diff --git a/roles/ensure_apache/.gitignore b/roles/ensure_apache/.gitignore new file mode 100644 index 0000000..2722a80 --- /dev/null +++ b/roles/ensure_apache/.gitignore @@ -0,0 +1,97 @@ +# ---> Linux +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +# ---> Windows +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +# ---> macOS +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# ---> Vim +# Swap +[._]*.s[a-v][a-z] +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +# ---> VisualStudioCode +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json + +# ---> Ansible +*.retry + diff --git a/roles/ensure_apache/.travis.yml b/roles/ensure_apache/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/ensure_apache/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/ensure_apache/LICENSE b/roles/ensure_apache/LICENSE new file mode 100644 index 0000000..1344add --- /dev/null +++ b/roles/ensure_apache/LICENSE @@ -0,0 +1,163 @@ +GNU LESSER GENERAL PUBLIC LICENSE + +Version 3, 29 June 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license +document, but changing it is not allowed. + +This version of the GNU Lesser General Public License incorporates the terms +and conditions of version 3 of the GNU General Public License, supplemented +by the additional permissions listed below. + + 0. Additional Definitions. + + + +As used herein, "this License" refers to version 3 of the GNU Lesser General +Public License, and the "GNU GPL" refers to version 3 of the GNU General Public +License. + + + +"The Library" refers to a covered work governed by this License, other than +an Application or a Combined Work as defined below. + + + +An "Application" is any work that makes use of an interface provided by the +Library, but which is not otherwise based on the Library. Defining a subclass +of a class defined by the Library is deemed a mode of using an interface provided +by the Library. + + + +A "Combined Work" is a work produced by combining or linking an Application +with the Library. The particular version of the Library with which the Combined +Work was made is also called the "Linked Version". + + + +The "Minimal Corresponding Source" for a Combined Work means the Corresponding +Source for the Combined Work, excluding any source code for portions of the +Combined Work that, considered in isolation, are based on the Application, +and not on the Linked Version. + + + +The "Corresponding Application Code" for a Combined Work means the object +code and/or source code for the Application, including any data and utility +programs needed for reproducing the Combined Work from the Application, but +excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + +You may convey a covered work under sections 3 and 4 of this License without +being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + +If you modify a copy of the Library, and, in your modifications, a facility +refers to a function or data to be supplied by an Application that uses the +facility (other than as an argument passed when the facility is invoked), +then you may convey a copy of the modified version: + +a) under this License, provided that you make a good faith effort to ensure +that, in the event an Application does not supply the function or data, the +facility still operates, and performs whatever part of its purpose remains +meaningful, or + +b) under the GNU GPL, with none of the additional permissions of this License +applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + +The object code form of an Application may incorporate material from a header +file that is part of the Library. You may convey such object code under terms +of your choice, provided that, if the incorporated material is not limited +to numerical parameters, data structure layouts and accessors, or small macros, +inline functions and templates (ten or fewer lines in length), you do both +of the following: + +a) Give prominent notice with each copy of the object code that the Library +is used in it and that the Library and its use are covered by this License. + +b) Accompany the object code with a copy of the GNU GPL and this license document. + + 4. Combined Works. + +You may convey a Combined Work under terms of your choice that, taken together, +effectively do not restrict modification of the portions of the Library contained +in the Combined Work and reverse engineering for debugging such modifications, +if you also do each of the following: + +a) Give prominent notice with each copy of the Combined Work that the Library +is used in it and that the Library and its use are covered by this License. + +b) Accompany the Combined Work with a copy of the GNU GPL and this license +document. + +c) For a Combined Work that displays copyright notices during execution, include +the copyright notice for the Library among these notices, as well as a reference +directing the user to the copies of the GNU GPL and this license document. + + d) Do one of the following: + +0) Convey the Minimal Corresponding Source under the terms of this License, +and the Corresponding Application Code in a form suitable for, and under terms +that permit, the user to recombine or relink the Application with a modified +version of the Linked Version to produce a modified Combined Work, in the +manner specified by section 6 of the GNU GPL for conveying Corresponding Source. + +1) Use a suitable shared library mechanism for linking with the Library. A +suitable mechanism is one that (a) uses at run time a copy of the Library +already present on the user's computer system, and (b) will operate properly +with a modified version of the Library that is interface-compatible with the +Linked Version. + +e) Provide Installation