diff --git a/CHANGELOG.md b/CHANGELOG.md index d4935ff67..e8ebf73d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,12 +15,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Breaking Changes +* **role:php**: The PHP-FPM pool config changed for existing hosts. Sessions now live in a per-pool directory (the default `www` pool moves from `/var/lib/php/session` to `/var/lib/php/session/www`), so logged-in users are signed out once after the upgrade. `memory_limit`, `max_execution_time`, `max_input_vars`, `post_max_size`, `upload_max_filesize` and `session.save_path` are now enforced as `php_admin_value`, so applications can no longer raise them at runtime via `ini_set()`. The FPM status path moved from `/fpm-status` to `/www-fpm-status`, and `soap.wsdl_cache_dir` is no longer set (PHP default applies). Worker processes now recycle after 500 requests (`pm.max_requests`), where previously they ran indefinitely. * **role:apache_httpd, role:apache_tomcat, role:mastodon, role:postgresql_server**: Rename tags to the project-wide naming scheme. `apache_httpd:config` becomes `apache_httpd:configure`, and `apache_tomcat:users`, `mastodon:users`, `postgresql_server:users` and `postgresql_server:databases` lose their trailing `s` (`...:user`, `...:database`). Adjust any `--tags` / `--skip-tags` invocations and automation that reference the old tag names. * **role:minio_client, role:objectstore_backup**: Both roles and their playbooks (`playbooks/minio_client.yml`, `playbooks/objectstore_backup.yml`) have been removed, along with the corresponding role blocks in `playbooks/setup_nextcloud.yml` and the `setup_nextcloud__skip_minio_client` / `setup_nextcloud__skip_objectstore_backup` variables. MinIO Server has been archived as no-longer-maintained since February 2026, and we are moving away from using object storage for critical data. Users relying on these roles must replace the MinIO-based object-store backup with their own solution (e.g. `rclone`); the `mc` binary, its config under `/etc/mc/`, the `objectstore-backup` systemd timer/service, and `/usr/local/bin/mc-mirror.sh` are no longer managed by lfops and will remain on existing hosts until removed manually ([#241](https://github.com/Linuxfabrik/lfops/issues/241)). * **role:infomaniak_vm**: Always create a managed port for every entry in `infomaniak_vm__networks`, even when no `fixed_ip` is set. Previously only networks with a `fixed_ip` got a managed port; networks without one relied on OpenStack's auto-created port. To avoid creating unused (but billed) managed ports on VMs provisioned under the old behavior, make sure to manually rename the existing port in OpenStack to match the `port_name`. Note that this port will not survive VM deletion / detachment, since it was automatically created and therefore is owned by OpenStack, not the user. ### Added +* **role:php**: PHP-FPM pools are now fully configurable, each with its own user/group, process-manager tuning, timeouts and `php_admin_value` overrides. Every pool gets its own isolated session directory (created automatically, with correct ownership and SELinux labeling on RedHat). * **testing**: Add a Molecule-based test framework that runs the playbooks (and through them the roles) against throwaway libvirt/KVM VMs or Podman containers. Scenarios live under `extensions/molecule`; see the Testing section in `CONTRIBUTING.md`. * **role:icinga2_master, role:icingadb, role:icingaweb2, role:icingaweb2_module_reporting, role:icingaweb2_module_x509**: Add explicit Ubuntu variable files, making Ubuntu support visible alongside Debian. The Icinga repository, GPG key and package names were verified on Debian 13 and Ubuntu 24.04. * **role:nextcloud**: Add `meta/argument_specs.yml` declaring the user-facing variables, so role-entry validation catches type mismatches and missing mandatory variables. diff --git a/playbooks/php.yml b/playbooks/php.yml index b569cc22f..22662e7f2 100644 --- a/playbooks/php.yml +++ b/playbooks/php.yml @@ -29,6 +29,10 @@ - 'ansible_facts["os_family"] == "RedHat"' - 'not php__skip_repo_remi | default(false)' + - role: 'linuxfabrik.lfops.repo_sury' + when: + - 'ansible_facts["os_family"] == "Debian"' + - role: 'linuxfabrik.lfops.php' diff --git a/roles/duplicity/README.md b/roles/duplicity/README.md index d0fc84507..5dace8d51 100644 --- a/roles/duplicity/README.md +++ b/roles/duplicity/README.md @@ -1,4 +1,4 @@ -# Ansible Role linuxfabrik.lfops.duplicity +s# Ansible Role linuxfabrik.lfops.duplicity This role configures *daily file-based* backups using [duplicity](https://duplicity.gitlab.io/). Currently, this role is focused on using [OpenStack Object Storage ("Swift")](https://wiki.openstack.org/wiki/Swift) as the storage backend. diff --git a/roles/influxdb/README.md b/roles/influxdb/README.md index 656766877..52896e11d 100644 --- a/roles/influxdb/README.md +++ b/roles/influxdb/README.md @@ -5,6 +5,7 @@ This role installs and configures [InfluxDB](https://www.influxdata.com/products *Available since LFOps `2.0.0`.* +## Dependent Roles ## Dependent Roles diff --git a/roles/php/README.md b/roles/php/README.md index 584838b52..ccf3789d0 100644 --- a/roles/php/README.md +++ b/roles/php/README.md @@ -2,7 +2,7 @@ This role installs and configures PHP (and PHP-FPM) on the system, optionally with additional modules. -Note that this role does NOT let you specify a particular PHP version. It simply installs the latest available PHP version from the repos configured in the system. If you want or need to install a specific or the latest PHP version available, use the [linuxfabrik.lfops.repo_remi](https://github.com/Linuxfabrik/lfops/tree/main/roles/repo_remi) beforehand. +Note that this role does NOT let you specify a particular PHP version. It simply installs the latest available PHP version from the repos configured in the system. If you want or need to install a specific or the latest PHP version available, use the [linuxfabrik.lfops.repo_remi](https://github.com/Linuxfabrik/lfops/tree/main/roles/repo_remi) (Red Hat family) or [linuxfabrik.lfops.repo_sury](https://github.com/Linuxfabrik/lfops/tree/main/roles/repo_sury) (Debian family) beforehand. This role is compatible with the following PHP versions: @@ -33,7 +33,8 @@ This role never exposes to the world that PHP is installed on the server, no mat Any [LFOps playbook](https://github.com/Linuxfabrik/lfops/blob/main/playbooks/README.md) that installs this role runs these for you. Optional ones can be disabled via the playbook's skip variables. -* Optional: [Remi's RPM repository](https://rpms.remirepo.net/) (role: [linuxfabrik.lfops.repo_remi](https://github.com/Linuxfabrik/lfops/tree/main/roles/repo_remi)) provides newer PHP versions. +* Optional: [Remi's RPM repository](https://rpms.remirepo.net/) (role: [linuxfabrik.lfops.repo_remi](https://github.com/Linuxfabrik/lfops/tree/main/roles/repo_remi)) provides newer PHP versions on the Red Hat family. +* [Sury repository](https://deb.sury.org/) (role: [linuxfabrik.lfops.repo_sury](https://github.com/Linuxfabrik/lfops/tree/main/roles/repo_sury)) provides newer PHP versions on the Debian family. ## Tags @@ -45,15 +46,19 @@ Any [LFOps playbook](https://github.com/Linuxfabrik/lfops/blob/main/playbooks/RE * Ensure PHP modules are absent. * Ensure PHP modules are present. * Get PHP version. -* Load default values for `{{ php__installed_version }}`. +* Load default values for `{{ __php__installed_version }}`. * Deploy the /etc/php.d/z00-linuxfabrik.ini. * `systemctl {{ php__fpm_service_enabled | bool | ternary("enable", "disable") }} --now php-fpm`. +* Ensure the shared opcache directory exists. +* Create the per-pool session directories. * Remove absent pools from `/etc/php-fpm.d`. * Deploy the pools to `/etc/php-fpm.d/`. * Triggers: php-fpm.service restart. `php:fpm` +* Ensure the shared opcache directory exists. +* Create the per-pool session directories. * Remove absent pools from /etc/php-fpm.d. * Deploy the pools to /etc/php-fpm.d/. * Triggers: php-fpm.service restart. @@ -61,7 +66,7 @@ Any [LFOps playbook](https://github.com/Linuxfabrik/lfops/blob/main/playbooks/RE `php:ini` * Get PHP version. -* Load default values for `{{ php__installed_version }}`. +* Load default values for `{{ __php__installed_version }}`. * Deploy the `/etc/php.d/z00-linuxfabrik.ini`. * Triggers: php-fpm.service restart. @@ -86,42 +91,6 @@ Any [LFOps playbook](https://github.com/Linuxfabrik/lfops/blob/main/playbooks/RE * Type: Bool. * Default: `true` -`php__fpm_pools__host_var` / `php__fpm_pools__group_var` - -* List of dictionaries containing PHP-FPM pools. -* For the usage in `host_vars` / `group_vars` (can only be used in one group at a time). -* Type: List of dictionaries. -* Default: `[]` -* Subkeys: - - * `name`: - - * Mandatory. The name of the pool. Will also be used as the filename and for logfiles. - * Type: String. - - * `state`: - - * Optional. State of the pool. Possible options: `absent`, `present`. - * Type: String. - * Default: `'present'` - - * `user`: - - * Optional. The Unix user running the pool processes. - * Type: String. - * Default: `'apache'` - - * `group`: - - * Optional. The Unix group running the pool processes. - * Type: String. - * Default: `'apache'` - - * `raw`: - - * Optional. Raw content which will be added to the end of the pool config. - * Type: String. - `php__modules__host_var` / `php__modules__group_var` * List of dictionaries containing additional PHP modules that should be installed via the standard package manager. @@ -189,7 +158,7 @@ Variables for `php.ini` directives and their default values, defined and support * Set the error reporting level. [php.net](https://www.php.net/manual/en/errorfunc.configuration.php) * Type: String. -* Default: `'E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT'` +* Default: 7.2 - 8.4: `'E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT'`, 8.5: `'E_ALL & ~E_NOTICE & ~E_DEPRECATED'` (`E_STRICT` is deprecated as of PHP 8.4) `php__ini_max_execution_time__group_var` / `php__ini_max_execution_time__host_var` @@ -309,7 +278,7 @@ Variables for `php.ini` directives and their default values, defined and support * [php.net](https://www.php.net/manual/en/session.configuration.php) * Type: Number. -* Default: `32` +* Default: 7.2 - 8.4: `32`. Not managed on 8.5, where PHP's built-in default applies. `php__ini_session_trans_sid_tags__group_var` / `php__ini_session_trans_sid_tags__host_var` @@ -343,7 +312,11 @@ php__ini_upload_max_filesize__host_var: '10000M' ## Optional Role Variables - PHP-FPM Pool Config Directives -Variables for `php.ini` directives and their default values, defined and supported by this role. +Variables for PHP-FPM Pool Config directives and their default values, defined and supported by this role. + +For every pool the role creates a dedicated session directory below the distribution's session base (`/var/lib/php/session` on RedHat, `/var/lib/php/sessions` on Debian) and a single shared opcache directory (`/var/lib/php/opcache`). On Debian, stale session files are reaped by the packaged `sessionclean` timer, which recurses the session base using the global `session.gc_maxlifetime`. A per-pool `session.gc_maxlifetime` is therefore not honored by the cleanup on Debian, and a session that stays open but idle longer than the lifetime may be removed. + +Each pool listens on its own Unix socket below the FPM runtime directory (`/run/php-fpm/{{ item["name"] }}.sock` on RedHat, `/run/php/{{ item["name"] }}.sock` on Debian). On Debian, the packaged php-fpm systemd unit additionally maintains a version-agnostic `update-alternatives` alias at `/run/php/php-fpm.sock` that points at the socket of the default `www` pool. This alias only ever tracks `www`, not the pools created by this role, so configure your web server with the explicit per-pool socket path rather than the generic `/run/php/php-fpm.sock`. RedHat ships no such alias. `php__fpm_pool_conf_pm__group_var` / `php__fpm_pool_conf_pm__host_var` @@ -387,47 +360,179 @@ Variables for `php.ini` directives and their default values, defined and support * Type: Number. * Default: `0` -`php__fpm_pools__group_var` / `php__fpm_pools__host_var` +`php__fpm_pools__host_var` / `php__fpm_pools__group_var` -* List defining pool configuration. +* List of dictionaries containing PHP-FPM pools. +* For the usage in `host_vars` / `group_vars` (can only be used in one group at a time). * Type: List of dictionaries. -* Default: `name: 'www'` `user: 'apache'` `group: 'apache'` +* Default: One pool named `www`. * Subkeys: * `name`: - * Mandatory. Pool name. + * Mandatory. The name of the pool. Will also be used as the filename and for logfiles. * Type: String. + * `state`: + + * Optional. State of the pool. Possible options: `absent`, `present`. + * Type: String. + * Default: `'present'` + * `user`: - * Optional. The Unix user running the pool processes. + * Optional. The Unix user running the pool processes. [php.net](https://www.php.net/install.fpm.configuration.php#user) * Type: String. + * Default: `'apache'` (RedHat), `www-data` (Debian) * `group`: - * Optional. The Unix group running the pool processes. + * Optional. The Unix group running the pool processes. [php.net](https://www.php.net/install.fpm.configuration.php#group) + * Type: String. + * Default: `'apache'` (RedHat), `www-data` (Debian) + + * `pm`: + + * Optional. Choose how the process manager will control the number of child processes. [php.net](https://www.php.net/install.fpm.configuration.php#pm) + * Type: String. + * Default: `{{ php__fpm_pool_conf_pm__combined_var }}` (which defaults to `'dynamic'`) + + * `pm_max_children`: + + * Optional. The number of child processes to be created when pm is set to `'static'` and the maximum number of child processes when pm is set to `'dynamic'` or `'ondemand'`. [php.net](https://www.php.net/install.fpm.configuration.php#pm.max-children) + * Type: Number. + * Default: `{{ php__fpm_pool_conf_pm_max_children__combined_var }}` (which defaults to `50`) + + * `pm_start_servers`: + + * Optional. The number of child processes created on startup. Must be greater than `pm_min_spare_servers` but less than `pm_max_spare_servers`. Used only when `pm` is set to `'dynamic`'. [php.net](https://www.php.net/install.fpm.configuration.php#pm.start-servers) + * Type: Number. + * Default: `{{ php__fpm_pool_conf_pm_start_servers__combined_var }}` (which defaults to `5`) + + * `pm_min_spare_servers`: + + * Optional. The desired minimum number of idle server processes. Used only when `pm` is set to `'dynamic'`. [php.net](https://www.php.net/install.fpm.configuration.php#pm.min-spare-servers) + * Type: Number. + * Default: `{{ php__fpm_pool_conf_pm_min_spare_servers__combined_var }}` (which defaults to `5`) + + * `pm_max_spare_servers`: + + * Optional. The desired maximum number of idle server processes. Used only when `pm` is set to `'dynamic'`. [php.net](https://www.php.net/install.fpm.configuration.php#pm.max-spare-servers) + * Type: Number. + * Default: `{{ php__fpm_pool_conf_pm_max_spare_servers__combined_var }}` (which defaults to `35`) + + * `pm_max_spawn_rate`: + + * Optional. The number of rate to spawn child processes at once. Used only when `pm` is set to `'dynamic'`. [php.net](https://www.php.net/install.fpm.configuration.php#pm.max-spawn-rate) + * Type: Number. + * Default: `32` + + * `pm_process_idle_timeout`: + + * Optional. The number of seconds after which an idle process will be killed. Used only when `pm` is set to `'ondemand'`. Available units: s(econds, default), m(inutes), h(ours), or d(ays). [php.net](https://www.php.net/install.fpm.configuration.php#pm.process-idle-timeout) + * Type: String. + * Default: `'10s'` + + * `pm_max_requests`: + + * Optional. The number of requests each child process should execute before respawning. For endless request processing specify `0`. [php.net](https://www.php.net/install.fpm.configuration.php#pm.max-requests) + * Type: Number. + * Default: `500` + + * `pm_status_path`: + + * Optional. Path to view FPM status page. [php.net](https://www.php.net/install.fpm.configuration.php#pm.status-path) + * Type: String. + * Default: `'/{{ item["name"] }}-fpm-status'` + + * `ping_path`: + + * Optional. The ping path to check if FPM is alive and responding. [php.net](https://www.php.net/install.fpm.configuration.php#ping.path) + * Type: String. + * Default: `'/{{ item["name"] }}-fpm-ping'` + + * `request_slowlog_timeout`: + + * Optional. The timeout for serving a single request after which a PHP backtrace will be dumped to the slowlog file. A value of `0` means off. Available units: s(econds, default), m(inutes), h(ours), or d(ays). [php.net](https://www.php.net/install.fpm.configuration.php#request-slowlog-timeout) + * Type: Number. + * Default: `{{ php__fpm_pool_conf_request_slowlog_timeout__combined_var }}` (which defaults to `0`) + + * `request_slowlog_trace_depth`: + + * Optional. Depth of slow log stack trace. [php.net](https://www.php.net/install.fpm.configuration.php#request-slowlog-trace-depth) + * Type: Number. + * Default: `20` + + * `request_terminate_timeout`: + + * Optional. The timeout for serving a single request after which the worker process will be killed. This option should be used when the `max_execution_time` ini option does not stop script execution for some reason. A value of `0` means off. Available units: s(econds, default), m(inutes), h(ours), or d(ays). + * [php.net](https://www.php.net/install.fpm.configuration.php#request-terminate-timeout) + * Type: Number. + * Default: `{{ php__fpm_pool_conf_request_terminate_timeout__combined_var }}` (which defaults to `0`) + + * `php_admin_value_session_save_path`: + + * Optional. The role creates this directory, owned by the pool's `user` / `group` with mode `0700`, so pools cannot read each other's sessions. On RedHat it inherits the `httpd_var_run_t` SELinux type from the session base; if you point it outside the session base, you have to label it yourself. [php.net](https://www.php.net/session.save_path) + * Type: String. + * Default: `/var/lib/php/session/{{ item["name"] }}` (RedHat), `/var/lib/php/sessions/{{ item["name"] }}` (Debian) + + * `php_admin_value_max_execution_time`: + + * Optional. [php.net](https://www.php.net/max_execution_time) + * Type: Number. + * Default: `{{ php__ini_max_execution_time__combined_var }}` + + * `php_admin_value_max_input_vars`: + + * Optional. [php.net](https://www.php.net/max_input_vars) + * Type: Number. + * Default: `{{ php__ini_max_input_vars__combined_var }}` + + * `php_admin_value_memory_limit`: + + * Optional. [php.net](https://www.php.net/memory_limit) + * Type: String. + * Default: `'{{ php__ini_memory_limit__combined_var }}'` + + * `php_admin_value_open_basedir`: + + * Optional. [php.net](https://www.php.net/open_basedir) + * Type: String. + * Default: unset + + * `php_admin_value_post_max_size`: + + * Optional. [php.net](https://www.php.net/post_max_size) + * Type: String. + * Default: `'{{ php__ini_post_max_size__combined_var }}'` + + * `php_admin_value_upload_max_filesize`: + + * Optional. [php.net](https://www.php.net/upload_max_filesize) * Type: String. + * Default: `'{{ php__ini_upload_max_filesize__combined_var }}'` * `raw`: * Optional. Raw content which will be added to the end of the pool config. * Type: String. + * Default: unset Example: ```yaml # optional -php__fpm_pool_conf_pm__host_var: 'dynamic' -php__fpm_pool_conf_pm_max_children__host_var: 50 -php__fpm_pool_conf_pm_max_spare_servers__host_var: 35 -php__fpm_pool_conf_pm_min_spare_servers__host_var: 5 -php__fpm_pool_conf_pm_start_servers__host_var: 5 -php__fpm_pool_conf_request_slowlog_timeout__host_var: '10s' -php__fpm_pool_conf_request_terminate_timeout__host_var: '60s' php__fpm_pools__host_var: - name: 'librenms' user: 'librenms' group: 'librenms' + pm: 'dynamic' + pm_max_children: 50 + pm_max_spare_servers: 35 + pm_min_spare_servers: 5 + pm_start_servers: 5 + request_slowlog_timeout: '10s' + request_terminate_timeout: '60s' + php_admin_value_session_save_path: '/var/lib/php/session' # use the shared session dir instead of the per-pool default /var/lib/php/session/librenms raw: |- env[PATH] = /usr/local/bin:/usr/bin:/bin ``` diff --git a/roles/php/defaults/main.yml b/roles/php/defaults/main.yml index 9be76bd06..fba33dae7 100644 --- a/roles/php/defaults/main.yml +++ b/roles/php/defaults/main.yml @@ -405,7 +405,7 @@ php__modules__group_var: [] php__modules__host_var: [] php__modules__role_var: Debian: - - name: 'php{{ php__installed_version }}-opcache' + - name: 'php{{ __php__installed_version }}-opcache' state: 'present' RedHat: - name: 'php-opcache' diff --git a/roles/php/handlers/main.yml b/roles/php/handlers/main.yml index 59b7a486d..d5769d5f4 100644 --- a/roles/php/handlers/main.yml +++ b/roles/php/handlers/main.yml @@ -1,4 +1,4 @@ - name: 'php: restart php-fpm' ansible.builtin.service: - name: '{{ php__fpm_service_name }}' + name: '{{ __php__fpm_service_name }}' state: 'restarted' diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml index 8642121a9..0821b95a3 100644 --- a/roles/php/tasks/main.yml +++ b/roles/php/tasks/main.yml @@ -49,10 +49,11 @@ - name: 'Get PHP version' ansible.builtin.set_fact: - php__installed_version: '{{ ansible_facts["packages"]["php"][0]["version"] | regex_search("\d\.\d") }}' + __php__installed_version: '{{ ansible_facts["packages"]["php"][0]["version"] | regex_search("\d\.\d") }}' tags: - 'php' + - 'php:fpm' - 'php:ini' - 'php:modules' - 'php:update' @@ -103,18 +104,18 @@ - block: - - name: 'Load default values for {{ php__installed_version }}' - ansible.builtin.include_vars: 'vars/{{ php__installed_version }}.yml' + - name: 'Load default values for {{ __php__installed_version }}' + ansible.builtin.include_vars: 'vars/{{ __php__installed_version }}.yml' - name: 'Deploy the PHP configs' ansible.builtin.template: backup: true - src: 'etc/php.d/{{ php__installed_version }}-z00-linuxfabrik.ini.j2' + src: 'etc/php.d/{{ __php__installed_version }}-z00-linuxfabrik.ini.j2' dest: '{{ item }}' owner: 'root' group: 'root' mode: 0o644 - loop: '{{ php__conf_dest }}' + loop: '{{ __php__conf_dest }}' notify: 'php: restart php-fpm' tags: @@ -125,20 +126,53 @@ - block: - - name: 'Remove absent pools from {{ php__fpm_pools_path }}' + # opcache is shared among all php-fpm pools, so a single shared directory is + # enough. On RedHat the package ships it; create it for parity on Debian. + - name: 'Ensure the shared opcache directory {{ __php__fpm_opcache_path }} exists' + ansible.builtin.file: + path: '{{ __php__fpm_opcache_path }}' + state: 'directory' + owner: 'root' + group: '{{ __shared__apache_httpd_group }}' + mode: 0o770 + + # each pool gets its own session directory below the distro's session base, so + # the pools cannot read each other's sessions. On RedHat this inherits the + # `httpd_var_run_t` SELinux type from the parent; on Debian the packaged + # `sessionclean` timer recurses the base and reaps stale files. + - name: 'Create the per-pool session directories' + ansible.builtin.file: + path: '{{ item["php_admin_value_session_save_path"] | d(__php__fpm_session_path ~ "/" ~ item["name"]) }}' + state: 'directory' + owner: '{{ item["user"] | d(__shared__apache_httpd_user) }}' + group: '{{ item["group"] | d(__shared__apache_httpd_group) }}' + mode: 0o700 + when: + - 'item["state"] | d("present") != "absent"' + loop: '{{ php__fpm_pools__combined_var }}' + + - name: 'restorecon -Fvr {{ __php__fpm_session_path }} {{ __php__fpm_opcache_path }}' + ansible.builtin.command: 'restorecon -Fvr {{ __php__fpm_session_path }} {{ __php__fpm_opcache_path }}' + register: '__php__restorecon_result' + changed_when: '__php__restorecon_result["stdout"] | length > 0' + when: + - 'ansible_facts["os_family"] == "RedHat"' + - 'ansible_facts["selinux"]["status"] != "disabled"' + + - name: 'Remove absent pools from {{ __php__fpm_pools_path }}' ansible.builtin.file: - path: '{{ php__fpm_pools_path }}/{{ item["name"] }}.conf' + path: '{{ __php__fpm_pools_path }}/{{ item["name"] }}.conf' state: 'absent' when: - 'item["state"] | d("present") == "absent"' loop: '{{ php__fpm_pools__combined_var }}' notify: 'php: restart php-fpm' - - name: 'Deploy the pools to {{ php__fpm_pools_path }}' + - name: 'Deploy the pools to {{ __php__fpm_pools_path }}' ansible.builtin.template: backup: true - src: 'etc/php-fpm.d/{{ ansible_facts["os_family"] }}-pool.conf.j2' - dest: '{{ php__fpm_pools_path }}/{{ item["name"] }}.conf' + src: 'etc/php-fpm.d/pool.conf.j2' + dest: '{{ __php__fpm_pools_path }}/{{ item["name"] }}.conf' owner: 'root' group: 'root' mode: 0o644 @@ -154,9 +188,9 @@ - block: - - name: 'systemctl {{ php__fpm_service_enabled | bool | ternary("enable", "disable") }} --now {{ php__fpm_service_name }}' + - name: 'systemctl {{ php__fpm_service_enabled | bool | ternary("enable", "disable") }} --now {{ __php__fpm_service_name }}' ansible.builtin.service: - name: '{{ php__fpm_service_name }}' + name: '{{ __php__fpm_service_name }}' enabled: '{{ php__fpm_service_enabled }}' state: '{{ php__fpm_service_enabled | bool | ternary("started", "stopped") }}' diff --git