Repository: lasselehtinen/barn Branch: master Commit: 664b22102515 Files: 67 Total size: 112.6 KB Directory structure: gitextract_r4eqp2u9/ ├── .gitignore ├── LICENSE.md ├── README.md ├── Vagrantfile ├── dotenv_templates/ │ ├── centos7-test.blog.j2 │ └── ubuntu-test.blog.j2 ├── elasticsearchservers.yml ├── host_vars/ │ ├── .gitignore │ ├── centos7-test │ ├── localhost │ └── ubuntu-test ├── inventory/ │ ├── .gitignore │ ├── development │ └── testing ├── mysqlservers.yml ├── queueservers.yml ├── roles/ │ ├── common/ │ │ ├── handlers/ │ │ │ └── main.yml │ │ └── tasks/ │ │ ├── cron-apt.yml │ │ ├── main.yml │ │ ├── ntp.yml │ │ ├── remi.yml │ │ ├── selinux.yml │ │ ├── swap.yml │ │ └── yum-cron.yml │ ├── custom/ │ │ ├── files/ │ │ │ └── .gitignore │ │ ├── handlers/ │ │ │ └── .gitignore │ │ ├── tasks/ │ │ │ └── main.yml │ │ └── templates/ │ │ └── .gitignore │ ├── elasticsearchtier/ │ │ └── tasks/ │ │ ├── elasticsearch-apt-repo.yml │ │ ├── elasticsearch-yum-repo.yml │ │ ├── elasticsearch.yml │ │ ├── java.yml │ │ └── main.yml │ ├── mysqltier/ │ │ ├── handlers/ │ │ │ └── main.yml │ │ ├── tasks/ │ │ │ ├── firewalld.yml │ │ │ ├── main.yml │ │ │ └── mysql.yml │ │ └── templates/ │ │ ├── my-credentials.cnf.j2 │ │ └── my.cnf.j2 │ ├── queuetier/ │ │ ├── handlers/ │ │ │ └── main.yml │ │ ├── tasks/ │ │ │ ├── beanstalk.yml │ │ │ ├── main.yml │ │ │ ├── redis.yml │ │ │ └── supervisor.yml │ │ └── templates/ │ │ ├── supervisor-horizon.conf.j2 │ │ └── supervisor.conf.j2 │ └── webtier/ │ ├── handlers/ │ │ └── main.yml │ ├── tasks/ │ │ ├── composer.yml │ │ ├── cron.yml │ │ ├── dotenv.yml │ │ ├── firewalld.yml │ │ ├── letsencrypt.yml │ │ ├── main.yml │ │ ├── nginx.yml │ │ ├── ondrej.yml │ │ ├── php-fpm.yml │ │ ├── php.yml │ │ ├── redis.yml │ │ ├── remi.yml │ │ └── selinux.yml │ └── templates/ │ ├── nginx-ssl-virtualhost.conf.j2 │ ├── nginx-virtualhost.conf.j2 │ ├── nginx.conf.j2 │ ├── php-fpm.conf.j2 │ └── php.ini.j2 ├── site.yml └── webservers.yml ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ *.retry .vagrant ================================================ FILE: LICENSE.md ================================================ # The MIT License (MIT) Copyright (c) Lasse Lehtinen > Permission is hereby granted, free of charge, to any person obtaining a copy > of this software and associated documentation files (the "Software"), to deal > in the Software without restriction, including without limitation the rights > to use, copy, modify, merge, publish, distribute, sublicense, and/or sell > copies of the Software, and to permit persons to whom the Software is > furnished to do so, subject to the following conditions: > > The above copyright notice and this permission notice shall be included in > all copies or substantial portions of the Software. > > THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR > IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, > FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE > AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER > LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, > OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN > THE SOFTWARE. ================================================ FILE: README.md ================================================ # Barn - Ansible playbooks for Laravel applications This repository provides Ansible playbook targeted spesifically for Laravel applications. If you are not familiar with Ansible, it is an open-source tool that is most commonly used for provisioning, configuration management and deployment. Together with Ansible and these playbooks you can automate provisioning of your servers and development environment. Please note that Barn is not the designed to handle the actual deployment of the Laravel application. For deployment tools I suggest you checkout [Envoyer](https://envoyer.io/), [Deployer](https://deployer.org) or [Capistrano](http://capistranorb.com/) to name a few. Barn can automatically configures the following: * PHP * nginx + php-fpm with multiple virtual hosts * SSL certificates and renewal with Let's Encrypt * composer * redis * MySQL * Beanstalk * elasticsearch * Crontab entries for queue workers and scheduled tasks * Laravel Horizon Barn also tries to apply some additional security by setting SELinux mode to enforcing and enabling automatic package updates. ## Getting started ### Supported distributions * CentOS 7 * RedHat (Not tested) * Ubuntu Trusty * Debian (Not tested) Other versions of the distributions listed above might work, but no guarantees given. See testing if you want to try running the distribution of your choice in virtual machines. ### Installing Ansible You can install Ansible by following the [official installation documentation](http://docs.ansible.com/ansible/intro_installation.html). For Windows 10 users, you can use the instructions for Ubuntu after [installing the Linux subsystem](https://msdn.microsoft.com/en-us/commandline/wsl/install_guide). For older Windows version, please [check this tutorial on running Ansible on cygwin](https://www.jeffgeerling.com/blog/running-ansible-within-windows). ### Clone the repository ```shell git clone https://github.com/lasselehtinen/barn.git ``` ### Configure your inventory files The inventory files are located in the inventory directory. Check the example for development and read the [Ansible documentation](http://docs.ansible.com/ansible/intro_inventory.html). ### Configure your host variables Host variables control some of the aspects how the machine is configured. Store the host variable file with the same name as the hostname in the inventory file. Below is an example for the local development machine. ```yaml # Let's Encrypt settings enable_ssl: false letsencrypt_email: somebody@somewhere.com # Extra PHP packages php_extra_packages: - php-intl # PHP memory limit php_memory_limit: "512M" # A list of virtual hosts virtualhosts: blog: servernames: - blog.development - someother.development run_queue_worker: true run_horizon: false has_scheduled_jobs: true someothersite: servernames: - someothersite.development # MySQL root password mysql_root_password: somesecret # List of MySQL databases mysql_databases: blog: mysql_user: blog mysql_password: table_password someothersite: mysql_user: otherdbuser mysql_password: table_password ``` ### Create .env templates Create .env file templates in the dotenv_templates folder with the name `{{hostname}}.{{virtualhost}}.j2`. For example host centos7-test has a virtualhost called blog so the template should be named `centos7-test.blog.j2`. This is completely optional. ### Securing your host variables Since you storing highly confidential information like production database passwords in the host variables and .env templates it is highly recommend that encrypt them with a symmetric AES key. Luckily Ansible has built-in tool for this called Vault. Please [read the Vault documentation](http://docs.ansible.com/ansible/playbooks_vault.html) on how to set it up. #### Supported variables | Name | Description | Required | |----------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------| | enable_ssl | Controls whether the Playbook configures Let's Encrypt certificates on all the virtual hosts. | No | | letsencrypt_email | Email address for sending the expiry notices for the certificates. | No | | php_extra_packages | List of extra php-packages you want to install | No | | php_memory_limit | Sets the memory_limit in php.ini | No | | virtualhosts.name | Shortname used for folders like /var/www/name/public | Yes | | virtualhosts.name.servernames | List of hostnames for the virtual host. Must be a valid FQDN if you set enable_ssl to true. | Yes | | virtualhosts.name.run_queue_worker | Sets whether we should run artisan queue:work on this virtualhost | No | | virtualhosts.name.run_horizon | Sets whether Horizon should be running on this virtual host. Do not set both run_queue_worker and run_horizon to true | No | | virtualhosts.name.queue_worker_timeout | Sets the timeout for the queue worker, default is 60 seconds | No | | virtualhosts.name.has_scheduled_jobs | Sets whether we should run artisan schedule:run every minute on this virtualhost | No | | mysql_root_password | Root password for MySQL | Yes | | mysql_databases.name | Name of MySQL database that will generated | Yes | | mysql_databases.name.mysql_user | Name of normal MySQL user for that database. Place this in your .env file. | Yes | | mysql_databases.name.mysql_password | Password for the MySQL user. Place this in your .env file. | Yes | | Yes | | ## Running Barn ### Checking SSH access After you have done with the configuration make sure you have SSH access to the servers that listed on the inventory file. You can test this by using the ping module. Troubleshooting the SSH connection is the out of scope of this repository. Please note that you can set the SSH user and port in the inventory file, see the development for example. ```shell ansible -i inventory/development webservers -m ping localhost | SUCCESS => { "changed": false, "ping": "pong" } ``` ### Running the Playbook You can run the playbook on all hosts with the following command: ```shell ansible-playbook -i inventory site.yml ``` Provisioning takes a while for the first time so go grab a coffee. If there were no problems, you should have readily provisioned machine and you can deploy your Laravel application to the /var/www/`virtualhosts.name` folder. ### Running custom playbooks Sometimes you have something specific which Barn does not cover. In that case you can create your custom playbooks. Store the playbooks to `roles/custom/files` with the .yml extension and they will be executed on all roles. ## Contributing Pull requests are welcome. Repository provides a Vagrant file that spins up virtual machines on the supported distributions. Please make sure that running the command below completes without any failures. If you want to add support for a new distribution, add a new base box to the Vagrant file and add the host to the inventory/testing file. Remember also to copy the existing host_vars file for the new distribution. ```shell ansible-playbook -i inventory/testing site.yml ``` ## Issues If you have problems or suggestions, please [open a new issue in GitHub](https://github.com/lasselehtinen/barn/issues). ## License The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ================================================ FILE: Vagrantfile ================================================ Vagrant.configure("2") do |config| # List of servers servers=[ { :hostname => "barn-centos7", :box => "centos/7", :ip => "192.168.56.101", :ssh_port => '2210' }, { :hostname => "barn-ubuntu", :box => "ubuntu/trusty64", :ip => "192.168.56.102", :ssh_port => '2211' } ] servers.each do |machine| config.vm.define machine[:hostname] do |node| node.vm.box = machine[:box] node.vm.hostname = machine[:hostname] node.vm.network :private_network, ip: machine[:ip] node.vm.network "forwarded_port", guest: 22, host: machine[:ssh_port], id: "ssh" node.vm.provider :virtualbox do |v| v.customize ["modifyvm", :id, "--memory", 512] v.customize ["modifyvm", :id, "--name", machine[:hostname]] end end end # Inject your public SSH key id_rsa_key_pub = File.read(File.join(Dir.home, ".ssh", "id_rsa.pub")) config.vm.provision :shell, :inline => "echo 'appending SSH public key to ~vagrant/.ssh/authorized_keys' && echo '#{id_rsa_key_pub }' >> /home/vagrant/.ssh/authorized_keys && chmod 600 /home/vagrant/.ssh/authorized_keys" config.ssh.insert_key = false #config.vm.provision "ansible" do |ansible| #ansible.playbook = "site.yml" #end end ================================================ FILE: dotenv_templates/centos7-test.blog.j2 ================================================ APP_NAME=Laravel APP_ENV=local APP_KEY= APP_DEBUG=true APP_LOG_LEVEL=debug APP_URL=http://blog.development DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=blog DB_USERNAME=blog DB_PASSWORD=table_password BROADCAST_DRIVER=log CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_DRIVER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= ================================================ FILE: dotenv_templates/ubuntu-test.blog.j2 ================================================ APP_NAME=Laravel APP_ENV=local APP_KEY= APP_DEBUG=true APP_LOG_LEVEL=debug APP_URL=http://blog.development DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 DB_DATABASE=blog DB_USERNAME=blog DB_PASSWORD=table_password BROADCAST_DRIVER=log CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_DRIVER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= ================================================ FILE: elasticsearchservers.yml ================================================ # file: elasticsearchservers.yml - hosts: elasticsearchservers become: true become_user: root roles: - common - elasticsearchtier - custom ================================================ FILE: host_vars/.gitignore ================================================ * !.gitignore !centos7-test !localhost !ubuntu-test ================================================ FILE: host_vars/centos7-test ================================================ # Let's Encrypt settings enable_ssl: false letsencrypt_email: somebody@somewhere.com # Extra PHP packages php_extra_packages: - php-soap - php-intl # PHP memory limit php_memory_limit: "512M" # A list of virtual hosts virtualhosts: blog: servernames: - blog.development - someother.development run_queue_worker: true queue_worker_timeout: 60 has_scheduled_jobs: true cms: servernames: - cms.development run_queue_worker: false run_horizon: true queue_worker_timeout: 60 has_scheduled_jobs: true # MySQL root password mysql_root_password: somesecret # List of MySQL databases mysql_databases: blog: mysql_user: blog mysql_password: table_password ================================================ FILE: host_vars/localhost ================================================ # Let's Encrypt settings enable_ssl: false letsencrypt_email: somebody@somewhere.com # Extra PHP packages php_extra_packages: - php-intl # A list of virtual hosts virtualhosts: blog: servernames: - blog.development - someother.development run_queue_worker: true has_scheduled_jobs: true someothersite: servernames: - someothersite.development # MySQL root password mysql_root_password: somesecret # List of MySQL databases mysql_databases: blog: mysql_user: blog mysql_password: table_password someothersite: mysql_user: otherdbuser mysql_password: table_password ================================================ FILE: host_vars/ubuntu-test ================================================ # Let's Encrypt settings enable_ssl: false letsencrypt_email: somebody@somewhere.com # Extra PHP packages php_extra_packages: - php7.2-soap - php7.2-intl # PHP memory limit php_memory_limit: "512M" # A list of virtual hosts virtualhosts: blog: servernames: - blog.development - someother.development run_queue_worker: true queue_worker_timeout: 60 has_scheduled_jobs: true cms: servernames: - cms.development run_queue_worker: false run_horizon: true queue_worker_timeout: 60 has_scheduled_jobs: true # MySQL root password mysql_root_password: somesecret # List of MySQL databases mysql_databases: blog: mysql_user: blog mysql_password: table_password ================================================ FILE: inventory/.gitignore ================================================ * !.gitignore !development !testing ================================================ FILE: inventory/development ================================================ # file: development [webservers] localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant [mysqlservers] localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant [queueservers] localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant [elasticsearchservers] localhost ansible_ssh_host=localhost ansible_ssh_port=2200 ansible_ssh_user=vagrant ================================================ FILE: inventory/testing ================================================ # file: testing [webservers] centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant [mysqlservers] centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant [queueservers] centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant [elasticsearchservers] centos7-test ansible_ssh_host=localhost ansible_ssh_port=2210 ansible_ssh_user=vagrant ubuntu-test ansible_ssh_host=localhost ansible_ssh_port=2211 ansible_ssh_user=vagrant ================================================ FILE: mysqlservers.yml ================================================ # file: mysqlservers.yml - hosts: mysqlservers become: true become_user: root roles: - common - mysqltier - custom ================================================ FILE: queueservers.yml ================================================ # file: queueservers.yml - hosts: queueservers become: true become_user: root roles: - common - queuetier - custom ================================================ FILE: roles/common/handlers/main.yml ================================================ # file: roles/common/handlers/main.yml - name: Restart server tags: selinux shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1 poll: 0 ignore_errors: true - name: Wait for server to restart tags: selinux local_action: wait_for host={{ inventory_hostname }} port=22 delay=30 timeout=300 become: false ================================================ FILE: roles/common/tasks/cron-apt.yml ================================================ # file: roles/common/tasks/yum-cron.yml - name: Install cron-apt tags: cron-apt apt: name=cron-apt state=installed ================================================ FILE: roles/common/tasks/main.yml ================================================ # file: roles/common/tasks/main.yml - name: Make sure epel-repository is installed yum: name=epel-release state=installed tags: epel when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - include: remi.yml when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure git is installed tags: git yum: name=git state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure git is installed tags: git apt: name=git state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure unzip is installed tags: unzip yum: name=unzip state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure unzip is installed tags: unzip apt: name=unzip state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Remove require tty lineinfile: dest: /etc/sudoers line: 'Defaults requiretty' state: absent - include: ntp.yml - include: selinux.yml when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - include: yum-cron.yml when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - include: cron-apt.yml when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - include: swap.yml ================================================ FILE: roles/common/tasks/ntp.yml ================================================ # file: roles/common/tasks/ntp.yml - name: Install ntp yum: name=ntp state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install ntp apt: name=ntp state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure ntpd is running service: name=ntpd state=started when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure ntpd is started on boot service: name=ntpd enabled=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure ntpd is running service: name=ntp state=started when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure ntpd is started on boot service: name=ntp enabled=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ================================================ FILE: roles/common/tasks/remi.yml ================================================ # file: roles/common/tasks/remi.yml - name: Import PGP key for Remi's RPM repository tags: remi rpm_key: state=present key=http://rpms.famillecollet.com/RPM-GPG-KEY-remi - name: Install package for Remi's RPM repository tags: remi yum: name: "http://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" state: present ================================================ FILE: roles/common/tasks/selinux.yml ================================================ # file: roles/common/tasks/selinux.yml - name: Set SELinux to enforcing tags: selinux selinux: policy=targeted state=enforcing register: selinux notify: - Restart server - Wait for server to restart - name: Make sure SELinux managements tools are installed tags: selinux yum: name=policycoreutils-python state=installed ================================================ FILE: roles/common/tasks/swap.yml ================================================ # file: roles/common/tasks/swap.yml - name: Check if additional swap is needed tags: swap when: ansible_memtotal_mb < 1024 set_fact: needs_extra_swap: true - name: Check if swap exists tags: swap when: needs_extra_swap is defined and needs_extra_swap == true stat: path: /swapfile register: swap_file_check - name: Generate swapfile tags: swap command: dd if=/dev/zero of=/swapfile count=1024 bs=1MiB register: generate_swapfile when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == false - name: Set permissions on swapfile tags: swap file: path=/swapfile mode=0600 when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == true - name: Create swapfile tags: swap command: mkswap /swapfile when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == false - name: Enable swapfile tags: swap command: swapon /swapfile when: needs_extra_swap is defined and needs_extra_swap == true and swap_file_check.stat.exists == false - name: Add swapfile to /etc/fstab tags: swap lineinfile: dest=/etc/fstab line="/swapfile swap swap sw 0 0" state=present when: needs_extra_swap is defined and needs_extra_swap == true - name: Set swapfile permissions tags: swap file: path=/swapfile mode=0600 when: needs_extra_swap is defined and needs_extra_swap == true - name: Configure vm.swappiness tags: swap sysctl: name: vm.swappiness value: "1" when: needs_extra_swap is defined and needs_extra_swap == true - name: Configure vm.vfs_cache_pressure tags: swap sysctl: name: vm.vfs_cache_pressure value: "50" when: needs_extra_swap is defined and needs_extra_swap == true ================================================ FILE: roles/common/tasks/yum-cron.yml ================================================ # file: roles/common/tasks/yum-cron.yml - name: Update yum yum: name=yum state=present - name: Install deltarpm yum: name=deltarpm state=installed - name: Install yum-cron tags: yum-cron yum: name=yum-cron state=installed - name: Make sure yum-cron is running and started on boot tags: yum-cron service: name=yum-cron state=started enabled=yes - name: Enable automatic updates for yum-cron tags: yum-cron ini_file: dest: /etc/yum/yum-cron.conf section: commands option: apply_updates value: 'yes' ================================================ FILE: roles/custom/files/.gitignore ================================================ *.yml ================================================ FILE: roles/custom/handlers/.gitignore ================================================ * !.gitignore ================================================ FILE: roles/custom/tasks/main.yml ================================================ # file: roles/custom/tasks/main.yml - include: "{{ item }}" tags: custom with_fileglob: - '*.yml' ================================================ FILE: roles/custom/templates/.gitignore ================================================ * !.gitignore ================================================ FILE: roles/elasticsearchtier/tasks/elasticsearch-apt-repo.yml ================================================ # file: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml - name: Import PGP key for elasticsearch APT repository tags: elasticsearch apt_key: state=present url=http://packages.elastic.co/GPG-KEY-elasticsearch - name: Enable elasticsearch APT repository permanently tags: elasticsearch apt_repository: repo: deb http://packages.elastic.co/elasticsearch/5.x/debian stable main state: present ================================================ FILE: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml ================================================ # file: roles/elasticsearchtier/tasks/elasticsearch-yum-repo.yml - name: Import PGP key for elasticsearch RPM repository tags: elasticsearch rpm_key: state=present key=http://packages.elastic.co/GPG-KEY-elasticsearch - name: Enable elasticsearch RPM repository permanently tags: elasticsearch yum_repository: name: elasticsearch description: Elasticsearch repository for 5.x packages baseurl: https://artifacts.elastic.co/packages/5.x/yum enabled: 1 gpgcheck: 1 gpgkey: file:///etc/pki/rpm-gpg/GPG-KEY-elasticsearch ================================================ FILE: roles/elasticsearchtier/tasks/elasticsearch.yml ================================================ # file: roles/elasticsearchtier/tasks/elasticsearch.yml - name: Install elasticsearch tags: elasticsearch yum: name=elasticsearch state=installed