.output_handler instead of the standard 268 | ; output_handler, or otherwise the output will be corrupted. 269 | ; http://php.net/zlib.output-compression 270 | zlib.output_compression = Off 271 | 272 | ; http://php.net/zlib.output-compression-level 273 | ;zlib.output_compression_level = -1 274 | 275 | ; You cannot specify additional output handlers if zlib.output_compression 276 | ; is activated here. This setting does the same as output_handler but in 277 | ; a different order. 278 | ; http://php.net/zlib.output-handler 279 | ;zlib.output_handler = 280 | 281 | ; Implicit flush tells PHP to tell the output layer to flush itself 282 | ; automatically after every output block. This is equivalent to calling the 283 | ; PHP function flush() after each and every call to print() or echo() and each 284 | ; and every HTML block. Turning this option on has serious performance 285 | ; implications and is generally recommended for debugging purposes only. 286 | ; http://php.net/implicit-flush 287 | ; Note: This directive is hardcoded to On for the CLI SAPI 288 | implicit_flush = Off 289 | 290 | ; The unserialize callback function will be called (with the undefined class' 291 | ; name as parameter), if the unserializer finds an undefined class 292 | ; which should be instantiated. A warning appears if the specified function is 293 | ; not defined, or if the function doesn't include/implement the missing class. 294 | ; So only set this entry, if you really want to implement such a 295 | ; callback-function. 296 | unserialize_callback_func = 297 | 298 | ; When floats & doubles are serialized store serialize_precision significant 299 | ; digits after the floating point. The default value ensures that when floats 300 | ; are decoded with unserialize, the data will remain the same. 301 | serialize_precision = 17 302 | 303 | ; open_basedir, if set, limits all file operations to the defined directory 304 | ; and below. This directive makes most sense if used in a per-directory 305 | ; or per-virtualhost web server configuration file. This directive is 306 | ; *NOT* affected by whether Safe Mode is turned On or Off. 307 | ; http://php.net/open-basedir 308 | ;open_basedir = 309 | 310 | ; This directive allows you to disable certain functions for security reasons. 311 | ; It receives a comma-delimited list of function names. This directive is 312 | ; *NOT* affected by whether Safe Mode is turned On or Off. 313 | ; http://php.net/disable-functions 314 | disable_functions = 315 | 316 | ; This directive allows you to disable certain classes for security reasons. 317 | ; It receives a comma-delimited list of class names. This directive is 318 | ; *NOT* affected by whether Safe Mode is turned On or Off. 319 | ; http://php.net/disable-classes 320 | disable_classes = 321 | 322 | ; Colors for Syntax Highlighting mode. Anything that's acceptable in 323 | ; would work. 324 | ; http://php.net/syntax-highlighting 325 | ;highlight.string = #DD0000 326 | ;highlight.comment = #FF9900 327 | ;highlight.keyword = #007700 328 | ;highlight.default = #0000BB 329 | ;highlight.html = #000000 330 | 331 | ; If enabled, the request will be allowed to complete even if the user aborts 332 | ; the request. Consider enabling it if executing long requests, which may end up 333 | ; being interrupted by the user or a browser timing out. PHP's default behavior 334 | ; is to disable this feature. 335 | ; http://php.net/ignore-user-abort 336 | ;ignore_user_abort = On 337 | 338 | ; Determines the size of the realpath cache to be used by PHP. This value should 339 | ; be increased on systems where PHP opens many files to reflect the quantity of 340 | ; the file operations performed. 341 | ; http://php.net/realpath-cache-size 342 | ;realpath_cache_size = 16k 343 | 344 | ; Duration of time, in seconds for which to cache realpath information for a given 345 | ; file or directory. For systems with rarely changing files, consider increasing this 346 | ; value. 347 | ; http://php.net/realpath-cache-ttl 348 | ;realpath_cache_ttl = 120 349 | 350 | ; Enables or disables the circular reference collector. 351 | ; http://php.net/zend.enable-gc 352 | zend.enable_gc = On 353 | 354 | ; If enabled, scripts may be written in encodings that are incompatible with 355 | ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such 356 | ; encodings. To use this feature, mbstring extension must be enabled. 357 | ; Default: Off 358 | ;zend.multibyte = Off 359 | 360 | ; Allows to set the default encoding for the scripts. This value will be used 361 | ; unless "declare(encoding=...)" directive appears at the top of the script. 362 | ; Only affects if zend.multibyte is set. 363 | ; Default: "" 364 | ;zend.script_encoding = 365 | 366 | ;;;;;;;;;;;;;;;;; 367 | ; Miscellaneous ; 368 | ;;;;;;;;;;;;;;;;; 369 | 370 | ; Decides whether PHP may expose the fact that it is installed on the server 371 | ; (e.g. by adding its signature to the Web server header). It is no security 372 | ; threat in any way, but it makes it possible to determine whether you use PHP 373 | ; on your server or not. 374 | ; http://php.net/expose-php 375 | expose_php = On 376 | 377 | ;;;;;;;;;;;;;;;;;;; 378 | ; Resource Limits ; 379 | ;;;;;;;;;;;;;;;;;;; 380 | 381 | ; Maximum execution time of each script, in seconds 382 | ; http://php.net/max-execution-time 383 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 384 | max_execution_time = {{ php_max_execution_time }} 385 | 386 | ; Maximum amount of time each script may spend parsing request data. It's a good 387 | ; idea to limit this time on productions servers in order to eliminate unexpectedly 388 | ; long running scripts. 389 | ; Note: This directive is hardcoded to -1 for the CLI SAPI 390 | ; Default Value: -1 (Unlimited) 391 | ; Development Value: 60 (60 seconds) 392 | ; Production Value: 60 (60 seconds) 393 | ; http://php.net/max-input-time 394 | max_input_time = 60 395 | 396 | ; Maximum input variable nesting level 397 | ; http://php.net/max-input-nesting-level 398 | ;max_input_nesting_level = 64 399 | 400 | ; How many GET/POST/COOKIE input variables may be accepted 401 | ; max_input_vars = 1000 402 | 403 | ; Maximum amount of memory a script may consume (128MB) 404 | ; http://php.net/memory-limit 405 | memory_limit = {{ php_memory_limit }} 406 | 407 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 408 | ; Error handling and logging ; 409 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 410 | 411 | ; This directive informs PHP of which errors, warnings and notices you would like 412 | ; it to take action for. The recommended way of setting values for this 413 | ; directive is through the use of the error level constants and bitwise 414 | ; operators. The error level constants are below here for convenience as well as 415 | ; some common settings and their meanings. 416 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT 417 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and 418 | ; recommended coding standards in PHP. For performance reasons, this is the 419 | ; recommend error reporting setting. Your production server shouldn't be wasting 420 | ; resources complaining about best practices and coding standards. That's what 421 | ; development servers and development settings are for. 422 | ; Note: The php.ini-development file has this setting as E_ALL. This 423 | ; means it pretty much reports everything which is exactly what you want during 424 | ; development and early testing. 