a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 deleted file mode 100644 index 6bb27fddd..000000000 --- a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 +++ /dev/null @@ -1,453 +0,0 @@ -#jinja2:block_start_string:'[%', block_end_string:'%]' -; {{ ansible_managed }} -; 2026060701 -[% if item["by_role"] | default() %] -; Generated by Ansible role: {{ item["by_role"] }} -[% endif %] - -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[{{ item["name"] }}] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or @php_fpm_prefix@) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -; RPM: apache user chosen to provide access to the same directories as httpd -user = {{ item["user"] | default('apache') }} -; RPM: Keep a group allowed to write in log dir. -group = {{ item["group"] | default('apache') }} - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = /run/php-fpm/{{ item["name"] }}.sock - -; Set listen(2) backlog. -; Default Value: 511 -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. -; Default Values: user and group are set as the running user -; mode is set to 0660 -;listen.owner = nobody -;listen.group = nobody -;listen.mode = 0660 - -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -listen.acl_users = apache -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = {{ php__fpm_pool_conf_pm_max_children__combined_var | d(50) }} - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = {{ php__fpm_pool_conf_pm_start_servers__combined_var | d(5) }} - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ php__fpm_pool_conf_pm_min_spare_servers__combined_var | d(5) }} - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var | d(35) }} - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: @EXPANDED_DATADIR@/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -pm.status_path = /fpm-status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -ping.path = /fpm-ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/php-fpm/{{ item["name"] }}-slow.log - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_slowlog_timeout = {{ php__fpm_pool_conf_request_slowlog_timeout__combined_var }} - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__combined_var }} - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -; A defined PATH is required so PHP code can locate system binaries via getenv("PATH"). -; With clear_env at its default (yes) the worker environment is emptied, leaving -; getenv("PATH") empty, which trips tools that shell out and Nextcloud's "PHP getenv" setup check. -env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or @prefix@) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm/{{ item["name"] }}-error.log -php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 128M - -; Set the following data paths to directories owned by the FPM process user. -; -; Do not change the ownership of existing system directories, if the process -; user does not have write permission, create dedicated directories for this -; purpose. -; -; See warning about choosing the location of these directories on your system -; at http://php.net/session.save-path -php_value[session.save_handler] = files -php_value[session.save_path] = /var/lib/php/session -php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache -;php_value[opcache.file_cache] = /var/lib/php/opcache - -[% if item["raw"] | default() %] -; raw content -{{ item["raw"] }} -[% endif %] diff --git a/roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 b/roles/php/templates/etc/php-fpm.d/pool.conf.j2 similarity index 81% rename from roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 rename to roles/php/templates/etc/php-fpm.d/pool.conf.j2 index 8c31121d3..ff7c977ef 100644 --- a/roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 +++ b/roles/php/templates/etc/php-fpm.d/pool.conf.j2 @@ -1,14 +1,13 @@ -#jinja2:block_start_string:'[%', block_end_string:'%]' ; {{ ansible_managed }} -; 2026012901 -[% if item["by_role"] | default() %] -; Generated by Ansible role: {{ item["by_role"] }} -[% endif %] +; 2026060901 +{% if item['by_role'] | d() %} +; Generated by Ansible role: {{ item['by_role'] }} +{% endif %} ; Start a new pool named 'www'. ; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) -[{{ item["name"] }}] +[{{ item['name'] }}] ; Per pool prefix ; It only applies on the following directives: @@ -19,7 +18,7 @@ ; - 'chdir' ; - 'php_values' ; - 'php_admin_values' -; When not set, the global prefix (or /usr) applies instead. +; When not set, the global prefix (or @php_fpm_prefix@) applies instead. ; Note: This directive can also be relative to the global prefix. ; Default Value: none ;prefix = /path/to/pools/$pool @@ -32,8 +31,8 @@ ; --allow-to-run-as-root option to work. ; Default Values: The user is set to master process running user by default. ; If the group is not set, the user's group is used. -user = {{ item["user"] | default('www-data') }} -group = {{ item["group"] | default('www-data') }} +user = {{ item['user'] | d(__shared__apache_httpd_user) }} +group = {{ item['group'] | d(__shared__apache_httpd_group) }} ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -45,26 +44,34 @@ group = {{ item["group"] | default('www-data') }} ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /run/php/{{ item["name"] }}.sock +listen = {{ __php__fpm_runtime_path ~ '/' ~ item['name']}}.sock ; Set listen(2) backlog. -; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) +; Default Value: 511 ;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. The owner -; and group can be specified either by name or by their numeric IDs. +; permissions must be set in order to allow connections from a web server. +; The owner and group can be specified either by name or by their numeric IDs. ; Default Values: Owner is set to the master process running user. If the group ; is not set, the owner's group is used. Mode is set to 0660. -listen.owner = www-data -listen.group = www-data +{% if ansible_facts["os_family"] == 'Debian' %} +listen.owner = {{ __shared__apache_httpd_user }} +listen.group = {{ __shared__apache_httpd_group }} +{% else %} +;listen.owner = nobody +;listen.group = nobody +{% endif %} ;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. ; When set, listen.owner and listen.group are ignored +{% if ansible_facts["os_family"] == 