Mercurial > repos > other > Puppet

annotate modules/website/manifests/php.pp @ 263:f99974dc0f1a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add a way to skip setting CSP NextCloud manages CSP itself, so we don't need the header in the PIM subdomain causing confusion and incorrect results
author IBBoard <dev@ibboard.co.uk>
date Sun, 29 Dec 2019 16:43:55 +0000
parents c3fa3d65aa83
children 99e3ca448d55
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 class website::php(
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 $suffix = '',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 $opcache = undef,
69
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
4 $extras = [],
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 ) {
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
6 Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['httpd']
69
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
7
179
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
8 if $suffix =~ /^7[1-9]w$/ {
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
9 $php_core = "mod_php${suffix}"
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
10 } else {
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
11 $php_core = "php${suffix}"
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
12 }
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
13
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
14 $packages = [ $php_core, "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 package { $packages:
131
0dd899a10ee1 Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents: 120
diff changeset
16 ensure => installed,
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
17 tag => 'php-package',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 }
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
19
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 file { '/etc/php.d/custom-lockdown.ini':
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21 ensure => present,
106
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents: 94
diff changeset
22 content => 'allow_url_fopen = \'off\'
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents: 94
diff changeset
23 expose_php = Off',
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
24 tag => 'php-file',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 }
17
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
26 file { '/etc/php.d/custom-php.ini':
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
27 ensure => present,
120
b00eb9434938 Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache
IBBoard <dev@ibboard.co.uk>
parents: 106
diff changeset
28 source => 'puppet:///modules/website/custom-php.ini',
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
29 tag => 'php-file',
17
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
30 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
31
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
32 if $opcache {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 package { "php${suffix}-${opcache}":
131
0dd899a10ee1 Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents: 120
diff changeset
34 ensure => installed,
179
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
35 require => Package[$php_core],
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
36 tag => 'php-package',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
37 }
240
960e737a120e Deduplicate PHP opcache config files
IBBoard <dev@ibboard.co.uk>
parents: 179
diff changeset
38 # Use Remi's (and the OS's) naming convention
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39 file { '/etc/php.d/opcache.ini':
240
960e737a120e Deduplicate PHP opcache config files
IBBoard <dev@ibboard.co.uk>
parents: 179
diff changeset
40 ensure => absent,
960e737a120e Deduplicate PHP opcache config files
IBBoard <dev@ibboard.co.uk>
parents: 179
diff changeset
41 }
960e737a120e Deduplicate PHP opcache config files
IBBoard <dev@ibboard.co.uk>
parents: 179
diff changeset
42 file { '/etc/php.d/10-opcache.ini':
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43 ensure => present,
169
4efaba4fbe94 Expand PHP OpCache config in line with NextCloud recommendations
IBBoard <dev@ibboard.co.uk>
parents: 149
diff changeset
44 source => 'puppet:///modules/website/opcache.ini',
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
45 tag => 'php-file',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
46 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48 }