425 | ; 426 | ; Error Level Constants: 427 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) 428 | ; E_ERROR - fatal run-time errors 429 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors 430 | ; E_WARNING - run-time warnings (non-fatal errors) 431 | ; E_PARSE - compile-time parse errors 432 | ; E_NOTICE - run-time notices (these are warnings which often result 433 | ; from a bug in your code, but it's possible that it was 434 | ; intentional (e.g., using an uninitialized variable and 435 | ; relying on the fact it's automatically initialized to an 436 | ; empty string) 437 | ; E_STRICT - run-time notices, enable to have PHP suggest changes 438 | ; to your code which will ensure the best interoperability 439 | ; and forward compatibility of your code 440 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup 441 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's 442 | ; initial startup 443 | ; E_COMPILE_ERROR - fatal compile-time errors 444 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) 445 | ; E_USER_ERROR - user-generated error message 446 | ; E_USER_WARNING - user-generated warning message 447 | ; E_USER_NOTICE - user-generated notice message 448 | ; E_DEPRECATED - warn about code that will not work in future versions 449 | ; of PHP 450 | ; E_USER_DEPRECATED - user-generated deprecation warnings 451 | ; 452 | ; Common Values: 453 | ; E_ALL (Show all errors, warnings and notices including coding standards.) 454 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices) 455 | ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) 456 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) 457 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 458 | ; Development Value: E_ALL 459 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 460 | ; http://php.net/error-reporting 461 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 462 | 463 | ; This directive controls whether or not and where PHP will output errors, 464 | ; notices and warnings too. Error output is very useful during development, but 465 | ; it could be very dangerous in production environments. Depending on the code 466 | ; which is triggering the error, sensitive information could potentially leak 467 | ; out of your application such as database usernames and passwords or worse. 468 | ; It's recommended that errors be logged on production servers rather than 469 | ; having the errors sent to STDOUT. 470 | ; Possible Values: 471 | ; Off = Do not display any errors 472 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 473 | ; On or stdout = Display errors to STDOUT 474 | ; Default Value: On 475 | ; Development Value: On 476 | ; Production Value: Off 477 | ; http://php.net/display-errors 478 | display_errors = Off 479 | 480 | ; The display of errors which occur during PHP's startup sequence are handled 481 | ; separately from display_errors. PHP's default behavior is to suppress those 482 | ; errors from clients. Turning the display of startup errors on can be useful in 483 | ; debugging configuration problems. But, it's strongly recommended that you 484 | ; leave this setting off on production servers. 485 | ; Default Value: Off 486 | ; Development Value: On 487 | ; Production Value: Off 488 | ; http://php.net/display-startup-errors 489 | display_startup_errors = Off 490 | 491 | ; Besides displaying errors, PHP can also log errors to locations such as a 492 | ; server-specific log, STDERR, or a location specified by the error_log 493 | ; directive found below. While errors should not be displayed on productions 494 | ; servers they should still be monitored and logging is a great way to do that. 495 | ; Default Value: Off 496 | ; Development Value: On 497 | ; Production Value: On 498 | ; http://php.net/log-errors 499 | log_errors = On 500 | 501 | ; Set maximum length of log_errors. In error_log information about the source is 502 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. 503 | ; http://php.net/log-errors-max-len 504 | log_errors_max_len = 1024 505 | 506 | ; Do not log repeated messages. Repeated errors must occur in same file on same 507 | ; line unless ignore_repeated_source is set true. 508 | ; http://php.net/ignore-repeated-errors 509 | ignore_repeated_errors = Off 510 | 511 | ; Ignore source of message when ignoring repeated messages. When this setting 512 | ; is On you will not log errors with repeated messages from different files or 513 | ; source lines. 514 | ; http://php.net/ignore-repeated-source 515 | ignore_repeated_source = Off 516 | 517 | ; If this parameter is set to Off, then memory leaks will not be shown (on 518 | ; stdout or in the log). This has only effect in a debug compile, and if 519 | ; error reporting includes E_WARNING in the allowed list 520 | ; http://php.net/report-memleaks 521 | report_memleaks = On 522 | 523 | ; This setting is on by default. 524 | ;report_zend_debug = 0 525 | 526 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value 527 | ; to On can assist in debugging and is appropriate for development servers. It should 528 | ; however be disabled on production servers. 529 | ; Default Value: Off 530 | ; Development Value: On 531 | ; Production Value: Off 532 | ; http://php.net/track-errors 533 | track_errors = Off 534 | 535 | ; Turn off normal error reporting and emit XML-RPC error XML 536 | ; http://php.net/xmlrpc-errors 537 | ;xmlrpc_errors = 0 538 | 539 | ; An XML-RPC faultCode 540 | ;xmlrpc_error_number = 0 541 | 542 | ; When PHP displays or logs an error, it has the capability of formatting the 543 | ; error message as HTML for easier reading. This directive controls whether 544 | ; the error message is formatted as HTML or not. 545 | ; Note: This directive is hardcoded to Off for the CLI SAPI 546 | ; Default Value: On 547 | ; Development Value: On 548 | ; Production value: On 549 | ; http://php.net/html-errors 550 | html_errors = On 551 | 552 | ; If html_errors is set to On *and* docref_root is not empty, then PHP 553 | ; produces clickable error messages that direct to a page describing the error 554 | ; or function causing the error in detail. 555 | ; You can download a copy of the PHP manual from http://php.net/docs 556 | ; and change docref_root to the base URL of your local copy including the 557 | ; leading '/'. You must also specify the file extension being used including 558 | ; the dot. PHP's default behavior is to leave these settings empty, in which 559 | ; case no links to documentation are generated. 560 | ; Note: Never use this feature for production boxes. 561 | ; http://php.net/docref-root 562 | ; Examples 563 | ;docref_root = "/phpmanual/" 564 | 565 | ; http://php.net/docref-ext 566 | ;docref_ext = .html 567 | 568 | ; String to output before an error message. PHP's default behavior is to leave 569 | ; this setting blank. 570 | ; http://php.net/error-prepend-string 571 | ; Example: 572 | ;error_prepend_string = "" 573 | 574 | ; String to output after an error message. PHP's default behavior is to leave 575 | ; this setting blank. 576 | ; http://php.net/error-append-string 577 | ; Example: 578 | ;error_append_string = "" 579 | 580 | ; Log errors to specified file. PHP's default behavior is to leave this value 581 | ; empty. 582 | ; http://php.net/error-log 583 | ; Example: 584 | ;error_log = php_errors.log 585 | ; Log errors to syslog (Event Log on NT, not valid in Windows 95). 586 | ;error_log = syslog 587 | 588 | ;windows.show_crt_warning 589 | ; Default value: 0 590 | ; Development value: 0 591 | ; Production value: 0 592 | 593 | ;;;;;;;;;;;;;;;;; 594 | ; Data Handling ; 595 | ;;;;;;;;;;;;;;;;; 596 | 597 | ; The separator used in PHP generated URLs to separate arguments. 598 | ; PHP's default setting is "&". 599 | ; http://php.net/arg-separator.output 600 | ; Example: 601 | ;arg_separator.output = "&" 602 | 603 | ; List of separator(s) used by PHP to parse input URLs into variables. 604 | ; PHP's default setting is "&". 605 | ; NOTE: Every character in this directive is considered as separator! 