'RedHat' %} +listen.acl_users = {{ __shared__apache_httpd_user }} +{% else %} ;listen.acl_users = +{% endif %} ;listen.acl_groups = ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. @@ -75,10 +82,6 @@ listen.group = www-data ; Default Value: any listen.allowed_clients = 127.0.0.1 -; Set the associated the route table (FIB). FreeBSD only -; Default Value: -1 -;listen.setfib = 1 - ; Specify the nice(2) priority to apply to the pool processes (only if set) ; The value can vary from -19 (highest priority) to 20 (lower priority) ; Note: - It will only work if the FPM master process is launched as root @@ -87,8 +90,7 @@ listen.allowed_clients = 127.0.0.1 ; Default Value: no set ; process.priority = -19 -; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or -; PROC_TRACE_CTL procctl for FreeBSD) even if the process user +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user ; or group is different than the master process user. It allows to create process ; core dump and ptrace the process for the pool user. ; Default Value: no @@ -120,7 +122,7 @@ listen.allowed_clients = 127.0.0.1 ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. -pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} +pm = {{ item['pm'] | d(php__fpm_pool_conf_pm__combined_var) }} ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -131,39 +133,39 @@ pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = {{ php__fpm_pool_conf_pm_max_children__combined_var | d(5) }} +pm.max_children = {{ item['pm_max_children'] | d(php__fpm_pool_conf_pm_max_children__combined_var) }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: (min_spare_servers + max_spare_servers) / 2 -pm.start_servers = {{ php__fpm_pool_conf_pm_start_servers__combined_var | d(2) }} +pm.start_servers = {{ item['pm_start_servers'] | d(php__fpm_pool_conf_pm_start_servers__combined_var) }} ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ php__fpm_pool_conf_pm_min_spare_servers__combined_var | d(1) }} +pm.min_spare_servers = {{ item['pm_min_spare_servers'] | d(php__fpm_pool_conf_pm_min_spare_servers__combined_var) }} ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var | d(3) }} +pm.max_spare_servers = {{ item['pm_max_spare_servers'] | d(php__fpm_pool_conf_pm_max_spare_servers__combined_var) }} ; The number of rate to spawn child processes at once. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' ; Default Value: 32 -;pm.max_spawn_rate = 32 +pm.max_spawn_rate = {{ item['pm_max_spawn_rate'] | d(32) }} ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -;pm.process_idle_timeout = 10s; +pm.process_idle_timeout = {{ item['pm_process_idle_timeout'] | d('10s') }} ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -;pm.max_requests = 500 +pm.max_requests = {{ item['pm_max_requests'] | d(500) }} ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following information: @@ -236,8 +238,8 @@ pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var ; it's always 0 if the process is not in Idle state ; because memory calculation is done when the request ; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to +; If the process is in Idle state, then information is related to the +; last request the process has served. Otherwise information is related to ; the current request being served. ; Example output: ; ************************ @@ -256,13 +258,13 @@ pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/share/php/8.2/fpm/status.html +; It's available in: @EXPANDED_DATADIR@/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +pm.status_path = {{ item['pm_status_path'] | d('/' ~ item['name'] ~ '-fpm-status') }} ; The address on which to accept FastCGI status request. This creates a new ; invisible pool that can handle requests independently. This is useful @@ -290,7 +292,7 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /fpm-ping +ping.path = {{ item['ping_path'] | d('/' ~ item['name'] ~ '-fpm-ping') }} ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. @@ -349,20 +351,24 @@ ping.response = pong ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) ; The strftime(3) format must be encapsulated in a %{}t tag +{% raw -%} ; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +{% endraw %} ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) ; The strftime(3) format must be encapsulated in a %{}t tag +{% raw -%} ; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user +{% endraw %} +; %u: basic auth user if specified in Authorization header ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" ; A list of request_uri values which should be filtered from the access log. ; -; As a security precuation, this setting will be ignored if: +; As a security precaution, this setting will be ignored if: ; - the request method is not GET or HEAD; or ; - there is a request body; or ; - there are query parameters; or @@ -379,24 +385,24 @@ ping.response = pong ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = log/{{ item["name"] }}-slow.log +slowlog = /var/log/{{ __php__fpm_service_name }}/{{ item['name'] }}-slow.log ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = {{ php__fpm_pool_conf_request_slowlog_timeout__combined_var }} +request_slowlog_timeout = {{ item['request_slowlog_timeout'] | d(php__fpm_pool_conf_request_slowlog_timeout__combined_var) }} ; Depth of slow log stack trace. ; Default Value: 20 -;request_slowlog_trace_depth = 20 +request_slowlog_trace_depth = {{ item['request_slowlog_trace_depth'] | d(20) }} ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__combined_var }} +request_terminate_timeout = {{ item['request_terminate_timeout'] | d(php__fpm_pool_conf_request_terminate_timeout__combined_var) }} ; The timeout set by 'request_terminate_timeout' ini option is not engaged after ; application calls 'fastcgi_finish_request' or when application has finished and @@ -466,7 +472,10 @@ request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__com ; the current environment. ; Default Value: clean env ;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin +; A defined PATH is required so PHP code can locate system binaries via getenv("PATH"). +; With clear_env at its default (yes) the worker environment is emptied, leaving +; getenv("PATH") empty, which trips tools that shell out and Nextcloud's "PHP getenv" setup check. +env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp @@ -481,22 +490,42 @@ request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__com ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. ; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. +; extension_dir. Defining 'disable_functions' will not overwrite previously +; defined php.ini values, but will append the new value instead. ; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr) +; (pool, global or @prefix@) ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com ;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm-{{ item["name"] }}-error.log + php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M +php_admin_value[error_log] = /var/log/{{ __php__fpm_service_name }}/{{ item['name'] }}-error.log +php_admin_value[max_execution_time] = {{ item['php_admin_value_max_execution_time'] | d(php__ini_max_execution_time__combined_var) }} +php_admin_value[max_input_vars] = {{ item['php_admin_value_max_input_vars'] | d(php__ini_max_input_vars__combined_var) }} +php_admin_value[memory_limit] = {{ item['php_admin_value_memory_limit'] | d(php__ini_memory_limit__combined_var) }} +{% if item['php_admin_value_open_basedir'] | d() %} +php_admin_value[open_basedir] = {{ item['php_admin_value_open_basedir'] }} +{% else %} +;php_admin_value[open_basedir] = +{% endif %} +php_admin_value[post_max_size] = {{ item['php_admin_value_post_max_size'] | d(php__ini_post_max_size__combined_var) }} +php_admin_value[upload_max_filesize] = {{ item['php_admin_value_upload_max_filesize'] | d(php__ini_upload_max_filesize__combined_var) }} + +; Set the following data paths to directories owned by the FPM process user. +; +; Do not change the ownership of existing system directories, if the process +; user does not have write permission, create dedicated directories for this +; purpose. +; +; See warning about choosing the location of these directories on your system +; at http://php.net/session.save-path +php_admin_value[session.save_handler] = files +php_admin_value[session.save_path] = {{ item['php_admin_value_session_save_path'] | d(__php__fpm_session_path ~ '/' ~ item['name']) }} +{% if item['raw'] | d() %} -[% if item["raw"] | default() %] ; raw content -{{ item["raw"] }} -[% endif %] +{{ item['raw'] }} +{% endif %} diff --git a/roles/php/templates/etc/php.d/7.2-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/7.2-z00-linuxfabrik.ini.j2 index 6264f52e7..05d122d59 100644 --- a/roles/php/templates/etc/php.d/7.2-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/7.2-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 7.2 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = On -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/7.3-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/7.3-z00-linuxfabrik.ini.j2 index 95f735afa..ede55bfe3 100644 --- a/roles/php/templates/etc/php.d/7.3-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/7.3-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 7.3 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = On -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/7.4-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/7.4-z00-linuxfabrik.ini.j2 index 0f6d60db3..d7b44c712 100644 --- a/roles/php/templates/etc/php.d/7.4-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/7.4-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 7.4 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = On -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/8.0-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/8.0-z00-linuxfabrik.ini.j2 index d15e77baa..27403c689 100644 --- a/roles/php/templates/etc/php.d/8.0-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/8.0-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 8.0 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = On -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/8.1-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/8.1-z00-linuxfabrik.ini.j2 index c502c5d86..5d2c33be8 100644 --- a/roles/php/templates/etc/php.d/8.1-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/8.1-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 8.1 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = On -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/8.2-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/8.2-z00-linuxfabrik.ini.j2 index 985fa4259..c437d0336 100644 --- a/roles/php/templates/etc/php.d/8.2-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/8.2-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 8.2 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = On -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/8.3-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/8.3-z00-linuxfabrik.ini.j2 index d9691c7b2..d22dc0f30 100644 --- a/roles/php/templates/etc/php.d/8.3-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/8.3-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 8.3 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('1') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = Off -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/8.4-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/8.4-z00-linuxfabrik.ini.j2 index c20723f6e..78802e83f 100644 --- a/roles/php/templates/etc/php.d/8.4-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/8.4-z00-linuxfabrik.ini.j2 @@ -3,43 +3,43 @@ ; php 8.4 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('off') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('off') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL & ~E_DEPRECATED & ~E_STRICT') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off html_errors = Off -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('60') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('1') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('1') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = Off -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.sid_length = {{ php__ini_session_sid_length__combined_var | default(26) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.sid_length = {{ php__ini_session_sid_length__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/templates/etc/php.d/8.5-z00-linuxfabrik.ini.j2 