enablerepo=elasticsearch when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install elasticsearch tags: elasticsearch apt: name=elasticsearch update_cache=yes state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure elasticsearch is running and is started on boot tags: elasticsearch service: name=elasticsearch state=started enabled=yes ================================================ FILE: roles/elasticsearchtier/tasks/java.yml ================================================ # file: roles/elasticsearchtier/tasks/java.yml - name: Install Java tags: elasticsearch yum: name=java-1.8.0-openjdk state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Enable Oracle Java repository permanently tags: elasticsearch apt_repository: repo: ppa:webupd8team/java state: present when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: accept oracle license tags: elasticsearch debconf: name='oracle-java8-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select' when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: install jdk tags: elasticsearch apt: name=oracle-java8-installer state=present when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' #- name: Accept Oracle license # tags: elasticsearch # debconf: # name: oracle-java8-installer # question: shared/accepted-oracle-license-v1-1 # value: true # vtype: select # when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' # #- name: Install Java # tags: elasticsearch # apt: name=oracle-java8-installer update_cache=yes state=installed # when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ================================================ FILE: roles/elasticsearchtier/tasks/main.yml ================================================ # file: roles/elasticsearchtier/tasks/main.yml - include: java.yml - include: elasticsearch-yum-repo.yml when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - include: elasticsearch-apt-repo.yml when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - include: elasticsearch.yml ================================================ FILE: roles/mysqltier/handlers/main.yml ================================================ # file: roles/dbtier/handlers/main.yml - name: Restart MySQL service: name=mysqld state=restarted ================================================ FILE: roles/mysqltier/tasks/firewalld.yml ================================================ # file: roles/db/tasks/firewalld.yml - name: Install firewalld yum: name=firewalld state=installed - name: Make sure firewalld is running service: name=firewalld state=started - name: Make sure firewalld is started on boot service: name=firewalld enabled=yes - name: Enable firewall to enable incoming connections to MySQL firewalld: service=mysql permanent=true state=enabled zone=public immediate=true ================================================ FILE: roles/mysqltier/tasks/main.yml ================================================ # file: roles/dbtier/tasks/main.yml - include: mysql.yml #- include: firewalld.yml ================================================ FILE: roles/mysqltier/tasks/mysql.yml ================================================ # file: roles/dbtier/tasks/mysql.yml - name: Install package for MySQL community edition repository tags: mysql yum: name: "http://repo.mysql.com/mysql-community-release-el{{ ansible_distribution_major_version }}-5.noarch.rpm" state: present when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install MySQL tags: mysql yum: name=mysql-server state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install MySQL tags: mysql apt: name=mysql-server state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure MySQL is running and started on boot tags: mysql service: name=mysqld state=started enabled=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure MySQL is running and started on boot tags: mysql service: name=mysql state=started enabled=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Install MySQL-python tags: mysql yum: name=MySQL-python state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install MySQL-python tags: mysql apt: name=python-mysqldb state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Copy .my.cnf file with root password credentials tags: mysql template: src=my-credentials.cnf.j2 dest=/root/.my.cnf owner=root mode=0600 - name: Update mysql root password for all root accounts tags: mysql mysql_user: check_implicit_admin=yes name=root host=localhost password={{ mysql_root_password }} - name: Create MySQL databases tags: mysql mysql_db: name={{ item.key }} state=present with_dict: "{{ mysql_databases }}" - name: Create application database user tags: mysql mysql_user: name={{ item.value.mysql_user }} host=localhost password={{ item.value.mysql_password }} priv={{ item.key }}.*:ALL with_dict: "{{ mysql_databases }}" - name: Delete anonymous MySQL server user for {{ ansible_hostname }} tags: mysql action: mysql_user user="" host="{{ ansible_hostname }}" state="absent" - name: Delete anonymous MySQL server user for localhost tags: mysql action: mysql_user user="" state="absent" - name: Remove the MySQL test database tags: mysql action: mysql_db db=test state=absent ================================================ FILE: roles/mysqltier/templates/my-credentials.cnf.j2 ================================================ [client] user=root password="{{ mysql_root_password }}" ================================================ FILE: roles/mysqltier/templates/my.cnf.j2 ================================================ # For advice on how to change settings please see # http://dev.mysql.com/doc/refman/5.6/en/server-configuration-defaults.html [mysqld] # # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # # Remove leading # to turn on a very important data integrity option: logging # changes to the binary log between backups. # log_bin # # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. # join_buffer_size = 128M # sort_buffer_size = 2M # read_rnd_buffer_size = 2M datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Recommended in standard MySQL setup sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES bind-address=0.0.0.0 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid ================================================ FILE: roles/queuetier/handlers/main.yml ================================================ # file: roles/queuetier/handlers/main.yml - name: Reload supervisord config shell: supervisorctl update changed_when: False - name: Reload supervisord config (Debian) shell: supervisorctl update changed_when: False ================================================ FILE: roles/queuetier/tasks/beanstalk.yml ================================================ # file: roles/queuetier/tasks/beanstalk.yml - name: Install beanstalk tags: beanstalk yum: name=beanstalkd state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install beanstalk tags: beanstalk apt: name=beanstalkd state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure beanstalk is running and started on boot tags: beanstalk service: name=beanstalkd state=started enabled=yes ================================================ FILE: roles/queuetier/tasks/main.yml ================================================ # file: roles/queuetier/tasks/main.yml - include: beanstalk.yml - include: redis.yml - include: supervisor.yml ================================================ FILE: roles/queuetier/tasks/redis.yml ================================================ # file: roles/queuetier/tasks/redis.yml - name: Install redis tags: redis yum: name=redis state=installed enablerepo=remi when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install redis tags: redis apt: name=redis-server state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure redis is running and started on boot tags: redis service: name=redis state=started enabled=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure redis is running and started on boot tags: redis service: name=redis-server state=started enabled=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ================================================ FILE: roles/queuetier/tasks/supervisor.yml ================================================ # file: roles/beanstalktier/tasks/supervisor.yml - name: Install supervisor tags: supervisor yum: name=supervisor state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install supervisor tags: supervisor apt: name=supervisor state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure supervisor is running and started on boot tags: supervisor systemd: daemon_reload=yes state=started name=supervisord enabled=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure supervisor is running and started on boot tags: supervisor service: name=supervisor state=started enabled=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure supervisor job is configured tags: supervisor template: src=supervisor.conf.j2 dest=/etc/supervisord.d/{{ item.key }}-worker.ini with_dict: "{{ virtualhosts }}" when: item.value.run_queue_worker|default(false)|bool == true and ansible_distribution == 'CentOS' vars: user: nginx notify: - Reload supervisord config - name: Make sure supervisor job is configured tags: supervisor template: src=supervisor.conf.j2 dest=/etc/supervisor/conf.d/{{ item.key }}-worker.conf with_dict: "{{ virtualhosts }}" when: item.value.run_queue_worker|default(false)|bool == true and ansible_distribution == 'Ubuntu' vars: user: www-data notify: - Reload supervisord config (Debian) - name: Make sure supervisor job is configured for Horizon tags: supervisor template: src=supervisor-horizon.conf.j2 dest=/etc/supervisord.d/{{ item.key }}-horizon.ini with_dict: "{{ virtualhosts }}" when: item.value.run_horizon|default(false)|bool == true and ansible_distribution == 'CentOS' vars: user: nginx notify: - Reload supervisord config - name: Make sure supervisor job is configured for Horizon tags: supervisor template: src=supervisor-horizon.conf.j2 dest=/etc/supervisor/conf.d/{{ item.key }}-horizon.conf with_dict: "{{ virtualhosts }}" when: item.value.run_horizon|default(false)|bool == true and ansible_distribution == 'Ubuntu' vars: user: www-data notify: - Reload supervisord config (Debian) ================================================ FILE: roles/queuetier/templates/supervisor-horizon.conf.j2 ================================================ [program:{{ item.key }}-horizon] process_name=%(program_name)s command=php /var/www/{{ item.key }}/artisan horizon autostart=true autorestart=true user=nginx redirect_stderr=true stdout_logfile=/var/log/{{ item.key }}-horizon.log ================================================ FILE: roles/queuetier/templates/supervisor.conf.j2 ================================================ [program:{{ item.key }}-worker] process_name=%(program_name)s_%(process_num)02d command=php /var/www/{{ item.key }}/artisan queue:work --sleep=3 --tries=3 --queue={{ item.key }} --timeout={{ item.value.queue_worker_timeout|default(60) }} --daemon autostart=true autorestart=true user=nginx numprocs=4 redirect_stderr=true stdout_logfile=/var/log/{{ item.key }}-worker.log ================================================ FILE: roles/webtier/handlers/main.yml ================================================ # file: roles/webtier/handlers/main.yml - name: Restart nginx service: name=nginx state=restarted - name: Restart php-fpm service: name=php-fpm state=restarted - name: Restart php-fpm (Debian) service: name=php7.2-fpm state=restarted ================================================ FILE: roles/webtier/tasks/composer.yml ================================================ # file: roles/common/tasks/composer.yml - name: Check if composer is installed tags: composer stat: path: /usr/bin/composer register: composer_binary - name: Download Composer installer tags: composer when: composer_binary.stat.exists == false get_url: url: https://getcomposer.org/installer dest: /tmp/composer-setup.php - name: Install composer tags: composer command: php /tmp/composer-setup.php --install-dir=/usr/bin --filename=composer when: composer_binary.stat.exists == false - name: Update to latest composer version tags: composer command: composer selfupdate when: composer_binary.stat.exists == true changed_when: false ================================================ FILE: roles/webtier/tasks/cron.yml ================================================ # file: roles/webtier/tasks/cron.yml - name: Add crontab entry for Laravel scheduler tags: cron cron: name="Run Laravel scheduler for {{ item.key }}" job="php /var/www/{{ item.key }}/artisan schedule:run >> /dev/null 2>&1" with_dict: "{{ virtualhosts }}" when: item.value.has_scheduled_jobs|default(false)|bool == true ================================================ FILE: roles/webtier/tasks/dotenv.yml ================================================ # file: roles/webtier/tasks/dotenv.yml - name: Check if .env template exists tags: dotenv local_action: stat path=dotenv_templates/{{ inventory_hostname }}.{{ item.key }}.j2 vars: ansible_become: no with_dict: "{{ virtualhosts }}" register: dotenv_file - name: Create node spesific .env file tags: dotenv template: src={{ item.stat.path }} dest=/var/www/{{ item.item.key }}/.env with_items: "{{ dotenv_file.results }}" when: item.stat.exists == True ================================================ FILE: roles/webtier/tasks/firewalld.yml ================================================ # file: roles/webtier/tasks/firewalld.yml - name: Install firewalld tags: firewalld yum: name=firewalld state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install firewalld tags: firewalld apt: name=firewalld state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure firewalld is running and is started on boot tags: firewalld service: name=firewalld state=started enabled=yes - name: Enable firewall to enable incoming HTTP tags: firewalld firewalld: service=http permanent=true state=enabled zone=public immediate=true - name: Enable firewall to enable incoming HTTPS tags: firewalld firewalld: service=https permanent=true state=enabled zone=public immediate=true ================================================ FILE: roles/webtier/tasks/letsencrypt.yml ================================================ # file: roles/webtier/tasks/letsencrypt.yml - name: Install certbot tags: letsencrypt yum: name=certbot state=installed - name: Check if Diffie-Hellman group exists tags: letsencrypt2 stat: path: /etc/ssl/certs/dhparam.pem register: group_exists - name: Generate a strong 2048 bit Diffie-Hellman group tags: letsencrypt2 shell: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 when: group_exists.stat.exists == false - name: Install / renew certificates tags: letsencrypt shell: certbot certonly --noninteractive --webroot --email {{ letsencrypt_email }} --agree-tos --renew-by-default -w /var/www/{{ item.key }}/public -d {{ item.value.servername }} with_dict: "{{ virtualhosts }}" notify: - Restart nginx - name: Add auto renewal for certificates to crontab tags: letsencrypt cron: name: "Weekly check for certificates" special_time: weekly job: /usr/bin/certbot renew --post-hook "service nginx restart" ================================================ FILE: roles/webtier/tasks/main.yml ================================================ # file: roles/webtier/tasks/main.yml - include: remi.yml when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - include: ondrej.yml when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - include: php.yml - include: php-fpm.yml - include: composer.yml - include: nginx.yml - include: dotenv.yml - include: cron.yml - include: letsencrypt.yml when: enable_ssl|default(false)|bool == true - include: firewalld.yml - include: redis.yml - include: selinux.yml when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' ================================================ FILE: roles/webtier/tasks/nginx.yml ================================================ # file: roles/webtier/tasks/nginx.yml - name: Install nginx tags: nginx yum: name=nginx state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure apache related packages are removed tags: nginx apt: name="{{ packages }}" state=absent purge=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' vars: packages: - apache2 - apache2-utils - name: Install nginx tags: nginx apt: name=nginx state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure nginx user exists tags: nginx user: name: nginx comment: nginx user createhome: false generate_ssh_key: false shell: /bin/false system: yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure nginx is running and is started on boot tags: nginx service: name=nginx state=started enabled=yes - name: Make sure nginx is configured tags: nginx template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: - Restart nginx - name: Make sure nginx virtual hosts are configured tags: nginx template: src=nginx-virtualhost.conf.j2 dest=/etc/nginx/conf.d/{{ item.key }}.conf with_dict: "{{ virtualhosts }}" when: enable_ssl|default(false)|bool == false notify: - Restart nginx - name: Make sure SSL nginx virtual hosts are configured tags: nginx template: src=nginx-ssl-virtualhost.conf.j2 dest=/etc/nginx/conf.d/{{ item.key }}.conf with_dict: "{{ virtualhosts }}" when: enable_ssl|default(false)|bool == true notify: - Restart nginx - name: Create public directory tags: nginx file: path=/var/www/{{ item.key }}/public state=directory owner=nginx group=nginx mode=0775 with_dict: "{{ virtualhosts }}" when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Create public directory tags: nginx file: path=/var/www/{{ item.key }}/public state=directory owner=www-data group=www-data mode=0775 with_dict: "{{ virtualhosts }}" when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ================================================ FILE: roles/webtier/tasks/ondrej.yml ================================================ # file: roles/webtier/tasks/ondrej.yml - name: Enable ondrejs PHP repository permanently tags: ondrej apt_repository: repo: ppa:ondrej/php state: present ================================================ FILE: roles/webtier/tasks/php-fpm.yml ================================================ # file: roles/webtier/tasks/php-fpm.yml - name: Install php-fpm tags: php-fpm yum: name=php-fpm state=installed when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install php-fpm tags: php-fpm apt: name=php7.2-fpm state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure php-fpm is running tags: php-fpm service: name=php-fpm state=started enabled=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure php-fpm is running tags: php-fpm service: name=php7.2-fpm state=started enabled=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure php-fpm is configured tags: php-fpm template: src=php-fpm.conf.j2 dest=/etc/php-fpm.d/www.conf notify: - Restart php-fpm when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure php-fpm is configured tags: php-fpm template: src=php-fpm.conf.j2 dest=/etc/php/7.2/fpm/pool.d/www.conf notify: - Restart php-fpm (Debian) when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ================================================ FILE: roles/webtier/tasks/php.yml ================================================ # file: roles/webtier/tasks/php.yml - name: Install PHP and extensions yum: name={{ item }} state=installed enablerepo=epel,remi,remi-php72 tags: php with_items: - php - php-zip - php-openssl - php-pdo - php-mbstring - php-tokenizer - php-xml - php-mysqlnd - php-opcache when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install PHP and extensions apt: name={{ item }} state=installed update_cache=yes tags: php with_items: - php7.2 - php7.2-zip - php7.2-pdo - php7.2-mbstring - php7.2-tokenizer - php7.2-xml - php7.2-mysqlnd - php7.2-opcache when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Install extra PHP packages yum: name={{ item }} state=installed enablerepo=epel,remi,remi-php72 tags: php-extra with_items: "{{ php_extra_packages }}" when: php_extra_packages is defined and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') notify: - Restart php-fpm - name: Install extra PHP packages apt: name={{ item }} state=installed update_cache=yes tags: php-extra with_items: "{{ php_extra_packages }}" when: php_extra_packages is defined and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian') notify: - Restart php-fpm (Debian) - name: Set PHP memory limit in php.ini tags: php ini_file: dest: /etc/php.ini section: "PHP" option: memory_limit value: "{{ php_memory_limit }}" when: php_memory_limit is defined and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') notify: - Restart php-fpm - name: Set PHP memory limit in php.ini tags: php ini_file: dest: "{{ item }}" section: "PHP" option: memory_limit value: "{{ php_memory_limit }}" with_items: - /etc/php/7.2/apache2/php.ini - /etc/php/7.2/fpm/php.ini - /etc/php/7.2/cli/php.ini when: php_memory_limit is defined and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian') notify: - Restart php-fpm (Debian) ================================================ FILE: roles/webtier/tasks/redis.yml ================================================ # file: roles/webtier/tasks/redis.yml - name: Install redis tags: redis yum: name=redis state=installed enablerepo=remi when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Install redis tags: redis apt: name=redis-server state=installed when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' - name: Make sure redis is running and started on boot tags: redis service: name=redis state=started enabled=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: Make sure redis is running and started on boot tags: redis service: name=redis-server state=started enabled=yes when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ================================================ FILE: roles/webtier/tasks/remi.yml ================================================ # file: roles/webtier/tasks/remi.yml - name: Enable Remi's PHP 7.2 repository permanently tags: remi yum_repository: name: remi-php72 description: Remi's PHP 7.2 RPM repository for Enterprise Linux 7 mirrorlist: http://rpms.remirepo.net/enterprise/7/php72/mirror enabled: 1 gpgcheck: 1 gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi ================================================ FILE: roles/webtier/tasks/selinux.yml ================================================ # file: roles/webtier/tasks/selinux.yml - name: Enable nginx to have access to the deployment folder tags: selinux shell: chcon -R -t httpd_sys_rw_content_t /var/www/{{ item.key }} with_dict: "{{ virtualhosts }}" changed_when: False - name: Allow nginx to make TCP connections ie. to redis/beanstalk tags: selinux seboolean: name=httpd_can_network_connect state=yes persistent=yes ================================================ FILE: roles/webtier/templates/nginx-ssl-virtualhost.conf.j2 ================================================ server { listen 80; listen 443 http2 ssl; server_name {{ item.value.servernames | join(" ") }} {{ ansible_default_ipv4["address"] }} localhost; root /var/www/{{ item.key }}/public; index index.php; access_log /var/log/nginx/{{ item.value.servername }}-access.log; error_log /var/log/nginx/{{ item.value.servername }}-error.log error; ssl_certificate /etc/letsencrypt/live/{{ item.value.servername }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ item.value.servername }}/privkey.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { try_files $uri $uri/ /index.php?