606 | ; http://php.net/arg-separator.input 607 | ; Example: 608 | ;arg_separator.input = ";&" 609 | 610 | ; This directive determines which super global arrays are registered when PHP 611 | ; starts up. G,P,C,E & S are abbreviations for the following respective super 612 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty 613 | ; paid for the registration of these arrays and because ENV is not as commonly 614 | ; used as the others, ENV is not recommended on productions servers. You 615 | ; can still get access to the environment variables through getenv() should you 616 | ; need to. 617 | ; Default Value: "EGPCS" 618 | ; Development Value: "GPCS" 619 | ; Production Value: "GPCS"; 620 | ; http://php.net/variables-order 621 | variables_order = "GPCS" 622 | 623 | ; This directive determines which super global data (G,P,C,E & S) should 624 | ; be registered into the super global array REQUEST. If so, it also determines 625 | ; the order in which that data is registered. The values for this directive are 626 | ; specified in the same manner as the variables_order directive, EXCEPT one. 627 | ; Leaving this value empty will cause PHP to use the value set in the 628 | ; variables_order directive. It does not mean it will leave the super globals 629 | ; array REQUEST empty. 630 | ; Default Value: None 631 | ; Development Value: "GP" 632 | ; Production Value: "GP" 633 | ; http://php.net/request-order 634 | request_order = "GP" 635 | 636 | ; This directive determines whether PHP registers $argv & $argc each time it 637 | ; runs. $argv contains an array of all the arguments passed to PHP when a script 638 | ; is invoked. $argc contains an integer representing the number of arguments 639 | ; that were passed when the script was invoked. These arrays are extremely 640 | ; useful when running scripts from the command line. When this directive is 641 | ; enabled, registering these variables consumes CPU cycles and memory each time 642 | ; a script is executed. For performance reasons, this feature should be disabled 643 | ; on production servers. 644 | ; Note: This directive is hardcoded to On for the CLI SAPI 645 | ; Default Value: On 646 | ; Development Value: Off 647 | ; Production Value: Off 648 | ; http://php.net/register-argc-argv 649 | register_argc_argv = Off 650 | 651 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're 652 | ; first used (Just In Time) instead of when the script starts. If these 653 | ; variables are not used within a script, having this directive on will result 654 | ; in a performance gain. The PHP directive register_argc_argv must be disabled 655 | ; for this directive to have any affect. 656 | ; http://php.net/auto-globals-jit 657 | auto_globals_jit = On 658 | 659 | ; Whether PHP will read the POST data. 660 | ; This option is enabled by default. 661 | ; Most likely, you won't want to disable this option globally. It causes $_POST 662 | ; and $_FILES to always be empty; the only way you will be able to read the 663 | ; POST data will be through the php://input stream wrapper. This can be useful 664 | ; to proxy requests or to process the POST data in a memory efficient fashion. 665 | ; http://php.net/enable-post-data-reading 666 | ;enable_post_data_reading = Off 667 | 668 | ; Maximum size of POST data that PHP will accept. 669 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 670 | ; is disabled through enable_post_data_reading. 671 | ; http://php.net/post-max-size 672 | post_max_size = 32M 673 | 674 | ; Automatically add files before PHP document. 675 | ; http://php.net/auto-prepend-file 676 | auto_prepend_file = 677 | 678 | ; Automatically add files after PHP document. 679 | ; http://php.net/auto-append-file 680 | auto_append_file = 681 | 682 | ; By default, PHP will output a character encoding using 683 | ; the Content-type: header. To disable sending of the charset, simply 684 | ; set it to be empty. 685 | ; 686 | ; PHP's built-in default is text/html 687 | ; http://php.net/default-mimetype 688 | default_mimetype = "text/html" 689 | 690 | ; PHP's default character set is set to empty. 691 | ; http://php.net/default-charset 692 | ;default_charset = "UTF-8" 693 | 694 | ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is 695 | ; to disable this feature. If post reading is disabled through 696 | ; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. 697 | ; http://php.net/always-populate-raw-post-data 698 | ;always_populate_raw_post_data = On 699 | 700 | ;;;;;;;;;;;;;;;;;;;;;;;;; 701 | ; Paths and Directories ; 702 | ;;;;;;;;;;;;;;;;;;;;;;;;; 703 | 704 | ; UNIX: "/path1:/path2" 705 | ;include_path = ".:/php/includes" 706 | ; 707 | ; Windows: "\path1;\path2" 708 | ;include_path = ".;c:\php\includes" 709 | ; 710 | ; PHP's default setting for include_path is ".;/path/to/php/pear" 711 | ; http://php.net/include-path 712 | 713 | ; The root of the PHP pages, used only if nonempty. 714 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root 715 | ; if you are running php as a CGI under any web server (other than IIS) 716 | ; see documentation for security issues. The alternate is to use the 717 | ; cgi.force_redirect configuration below 718 | ; http://php.net/doc-root 719 | doc_root = 720 | 721 | ; The directory under which PHP opens the script using /~username used only 722 | ; if nonempty. 723 | ; http://php.net/user-dir 724 | user_dir = 725 | 726 | ; Directory in which the loadable extensions (modules) reside. 727 | ; http://php.net/extension-dir 728 | ; extension_dir = "./" 729 | ; On windows: 730 | ; extension_dir = "ext" 731 | 732 | ; Whether or not to enable the dl() function. The dl() function does NOT work 733 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically 734 | ; disabled on them. 735 | ; http://php.net/enable-dl 736 | enable_dl = Off 737 | 738 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under 739 | ; most web servers. Left undefined, PHP turns this on by default. You can 740 | ; turn it off here AT YOUR OWN RISK 741 | ; **You CAN safely turn this off for IIS, in fact, you MUST.** 742 | ; http://php.net/cgi.force-redirect 743 | ;cgi.force_redirect = 1 744 | 745 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with 746 | ; every request. PHP's default behavior is to disable this feature. 747 | ;cgi.nph = 1 748 | 749 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 750 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP 751 | ; will look for to know it is OK to continue execution. Setting this variable MAY 752 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. 753 | ; http://php.net/cgi.redirect-status-env 754 | ;cgi.redirect_status_env = 755 | 756 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's 757 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok 758 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting 759 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting 760 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts 761 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. 762 | ; http://php.net/cgi.fix-pathinfo 763 | ;cgi.fix_pathinfo=1 764 | 765 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate 766 | ; security tokens of the calling client. This allows IIS to define the 767 | ; security context that the request runs under. mod_fastcgi under Apache 768 | ; does not currently support this feature (03/17/2002) 769 | ; Set to 1 if running under IIS. Default is zero. 770 | ; http://php.net/fastcgi.impersonate 771 | ;fastcgi.impersonate = 1 772 | 773 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable 774 | ; this feature. 775 | ;fastcgi.logging = 0 776 | 777 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to 778 | ; use when sending HTTP response code. If it's set 0 PHP sends Status: header that 779 | ; is supported by Apache. When this option is set to 1 PHP will send 780 | ; RFC2616 compliant header. 781 | ; Default is zero. 782 | ; http://php.net/cgi.rfc2616-headers 783 | ;cgi.rfc2616_headers = 0 784 | 785 | ;;;;;;;;;;;;;;;; 786 | ; File Uploads ; 787 | ;;;;;;;;;;;;;;;; 788 | 789 | ; Whether to allow HTTP file uploads. 790 | ; http://php.net/file-uploads 791 | file_uploads = On 792 | 793 | ; Temporary directory for HTTP uploaded files (will use system default if not 794 | ; specified). 795 | ; http://php.net/upload-tmp-dir 796 | ;upload_tmp_dir = 797 | 798 | ; Maximum allowed size for uploaded files. 799 | ; http://php.net/upload-max-filesize 800 | upload_max_filesize = {{ php_upload_max_filesize }} 801 | 802 | ; Maximum number of files that can be uploaded via a single request 803 | max_file_uploads = 20 804 | 805 | ;;;;;;;;;;;;;;;;;; 806 | ; Fopen wrappers ; 807 | ;;;;;;;;;;;;;;;;;; 808 | 809 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. 810 | ; http://php.net/allow-url-fopen 811 | allow_url_fopen = On 812 | 813 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. 814 | ; http://php.net/allow-url-include 815 | allow_url_include = Off 816 | 817 | ; Define the anonymous ftp password (your email address). PHP's default setting 818 | ; for this is empty. 819 | ; http://php.net/from 820 | ;from="john@doe.com" 821 | 822 | ; Define the User-Agent string. PHP's default setting for this is empty. 823 | ; http://php.net/user-agent 824 | ;user_agent="PHP" 825 | 826 | ; Default timeout for socket based streams (seconds) 827 | ; http://php.net/default-socket-timeout 828 | default_socket_timeout = 60 829 | 830 | ; If your scripts have to deal with files from Macintosh systems, 831 | ; or you are running on a Mac and need to deal with files from 832 | ; unix or win32 systems, setting this flag will cause PHP to 833 | ; automatically detect the EOL character in those files so that 834 | ; fgets() and file() will work regardless of the source of the file. 835 | ; http://php.net/auto-detect-line-endings 836 | ;auto_detect_line_endings = Off 837 | 838 | ;;;;;;;;;;;;;;;;;;;;;; 839 | ; Dynamic Extensions ; 840 | ;;;;;;;;;;;;;;;;;;;;;; 841 | 842 | ; If you wish to have an extension loaded automatically, use the following 843 | ; syntax: 844 | ; 845 | ; extension=modulename.extension 846 | ; 847 | ; For example, on Windows: 848 | ; 849 | ; extension=msql.dll 850 | ; 851 | ; ... or under UNIX: 852 | ; 853 | ; extension=msql.so 854 | ; 855 | ; ... or with a path: 856 | ; 857 | ; extension=/path/to/extension/msql.so 858 | ; 859 | ; If you only provide the name of the extension, PHP will look for it in its 860 | ; default extension directory. 861 | 862 | ;;;; 863 | ; Note: packaged extension modules are now loaded via the .ini files 864 | ; found in the directory /etc/php.d; these are loaded by default. 865 | ;;;; 866 | 867 | ;;;;;;;;;;;;;;;;;;; 868 | ; Module Settings ; 869 | ;;;;;;;;;;;;;;;;;;; 870 | 871 | [CLI Server] 872 | ; Whether the CLI web server uses ANSI color coding in its terminal output. 873 | cli_server.color = On 874 | 875 | [Date] 876 | ; Defines the default timezone used by the date functions 877 | ; http://php.net/date.timezone 878 | date.timezone = {{ php_date_timezone }} 879 | 880 | ; http://php.net/date.default-latitude 881 | ;date.default_latitude = 31.7667 882 | 883 | ; http://php.net/date.default-longitude 884 | ;date.default_longitude = 35.2333 885 | 886 | ; http://php.net/date.sunrise-zenith 887 | ;date.sunrise_zenith = 90.583333 888 | 889 | ; http://php.net/date.sunset-zenith 890 | ;date.sunset_zenith = 90.583333 891 | 892 | [filter] 893 | ; http://php.net/filter.default 894 | ;filter.default = unsafe_raw 895 | 896 | ; http://php.net/filter.default-flags 897 | ;filter.default_flags = 898 | 899 | [iconv] 900 | ;iconv.input_encoding = ISO-8859-1 901 | ;iconv.internal_encoding = ISO-8859-1 902 | ;iconv.output_encoding = ISO-8859-1 903 | 904 | [intl] 905 | ;intl.default_locale = 906 | ; This directive allows you to produce PHP errors when some error 907 | ; happens within intl functions. The value is the level of the error produced. 908 | ; Default is 0, which does not produce any errors. 909 | ;intl.error_level = E_WARNING 910 | 911 | [sqlite] 912 | ; http://php.net/sqlite.assoc-case 913 | ;sqlite.assoc_case = 0 914 | 915 | [sqlite3] 916 | ;sqlite3.extension_dir = 917 | 918 | [Pcre] 919 | ;PCRE library backtracking limit. 920 | ; http://php.net/pcre.backtrack-limit 921 | ;pcre.backtrack_limit=100000 922 | 923 | ;PCRE library recursion limit. 924 | ;Please note that if you set this value to a high number you may consume all 925 | ;the available process stack and eventually crash PHP (due to reaching the 926 | ;stack size limit imposed by the Operating System). 927 | ; http://php.net/pcre.recursion-limit 928 | ;pcre.recursion_limit=100000 929 | 930 | [Pdo] 931 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" 932 | ; http://php.net/pdo-odbc.connection-pooling 933 | ;pdo_odbc.connection_pooling=strict 934 | 935 | ;pdo_odbc.db2_instance_name 936 | 937 | [Pdo_mysql] 938 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 939 | ; http://php.net/pdo_mysql.cache_size 940 | pdo_mysql.cache_size = 2000 941 | 942 | ; Default socket name for local MySQL connects. If empty, uses the built-in 943 | ; MySQL defaults. 944 | ; http://php.net/pdo_mysql.default-socket 945 | pdo_mysql.default_socket= 946 | 947 | [Phar] 948 | ; http://php.net/phar.readonly 949 | ;phar.readonly = On 950 | 951 | ; http://php.net/phar.require-hash 952 | ;phar.require_hash = On 953 | 954 | ;phar.cache_list = 955 | 956 | [mail function] 957 | ; For Win32 only. 958 | ; http://php.net/smtp 959 | SMTP = localhost 960 | ; http://php.net/smtp-port 961 | smtp_port = 25 962 | 963 | ; For Win32 only. 964 | ; http://php.net/sendmail-from 965 | ;sendmail_from = me@example.com 966 | 967 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 968 | ; http://php.net/sendmail-path 969 | sendmail_path = /usr/sbin/sendmail -t -i 970 | 971 | ; Force the addition of the specified parameters to be passed as extra parameters 972 | ; to the sendmail binary. These parameters will always replace the value of 973 | ; the 5th parameter to mail(), even in safe mode. 974 | ;mail.force_extra_parameters = 975 | 976 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 977 | mail.add_x_header = On 978 | 979 | ; The path to a log file that will log all mail() calls. Log entries include 980 | ; the full path of the script, line number, To address and headers. 981 | ;mail.log = 982 | 983 | [SQL] 984 | ; http://php.net/sql.safe-mode 985 | sql.safe_mode = Off 986 | 987 | [ODBC] 988 | ; http://php.net/odbc.default-db 989 | ;odbc.default_db = Not yet implemented 990 | 991 | ; http://php.net/odbc.default-user 992 | ;odbc.default_user = Not yet implemented 993 | 994 | ; http://php.net/odbc.default-pw 995 | ;odbc.default_pw = Not yet implemented 996 | 997 | ; Controls the ODBC cursor model. 998 | ; Default: SQL_CURSOR_STATIC (default). 999 | ;odbc.default_cursortype 1000 | 1001 | ; Allow or prevent persistent links. 1002 | ; http://php.net/odbc.allow-persistent 1003 | odbc.allow_persistent = On 1004 | 1005 | ; Check that a connection is still valid before reuse. 1006 | ; http://php.net/odbc.check-persistent 1007 | odbc.check_persistent = On 1008 | 1009 | ; Maximum number of persistent links. -1 means no limit. 1010 | ; http://php.net/odbc.max-persistent 1011 | odbc.max_persistent = -1 1012 | 1013 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1014 | ; http://php.net/odbc.max-links 1015 | odbc.max_links = -1 1016 | 1017 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means 1018 | ; passthru. 1019 | ; http://php.net/odbc.defaultlrl 1020 | odbc.defaultlrl = 4096 1021 | 1022 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. 1023 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation 1024 | ; of odbc.defaultlrl and odbc.defaultbinmode 1025 | ; http://php.net/odbc.defaultbinmode 1026 | odbc.defaultbinmode = 1 1027 | 1028 | ;birdstep.max_links = -1 1029 | 1030 | [Interbase] 1031 | ; Allow or prevent persistent links. 1032 | ibase.allow_persistent = 1 1033 | 1034 | ; Maximum number of persistent links. -1 means no limit. 1035 | ibase.max_persistent = -1 1036 | 1037 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1038 | ibase.max_links = -1 1039 | 1040 | ; Default database name for ibase_connect(). 1041 | ;ibase.default_db = 1042 | 1043 | ; Default username for ibase_connect(). 1044 | ;ibase.default_user = 1045 | 1046 | ; Default password for ibase_connect(). 