mirror of
https://github.com/GeekOops/doc.git
synced 2024-05-20 05:12:21 +00:00
Felix Niederwanger
0349adaedf
Update the example webserver to use Leap 15.4 and remove some issues with the playbook and description.
70 lines
1.9 KiB
YAML
70 lines
1.9 KiB
YAML
---
|
|
- hosts: jellyfish
|
|
user: root
|
|
|
|
roles:
|
|
- role: geekoops-nginx
|
|
vars:
|
|
config_firewall: true
|
|
firewall_zone: "public"
|
|
- role: geekoops-php-fpm
|
|
vars:
|
|
apcu_enable: true
|
|
apcu_shm_size: 32M
|
|
php_memlimit: 256M
|
|
php_maxuploadsize: 64M
|
|
|
|
tasks:
|
|
- name: Deploy jellyfish config for nginx
|
|
copy:
|
|
content: |
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name jellyfish;
|
|
root /srv/www/htdocs;
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location ~ \.php$ {
|
|
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
}
|
|
}
|
|
dest: "/etc/nginx/vhosts.d/jellyfish.conf"
|
|
group: "root"
|
|
owner: "root"
|
|
mode: 0754
|
|
notify: Restart nginx
|
|
- name: Ensure nginx is in the www group
|
|
user:
|
|
name: nginx
|
|
groups: www
|
|
append: yes
|
|
notify: Restart nginx
|
|
- name: Deploy phpinfo script
|
|
copy:
|
|
content: "<?php phpinfo(); phpinfo(INFO_MODULES); ?>"
|
|
dest: "/srv/www/htdocs/phpinfo.php"
|
|
group: "www"
|
|
owner: "wwwrun"
|
|
mode: 0754
|
|
# Note: The current php-fpm apparmor profile does not allow access to /srv/www.
|
|
# We set app-armor to complain in this role. Note that you should use e.g.
|
|
# `yast apparmor` to update your AppArmor profile instead of disabling AppArmor
|
|
# as a whole!
|
|
- name: Ensure aa-complain is installed
|
|
package:
|
|
name: apparmor-utils
|
|
state: present
|
|
- name: Put app-armor to complain mode
|
|
shell: aa-complain /etc/apparmor.d/php-fpm
|
|
|
|
handlers:
|
|
- name: Restart nginx
|
|
systemd:
|
|
name: nginx
|
|
state: restarted
|