b/roles/php/templates/etc/php.d/8.5-z00-linuxfabrik.ini.j2 index 620143f35..e83f43785 100644 --- a/roles/php/templates/etc/php.d/8.5-z00-linuxfabrik.ini.j2 +++ b/roles/php/templates/etc/php.d/8.5-z00-linuxfabrik.ini.j2 @@ -3,42 +3,42 @@ ; php 8.5 [PHP] -date.timezone = {{ php__ini_date_timezone__combined_var | default('Europe/Zurich') }} -default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var | default('60') }} -display_errors = {{ php__ini_display_errors__combined_var | default('On') }} -display_startup_errors = {{ php__ini_display_startup_errors__combined_var | default('On') }} -error_reporting = {{ php__ini_error_reporting__combined_var | default('E_ALL') }} +date.timezone = {{ php__ini_date_timezone__combined_var }} +default_socket_timeout = {{ php__ini_default_socket_timeout__combined_var }} +display_errors = {{ php__ini_display_errors__combined_var }} +display_startup_errors = {{ php__ini_display_startup_errors__combined_var }} +error_reporting = {{ php__ini_error_reporting__combined_var }} expose_php = Off ; differs from default on purpose due to security reasons html_errors = Off ; differs from default on purpose due to security reasons -max_execution_time = {{ php__ini_max_execution_time__combined_var | default('30') }} -max_file_uploads = {{ php__ini_max_file_uploads__combined_var | default('20') }} -max_input_time = {{ php__ini_max_input_time__combined_var | default('-1') }} -max_input_vars = {{ php__ini_max_input_vars__combined_var | default('1000') }} -memory_limit = {{ php__ini_memory_limit__combined_var | default('128M') }} -post_max_size = {{ php__ini_post_max_size__combined_var | default('8M') }} +max_execution_time = {{ php__ini_max_execution_time__combined_var }} +max_file_uploads = {{ php__ini_max_file_uploads__combined_var }} +max_input_time = {{ php__ini_max_input_time__combined_var }} +max_input_vars = {{ php__ini_max_input_vars__combined_var }} +memory_limit = {{ php__ini_memory_limit__combined_var }} +post_max_size = {{ php__ini_post_max_size__combined_var }} realpath_cache_size = 4M realpath_cache_ttl = 120 serialize_precision = -1 -upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var | default('2M') }} +upload_max_filesize = {{ php__ini_upload_max_filesize__combined_var }} -opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var | d('/etc/php.d/opcache*.blacklist') }} -opcache.enable = {{ php__ini_opcache_enable__combined_var | d('1') }} -opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var | d('0') }} -opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var | d('0') }} -opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var | d('8') }} -opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var | d('10000') }} -opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var | d('128') }} -opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var | d('2') }} -opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var | d('1') }} -opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var | d('1') }} +opcache.blacklist_filename = {{ php__ini_opcache_blacklist_filename__combined_var }} +opcache.enable = {{ php__ini_opcache_enable__combined_var }} +opcache.enable_cli = {{ php__ini_opcache_enable_cli__combined_var }} +opcache.huge_code_pages = {{ php__ini_opcache_huge_code_pages__combined_var }} +opcache.interned_strings_buffer = {{ php__ini_opcache_interned_strings_buffer__combined_var }} +opcache.max_accelerated_files = {{ php__ini_opcache_max_accelerated_files__combined_var }} +opcache.memory_consumption = {{ php__ini_opcache_memory_consumption__combined_var }} +opcache.revalidate_freq = {{ php__ini_opcache_revalidate_freq__combined_var }} +opcache.save_comments = {{ php__ini_opcache_save_comments__combined_var }} +opcache.validate_timestamps = {{ php__ini_opcache_validate_timestamps__combined_var }} [mail function] mail.add_x_header = Off -SMTP = {{ php__ini_smtp__combined_var | default('localhost') }} +SMTP = {{ php__ini_smtp__combined_var }} smtp_port = 25 [Session] -session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var | default('off') }} -session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var | default('off') }} -session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var | default(1440) }} -session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var | default("a=href,area=href,frame=src,form=") }}" +session.cookie_httponly = {{ php__ini_session_cookie_httponly__combined_var }} +session.cookie_secure = {{ php__ini_session_cookie_secure__combined_var }} +session.gc_maxlifetime = {{ php__ini_session_gc_maxlifetime__combined_var }} +session.trans_sid_tags = "{{ php__ini_session_trans_sid_tags__combined_var }}" diff --git a/roles/php/vars/Debian.yml b/roles/php/vars/Debian.yml index d87c73c77..dd121a498 100644 --- a/roles/php/vars/Debian.yml +++ b/roles/php/vars/Debian.yml @@ -1,6 +1,9 @@ -php__conf_dest: - - '/etc/php/{{ php__installed_version }}/apache2/conf.d/z00-linuxfabrik.ini' - - '/etc/php/{{ php__installed_version }}/cli/conf.d/z00-linuxfabrik.ini' - - '/etc/php/{{ php__installed_version }}/fpm/conf.d/z00-linuxfabrik.ini' -php__fpm_pools_path: '/etc/php/{{ php__installed_version }}/fpm/pool.d' -php__fpm_service_name: 'php{{ php__installed_version }}-fpm' +__php__conf_dest: + - '/etc/php/{{ __php__installed_version }}/apache2/conf.d/z00-linuxfabrik.ini' + - '/etc/php/{{ __php__installed_version }}/cli/conf.d/z00-linuxfabrik.ini' + - '/etc/php/{{ __php__installed_version }}/fpm/conf.d/z00-linuxfabrik.ini' +__php__fpm_opcache_path: '/var/lib/php/opcache' +__php__fpm_pools_path: '/etc/php/{{ __php__installed_version }}/fpm/pool.d' +__php__fpm_runtime_path: '/run/php' +__php__fpm_service_name: 'php{{ __php__installed_version }}-fpm' +__php__fpm_session_path: '/var/lib/php/sessions' diff --git a/roles/php/vars/RedHat.yml b/roles/php/vars/RedHat.yml index d4c7fdeaa..a84267e73 100644 --- a/roles/php/vars/RedHat.yml +++ b/roles/php/vars/RedHat.yml @@ -1,4 +1,7 @@ -php__conf_dest: +__php__conf_dest: - '/etc/php.d/z00-linuxfabrik.ini' -php__fpm_pools_path: '/etc/php-fpm.d' -php__fpm_service_name: 'php-fpm' +__php__fpm_opcache_path: '/var/lib/php/opcache' +__php__fpm_pools_path: '/etc/php-fpm.d' +__php__fpm_runtime_path: '/run/php-fpm' +__php__fpm_service_name: 'php-fpm' +__php__fpm_session_path: '/var/lib/php/session'