1047 | ;ibase.default_password = 1048 | 1049 | ; Default charset for ibase_connect(). 1050 | ;ibase.default_charset = 1051 | 1052 | ; Default timestamp format. 1053 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 1054 | 1055 | ; Default date format. 1056 | ibase.dateformat = "%Y-%m-%d" 1057 | 1058 | ; Default time format. 1059 | ibase.timeformat = "%H:%M:%S" 1060 | 1061 | [MySQL] 1062 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1063 | ; http://php.net/mysql.allow_local_infile 1064 | mysql.allow_local_infile = On 1065 | 1066 | ; Allow or prevent persistent links. 1067 | ; http://php.net/mysql.allow-persistent 1068 | mysql.allow_persistent = On 1069 | 1070 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1071 | ; http://php.net/mysql.cache_size 1072 | mysql.cache_size = 2000 1073 | 1074 | ; Maximum number of persistent links. -1 means no limit. 1075 | ; http://php.net/mysql.max-persistent 1076 | mysql.max_persistent = -1 1077 | 1078 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1079 | ; http://php.net/mysql.max-links 1080 | mysql.max_links = -1 1081 | 1082 | ; Default port number for mysql_connect(). If unset, mysql_connect() will use 1083 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1084 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1085 | ; at MYSQL_PORT. 1086 | ; http://php.net/mysql.default-port 1087 | mysql.default_port = 1088 | 1089 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1090 | ; MySQL defaults. 1091 | ; http://php.net/mysql.default-socket 1092 | mysql.default_socket = 1093 | 1094 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1095 | ; http://php.net/mysql.default-host 1096 | mysql.default_host = 1097 | 1098 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1099 | ; http://php.net/mysql.default-user 1100 | mysql.default_user = 1101 | 1102 | ; Default password for mysql_connect() (doesn't apply in safe mode). 1103 | ; Note that this is generally a *bad* idea to store passwords in this file. 1104 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") 1105 | ; and reveal this password! And of course, any users with read access to this 1106 | ; file will be able to reveal the password as well. 1107 | ; http://php.net/mysql.default-password 1108 | mysql.default_password = 1109 | 1110 | ; Maximum time (in seconds) for connect timeout. -1 means no limit 1111 | ; http://php.net/mysql.connect-timeout 1112 | mysql.connect_timeout = 60 1113 | 1114 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and 1115 | ; SQL-Errors will be displayed. 1116 | ; http://php.net/mysql.trace-mode 1117 | mysql.trace_mode = Off 1118 | 1119 | [MySQLi] 1120 | 1121 | ; Maximum number of persistent links. -1 means no limit. 1122 | ; http://php.net/mysqli.max-persistent 1123 | mysqli.max_persistent = -1 1124 | 1125 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1126 | ; http://php.net/mysqli.allow_local_infile 1127 | ;mysqli.allow_local_infile = On 1128 | 1129 | ; Allow or prevent persistent links. 1130 | ; http://php.net/mysqli.allow-persistent 1131 | mysqli.allow_persistent = On 1132 | 1133 | ; Maximum number of links. -1 means no limit. 1134 | ; http://php.net/mysqli.max-links 1135 | mysqli.max_links = -1 1136 | 1137 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1138 | ; http://php.net/mysqli.cache_size 1139 | mysqli.cache_size = 2000 1140 | 1141 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use 1142 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1143 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1144 | ; at MYSQL_PORT. 1145 | ; http://php.net/mysqli.default-port 1146 | mysqli.default_port = 3306 1147 | 1148 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1149 | ; MySQL defaults. 1150 | ; http://php.net/mysqli.default-socket 1151 | mysqli.default_socket = 1152 | 1153 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1154 | ; http://php.net/mysqli.default-host 1155 | mysqli.default_host = 1156 | 1157 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1158 | ; http://php.net/mysqli.default-user 1159 | mysqli.default_user = 1160 | 1161 | ; Default password for mysqli_connect() (doesn't apply in safe mode). 1162 | ; Note that this is generally a *bad* idea to store passwords in this file. 1163 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") 1164 | ; and reveal this password! And of course, any users with read access to this 1165 | ; file will be able to reveal the password as well. 1166 | ; http://php.net/mysqli.default-pw 1167 | mysqli.default_pw = 1168 | 1169 | ; Allow or prevent reconnect 1170 | mysqli.reconnect = Off 1171 | 1172 | [mysqlnd] 1173 | ; Enable / Disable collection of general statistics by mysqlnd which can be 1174 | ; used to tune and monitor MySQL operations. 1175 | ; http://php.net/mysqlnd.collect_statistics 1176 | mysqlnd.collect_statistics = On 1177 | 1178 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be 1179 | ; used to tune and monitor MySQL operations. 1180 | ; http://php.net/mysqlnd.collect_memory_statistics 1181 | mysqlnd.collect_memory_statistics = Off 1182 | 1183 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. 1184 | ; http://php.net/mysqlnd.net_cmd_buffer_size 1185 | ;mysqlnd.net_cmd_buffer_size = 2048 1186 | 1187 | ; Size of a pre-allocated buffer used for reading data sent by the server in 1188 | ; bytes. 1189 | ; http://php.net/mysqlnd.net_read_buffer_size 1190 | ;mysqlnd.net_read_buffer_size = 32768 1191 | 1192 | [OCI8] 1193 | 1194 | ; Connection: Enables privileged connections using external 1195 | ; credentials (OCI_SYSOPER, OCI_SYSDBA) 1196 | ; http://php.net/oci8.privileged-connect 1197 | ;oci8.privileged_connect = Off 1198 | 1199 | ; Connection: The maximum number of persistent OCI8 connections per 1200 | ; process. Using -1 means no limit. 1201 | ; http://php.net/oci8.max-persistent 1202 | ;oci8.max_persistent = -1 1203 | 1204 | ; Connection: The maximum number of seconds a process is allowed to 1205 | ; maintain an idle persistent connection. Using -1 means idle 1206 | ; persistent connections will be maintained forever. 1207 | ; http://php.net/oci8.persistent-timeout 1208 | ;oci8.persistent_timeout = -1 1209 | 1210 | ; Connection: The number of seconds that must pass before issuing a 1211 | ; ping during oci_pconnect() to check the connection validity. When 1212 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables 1213 | ; pings completely. 1214 | ; http://php.net/oci8.ping-interval 1215 | ;oci8.ping_interval = 60 1216 | 1217 | ; Connection: Set this to a user chosen connection class to be used 1218 | ; for all pooled server requests with Oracle 11g Database Resident 1219 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to 1220 | ; the same string for all web servers running the same application, 1221 | ; the database pool must be configured, and the connection string must 1222 | ; specify to use a pooled server. 1223 | ;oci8.connection_class = 1224 | 1225 | ; High Availability: Using On lets PHP receive Fast Application 1226 | ; Notification (FAN) events generated when a database node fails. The 1227 | ; database must also be configured to post FAN events. 1228 | ;oci8.events = Off 1229 | 1230 | ; Tuning: This option enables statement caching, and specifies how 1231 | ; many statements to cache. Using 0 disables statement caching. 1232 | ; http://php.net/oci8.statement-cache-size 1233 | ;oci8.statement_cache_size = 20 1234 | 1235 | ; Tuning: Enables statement prefetching and sets the default number of 1236 | ; rows that will be fetched automatically after statement execution. 1237 | ; http://php.net/oci8.default-prefetch 1238 | ;oci8.default_prefetch = 100 1239 | 1240 | ; Compatibility. Using On means oci_close() will not close 1241 | ; oci_connect() and oci_new_connect() connections. 1242 | ; http://php.net/oci8.old-oci-close-semantics 1243 | ;oci8.old_oci_close_semantics = Off 1244 | 1245 | [PostgreSQL] 1246 | ; Allow or prevent persistent links. 