commit af69d886e81a5392c60cfc61b4e8b2d7d0e3ea93 Author: root Date: Sun Sep 4 17:18:06 2022 +0200 v220904 diff --git a/files/000-default_fpm7.4.conf b/files/000-default_fpm7.4.conf new file mode 100644 index 0000000..2389ace --- /dev/null +++ b/files/000-default_fpm7.4.conf @@ -0,0 +1,16 @@ + + DocumentRoot /var/www/def/public + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log detailed + + Options -Indexes +FollowSymLinks +MultiViews + AllowOverride All + Require all granted + + + SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost" + + + +# vim: set tabstop=4 shiftwidth=4 expandtab smarttab: diff --git a/files/000-default_modphp.conf b/files/000-default_modphp.conf new file mode 100644 index 0000000..def28f5 --- /dev/null +++ b/files/000-default_modphp.conf @@ -0,0 +1,13 @@ + + DocumentRoot /var/www/def/public + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log detailed + + Options -Indexes +FollowSymLinks +MultiViews + AllowOverride All + Require all granted + + + +# vim: set tabstop=4 shiftwidth=4 expandtab smarttab: diff --git a/files/charset.conf b/files/charset.conf new file mode 100644 index 0000000..7c84e38 --- /dev/null +++ b/files/charset.conf @@ -0,0 +1,2 @@ +#AddDefaultCharset ISO-8859-2 +AddDefaultCharset UTF-8 diff --git a/files/hws.php.ini.fpm b/files/hws.php.ini.fpm new file mode 100644 index 0000000..90ac752 --- /dev/null +++ b/files/hws.php.ini.fpm @@ -0,0 +1,16 @@ +; HWS php configuration +[PHP] +memory_limit = 256M +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE +error_log = /var/log/php_errors.log +post_max_size = 80M +upload_max_filesize = 80M +user_ini.filename = .php.ini +user_ini.cache_ttl = 60 + +[Date] +date.timezone = "Europe/Budapest" + +[Session] +session.gc_maxlifetime = 86400 + diff --git a/files/hws.php.ini.modphp b/files/hws.php.ini.modphp new file mode 100644 index 0000000..bca4ae6 --- /dev/null +++ b/files/hws.php.ini.modphp @@ -0,0 +1,15 @@ +; HWS php configuration +[PHP] +memory_limit = 256M +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE +error_log = /var/log/php_errors.log +post_max_size = 80M +upload_max_filesize = 80M +#default_charset = "ISO-8859-2" + +[Date] +date.timezone = "Europe/Budapest" + +[Session] +session.gc_maxlifetime = 86400 + diff --git a/files/log-detailed.conf b/files/log-detailed.conf new file mode 100644 index 0000000..d5ae995 --- /dev/null +++ b/files/log-detailed.conf @@ -0,0 +1 @@ +LogFormat "%{%s %Y-%m-%d %H:%M:%S}t %A:%{local}p|%v %a %u %I|%O%X %Dus %>s \"%r\" \"%{Referer}i\" \"%{User-Agent}i\"" detailed diff --git a/files/logrotate.conf b/files/logrotate.conf new file mode 100644 index 0000000..92a2994 --- /dev/null +++ b/files/logrotate.conf @@ -0,0 +1,9 @@ +/var/log/php*.log +{ + rotate 7 + daily + missingok + notifempty + compress + create 0664 www-data www-data +} diff --git a/files/other-vhosts-access-log.conf b/files/other-vhosts-access-log.conf new file mode 100644 index 0000000..ffbcea1 --- /dev/null +++ b/files/other-vhosts-access-log.conf @@ -0,0 +1,5 @@ +# Define an access log for VirtualHosts that don't define their own logfile +#CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined +CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log detailed + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c009bae --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,272 @@ +--- +- name: check if apt.conf uses a proxy + shell: grep -Po '(?<=^Acquire::http::Proxy ")[^"]*' /etc/apt/apt.conf + register: proxy_grep + failed_when: false + changed_when: false + +- name: set proxy variable + set_fact: + proxy: "{{ proxy_grep.stdout }}" + when: proxy_grep.stdout != "" + +- name: /var/www bind mount in fstab + lineinfile: + dest: /etc/fstab + line: '/data/www /var/www none bind 0 0' + register: fstab_www + +- name: mount /var/www + shell: 'mkdir -p /var/www && mv /var/www /data && mkdir -p /var/www && mount /var/www' + when: fstab_www.changed + +- name: www subdirs + file: + dest: "/var/www/{{ item }}" + state: directory + with_items: + - def + - def/public + +- name: www index.html + shell: "test -e /var/www/def/public/index.html || hostname > /var/www/def/public/index.html" + +- name: install packages, jessie + tags: apt + apt: + name: "{{ item }}" + state: present + with_items: + - apache2 + - libapache2-mod-php5 + - mysql-client + - php5-cli + - php5-curl + - php5-gd + - php5-json + - php5-ldap + - php5-mysqlnd + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +- name: install packages, stretch-buster + tags: apt + apt: + name: "{{ item }}" + state: present + with_items: + - apache2 + - libapache2-mod-php + - mariadb-client + - php-cli + - php-bcmath + - php-curl + - php-gd + - php-json + - php-ldap + - php-mbstring + - php-mysql + - php-soap + - php-xml + - php-zip + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() == 9 or ansible_distribution_major_version|int() == 10 + +- name: sury repo pgp key, bullseye+ + tags: apt + shell: "curl {{ (proxy is defined) | ternary('--proxy '+ proxy|default(''), '')}} -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg" + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() == 11 + +- name: sury repo in sources list, bullseye + tags: apt + lineinfile: + dest: /etc/apt/sources.list.d/php-sury.list + line: 'deb https://packages.sury.org/php/ bullseye main' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() == 11 + +- name: apt update, bullseye + tags: apt + apt: + update_cache: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() == 11 + +- name: install packages, bullseye + tags: apt + apt: + name: "{{ item }}" + state: present + with_items: + - apache2 + - mariadb-client + - php7.4-cli + - php7.4-fpm + - php7.4-bcmath + - php7.4-curl + - php7.4-gd + - php7.4-json + - php7.4-ldap + - php7.4-mbstring + - php7.4-mysql + - php7.4-opcache + - php7.4-readline + - php7.4-soap + - php7.4-xml + - php7.4-zip + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() == 11 + +- name: conf-available + copy: + src: "{{ item }}" + dest: /etc/apache2/conf-available + with_items: + - other-vhosts-access-log.conf + - charset.conf + - log-detailed.conf + +- name: enable confs / modules, -buster + shell: "a2enconf charset log-detailed && a2enmod rewrite" + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() < 11 + +- name: enable confs / modules, bullseye+ + shell: "a2enconf charset log-detailed && a2enmod rewrite headers proxy_fcgi" + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() >= 11 + +- name: virtualhost config, -buster + copy: + src: 000-default_modphp.conf + dest: /etc/apache2/sites-available/000-default.conf + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() < 11 + +- name: virtualhost config, bullseye + copy: + src: 000-default_fpm7.4.conf + dest: /etc/apache2/sites-available/000-default.conf + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() == 11 + +- name: php config, jessie + copy: + src: hws.php.ini.modphp + dest: /etc/php5 + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +- name: php config symlinks, jessie + file: + state: link + src: /etc/php5/hws.php.ini + path: "/etc/php5/{{ item }}/conf.d/hws.php.ini" + with_items: + - apache2 + - cli + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +- name: php config, stretch + copy: + src: hws.php.ini.modphp + dest: /etc/php/7.0/hws.php.ini + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "9" + +- name: php config, buster + copy: + src: hws.php.ini.modphp + dest: /etc/php/7.3/hws.php.ini + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + +- name: php config, bullseye + copy: + src: hws.php.ini.fpm + dest: /etc/php/7.4/hws.php.ini + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "11" + +- name: php config symlinks, stretch + file: + state: link + src: /etc/php/7.0/hws.php.ini + path: "/etc/php/7.0/{{ item }}/conf.d/hws.php.ini" + with_items: + - apache2 + - cli + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "9" + +- name: php config symlinks, buster + file: + state: link + src: /etc/php/7.3/hws.php.ini + path: "/etc/php/7.3/{{ item }}/conf.d/hws.php.ini" + with_items: + - apache2 + - cli + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + +- name: php config symlinks, bullseye + file: + state: link + src: /etc/php/7.4/hws.php.ini + path: "/etc/php/7.4/{{ item }}/conf.d/hws.php.ini" + with_items: + - fpm + - cli + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "11" + + +- name: php logrotate config + copy: + src: logrotate.conf + dest: /etc/logrotate.d/php + +- name: security.conf ServerTokens, bullseye+ + tags: apt + lineinfile: + dest: /etc/apache2/conf-available/security.conf + regexp: "^ServerTokens" + line: "ServerTokens Prod" + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() >= 11 + +- name: security.conf ServerSignature, bullseye+ + tags: apt + lineinfile: + dest: /etc/apache2/conf-available/security.conf + regexp: "^ServerSignature" + line: "ServerSignature Off" + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() >= 11 + + +# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: