Mercurial > repos > other > Puppet

changeset 354:aad5c00b0525

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to Apache "events" and PHP via FCGI This allows us to enabled http2 later
author IBBoard <dev@ibboard.co.uk>
date Sat, 03 Oct 2020 13:38:30 +0100
parents e046606cf218
children 60b13e6d83c5
files modules/website/files/conf.extra/html-php.conf modules/website/files/conf.extra/php.conf modules/website/files/custom-php.ini modules/website/files/php.conf modules/website/manifests/init.pp modules/website/manifests/php.pp
diffstat 6 files changed, 38 insertions(+), 67 deletions(-) [+]
line wrap: on
line diff
--- a/modules/website/files/conf.extra/html-php.conf	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/conf.extra/html-php.conf	Sat Oct 03 13:38:30 2020 +0100
@@ -1,18 +1,14 @@
 # Make sure we have PHP
 Include conf.extra/php.conf
 
-<IfModule php7_module>
-	#
-	# Cause the PHP interpreter to handle files with a .html extension.
-	#
-	AddHandler php7-script .html
+#
+# Cause the PHP interpreter to handle files with a .html extension.
+#
+<FilesMatch "\.html$">
 	AddType text/html .html
 
 	#If we're doing HTML files as PHP then swap the priority for directory indexing
-	DirectoryIndex index.html index.php
-</IfModule>
-<IfModule !php7_module>
-	<FilesMatch "\.html$">
-	        Require all denied
-	</FilesMatch>
-</IfModule>
+	DirectoryIndex /index.html /index.php
+
+	SetHandler "proxy:fcgi://localhost:9000"
+</FilesMatch>
--- a/modules/website/files/conf.extra/php.conf	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/conf.extra/php.conf	Sat Oct 03 13:38:30 2020 +0100
@@ -1,1 +1,1 @@
-DirectoryIndex index.php index.html
\ No newline at end of file
+DirectoryIndex /index.php /index.html
\ No newline at end of file
--- a/modules/website/files/custom-php.ini	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/custom-php.ini	Sat Oct 03 13:38:30 2020 +0100
@@ -3,3 +3,7 @@
 
 ; Work around SELinux "denied execmem" warnings from preg_match JITing
 pcre.jit = 0
+
+; Space isn't scarce these days - increase default sizes
+upload_max_filesize = "8M"
+post_max_size = "8M"
\ No newline at end of file
--- a/modules/website/files/php.conf	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/files/php.conf	Sat Oct 03 13:38:30 2020 +0100
@@ -1,31 +1,11 @@
-#Webtatic PHP config - note the different files used!
-
 #
-# PHP is an HTML-embedded scripting language which attempts to make it
-# easy for developers to write dynamically generated webpages.
+# The following lines prevent .user.ini files from being viewed by Web clients.
 #
-<IfModule !worker.c>
-  LoadModule php7_module modules/libphp7.so
-</IfModule>
-<IfModule worker.c>
-  LoadModule php7_module modules/libphp7-zts.so
-</IfModule>
+<Files ".user.ini">
+	Require all denied
+</Files>
 
-<IfModule php7_module>
-	#
-	# Cause the PHP interpreter to handle files with a .php extension.
-	#
-	AddHandler php7-script .php
-	AddType text/html .php
-	
-	#
-	# Add index.php to the list of files that will be served as directory
-	# indexes.
-	#
-	DirectoryIndex index.php
-</IfModule>
-<IfModule !php7_module>
-	<FilesMatch "\.php$">
-	        Require all denied
-	</FilesMatch>
-</IfModule>
\ No newline at end of file
+<FilesMatch "\.php$">
+	# Don't wrap in an <IfModule> because we'd rather it failed
+	SetHandler "proxy:fcgi://localhost:9000"
+</FilesMatch>
--- a/modules/website/manifests/init.pp	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/manifests/init.pp	Sat Oct 03 13:38:30 2020 +0100
@@ -38,11 +38,7 @@
     mpm_module => false,
   }
   class { 'apache::mod::dir': indexes => [ 'index.html' ] }
-  class { 'apache::mod::prefork':
-    serverlimit => 45,
-    maxclients => 45,
-    maxspareservers => 6,
-  }
+  class { 'apache::mod::event': }
   apache::mod {
     'rewrite':;
     'expires':;
--- a/modules/website/manifests/php.pp	Sat Oct 03 11:58:27 2020 +0100
+++ b/modules/website/manifests/php.pp	Sat Oct 03 13:38:30 2020 +0100
@@ -3,37 +3,32 @@
     $module = undef,
     $extras = [],
     ) {
-  Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['httpd']
+  Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd']
+
+  $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" }
 
-  if $module != undef {
-    $php_core = 'php'
-    package { $php_core:
-      provider => 'dnfmodule',
-      ensure => $module,
-      tag => 'php-package',
-    }
-  } else {
-    if $suffix =~ /^7[1-9]w$/ {
-      $php_core = "mod_php${suffix}"
-    } else {
-      $php_core = "php${suffix}"
-    }
-    package { $php_core:
-      ensure => installed,
-      tag => 'php-package',
-    }
+  package { $php_core:
+    provider => ($module != undef) ? { true => 'dnfmodule', default => undef },
+    ensure => ($module != undef) ? { true => $module, default => installed },
+    tag => 'php-package',
   }
 
-  $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
+  package { 'mod_fcgid':
+    ensure => installed,
+  }
+  class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}
+
+  $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ]
   package { $packages:
     ensure => installed,
     tag => 'php-package',
   }
 
   service { 'php-fpm':
-    ensure => 'stopped',
-    enable => 'mask',
+    ensure => 'running',
+    enable => true,
   }
+
   website::php::extra { $extras: }
 
   file { '/etc/php.d/custom-lockdown.ini':