$args; } location ~ /.well-known { allow all; } location ~ \.php$ { try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 1200; include fastcgi_params; } } ================================================ FILE: roles/webtier/templates/nginx-virtualhost.conf.j2 ================================================ server { listen 80; server_name {{ item.value.servernames | join(" ") }} {{ ansible_default_ipv4["address"] }} localhost; root /var/www/{{ item.key }}/public; index index.php; access_log /var/log/nginx/{{ item.value.servernames[0] }}-access.log; error_log /var/log/nginx/{{ item.value.servernames[0] }}-error.log error; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 1200; include fastcgi_params; } } ================================================ FILE: roles/webtier/templates/nginx.conf.j2 ================================================ user nginx; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; worker_processes {{ ansible_processor_cores }}; events { worker_connections 1024; multi_accept off; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; client_max_body_size 64m; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main buffer=16k; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; keepalive_requests 100; gzip on; include /etc/nginx/conf.d/*.conf; } ================================================ FILE: roles/webtier/templates/php-fpm.conf.j2 ================================================ [www] user = nginx group = nginx listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache ================================================ FILE: roles/webtier/templates/php.ini.j2 ================================================ [PHP] ;;;;;;;;;;;;;;;;;;; ; About php.ini ; ;;;;;;;;;;;;;;;;;;; ; PHP's initialization file, generally called php.ini, is responsible for ; configuring many of the aspects of PHP's behavior. ; PHP attempts to find and load this configuration from a number of locations. ; The following is a summary of its search order: ; 1. SAPI module specific location. ; 2. The PHPRC environment variable. (As of PHP 5.2.0) ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) ; 4. Current working directory (except CLI) ; 5. The web server's directory (for SAPI modules), or directory of PHP ; (otherwise in Windows) ; 6. The directory from the --with-config-file-path compile time option, or the ; Windows directory (C:\windows or C:\winnt) ; See the PHP docs for more specific information. ; http://php.net/configuration.file ; The syntax of the file is extremely simple. Whitespace and lines ; beginning with a semicolon are silently ignored (as you probably guessed). ; Section headers (e.g. [Foo]) are also silently ignored, even though ; they might mean something in the future. ; Directives following the section heading [PATH=/www/mysite] only ; apply to PHP files in the /www/mysite directory. Directives ; following the section heading [HOST=www.example.com] only apply to ; PHP files served from www.example.com. Directives set in these ; special sections cannot be overridden by user-defined INI files or ; at runtime. Currently, [PATH=] and [HOST=] sections only work under ; CGI/FastCGI. ; http://php.net/ini.sections ; Directives are specified using the following syntax: ; directive = value ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. ; Directives are variables used to configure PHP or PHP extensions. ; There is no name validation. If PHP can't find an expected ; directive because it is not set or is mistyped, a default value will be used. ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a ; previously set variable or directive (e.g. ${foo}) ; Expressions in the INI file are limited to bitwise operators and parentheses: ; | bitwise OR ; ^ bitwise XOR ; & bitwise AND ; ~ bitwise NOT ; ! boolean NOT ; Boolean flags can be turned on using the values 1, On, True or Yes. ; They can be turned off using the values 0, Off, False or No. ; An empty string can be denoted by simply not writing anything after the equal ; sign, or by using the None keyword: ; foo = ; sets foo to an empty string ; foo = None ; sets foo to an empty string ; foo = "None" ; sets foo to the string 'None' ; If you use constants in your value, and these constants belong to a ; dynamically loaded extension (either a PHP extension or a Zend extension), ; you may only use these constants *after* the line that loads the extension. ;;;;;;;;;;;;;;;;;;; ; About this file ; ;;;;;;;;;;;;;;;;;;; ; PHP comes packaged with two INI files. One that is recommended to be used ; in production environments and one that is recommended to be used in ; development environments. ; php.ini-production contains settings which hold security, performance and ; best practices at its core. But please be aware, these settings may break ; compatibility with older or less security conscience applications. We ; recommending using the production ini in production and testing environments. ; php.ini-development is very similar to its production variant, except it is ; much more verbose when it comes to errors. We recommend using the ; development version only in development environments, as errors shown to ; application users can inadvertently leak otherwise secure information. ; This is php.ini-production INI file. ;;;;;;;;;;;;;;;;;;; ; Quick Reference ; ;;;;;;;;;;;;;;;;;;; ; The following are all the settings which are different in either the productio n ; or development versions of the INIs with respect to PHP's default behavior. ; Please see the actual settings later in the document for more details as to wh y ; we recommend these changes in PHP's behavior. ; display_errors ; Default Value: On ; Development Value: On ; Production Value: Off ; display_startup_errors ; Default Value: Off ; Development Value: On ; Production Value: Off ; error_reporting ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT ; html_errors ; Default Value: On ; Development Value: On ; Production value: On ; log_errors ; Default Value: Off ; Development Value: On ; Production Value: On ; max_input_time ; Default Value: -1 (Unlimited) ; Development Value: 60 (60 seconds) ; Production Value: 60 (60 seconds) ; output_buffering ; Default Value: Off ; Development Value: 4096 ; Production Value: 4096 ; register_argc_argv ; Default Value: On ; Development Value: Off ; Production Value: Off ; request_order ; Default Value: None ; Development Value: "GP" ; Production Value: "GP" ; session.gc_divisor ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 ; session.hash_bits_per_character ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 ; short_open_tag ; Default Value: On ; Development Value: Off ; Production Value: Off ; track_errors ; Default Value: Off ; Development Value: On ; Production Value: Off ; url_rewriter.tags ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" ; variables_order ; Default Value: "EGPCS" ; Development Value: "GPCS" ; Production Value: "GPCS" ;;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;;; ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" ;user_ini.filename = ".user.ini" ; To disable this feature set this option to empty value ;user_ini.filename = ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 s econds (5 minutes) ;user_ini.cache_ttl = 300 ;;;;;;;;;;;;;;;;;;;; ; Language Options ; ;;;;;;;;;;;;;;;;;;;; ; Enable the PHP scripting language engine under Apache. ; http://php.net/engine engine = On ; This directive determines whether or not PHP will recognize code between ; tags as PHP source which should be processed as such. It is ; generally recommended that should be used and that this feature ; should be disabled, as enabling it may result in issues when generating XML ; documents, however this remains supported for backward compatibility reasons. ; Note that this directive does not control the would work. ; http://php.net/syntax-highlighting ;highlight.string = #DD0000 ;highlight.comment = #FF9900 ;highlight.keyword = #007700 ;highlight.default = #0000BB ;highlight.html = #000000 ; If enabled, the request will be allowed to complete even if the user aborts ; the request. Consider enabling it if executing long requests, which may end up ; being interrupted by the user or a browser timing out. PHP's default behavior ; is to disable this feature. ; http://php.net/ignore-user-abort ;ignore_user_abort = On ; Determines the size of the realpath cache to be used by PHP. This value should ; be increased on systems where PHP opens many files to reflect the quantity of ; the file operations performed. ; http://php.net/realpath-cache-size ;realpath_cache_size = 16k ; Duration of time, in seconds for which to cache realpath information for a giv en ; file or directory. For systems with rarely changing files, consider increasing this ; value. ; http://php.net/realpath-cache-ttl ;realpath_cache_ttl = 120 ; Enables or disables the circular reference collector. ; http://php.net/zend.enable-gc zend.enable_gc = On ; If enabled, scripts may be written in encodings that are incompatible with ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such ; encodings. To use this feature, mbstring extension must be enabled. ; Default: Off ;zend.multibyte = Off ; Allows to set the default encoding for the scripts. This value will be used ; unless "declare(encoding=...)" directive appears at the top of the script. ; Only affects if zend.multibyte is set. ; Default: "" ;zend.script_encoding = ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; ; Decides whether PHP may expose the fact that it is installed on the server ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. ; http://php.net/expose-php expose_php = On ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; ; Maximum execution time of each script, in seconds ; http://php.net/max-execution-time ; Note: This directive is hardcoded to 0 for the CLI SAPI max_execution_time = 240 ; Maximum amount of time each script may spend parsing request data. It's a good ; idea to limit this time on productions servers in order to eliminate unexpecte dly ; long running scripts. ; Note: This directive is hardcoded to -1 for the CLI SAPI ; Default Value: -1 (Unlimited) ; Development Value: 60 (60 seconds) ; Production Value: 60 (60 seconds) ; http://php.net/max-input-time max_input_time = 60 ; Maximum input variable nesting level ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 ; How many GET/POST/COOKIE input variables may be accepted ; max_input_vars = 1000 ; Maximum amount of memory a script may consume (128MB) ; http://php.net/memory-limit memory_limit = 2048M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; This directive informs PHP of which errors, warnings and notices you would lik e ; it to take action for. The recommended way of setting values for this ; directive is through the use of the error level constants and bitwise ; operators. The error level constants are below here for convenience as well as ; some common settings and their meanings. ; By default, PHP is set to take action on all errors, notices and warnings EXCE PT ; those related to E_NOTICE and E_STRICT, which together cover best practices an d ; recommended coding standards in PHP. For performance reasons, this is the ; recommend error reporting setting. Your production server shouldn't be wasting ; resources complaining about best practices and coding standards. That's what ; development servers and development settings are for. ; Note: The php.ini-development file has this setting as E_ALL. This ; means it pretty much reports everything which is exactly what you want during ; development and early testing. ; ; Error Level Constants: ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0 ) ; E_ERROR - fatal run-time errors ; E_RECOVERABLE_ERROR - almost fatal run-time errors ; E_WARNING - run-time warnings (non-fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and ; relying on the fact it is automatically initialized to an ; empty string) ; E_STRICT - run-time notices, enable to have PHP suggest changes ; to your code which will ensure the best interoperability ; and forward compatibility of your code ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ; initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; E_DEPRECATED - warn about code that will not work in future versions ; of PHP ; E_USER_DEPRECATED - user-generated deprecation warnings ; ; Common Values: ; E_ALL (Show all errors, warnings and notices including coding standards.) ; E_ALL & ~E_NOTICE (Show all errors, except for notices) ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and codi ng standards warnings.) ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT ; http://php.net/error-reporting error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; This directive controls whether or not and where PHP will output errors, ; notices and warnings too. Error output is very useful during development, but ; it could be very dangerous in production environments. Depending on the code ; which is triggering the error, sensitive information could potentially leak ; out of your application such as database usernames and passwords or worse. ; For production environments, we recommend logging errors rather than ; sending them to STDOUT. ; Possible Values: ; Off = Do not display any errors ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) ; On or stdout = Display errors to STDOUT ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-errors display_errors = Off ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. PHP's default behavior is to suppress those ; errors from clients. Turning the display of startup errors on can be useful in ; debugging configuration problems. We strongly recommend you ; set this to 'off' for production servers. ; Default Value: Off ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = Off ; Besides displaying errors, PHP can also log errors to locations such as a ; server-specific log, STDERR, or a location specified by the error_log ; directive found below. While errors should not be displayed on productions ; servers they should still be monitored and logging is a great way to do that. ; Default Value: Off ; Development Value: On ; Production Value: On ; http://php.net/log-errors log_errors = On ; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all . ; http://php.net/log-errors-max-len log_errors_max_len = 1024 ; Do not log repeated messages. Repeated errors must occur in same file on same ; line unless ignore_repeated_source is set true. ; http://php.net/ignore-repeated-errors ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; source lines. ; http://php.net/ignore-repeated-source ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on ; stdout or in the log). This has only effect in a debug compile, and if ; error reporting includes E_WARNING in the allowed list ; http://php.net/report-memleaks report_memleaks = On ; This setting is on by default. ;report_zend_debug = 0 ; Store the last error/warning message in $php_errormsg (boolean). Setting this value ; to On can assist in debugging and is appropriate for development servers. It s hould ; however be disabled on production servers. ; Default Value: Off ; Development Value: On ; Production Value: Off ; http://php.net/track-errors track_errors = Off ; Turn off normal error reporting and emit XML-RPC error XML ; http://php.net/xmlrpc-errors ;xmlrpc_errors = 0 ; An XML-RPC faultCode ;xmlrpc_error_number = 0 ; When PHP displays or logs an error, it has the capability of formatting the ; error message as HTML for easier reading. This directive controls whether ; the error message is formatted as HTML or not. ; Note: This directive is hardcoded to Off for the CLI SAPI ; Default Value: On ; Development Value: On ; Production value: On ; http://php.net/html-errors html_errors = On ; If html_errors is set to On *and* docref_root is not empty, then PHP ; produces clickable error messages that direct to a page describing the error ; or function causing the error in detail. ; You can download a copy of the PHP manual from http://php.net/docs ; and change docref_root to the base URL of your local copy including the ; leading '/'. You must also specify the file extension being used including ; the dot. PHP's default behavior is to leave these settings empty, in which ; case no links to documentation are generated. ; Note: Never use this feature for production boxes. ; http://php.net/docref-root ; Examples ;docref_root = "/phpmanual/" ; http://php.net/docref-ext ;docref_ext = .html ; String to output before an error message. PHP's default behavior is to leave ; this setting blank. ; http://php.net/error-prepend-string ; Example: ;error_prepend_string = "" ; String to output after an error message. PHP's default behavior is to leave ; this setting blank. ; http://php.net/error-append-string ; Example: ;error_append_string = "" ; Log errors to specified file. PHP's default behavior is to leave this value ; empty. ; http://php.net/error-log ; Example: ;error_log = php_errors.log ; Log errors to syslog. ;error_log = syslog ;windows.show_crt_warning ; Default value: 0 ; Development value: 0 ; Production value: 0 ;;;;;;;;;;;;;;;;; ; Data Handling ; ;;;;;;;;;;;;;;;;; ; The separator used in PHP generated URLs to separate arguments. ; PHP's default setting is "&". ; http://php.net/arg-separator.output ; Example: ;arg_separator.output = "&" ; List of separator(s) used by PHP to parse input URLs into variables. ; PHP's default setting is "&". ; NOTE: Every character in this directive is considered as separator! ; http://php.net/arg-separator.input ; Example: ;arg_separator.input = ";&" ; This directive determines which super global arrays are registered when PHP ; starts up. G,P,C,E & S are abbreviations for the following respective super ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty ; paid for the registration of these arrays and because ENV is not as commonly ; used as the others, ENV is not recommended on productions servers. You ; can still get access to the environment variables through getenv() should you ; need to. ; Default Value: "EGPCS" ; Development Value: "GPCS" ; Production Value: "GPCS"; ; http://php.net/variables-order variables_order = "GPCS" ; This directive determines which super global data (G,P & C) should be ; registered into the super global array REQUEST. If so, it also determines ; the order in which that data is registered. The values for this directive ; are specified in the same manner as the variables_order directive, ; EXCEPT one. Leaving this value empty will cause PHP to use the value set ; in the variables_order directive. It does not mean it will leave the super ; globals array REQUEST empty. ; Default Value: None ; Development Value: "GP" ; Production Value: "GP" ; http://php.net/request-order request_order = "GP" ; This directive determines whether PHP registers $argv & $argc each time it ; runs. $argv contains an array of all the arguments passed to PHP when a script ; is invoked. $argc contains an integer representing the number of arguments ; that were passed when the script was invoked. These arrays are extremely ; useful when running scripts from the command line. When this directive is ; enabled, registering these variables consumes CPU cycles and memory each time ; a script is executed. For performance reasons, this feature should be disabled ; on production servers. ; Note: This directive is hardcoded to On for the CLI SAPI ; Default Value: On ; Development Value: Off ; Production Value: Off ; http://php.net/register-argc-argv register_argc_argv = Off ; When enabled, the ENV, REQUEST and SERVER variables are created when they're ; first used (Just In Time) instead of when the script starts. If these ; variables are not used within a script, having this directive on will result ; in a performance gain. The PHP directive register_argc_argv must be disabled ; for this directive to have any affect. ; http://php.net/auto-globals-jit auto_globals_jit = On ; Whether PHP will read the POST data. ; This option is enabled by default. ; Most likely, you won't want to disable this option globally. It causes $_POST ; and $_FILES to always be empty; the only way you will be able to read the ; POST data will be through the php://input stream wrapper. This can be useful ; to proxy requests or to process the POST data in a memory efficient fashion. ; http://php.net/enable-post-data-reading ;enable_post_data_reading = Off ; Maximum size of POST data that PHP will accept. ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. ; http://php.net/post-max-size post_max_size = 8M ; Automatically add files before PHP document. ; http://php.net/auto-prepend-file auto_prepend_file = ; Automatically add files after PHP document. ; http://php.net/auto-append-file auto_append_file = ; By default, PHP will output a character encoding using ; the Content-type: header. To disable sending of the charset, simply ; set it to be empty. ; ; PHP's built-in default is text/html ; http://php.net/default-mimetype default_mimetype = "text/html" ; PHP's default character set is set to UTF-8. ; http://php.net/default-charset default_charset = "UTF-8" ; PHP internal character encoding is set to empty. ; If empty, default_charset is used. ; http://php.net/internal-encoding ;internal_encoding = ; PHP input character encoding is set to empty. ; If empty, default_charset is used. ; http://php.net/input-encoding ;input_encoding = ; PHP output character encoding is set to empty. ; If empty, default_charset is used. ; mbstring or iconv output handler is used. ; See also output_buffer. ; http://php.net/output-encoding ;output_encoding = ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" ;include_path = ".:/php/includes" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" ; ; PHP's default setting for include_path is ".;/path/to/php/pear" ; http://php.net/include-path ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ; cgi.force_redirect configuration below ; http://php.net/doc-root doc_root = ; The directory under which PHP opens the script using /~username used only ; if nonempty. ; http://php.net/user-dir user_dir = ; Directory in which the loadable extensions (modules) reside. ; http://php.net/extension-dir ; extension_dir = "./" ; On windows: ; extension_dir = "ext" ; Directory where the temporary files should be placed. ; Defaults to the system default (see sys_get_temp_dir) ; sys_temp_dir = "/tmp" ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically ; disabled on them. ; http://php.net/enable-dl enable_dl = Off ; cgi.force_redirect is necessary to provide security running PHP as a CGI under ; most web servers. Left undefined, PHP turns this on by default. You can ; turn it off here AT YOUR OWN RISK ; **You CAN safely turn this off for IIS, in fact, you MUST.** ; http://php.net/cgi.force-redirect ;cgi.force_redirect = 1 ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with ; every request. PHP's default behavior is to disable this feature. ;cgi.nph = 1 ; if cgi.force_redirect is turned on, and you are not running under Apache or Ne tscape ; (iPlanet) web servers, you MAY need to set an environment variable name that P HP ; will look for to know it is OK to continue execution. Setting this variable M AY ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. ; http://php.net/cgi.redirect-status-env ;cgi.redirect_status_env = ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. P HP's ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not g rok ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Set ting ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setti ng ; of zero causes PHP to behave as before. Default is 1. You should fix your sc ripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. ; http://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache ; does not currently support this feature (03/17/2002) ; Set to 1 if running under IIS. Default is zero. ; http://php.net/fastcgi.impersonate ;fastcgi.impersonate = 1 ; Disable logging through FastCGI connection. PHP's default behavior is to enabl e ; this feature. ;fastcgi.logging = 0 ; cgi.rfc2616_headers configuration option tells PHP what type of headers to ; use when sending HTTP response code. If set to 0, PHP sends Status: header tha t ; is supported by Apache. When this option is set to 1, PHP will send ; RFC2616 compliant header. ; Default is zero. ; http://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ; Whether to allow HTTP file uploads. ; http://php.net/file-uploads file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). ; http://php.net/upload-tmp-dir ;upload_tmp_dir = ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize upload_max_filesize = 2M ; Maximum number of files that can be uploaded via a single request max_file_uploads = 20 ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; ;;;;;;;;;;;;;;;;;; ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. ; http://php.net/allow-url-fopen allow_url_fopen = On ; Whether to allow include/require to open URLs (like http:// or ftp://) as file s. ; http://php.net/allow-url-include allow_url_include = Off ; Define the anonymous ftp password (your email address). PHP's default setting ; for this is empty. ; http://php.net/from ;from="john@doe.com" ; Define the User-Agent string. PHP's default setting for this is empty. ; http://php.net/user-agent ;user_agent="PHP" ; Default timeout for socket based streams (seconds) ; http://php.net/default-socket-timeout default_socket_timeout = 60 ; If your scripts have to deal with files from Macintosh systems, ; or you are running on a Mac and need to deal with files from ; unix or win32 systems, setting this flag will cause PHP to ; automatically detect the EOL character in those files so that ; fgets() and file() will work regardless of the source of the file. ; http://php.net/auto-detect-line-endings ;auto_detect_line_endings = Off ;;;;;;;;;;;;;;;;;;;;;; ; Dynamic Extensions ; ;;;;;;;;;;;;;;;;;;;;;; ; If you wish to have an extension loaded automatically, use the following ; syntax: ; ; extension=modulename.extension ; ; For example, on Windows: ; ; extension=msql.dll ; ; ... or under UNIX: ; ; extension=msql.so ; ; ... or with a path: ; ; extension=/path/to/extension/msql.so ; ; If you only provide the name of the extension, PHP will look for it in its ; default extension directory. ;;;; ; Note: packaged extension modules are now loaded via the .ini files ; found in the directory /etc/php.d; these are loaded by default. ;;;; ;;;;;;;;;;;;;;;;;;; ; Module