1247 | ; http://php.net/pgsql.allow-persistent 1248 | pgsql.allow_persistent = On 1249 | 1250 | ; Detect broken persistent links always with pg_pconnect(). 1251 | ; Auto reset feature requires a little overheads. 1252 | ; http://php.net/pgsql.auto-reset-persistent 1253 | pgsql.auto_reset_persistent = Off 1254 | 1255 | ; Maximum number of persistent links. -1 means no limit. 1256 | ; http://php.net/pgsql.max-persistent 1257 | pgsql.max_persistent = -1 1258 | 1259 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1260 | ; http://php.net/pgsql.max-links 1261 | pgsql.max_links = -1 1262 | 1263 | ; Ignore PostgreSQL backends Notice message or not. 1264 | ; Notice message logging require a little overheads. 1265 | ; http://php.net/pgsql.ignore-notice 1266 | pgsql.ignore_notice = 0 1267 | 1268 | ; Log PostgreSQL backends Notice message or not. 1269 | ; Unless pgsql.ignore_notice=0, module cannot log notice message. 1270 | ; http://php.net/pgsql.log-notice 1271 | pgsql.log_notice = 0 1272 | 1273 | [Sybase-CT] 1274 | ; Allow or prevent persistent links. 1275 | ; http://php.net/sybct.allow-persistent 1276 | sybct.allow_persistent = On 1277 | 1278 | ; Maximum number of persistent links. -1 means no limit. 1279 | ; http://php.net/sybct.max-persistent 1280 | sybct.max_persistent = -1 1281 | 1282 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1283 | ; http://php.net/sybct.max-links 1284 | sybct.max_links = -1 1285 | 1286 | ; Minimum server message severity to display. 1287 | ; http://php.net/sybct.min-server-severity 1288 | sybct.min_server_severity = 10 1289 | 1290 | ; Minimum client message severity to display. 1291 | ; http://php.net/sybct.min-client-severity 1292 | sybct.min_client_severity = 10 1293 | 1294 | ; Set per-context timeout 1295 | ; http://php.net/sybct.timeout 1296 | ;sybct.timeout= 1297 | 1298 | ;sybct.packet_size 1299 | 1300 | ; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. 1301 | ; Default: one minute 1302 | ;sybct.login_timeout= 1303 | 1304 | ; The name of the host you claim to be connecting from, for display by sp_who. 1305 | ; Default: none 1306 | ;sybct.hostname= 1307 | 1308 | ; Allows you to define how often deadlocks are to be retried. -1 means "forever". 1309 | ; Default: 0 1310 | ;sybct.deadlock_retry_count= 1311 | 1312 | [bcmath] 1313 | ; Number of decimal digits for all bcmath functions. 1314 | ; http://php.net/bcmath.scale 1315 | bcmath.scale = 0 1316 | 1317 | [browscap] 1318 | ; http://php.net/browscap 1319 | ;browscap = extra/browscap.ini 1320 | 1321 | [Session] 1322 | ; Handler used to store/retrieve data. 1323 | ; http://php.net/session.save-handler 1324 | session.save_handler = files 1325 | 1326 | ; Argument passed to save_handler. In the case of files, this is the path 1327 | ; where data files are stored. Note: Windows users have to change this 1328 | ; variable in order to use PHP's session functions. 1329 | ; 1330 | ; The path can be defined as: 1331 | ; 1332 | ; session.save_path = "N;/path" 1333 | ; 1334 | ; where N is an integer. Instead of storing all the session files in 1335 | ; /path, what this will do is use subdirectories N-levels deep, and 1336 | ; store the session data in those directories. This is useful if you 1337 | ; or your OS have problems with lots of files in one directory, and is 1338 | ; a more efficient layout for servers that handle lots of sessions. 1339 | ; 1340 | ; NOTE 1: PHP will not create this directory structure automatically. 1341 | ; You can use the script in the ext/session dir for that purpose. 1342 | ; NOTE 2: See the section on garbage collection below if you choose to 1343 | ; use subdirectories for session storage 1344 | ; 1345 | ; The file storage module creates files using mode 600 by default. 1346 | ; You can change that by using 1347 | ; 1348 | ; session.save_path = "N;MODE;/path" 1349 | ; 1350 | ; where MODE is the octal representation of the mode. Note that this 1351 | ; does not overwrite the process's umask. 1352 | ; http://php.net/session.save-path 1353 | 1354 | ; RPM note : session directory must be owned by process owner 1355 | ; for mod_php, see /etc/httpd/conf.d/php.conf 1356 | ; for php-fpm, see /etc/php-fpm.d/*conf 1357 | ;session.save_path = "/tmp" 1358 | 1359 | ; Whether to use cookies. 1360 | ; http://php.net/session.use-cookies 1361 | session.use_cookies = 1 1362 | 1363 | ; http://php.net/session.cookie-secure 1364 | ;session.cookie_secure = 1365 | 1366 | ; This option forces PHP to fetch and use a cookie for storing and maintaining 1367 | ; the session id. We encourage this operation as it's very helpful in combating 1368 | ; session hijacking when not specifying and managing your own session id. It is 1369 | ; not the end all be all of session hijacking defense, but it's a good start. 1370 | ; http://php.net/session.use-only-cookies 1371 | session.use_only_cookies = 1 1372 | 1373 | ; Name of the session (used as cookie name). 1374 | ; http://php.net/session.name 1375 | session.name = PHPSESSID 1376 | 1377 | ; Initialize session on request startup. 1378 | ; http://php.net/session.auto-start 1379 | session.auto_start = 0 1380 | 1381 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted. 1382 | ; http://php.net/session.cookie-lifetime 1383 | session.cookie_lifetime = 0 1384 | 1385 | ; The path for which the cookie is valid. 1386 | ; http://php.net/session.cookie-path 1387 | session.cookie_path = / 1388 | 1389 | ; The domain for which the cookie is valid. 1390 | ; http://php.net/session.cookie-domain 1391 | session.cookie_domain = 1392 | 1393 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. 1394 | ; http://php.net/session.cookie-httponly 1395 | session.cookie_httponly = 1396 | 1397 | ; Handler used to serialize data. php is the standard serializer of PHP. 1398 | ; http://php.net/session.serialize-handler 1399 | session.serialize_handler = php 1400 | 1401 | ; Defines the probability that the 'garbage collection' process is started 1402 | ; on every session initialization. The probability is calculated by using 1403 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator 1404 | ; and gc_divisor is the denominator in the equation. Setting this value to 1 1405 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1406 | ; the gc will run on any give request. 1407 | ; Default Value: 1 1408 | ; Development Value: 1 1409 | ; Production Value: 1 1410 | ; http://php.net/session.gc-probability 1411 | session.gc_probability = 1 1412 | 1413 | ; Defines the probability that the 'garbage collection' process is started on every 1414 | ; session initialization. The probability is calculated by using the following equation: 1415 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and 1416 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1 1417 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1418 | ; the gc will run on any give request. Increasing this value to 1000 will give you 1419 | ; a 0.1% chance the gc will run on any give request. For high volume production servers, 1420 | ; this is a more efficient approach. 1421 | ; Default Value: 100 1422 | ; Development Value: 1000 1423 | ; Production Value: 1000 1424 | ; http://php.net/session.gc-divisor 1425 | session.gc_divisor = 1000 1426 | 1427 | ; After this number of seconds, stored data will be seen as 'garbage' and 1428 | ; cleaned up by the garbage collection process. 1429 | ; http://php.net/session.gc-maxlifetime 1430 | session.gc_maxlifetime = 1440 1431 | 1432 | ; NOTE: If you are using the subdirectory option for storing session files 1433 | ; (see session.save_path above), then garbage collection does *not* 1434 | ; happen automatically. You will need to do your own garbage 1435 | ; collection through a shell script, cron entry, or some other method. 1436 | ; For example, the following script would is the equivalent of 1437 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): 1438 | ; find /path/to/sessions -cmin +24 | xargs rm 1439 | 1440 | ; PHP 4.2 and less have an undocumented feature/bug that allows you to 1441 | ; to initialize a session variable in the global scope. 