Mercurial > repos > other > Puppet
annotate modules/website/manifests/php.pp @ 224:636866c00b86 puppet-3.6
Blacklist more user probes - a database and a generic "service"
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 27 Oct 2019 16:59:42 +0000 |
| parents | 89cd717361fd |
| children | 960e737a120e |
| rev | line source |
|---|---|
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 class website::php( |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 $suffix = '', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 $opcache = undef, |
|
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
4 $extras = [], |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 ) { |
|
3
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
6 File { |
|
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
7 notify => Service['httpd'], |
|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
22
diff
changeset
|
8 tag => 'website', |
|
3
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
9 } |
|
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
10 Package { |
|
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
11 notify => Service['httpd'], |
|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
22
diff
changeset
|
12 tag => 'website', |
|
3
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
13 } |
|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
22
diff
changeset
|
14 Package <| tag == 'website' |> -> File <| tag == 'website' |> |
|
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
15 define website::php::extra_php ($pkg = $title) { |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
16 package { "php${website::php::suffix}-${pkg}": |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
120
diff
changeset
|
17 ensure => installed, |
|
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
18 } |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
19 } |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
20 |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
21 website::php::extra_php { $extras: } |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
22 |
|
179
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
23 if $suffix =~ /^7[1-9]w$/ { |
|
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
24 $php_core = "mod_php${suffix}" |
|
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
25 } else { |
|
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
26 $php_core = "php${suffix}" |
|
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
27 } |
|
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
28 |
|
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
29 $packages = [ $php_core, "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ] |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 package { $packages: |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
120
diff
changeset
|
31 ensure => installed, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 file { '/etc/php.d/custom-lockdown.ini': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 ensure => present, |
|
106
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
94
diff
changeset
|
35 content => 'allow_url_fopen = \'off\' |
|
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
94
diff
changeset
|
36 expose_php = Off', |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 } |
|
17
5ba2ddf53c29
Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents:
3
diff
changeset
|
38 file { '/etc/php.d/custom-php.ini': |
|
5ba2ddf53c29
Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents:
3
diff
changeset
|
39 ensure => present, |
|
120
b00eb9434938
Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
40 source => 'puppet:///modules/website/custom-php.ini', |
|
17
5ba2ddf53c29
Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents:
3
diff
changeset
|
41 } |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 if $opcache { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 package { "php${suffix}-${opcache}": |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
120
diff
changeset
|
45 ensure => installed, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 notify => Service['httpd'], |
|
179
89cd717361fd
Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents:
169
diff
changeset
|
47 require => Package[$php_core], |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 file { '/etc/php.d/opcache.ini': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 ensure => present, |
|
169
4efaba4fbe94
Expand PHP OpCache config in line with NextCloud recommendations
IBBoard <dev@ibboard.co.uk>
parents:
149
diff
changeset
|
51 source => 'puppet:///modules/website/opcache.ini', |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 } |