Settings ; ;;;;;;;;;;;;;;;;;;; [CLI Server] ; Whether the CLI web server uses ANSI color coding in its terminal output. cli_server.color = On [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone ;date.timezone = date.timezone = Europe/Helsinki ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 ; http://php.net/date.default-longitude ;date.default_longitude = 35.2333 ; http://php.net/date.sunrise-zenith ;date.sunrise_zenith = 90.583333 ; http://php.net/date.sunset-zenith ;date.sunset_zenith = 90.583333 [filter] ; http://php.net/filter.default ;filter.default = unsafe_raw ; http://php.net/filter.default-flags ;filter.default_flags = [iconv] ; Use of this INI entry is deprecated, use global input_encoding instead. ; If empty, default_charset or input_encoding or iconv.input_encoding is used. ; The precedence is: default_charset < intput_encoding < iconv.input_encoding ;iconv.input_encoding = ; Use of this INI entry is deprecated, use global internal_encoding instead. ; If empty, default_charset or internal_encoding or iconv.internal_encoding is u sed. ; The precedence is: default_charset < internal_encoding < iconv.internal_encodi ng ;iconv.internal_encoding = ; Use of this INI entry is deprecated, use global output_encoding instead. ; If empty, default_charset or output_encoding or iconv.output_encoding is used. ; The precedence is: default_charset < output_encoding < iconv.output_encoding ; To use an output encoding conversion, iconv's output handler must be set ; otherwise output encoding conversion cannot be performed. ;iconv.output_encoding = [intl] ;intl.default_locale = ; This directive allows you to produce PHP errors when some error ; happens within intl functions. The value is the level of the error produced. ; Default is 0, which does not produce any errors. ;intl.error_level = E_WARNING [sqlite] ; http://php.net/sqlite.assoc-case ;sqlite.assoc_case = 0 [sqlite3] ;sqlite3.extension_dir = [Pcre] ;PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit ;pcre.backtrack_limit=100000 ;PCRE library recursion limit. ;Please note that if you set this value to a high number you may consume all ;the available process stack and eventually crash PHP (due to reaching the ;stack size limit imposed by the Operating System). ; http://php.net/pcre.recursion-limit ;pcre.recursion_limit=100000 ;Enables or disables JIT compilation of patterns. This requires the PCRE ;library to be compiled with JIT support. pcre.jit=0 [Pdo] ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" ; http://php.net/pdo-odbc.connection-pooling ;pdo_odbc.connection_pooling=strict ;pdo_odbc.db2_instance_name [Pdo_mysql] ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/pdo_mysql.cache_size pdo_mysql.cache_size = 2000 ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. ; http://php.net/pdo_mysql.default-socket pdo_mysql.default_socket= [Phar] ; http://php.net/phar.readonly ;phar.readonly = On ; http://php.net/phar.require-hash ;phar.require_hash = On ;phar.cache_list = [mail function] ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). ; http://php.net/sendmail-path sendmail_path = /usr/sbin/sendmail -t -i ; Force the addition of the specified parameters to be passed as extra parameter s ; to the sendmail binary. These parameters will always replace the value of ; the 5th parameter to mail(). ;mail.force_extra_parameters = ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename mail.add_x_header = On ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers. ;mail.log = ; Log mail to syslog; ;mail.log = syslog [SQL] ; http://php.net/sql.safe-mode sql.safe_mode = Off [ODBC] ; http://php.net/odbc.default-db ;odbc.default_db = Not yet implemented ; http://php.net/odbc.default-user ;odbc.default_user = Not yet implemented ; http://php.net/odbc.default-pw ;odbc.default_pw = Not yet implemented ; Controls the ODBC cursor model. ; Default: SQL_CURSOR_STATIC (default). ;odbc.default_cursortype ; Allow or prevent persistent links. ; http://php.net/odbc.allow-persistent odbc.allow_persistent = On ; Check that a connection is still valid before reuse. ; http://php.net/odbc.check-persistent odbc.check_persistent = On ; Maximum number of persistent links. -1 means no limit. ; http://php.net/odbc.max-persistent odbc.max_persistent = -1 ; Maximum number of links (persistent + non-persistent). -1 means no limit. ; http://php.net/odbc.max-links odbc.max_links = -1 ; Handling of LONG fields. Returns number of bytes to variables. 0 means ; passthru. ; http://php.net/odbc.defaultlrl odbc.defaultlrl = 4096 ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation ; of odbc.defaultlrl and odbc.defaultbinmode ; http://php.net/odbc.defaultbinmode odbc.defaultbinmode = 1 ;birdstep.max_links = -1 [Interbase] ; Allow or prevent persistent links. ibase.allow_persistent = 1 ; Maximum number of persistent links. -1 means no limit. ibase.max_persistent = -1 ; Maximum number of links (persistent + non-persistent). -1 means no limit. ibase.max_links = -1 ; Default database name for ibase_connect(). ;ibase.default_db = ; Default username for ibase_connect(). ;ibase.default_user = ; Default password for ibase_connect(). ;ibase.default_password = ; Default charset for ibase_connect(). ;ibase.default_charset = ; Default timestamp format. ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ; Default date format. ibase.dateformat = "%Y-%m-%d" ; Default time format. ibase.timeformat = "%H:%M:%S" [MySQLi] ; Maximum number of persistent links. -1 means no limit. ; http://php.net/mysqli.max-persistent mysqli.max_persistent = -1 ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements ; http://php.net/mysqli.allow_local_infile ;mysqli.allow_local_infile = On ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent mysqli.allow_persistent = On ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links mysqli.max_links = -1 ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/mysqli.cache_size mysqli.cache_size = 2000 ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ; at MYSQL_PORT. ; http://php.net/mysqli.default-port mysqli.default_port = 3306 ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. ; http://php.net/mysqli.default-socket mysqli.default_socket = ; Default host for mysql_connect() (doesn't apply in safe mode). ; http://php.net/mysqli.default-host mysqli.default_host = ; Default user for mysql_connect() (doesn't apply in safe mode). ; http://php.net/mysqli.default-user mysqli.default_user = ; Default password for mysqli_connect() (doesn't apply in safe mode). ; Note that this is generally a *bad* idea to store passwords in this file. ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") ; and reveal this password! And of course, any users with read access to this ; file will be able to reveal the password as well. ; http://php.net/mysqli.default-pw mysqli.default_pw = ; Allow or prevent reconnect mysqli.reconnect = Off [mysqlnd] ; Enable / Disable collection of general statistics by mysqlnd which can be ; used to tune and monitor MySQL operations. ; http://php.net/mysqlnd.collect_statistics mysqlnd.collect_statistics = On ; Enable / Disable collection of memory usage statistics by mysqlnd which can be ; used to tune and monitor MySQL operations. ; http://php.net/mysqlnd.collect_memory_statistics mysqlnd.collect_memory_statistics = Off ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. ; http://php.net/mysqlnd.net_cmd_buffer_size ;mysqlnd.net_cmd_buffer_size = 2048 ; Size of a pre-allocated buffer used for reading data sent by the server in ; bytes. ; http://php.net/mysqlnd.net_read_buffer_size ;mysqlnd.net_read_buffer_size = 32768 [PostgreSQL] ; Allow or prevent persistent links. ; http://php.net/pgsql.allow-persistent pgsql.allow_persistent = On ; Detect broken persistent links always with pg_pconnect(). ; Auto reset feature requires a little overheads. ; http://php.net/pgsql.auto-reset-persistent pgsql.auto_reset_persistent = Off ; Maximum number of persistent links. -1 means no limit. ; http://php.net/pgsql.max-persistent pgsql.max_persistent = -1 ; Maximum number of links (persistent+non persistent). -1 means no limit. ; http://php.net/pgsql.max-links pgsql.max_links = -1 ; Ignore PostgreSQL backends Notice message or not. ; Notice message logging require a little overheads. ; http://php.net/pgsql.ignore-notice pgsql.ignore_notice = 0 ; Log PostgreSQL backends Notice message or not. ; Unless pgsql.ignore_notice=0, module cannot log notice message. ; http://php.net/pgsql.log-notice pgsql.log_notice = 0 [bcmath] ; Number of decimal digits for all bcmath functions. ; http://php.net/bcmath.scale bcmath.scale = 0 [browscap] ; http://php.net/browscap ;browscap = extra/browscap.ini [Session] ; Handler used to store/retrieve data. ; http://php.net/session.save-handler session.save_handler = files ; Argument passed to save_handler. In the case of files, this is the path ; where data files are stored. Note: Windows users have to change this ; variable in order to use PHP's session functions. ; ; The path can be defined as: ; ; session.save_path = "N;/path" ; ; where N is an integer. Instead of storing all the session files in ; /path, what this will do is use subdirectories N-levels deep, and ; store the session data in those directories. This is useful if ; your OS has problems with many files in one directory, and is ; a more efficient layout for servers that handle many sessions. ; ; NOTE 1: PHP will not create this directory structure automatically. ; You can use the script in the ext/session dir for that purpose. ; NOTE 2: See the section on garbage collection below if you choose to ; use subdirectories for session storage ; ; The file storage module creates files using mode 600 by default. ; You can change that by using ; ; session.save_path = "N;MODE;/path" ; ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path ; RPM note : session directory must be owned by process owner ; for mod_php, see /etc/httpd/conf.d/php.conf ; for php-fpm, see /etc/php-fpm.d/*conf ;session.save_path = "/tmp" ; Whether to use strict session mode. ; Strict session mode does not accept uninitialized session ID and regenerate ; session ID if browser sends uninitialized session ID. Strict mode protects ; applications from session fixation via session adoption vulnerability. It is ; disabled by default for maximum compatibility, but enabling it is encouraged. ; https://wiki.php.net/rfc/strict_sessions session.use_strict_mode = 0 ; Whether to use cookies. ; http://php.net/session.use-cookies session.use_cookies = 1 ; http://php.net/session.cookie-secure ;session.cookie_secure = ; This option forces PHP to fetch and use a cookie for storing and maintaining ; the session id. We encourage this operation as it's very helpful in combating ; session hijacking when not specifying and managing your own session id. It is ; not the be-all and end-all of session hijacking defense, but it's a good start . ; http://php.net/session.use-only-cookies session.use_only_cookies = 1 ; Name of the session (used as cookie name). ; http://php.net/session.name session.name = PHPSESSID ; Initialize session on request startup. ; http://php.net/session.auto-start session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. ; http://php.net/session.cookie-lifetime session.cookie_lifetime = 0 ; The path for which the cookie is valid. ; http://php.net/session.cookie-path session.cookie_path = / ; The domain for which the cookie is valid. ; http://php.net/session.cookie-domain session.cookie_domain = ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccess ible to browser scripting languages such as JavaScript. ; http://php.net/session.cookie-httponly session.cookie_httponly = ; Handler used to serialize data. php is the standard serializer of PHP. ; http://php.net/session.serialize-handler session.serialize_handler = php ; Defines the probability that the 'garbage collection' process is started ; on every session initialization. The probability is calculated by using ; gc_probability/gc_divisor. Where session.gc_probability is the numerator ; and gc_divisor is the denominator in the equation. Setting this value to 1 ; when the session.gc_divisor value is 100 will give you approximately a 1% chan ce ; the gc will run on any give request. ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 ; http://php.net/session.gc-probability session.gc_probability = 1 ; Defines the probability that the 'garbage collection' process is started on ev ery ; session initialization. The probability is calculated by using the following e quation: ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and ; session.gc_divisor is the denominator in the equation. Setting this value to 1 ; when the session.gc_divisor value is 100 will give you approximately a 1% chan ce ; the gc will run on any give request. Increasing this value to 1000 will give y ou ; a 0.1% chance the gc will run on any give request. For high volume production servers, ; this is a more efficient approach. ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 ; http://php.net/session.gc-divisor session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. ; http://php.net/session.gc-maxlifetime session.gc_maxlifetime = 1440 ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. ; For example, the following script would is the equivalent of ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm ; Check HTTP Referer to invalidate externally stored URLs containing ids. ; HTTP_REFERER has to contain this substring for the session to be ; considered as valid. ; http://php.net/session.referer-check session.referer_check = ; How many bytes to read from the file. ; http://php.net/session.entropy-length ;session.entropy_length = 32 ; Specified here to create the session id. ; http://php.net/session.entropy-file ; Defaults to /dev/urandom ; On systems that don't have /dev/urandom but do have /dev/arandom, this will de fault to /dev/arandom ; If neither are found at compile time, the default is no entropy file. ; On windows, setting the entropy_length setting will activate the ; Windows random source (using the CryptoAPI) ;session.entropy_file = /dev/urandom ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. ; http://php.net/session.cache-limiter session.cache_limiter = nocache ; Document expires after n minutes. ; http://php.net/session.cache-expire session.cache_expire = 180 ; trans sid support is disabled by default. ; Use of trans sid may risk your users' security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publicly accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. ; http://php.net/session.use-trans-sid session.use_trans_sid = 0 ; Select a hash function for use in generating session ids. ; Possible Values ; 0 (MD5 128 bits) ; 1 (SHA-1 160 bits) ; This option may also be set to the name of any hash function supported by ; the hash extension. A list of available hashes is returned by the hash_algos() ; function. ; http://php.net/session.hash-function session.hash_function = 0 ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ; Possible values: ; 4 (4 bits: 0-9, a-f) ; 5 (5 bits: 0-9, a-v) ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 ; http://php.net/session.hash-bits-per-character session.hash_bits_per_character = 5 ; The URL rewriter will look for URLs in a defined set of HTML tags. ; form/fieldset are special; if you include them here, the rewriter will ; add a hidden field with the info which is otherwise appended ; to URLs. If you want XHTML conformity, remove the form entry. ; Note that all valid entries require a "=", even if no value follows. ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" ; http://php.net/url-rewriter.tags url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Enable upload progress tracking in $_SESSION ; Default Value: On ; Development Value: On ; Production Value: On ; http://php.net/session.upload-progress.enabled ;session.upload_progress.enabled = On ; Cleanup the progress information as soon as all POST data has been read ; (i.e. upload completed). ; Default Value: On ; Development Value: On ; Production Value: On ; http://php.net/session.upload-progress.cleanup ;session.upload_progress.cleanup = On ; A prefix used for the upload progress key in $_SESSION ; Default Value: "upload_progress_" ; Development Value: "upload_progress_" ; Production Value: "upload_progress_" ; http://php.net/session.upload-progress.prefix ;session.upload_progress.prefix = "upload_progress_" ; The index name (concatenated with the prefix) in $_SESSION ; containing the upload progress information ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" ; http://php.net/session.upload-progress.name ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" ; How frequently the upload progress should be updated. ; Given either in percentages (per-file), or in bytes ; Default Value: "1%" ; Development Value: "1%" ; Production Value: "1%" ; http://php.net/session.upload-progress.freq ;session.upload_progress.freq = "1%" ; The minimum delay between updates, in seconds ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 ; http://php.net/session.upload-progress.min-freq ;session.upload_progress.min_freq = "1" [Assertion] ; Switch whether to compile assertions at all (to have no overhead at run-time) ; -1: Do not compile at all ; 0: Jump over assertion at run-time ; 1: Execute assertions ; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) ; Default Value: 1 ; Development Value: 1 ; Production Value: -1 ; http://php.net/zend.assertions zend.assertions = -1 ; Assert(expr); active by default. ; http://php.net/assert.active ;assert.active = On ; Throw an AssertationException on failed assertions ; http://php.net/assert.exception ;assert.exception = On ; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) ; http://php.net/assert.warning ;assert.warning = On ; Don't bail out by default. ; http://php.net/assert.bail ;assert.bail = Off ; User-function to be called if an assertion fails. ; http://php.net/assert.callback ;assert.callback = 0 ; Eval the expression with current error_reporting(). Set to true if you want ; error_reporting(0) around the eval(). ; http://php.net/assert.quiet-eval ;assert.quiet_eval = 0 [mbstring] ; language for internal character representation. ; This affects mb_send_mail() and mbstring.detect_order. ; http://php.net/mbstring.language ;mbstring.language = Japanese ; Use of this INI entry is deprecated, use global internal_encoding instead. ; internal/script encoding. ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) ; If empty, default_charset or internal_encoding or iconv.internal_encoding is u sed. ; The precedence is: default_charset < internal_encoding < iconv.internal_encodi ng ;mbstring.internal_encoding = ; Use of this INI entry is deprecated, use global input_encoding instead. ; http input encoding. ; mbstring.encoding_traslation = On is needed to use this setting. ; If empty, default_charset or input_encoding or mbstring.input is used. ; The precedence is: default_charset < intput_encoding < mbsting.http_input ; http://php.net/mbstring.http-input ;mbstring.http_input = ; Use of this INI entry is deprecated, use global output_encoding instead. ; http output encoding. ; mb_output_handler must be registered as output buffer to function. ; If empty, default_charset or output_encoding or mbstring.http_output is used. ; The precedence is: default_charset < output_encoding < mbstring.http_output ; To use an output encoding conversion, mbstring's output handler must be set ; otherwise output encoding conversion cannot be performed. ; http://php.net/mbstring.http-output ;mbstring.http_output = ; enable automatic encoding translation according to ; mbstring.internal_encoding setting. Input chars are ; converted to internal encoding by setting this to On. ; Note: Do _not_ use automatic encoding translation for ; portable libs/applications. ; http://php.net/mbstring.encoding-translation ;mbstring.encoding_translation = Off ; automatic encoding detection order. ; "auto" detect order is changed according to mbstring.language ; http://php.net/mbstring.detect-order ;mbstring.detect_order = auto ; substitute_character used when character cannot be converted ; one from another ; http://php.net/mbstring.substitute-character ;mbstring.substitute_character = none ; overload(replace) single byte functions by mbstring functions. ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), ; etc. Possible values are 0,1,2,4 or combination of them. ; For example, 7 for overload everything. ; 0: No overload ; 1: Overload mail() function ; 2: Overload str*() functions ; 4: Overload ereg*() functions ; http://php.net/mbstring.func-overload ;mbstring.func_overload = 0 ; enable strict encoding detection. ; Default: Off ;mbstring.strict_detection = On ; This directive specifies the regex pattern of content types for which mb_outpu t_handler() ; is activated. ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) ;mbstring.http_output_conv_mimetype= [gd] ; Tell the jpeg decode to ignore warnings and try to create ; a gd image. The warning will then be displayed as notices ; disabled by default ; http://php.net/gd.jpeg-ignore-warning ;gd.jpeg_ignore_warning = 0 [exif] ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. ; With mbstring support this will automatically be converted into the encoding ; given by corresponding encode setting. When empty mbstring.internal_encoding ; is used. For the decode settings you can distinguish between motorola and ; intel byte order. A decode setting cannot be empty. ; http://php.net/exif.encode-unicode ;exif.encode_unicode = ISO-8859-15 ; http://php.net/exif.decode-unicode-motorola ;exif.decode_unicode_motorola = UCS-2BE ; http://php.net/exif.decode-unicode-intel ;exif.decode_unicode_intel = UCS-2LE ; http://php.net/exif.encode-jis ;exif.encode_jis = ; http://php.net/exif.decode-jis-motorola ;exif.decode_jis_motorola = JIS ; http://php.net/exif.decode-jis-intel ;exif.decode_jis_intel = JIS [Tidy] ; The path to a default tidy configuration file to use when using tidy ; http://php.net/tidy.default-config ;tidy.default_config = /usr/local/lib/php/default.tcfg ; Should tidy clean and repair output automatically? ; WARNING: Do not use this option if you are generating non-html content ; such as dynamic images ; http://php.net/tidy.clean-output tidy.clean_output = Off [soap] ; Enables or disables WSDL caching feature. ; http://php.net/soap.wsdl-cache-enabled soap.wsdl_cache_enabled=1 ; Sets the directory name where SOAP extension will put cache files. ; http://php.net/soap.wsdl-cache-dir ; RPM note : cache directory must be owned by process owner ; for mod_php, see /etc/httpd/conf.d/php.conf ; for php-fpm, see /etc/php-fpm.d/*conf soap.wsdl_cache_dir="/tmp" ; (time to live) Sets the number of second while cached file will be used ; instead of original one. ; http://php.net/soap.wsdl-cache-ttl soap.wsdl_cache_ttl=86400 ; Sets the size of the cache limit. (Max. number of WSDL files to cache) soap.wsdl_cache_limit = 5 [sysvshm] ; A default size of the shared memory segment ;sysvshm.init_mem = 10000 [ldap] ; Sets the maximum number of open links or -1 for unlimited. ldap.max_links = -1 [mcrypt] ; For more information about mcrypt settings see http://php.net/mcrypt-module-op en ; Directory where to load mcrypt algorithms ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) ;mcrypt.algorithms_dir= ; Directory where to load mcrypt modes ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) ;mcrypt.modes_dir= [dba] ;dba.default_handler= [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. ;curl.cainfo = [openssl] ; The location of a Certificate Authority (CA) file on the local filesystem ; to use when verifying the identity of SSL/TLS peers. Most users should ; not specify a value for this directive as PHP will attempt to use the ; OS-managed cert stores in its absence. If specified, this value may still ; be overridden on a per-stream basis via the "cafile" SSL stream context ; option. ;openssl.cafile= ; If openssl.cafile is not specified or if the CA file is not found, the ; directory pointed to by openssl.capath is searched for a suitable ; certificate. This value must be a correctly hashed certificate directory. ; Most users should not specify a value for this directive as PHP will ; attempt to use the OS-managed cert stores in its absence. If specified, ; this value may still be overridden on a per-stream basis via the "capath" ; SSL stream context option. ;openssl.capath= ; Local Variables: ; tab-width: 4 ; End: ================================================ FILE: site.yml ================================================ # file: site.yml - include: webservers.yml - include: mysqlservers.yml - include: queueservers.yml - include: elasticsearchservers.yml ================================================ FILE: webservers.yml ================================================ # file: webservers.yml - hosts: webservers become: true become_user: root roles: - common - webtier - custom