1442 | ; PHP 4.3 and later will warn you, if this feature is used. 1443 | ; You can disable the feature and the warning separately. At this time, 1444 | ; the warning is only displayed, if bug_compat_42 is enabled. This feature 1445 | ; introduces some serious security problems if not handled correctly. It's 1446 | ; recommended that you do not use this feature on production servers. But you 1447 | ; should enable this on development servers and enable the warning as well. If you 1448 | ; do not enable the feature on development servers, you won't be warned when it's 1449 | ; used and debugging errors caused by this can be difficult to track down. 1450 | ; Default Value: On 1451 | ; Development Value: On 1452 | ; Production Value: Off 1453 | ; http://php.net/session.bug-compat-42 1454 | session.bug_compat_42 = Off 1455 | 1456 | ; This setting controls whether or not you are warned by PHP when initializing a 1457 | ; session value into the global space. session.bug_compat_42 must be enabled before 1458 | ; these warnings can be issued by PHP. See the directive above for more information. 1459 | ; Default Value: On 1460 | ; Development Value: On 1461 | ; Production Value: Off 1462 | ; http://php.net/session.bug-compat-warn 1463 | session.bug_compat_warn = Off 1464 | 1465 | ; Check HTTP Referer to invalidate externally stored URLs containing ids. 1466 | ; HTTP_REFERER has to contain this substring for the session to be 1467 | ; considered as valid. 1468 | ; http://php.net/session.referer-check 1469 | session.referer_check = 1470 | 1471 | ; How many bytes to read from the file. 1472 | ; http://php.net/session.entropy-length 1473 | ;session.entropy_length = 32 1474 | 1475 | ; Specified here to create the session id. 1476 | ; http://php.net/session.entropy-file 1477 | ; Defaults to /dev/urandom 1478 | ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom 1479 | ; If neither are found at compile time, the default is no entropy file. 1480 | ; On windows, setting the entropy_length setting will activate the 1481 | ; Windows random source (using the CryptoAPI) 1482 | ;session.entropy_file = /dev/urandom 1483 | 1484 | ; Set to {nocache,private,public,} to determine HTTP caching aspects 1485 | ; or leave this empty to avoid sending anti-caching headers. 1486 | ; http://php.net/session.cache-limiter 1487 | session.cache_limiter = nocache 1488 | 1489 | ; Document expires after n minutes. 1490 | ; http://php.net/session.cache-expire 1491 | session.cache_expire = 180 1492 | 1493 | ; trans sid support is disabled by default. 1494 | ; Use of trans sid may risk your users security. 1495 | ; Use this option with caution. 1496 | ; - User may send URL contains active session ID 1497 | ; to other person via. email/irc/etc. 1498 | ; - URL that contains active session ID may be stored 1499 | ; in publicly accessible computer. 1500 | ; - User may access your site with the same session ID 1501 | ; always using URL stored in browser's history or bookmarks. 1502 | ; http://php.net/session.use-trans-sid 1503 | session.use_trans_sid = 0 1504 | 1505 | ; Select a hash function for use in generating session ids. 1506 | ; Possible Values 1507 | ; 0 (MD5 128 bits) 1508 | ; 1 (SHA-1 160 bits) 1509 | ; This option may also be set to the name of any hash function supported by 1510 | ; the hash extension. A list of available hashes is returned by the hash_algos() 1511 | ; function. 1512 | ; http://php.net/session.hash-function 1513 | session.hash_function = 0 1514 | 1515 | ; Define how many bits are stored in each character when converting 1516 | ; the binary hash data to something readable. 1517 | ; Possible values: 1518 | ; 4 (4 bits: 0-9, a-f) 1519 | ; 5 (5 bits: 0-9, a-v) 1520 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") 1521 | ; Default Value: 4 1522 | ; Development Value: 5 1523 | ; Production Value: 5 1524 | ; http://php.net/session.hash-bits-per-character 1525 | session.hash_bits_per_character = 5 1526 | 1527 | ; The URL rewriter will look for URLs in a defined set of HTML tags. 1528 | ; form/fieldset are special; if you include them here, the rewriter will 1529 | ; add a hidden field with the info which is otherwise appended 1530 | ; to URLs. If you want XHTML conformity, remove the form entry. 1531 | ; Note that all valid entries require a "=", even if no value follows. 1532 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 1533 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1534 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1535 | ; http://php.net/url-rewriter.tags 1536 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 1537 | 1538 | ; Enable upload progress tracking in $_SESSION 1539 | ; Default Value: On 1540 | ; Development Value: On 1541 | ; Production Value: On 1542 | ; http://php.net/session.upload-progress.enabled 1543 | ;session.upload_progress.enabled = On 1544 | 1545 | ; Cleanup the progress information as soon as all POST data has been read 1546 | ; (i.e. upload completed). 1547 | ; Default Value: On 1548 | ; Development Value: On 1549 | ; Production Value: On 1550 | ; http://php.net/session.upload-progress.cleanup 1551 | ;session.upload_progress.cleanup = On 1552 | 1553 | ; A prefix used for the upload progress key in $_SESSION 1554 | ; Default Value: "upload_progress_" 1555 | ; Development Value: "upload_progress_" 1556 | ; Production Value: "upload_progress_" 1557 | ; http://php.net/session.upload-progress.prefix 1558 | ;session.upload_progress.prefix = "upload_progress_" 1559 | 1560 | ; The index name (concatenated with the prefix) in $_SESSION 1561 | ; containing the upload progress information 1562 | ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" 1563 | ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" 1564 | ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" 1565 | ; http://php.net/session.upload-progress.name 1566 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" 1567 | 1568 | ; How frequently the upload progress should be updated. 1569 | ; Given either in percentages (per-file), or in bytes 1570 | ; Default Value: "1%" 1571 | ; Development Value: "1%" 1572 | ; Production Value: "1%" 1573 | ; http://php.net/session.upload-progress.freq 1574 | ;session.upload_progress.freq = "1%" 1575 | 1576 | ; The minimum delay between updates, in seconds 1577 | ; Default Value: 1 1578 | ; Development Value: 1 1579 | ; Production Value: 1 1580 | ; http://php.net/session.upload-progress.min-freq 1581 | ;session.upload_progress.min_freq = "1" 1582 | 1583 | [MSSQL] 1584 | ; Allow or prevent persistent links. 1585 | mssql.allow_persistent = On 1586 | 1587 | ; Maximum number of persistent links. -1 means no limit. 1588 | mssql.max_persistent = -1 1589 | 1590 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1591 | mssql.max_links = -1 1592 | 1593 | ; Minimum error severity to display. 1594 | mssql.min_error_severity = 10 1595 | 1596 | ; Minimum message severity to display. 1597 | mssql.min_message_severity = 10 1598 | 1599 | ; Compatibility mode with old versions of PHP 3.0. 1600 | mssql.compatability_mode = Off 1601 | 1602 | ; Connect timeout 1603 | ;mssql.connect_timeout = 5 1604 | 1605 | ; Query timeout 1606 | ;mssql.timeout = 60 1607 | 1608 | ; Valid range 0 - 2147483647. Default = 4096. 1609 | ;mssql.textlimit = 4096 1610 | 1611 | ; Valid range 0 - 2147483647. Default = 4096. 1612 | ;mssql.textsize = 4096 1613 | 1614 | ; Limits the number of records in each batch. 0 = all records in one batch. 