# HG changeset patch
# User IBBoard <dev@ibboard.co.uk>
# Date 1601728710 -3600
# Node ID aad5c00b0525c13fc615f86b739c1172b7f571c9
# Parent  e046606cf2182d8d7b2bd3dad634be027517c1b5
Switch to Apache "events" and PHP via FCGI

This allows us to enabled http2 later

diff -r e046606cf218 -r aad5c00b0525 modules/website/files/conf.extra/html-php.conf
--- a/modules/website/files/conf.extra/html-php.conf	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/conf.extra/html-php.conf	Sat Oct 03 13:38:30 2020 +0100
@@ -1,18 +1,14 @@
 # Make sure we have PHP
 Include conf.extra/php.conf
 
-<IfModule php7_module>
-	#
-	# Cause the PHP interpreter to handle files with a .html extension.
-	#
-	AddHandler php7-script .html
+#
+# Cause the PHP interpreter to handle files with a .html extension.
+#
+<FilesMatch "\.html$">
 	AddType text/html .html
 
 	#If we're doing HTML files as PHP then swap the priority for directory indexing
-	DirectoryIndex index.html index.php
-</IfModule>
-<IfModule !php7_module>
-	<FilesMatch "\.html$">
-	        Require all denied
-	</FilesMatch>
-</IfModule>
+	DirectoryIndex /index.html /index.php
+
+	SetHandler "proxy:fcgi://localhost:9000"
+</FilesMatch>
diff -r e046606cf218 -r aad5c00b0525 modules/website/files/conf.extra/php.conf
--- a/modules/website/files/conf.extra/php.conf	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/conf.extra/php.conf	Sat Oct 03 13:38:30 2020 +0100
@@ -1,1 +1,1 @@
-DirectoryIndex index.php index.html
\ No newline at end of file
+DirectoryIndex /index.php /index.html
\ No newline at end of file
diff -r e046606cf218 -r aad5c00b0525 modules/website/files/custom-php.ini
--- a/modules/website/files/custom-php.ini	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/custom-php.ini	Sat Oct 03 13:38:30 2020 +0100
@@ -3,3 +3,7 @@
 
 ; Work around SELinux "denied execmem" warnings from preg_match JITing
 pcre.jit = 0
+
+; Space isn't scarce these days - increase default sizes
+upload_max_filesize = "8M"
+post_max_size = "8M"
\ No newline at end of file
diff -r e046606cf218 -r aad5c00b0525 modules/website/files/php.conf
--- a/modules/website/files/php.conf	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/php.conf	Sat Oct 03 13:38:30 2020 +0100
@@ -1,31 +1,11 @@
-#Webtatic PHP config - note the different files used!
-
 #
-# PHP is an HTML-embedded scripting language which attempts to make it
-# easy for developers to write dynamically generated webpages.
+# The following lines prevent .user.ini files from being viewed by Web clients.
 #
-<IfModule !worker.c>
-  LoadModule php7_module modules/libphp7.so
-</IfModule>
-<IfModule worker.c>
-  LoadModule php7_module modules/libphp7-zts.so
-</IfModule>
+<Files ".user.ini">
+	Require all denied
+</Files>
 
-<IfModule php7_module>
-	#
-	# Cause the PHP interpreter to handle files with a .php extension.
-	#
-	AddHandler php7-script .php
-	AddType text/html .php
-	
-	#
-	# Add index.php to the list of files that will be served as directory
-	# indexes.
-	#
-	DirectoryIndex index.php
-</IfModule>
-<IfModule !php7_module>
-	<FilesMatch "\.php$">
-	        Require all denied
-	</FilesMatch>
-</IfModule>
\ No newline at end of file
+<FilesMatch "\.php$">
+	# Don't wrap in an <IfModule> because we'd rather it failed
+	SetHandler "proxy:fcgi://localhost:9000"
+</FilesMatch>
diff -r e046606cf218 -r aad5c00b0525 modules/website/manifests/init.pp
--- a/modules/website/manifests/init.pp	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/manifests/init.pp	Sat Oct 03 13:38:30 2020 +0100
@@ -38,11 +38,7 @@
     mpm_module => false,
   }
   class { 'apache::mod::dir': indexes => [ 'index.html' ] }
-  class { 'apache::mod::prefork':
-    serverlimit => 45,
-    maxclients => 45,
-    maxspareservers => 6,
-  }
+  class { 'apache::mod::event': }
   apache::mod {
     'rewrite':;
     'expires':;
diff -r e046606cf218 -r aad5c00b0525 modules/website/manifests/php.pp
--- a/modules/website/manifests/php.pp	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/manifests/php.pp	Sat Oct 03 13:38:30 2020 +0100
@@ -3,37 +3,32 @@
     $module = undef,
     $extras = [],
     ) {
-  Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['httpd']
+  Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd']
+
+  $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" }
 
-  if $module != undef {
-    $php_core = 'php'
-    package { $php_core:
-      provider => 'dnfmodule',
-      ensure => $module,
-      tag => 'php-package',
-    }
-  } else {
-    if $suffix =~ /^7[1-9]w$/ {
-      $php_core = "mod_php${suffix}"
-    } else {
-      $php_core = "php${suffix}"
-    }
-    package { $php_core:
-      ensure => installed,
-      tag => 'php-package',
-    }
+  package { $php_core:
+    provider => ($module != undef) ? { true => 'dnfmodule', default => undef },
+    ensure => ($module != undef) ? { true => $module, default => installed },
+    tag => 'php-package',
   }
 
-  $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
+  package { 'mod_fcgid':
+    ensure => installed,
+  }
+  class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}
+
+  $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ]
   package { $packages:
     ensure => installed,
     tag => 'php-package',
   }
 
   service { 'php-fpm':
-    ensure => 'stopped',
-    enable => 'mask',
+    ensure => 'running',
+    enable => true,
   }
+
   website::php::extra { $extras: }
 
   file { '/etc/php.d/custom-lockdown.ini':