1615 | ;mssql.batchsize = 0 1616 | 1617 | ; Specify how datetime and datetim4 columns are returned 1618 | ; On => Returns data converted to SQL server settings 1619 | ; Off => Returns values as YYYY-MM-DD hh:mm:ss 1620 | ;mssql.datetimeconvert = On 1621 | 1622 | ; Use NT authentication when connecting to the server 1623 | mssql.secure_connection = Off 1624 | 1625 | ; Specify max number of processes. -1 = library default 1626 | ; msdlib defaults to 25 1627 | ; FreeTDS defaults to 4096 1628 | ;mssql.max_procs = -1 1629 | 1630 | ; Specify client character set. 1631 | ; If empty or not set the client charset from freetds.conf is used 1632 | ; This is only used when compiled with FreeTDS 1633 | ;mssql.charset = "ISO-8859-1" 1634 | 1635 | [Assertion] 1636 | ; Assert(expr); active by default. 1637 | ; http://php.net/assert.active 1638 | ;assert.active = On 1639 | 1640 | ; Issue a PHP warning for each failed assertion. 1641 | ; http://php.net/assert.warning 1642 | ;assert.warning = On 1643 | 1644 | ; Don't bail out by default. 1645 | ; http://php.net/assert.bail 1646 | ;assert.bail = Off 1647 | 1648 | ; User-function to be called if an assertion fails. 1649 | ; http://php.net/assert.callback 1650 | ;assert.callback = 0 1651 | 1652 | ; Eval the expression with current error_reporting(). Set to true if you want 1653 | ; error_reporting(0) around the eval(). 1654 | ; http://php.net/assert.quiet-eval 1655 | ;assert.quiet_eval = 0 1656 | 1657 | [mbstring] 1658 | ; language for internal character representation. 1659 | ; http://php.net/mbstring.language 1660 | ;mbstring.language = Japanese 1661 | 1662 | ; internal/script encoding. 1663 | ; Some encoding cannot work as internal encoding. 1664 | ; (e.g. SJIS, BIG5, ISO-2022-*) 1665 | ; http://php.net/mbstring.internal-encoding 1666 | ;mbstring.internal_encoding = EUC-JP 1667 | 1668 | ; http input encoding. 1669 | ; http://php.net/mbstring.http-input 1670 | ;mbstring.http_input = auto 1671 | 1672 | ; http output encoding. mb_output_handler must be 1673 | ; registered as output buffer to function 1674 | ; http://php.net/mbstring.http-output 1675 | ;mbstring.http_output = SJIS 1676 | 1677 | ; enable automatic encoding translation according to 1678 | ; mbstring.internal_encoding setting. Input chars are 1679 | ; converted to internal encoding by setting this to On. 1680 | ; Note: Do _not_ use automatic encoding translation for 1681 | ; portable libs/applications. 1682 | ; http://php.net/mbstring.encoding-translation 1683 | ;mbstring.encoding_translation = Off 1684 | 1685 | ; automatic encoding detection order. 1686 | ; auto means 1687 | ; http://php.net/mbstring.detect-order 1688 | ;mbstring.detect_order = auto 1689 | 1690 | ; substitute_character used when character cannot be converted 1691 | ; one from another 1692 | ; http://php.net/mbstring.substitute-character 1693 | ;mbstring.substitute_character = none; 1694 | 1695 | ; overload(replace) single byte functions by mbstring functions. 1696 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), 1697 | ; etc. Possible values are 0,1,2,4 or combination of them. 1698 | ; For example, 7 for overload everything. 1699 | ; 0: No overload 1700 | ; 1: Overload mail() function 1701 | ; 2: Overload str*() functions 1702 | ; 4: Overload ereg*() functions 1703 | ; http://php.net/mbstring.func-overload 1704 | ;mbstring.func_overload = 0 1705 | 1706 | ; enable strict encoding detection. 1707 | ;mbstring.strict_detection = Off 1708 | 1709 | ; This directive specifies the regex pattern of content types for which mb_output_handler() 1710 | ; is activated. 1711 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) 1712 | ;mbstring.http_output_conv_mimetype= 1713 | 1714 | [gd] 1715 | ; Tell the jpeg decode to ignore warnings and try to create 1716 | ; a gd image. The warning will then be displayed as notices 1717 | ; disabled by default 1718 | ; http://php.net/gd.jpeg-ignore-warning 1719 | ;gd.jpeg_ignore_warning = 0 1720 | 1721 | [exif] 1722 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. 1723 | ; With mbstring support this will automatically be converted into the encoding 1724 | ; given by corresponding encode setting. When empty mbstring.internal_encoding 1725 | ; is used. For the decode settings you can distinguish between motorola and 1726 | ; intel byte order. A decode setting cannot be empty. 1727 | ; http://php.net/exif.encode-unicode 1728 | ;exif.encode_unicode = ISO-8859-15 1729 | 1730 | ; http://php.net/exif.decode-unicode-motorola 1731 | ;exif.decode_unicode_motorola = UCS-2BE 1732 | 1733 | ; http://php.net/exif.decode-unicode-intel 1734 | ;exif.decode_unicode_intel = UCS-2LE 1735 | 1736 | ; http://php.net/exif.encode-jis 1737 | ;exif.encode_jis = 1738 | 1739 | ; http://php.net/exif.decode-jis-motorola 1740 | ;exif.decode_jis_motorola = JIS 1741 | 1742 | ; http://php.net/exif.decode-jis-intel 1743 | ;exif.decode_jis_intel = JIS 1744 | 1745 | [Tidy] 1746 | ; The path to a default tidy configuration file to use when using tidy 1747 | ; http://php.net/tidy.default-config 1748 | ;tidy.default_config = /usr/local/lib/php/default.tcfg 1749 | 1750 | ; Should tidy clean and repair output automatically? 1751 | ; WARNING: Do not use this option if you are generating non-html content 1752 | ; such as dynamic images 1753 | ; http://php.net/tidy.clean-output 1754 | tidy.clean_output = Off 1755 | 1756 | [soap] 1757 | ; Enables or disables WSDL caching feature. 1758 | ; http://php.net/soap.wsdl-cache-enabled 1759 | soap.wsdl_cache_enabled=1 1760 | 1761 | ; Sets the directory name where SOAP extension will put cache files. 1762 | ; http://php.net/soap.wsdl-cache-dir 1763 | soap.wsdl_cache_dir="/tmp" 1764 | 1765 | ; (time to live) Sets the number of second while cached file will be used 1766 | ; instead of original one. 1767 | ; http://php.net/soap.wsdl-cache-ttl 1768 | soap.wsdl_cache_ttl=86400 1769 | 1770 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache) 1771 | soap.wsdl_cache_limit = 5 1772 | 1773 | [sysvshm] 1774 | ; A default size of the shared memory segment 1775 | ;sysvshm.init_mem = 10000 1776 | 1777 | [ldap] 1778 | ; Sets the maximum number of open links or -1 for unlimited. 1779 | ldap.max_links = -1 1780 | 1781 | [mcrypt] 1782 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open 1783 | 1784 | ; Directory where to load mcrypt algorithms 1785 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1786 | ;mcrypt.algorithms_dir= 1787 | 1788 | ; Directory where to load mcrypt modes 1789 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1790 | ;mcrypt.modes_dir= 1791 | 1792 | [dba] 1793 | ;dba.default_handler= 1794 | 1795 | ; Local Variables: 1796 | ; tab-width: 4 1797 | ; End: 1798 | -------------------------------------------------------------------------------- /roles/php/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /roles/php/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - geerlingguy.apache 6 | - ansible-role-php 7 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | timezone: Europe/Paris 3 | 4 | name: projectname 5 | 6 | web: 7 | port: 80 8 | 9 | mysql_databases: 10 | - name: "{{ name }}" 11 | 12 | iptables_allowed_tcp_ports: [22, 80, 443] 13 | 14 | projects_keys: 15 | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwgf+AZt8y1/zTE5+5tw5gtm0Y1FT55bSq8kUtO2wt8sxN42s5LpUlftQsaQKY/282m/ffgO58n86LsoLZ33ks1Ipe8wS5p6YU2MX5uh1MyoBtsTsMyLTpMCaFIFTBSNHFykN84sszQZWvQY9T6NEgK8tJHjYoMyTKHz1qcD/1Zf3aTm0YK68Zzd57kFACXae+BUgjtPoR6Ug1cDjL0T7ifdbS6oe+s3JmfLVLCbcbrvyS2dOBCpwDL4SXWp1AKLkIcUsfkNkCygwx1vSKjAz+9PxFE9gRB77fGeMuHt5Ub/mIxX8Rm2APTApFIuryo3NOh3YvcD064BMUriS+8FMn maximet@theodo.fr 16 | 17 | automysqlbackup_cron: 18 | minute: 0 19 | hour: "23" 20 | day: "*" 21 | month: "*" 22 | weekday: "*" 23 | 24 | automysqlbackup_latest: "yes" 25 | -------------------------------------------------------------------------------- /vars/vagrant/xdebug.yml: -------------------------------------------------------------------------------- 1 | --- 2 | php_xdebug_remote_enable: "true" 3 | php_xdebug_remote_connect_back: "on" 4 | php_xdebug_remote_port: "9000" 5 | php_xdebug_remote_log: /tmp/xdebug.log 6 | php_xdebug_idekey: XDEBUG 7 | xdebug.max_nesting_level: 200 8 | --------------------------------------------------------------------------------