Information, but only if you would otherwise be required +to provide such information under section 6 of the GNU GPL, and only to the +extent that such information is necessary to install and execute a modified +version of the Combined Work produced by recombining or relinking the Application +with a modified version of the Linked Version. (If you use option 4d0, the +Installation Information must accompany the Minimal Corresponding Source and +Corresponding Application Code. If you use option 4d1, you must provide the +Installation Information in the manner specified by section 6 of the GNU GPL +for conveying Corresponding Source.) + + 5. Combined Libraries. + +You may place library facilities that are a work based on the Library side +by side in a single library together with other library facilities that are +not Applications and are not covered by this License, and convey such a combined +library under terms of your choice, if you do both of the following: + +a) Accompany the combined library with a copy of the same work based on the +Library, uncombined with any other library facilities, conveyed under the +terms of this License. + +b) Give prominent notice with the combined library that part of it is a work +based on the Library, and explaining where to find the accompanying uncombined +form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + +The Free Software Foundation may publish revised and/or new versions of the +GNU Lesser General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to address +new problems or concerns. + +Each version is given a distinguishing version number. If the Library as you +received it specifies that a certain numbered version of the GNU Lesser General +Public License "or any later version" applies to it, you have the option of +following the terms and conditions either of that published version or of +any later version published by the Free Software Foundation. If the Library +as you received it does not specify a version number of the GNU Lesser General +Public License, you may choose any version of the GNU Lesser General Public +License ever published by the Free Software Foundation. + +If the Library as you received it specifies that a proxy can decide whether +future versions of the GNU Lesser General Public License shall apply, that +proxy's public statement of acceptance of any version is permanent authorization +for you to choose that version for the Library. diff --git a/roles/ensure_apache/README.md b/roles/ensure_apache/README.md new file mode 100644 index 0000000..d5477b4 --- /dev/null +++ b/roles/ensure_apache/README.md @@ -0,0 +1,73 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Feature List +------------ + +* Apache deployed +* Enables HTTP/2 +* Enables and convets connections to HTTPS by default +* ACME based TLS Certificate request and renewal +* ACME uses Lets Encrypt by default, alternative ACME Providers may be specified +* Optionally act as a proxy to another URL +* Optionally redirect traffic to another URL +* Optionally populate DocumentRoot with git clone +* Multiple DocumentRoots supported, with aliases + +Role Variables +-------------- + +* Lets Encrypt configuration + * lets_encrypt_admin : The Email address your Lets Encrypt account is with + * lets_encrypt_url : The ACME URL to speak with, defaults to Lets Encrypt, may set to 'https://acme-staging-v02.api.letsencrypt.org/directory' for Staging + +* Web Host variable of type list + * http_vhost +* required dictionary elements + * fqdn : The FQDN of the website +* optional dictionary elements + * aliases : list of alternative FQDN for the website + * proxy : URL to direct traffic for the FQDN to, e.g. http://localhost:8080 + * redirect : Where should we send traffic? + * repo : git URL of website repo to clone/update + +~~~ +lets_encrypt_admin: 'acme@example.com' +lets_encrypt_url: 'https://ipa.example.com' +http_vhost: + - fqdn: 'www.example.com' + aliases: + - 'exmaple.com' + proxy: 'http://localhost:8080' +~~~ + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/ensure_apache/defaults/main.yml b/roles/ensure_apache/defaults/main.yml new file mode 100644 index 0000000..baf6991 --- /dev/null +++ b/roles/ensure_apache/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# defaults file for ensure_apache +lets_encrypt_admin: 'root@example.com' +lets_encrypt_url: 'https://acme-v02.api.letsencrypt.org/directory' diff --git a/roles/ensure_apache/handlers/main.yml b/roles/ensure_apache/handlers/main.yml new file mode 100644 index 0000000..dbac500 --- /dev/null +++ b/roles/ensure_apache/handlers/main.yml @@ -0,0 +1,29 @@ +--- +# handlers file for ensure_apache +- name: 'ensure_apache.package_facts' + ansible.builtin.package_facts: +- name: 'ensure_apache.service_facts' + ansible.builtin.service_facts: +- name: 'ensure_apache.service_reload' + when: + - ansible_facts["system"] == 'Linux' + - ansible_facts["service_mgr"] == 'systemd' + - ensure_apache is defined + ansible.builtin.systemd: + daemon_reload: 'yes' +- name: 'ensure_apache.service_restart' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - ensure_apache.service_list is defined + - ensure_apache.service_list is iterable + - item.state == 'started' + ansible.builtin.service: + enabled: '{{ item.enabled }}' + name: '{{ item.name }}' + state: 'restarted' + loop: '{{ ensure_apache.service_list }}' + loop_control: + label: '{{ item.name }} will be restarted' +... + diff --git a/roles/ensure_apache/meta/main.yml b/roles/ensure_apache/meta/main.yml new file mode 100644 index 0000000..71a68a3 --- /dev/null +++ b/roles/ensure_apache/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: Jason Rothstein + description: Ensure Apache is installed, running, and functional + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: LGPL-3.0-or-later + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + diff --git a/roles/ensure_apache/tasks/main.yml b/roles/ensure_apache/tasks/main.yml new file mode 100644 index 0000000..2403ceb --- /dev/null +++ b/roles/ensure_apache/tasks/main.yml @@ -0,0 +1,225 @@ +--- +# tasks file for ensure_apache +- name: 'include variables' + when: + - ansible_facts["system"] == 'Linux' + include_vars: + file: '{{ lookup("first_found", findme ) }}' + name: 'ensure_apache' + vars: + findme: + files: + - '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml' + - '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml' + - '{{ ansible_facts["distribution"] }}-default.yml' + - '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml' + - '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml' + - '{{ ansible_facts["os_family"] }}-default.yml' + - 'default.yml' + paths: + - '../vars/' + errors: 'ignore' +- name: 'package discovery' + when: + - ansible_facts["system"] == 'Linux' + - ansible_facts["packages"] is not defined + ansible.builtin.package_facts: +- name: 'service discovery' + when: + - ansible_facts["system"] == 'Linux' + - ansible_facts["services"] is not defined + ansible.builtin.service_facts: +- name: 'ensure sysctl' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - ensure_apache.sysctl_list is defined + - ensure_apache.sysctl_list is iterable + ansible.posix.sysctl: + name: '{{ item.name }}' + reload: '{{ item.reload | default(omit) }}' + state: '{{ item.state }}' + sysctl_file: '{{ item.sysctl_file | default(omit) }}' + sysctl_set: '{{ item.sysctl_set | default(omit) }}' + value: '{{ item.value | default(omit) }}' + loop: '{{ ensure_apache.sysctl_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.value }}' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure packages' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - ensure_apache.package_list is defined + - ensure_apache.package_list is iterable + ansible.builtin.package: + name: '{{ item.name }}' + state: '{{ item.state }}' + loop: '{{ ensure_apache.package_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.state }}' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure seboolean' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - ensure_apache.seboolean_list is defined + - ensure_apache.seboolean_list is iterable + ansible.posix.seboolean: + name: '{{ item.name }}' + persistent: '{{ item.persistent }}' + state: '{{ item.state }}' + loop: '{{ ensure_apache.seboolean_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.state }}' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure configurations' + when: + - ansible_facts["system"] == 'Linux' + - http_vhost is defined + - ensure_apache is defined + - ensure_apache.template_list is defined + - ensure_apache.template_list is iterable + ansible.builtin.template: + backup: 'no' + dest: '{{ item.dest }}' + group: '{{ item.group | default(omit) }}' + mode: '{{ item.mode | default(omit) }}' + owner: '{{ item.owner | default(omit) }}' + selevel: '{{ iteml.selevel | default(omit) }}' + serole: '{{ item.serole | default(omit) }}' + setype: '{{ item.setype | default(omit) }}' + seuser: '{{ item.seuser | default(omit) }}' + src: '{{ item.src }}' + loop: '{{ ensure_apache.template_list }}' + loop_control: + label: '{{ item.dest }} will be ensured' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure firewall' + when: + - ansible_facts["system"] == 'Linux' + - ansible_facts.packages["firewalld"] is defined + - ansible_facts.packages["python3-firewall"] is defined + - ensure_apache is defined + - ensure_apache.firewall_list is defined + - ensure_apache.firewall_list is iterable + ansible.posix.firewalld: + permanent: '{{ item.permanent }}' + service: '{{ item.service }}' + state: '{{ item.state }}' + loop: '{{ ensure_apache.firewall_list }}' + loop_control: + label: '{{ item.service }} will be {{ item.state }}' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure permissions' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - http_vhost is defined + - http_vhost is iterable + - ensure_apache.permission_list is defined + - ensure_apache.permission_list is iterable + ansible.builtin.file: + attributes: '{{ item.attributes | default(omit) }}' + follow: '{{ item.follow | default(omit) }}' + force: '{{ item.force | default(omit) }}' + group: '{{ item.group | default(omit) }}' + owner: '{{ item.owner | default(omit) }}' + mode: '{{ item.mode | default(omit) }}' + path: '{{ item.path }}' + reuse: '{{ item.reuse | default(omit) }}' + selevel: '{{ item.selevel | default(omit) }}' + serole: '{{ item.serole | default(omit) }}' + setype: '{{ item.setype | default(omit) }}' + seuser: '{{ item.seuser | default(omit) }}' + src: '{{ item.src | default(omit) }}' + state: '{{ item.state }}' + loop: '{{ ensure_apache.permission_list }}' + loop_control: + label: '{{ item.path }} will be ensured' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure vhost document roots' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - http_vhost is defined + - http_vhost is iterable + - item.fqdn is defined + ansible.builtin.file: + path: '/srv/http/{{ item.fqdn }}' + state: 'directory' + setype: 'httpd_sys_content_t' + loop: '{{ http_vhost }}' + loop_control: + label: '/srv/http/{{ item.fqdn }} will be ensured' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure website content from git repos' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - http_vhost is defined + - http_vhost is iterable + - item.fqdn is defined + - item.repo is defined + ansible.builtin.git: + accept_hostkey: 'yes' + dest: '/srv/http/{{ item.fqdn }}' + repo: '{{ item.repo }}' + loop: '{{ http_vhost }}' + loop_control: + label: '/srv/http/{{ item.fqdn }} will be populated...' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'ensure services' + when: + - ansible_facts["system"] == 'Linux' + - ensure_apache is defined + - ensure_apache.service_list is defined + - ensure_apache.service_list is iterable + ansible.builtin.service: + enabled: '{{ item.enabled }}' + name: '{{ item.name }}' + state: '{{ item.state }}' + loop: '{{ ensure_apache.service_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.state }}' + notify: + - 'ensure_apache.package_facts' + - 'ensure_apache.service_facts' + - 'ensure_apache.service_reload' + - 'ensure_apache.service_restart' +- name: 'flush handlers' + meta: 'flush_handlers' +... + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/README b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/README new file mode 100644 index 0000000..6071deb --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/README @@ -0,0 +1,9 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. The directory is used in +addition to the directory /etc/httpd/conf.modules.d/, which contains +configuration files necessary to load modules. + +Files are processed in sorted order. See httpd.conf(5) for more +information. diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/autoindex.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/autoindex.conf new file mode 100644 index 0000000..0e487ac --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/autoindex.conf @@ -0,0 +1,93 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + + + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* +AddIconByType /icons/bomb.gif application/x-coredump + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/php.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/php.conf new file mode 100644 index 0000000..639652b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/php.conf @@ -0,0 +1,62 @@ +# +# The following lines prevent .user.ini files from being viewed by Web clients. +# + + Require all denied + + +# +# Allow php to handle Multiviews +# +AddType text/html .php + +# +# Add index.php to the list of files that will be served as directory +# indexes. +# +DirectoryIndex index.php + +# +# Redirect to local php-fpm (no mod_php in default configuration) +# + + # Enable http authorization headers + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + + SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" + + + +# +# mod_php is deprecated as FPM is now used by default with httpd in event mode +# mod_php is only used when explicitly enabled or httpd switch to prefork mode +# +# mod_php options +# + + # + # Cause the PHP interpreter to handle files with a .php extension. + # + + SetHandler application/x-httpd-php + + + # + # Uncomment the following lines to allow PHP to pretty-print .phps + # files as PHP source code: + # + # + # SetHandler application/x-httpd-php-source + # + + # + # Apache specific PHP configuration options + # those can be override in each configured vhost + # + php_value session.save_handler "files" + php_value session.save_path "/var/lib/php/session" + php_value soap.wsdl_cache_dir "/var/lib/php/wsdlcache" + + #php_value opcache.file_cache "/var/lib/php/opcache" + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/ssl.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..373b9e5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/ssl.conf @@ -0,0 +1,219 @@ +# +# When we also provide SSL we have to listen to the +# standard HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# List the protocol versions which clients are allowed to connect with. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +#SSLProtocol all -SSLv3 +#SSLProxyProtocol all -SSLv3 + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +SSLCipherSuite PROFILE=SYSTEM +SSLProxyCipherSuite PROFILE=SYSTEM + +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that restarting httpd will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) +# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) +# require an ECC certificate which can also be configured in +# parallel. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +# ECC keys, when in use, can also be configured in parallel +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convenience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is sent or allowed to be received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is sent and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/userdir.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/vhost.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/vhost.conf new file mode 100644 index 0000000..b3d60e1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/vhost.conf @@ -0,0 +1,72 @@ +MDBaseServer on +MDCertificateAgreement accepted +MDCertificateAuthority {{ lets_encrypt_url }} +MDContactEmail {{ lets_encrypt_admin }} +MDPrivateKeys secp384r1 secp256r1 RSA 4096 +MDRequireHttps temporary +MDStoreDir md + + + AllowOverride None + Require all granted + + +{% for item in http_vhost %} + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + + ServerName {{ item.fqdn }} +{% if item.aliases is defined %} +{% for item_alias in item.aliases %} + ServerAlias {{ item_alias }} +{% endfor %} +{% endif %} + ServerAdmin webmaster@{{ item.fqdn }} + DocumentRoot /srv/http/{{ item.fqdn }} +{% if item.redirect is defined %} + RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} +{% endif %} + + +MDomain {{ item.fqdn }} + + + SSLEngine on + SSLProtocol all -TLSv1.1 + SSLProxyProtocol all -TLSv1.1 + SSLHonorCipherOrder on + SSLCipherSuite PROFILE=SYSTEM + SSLProxyCipherSuite PROFILE=SYSTEM + ServerName {{ item.fqdn }} +{% if item.aliases is defined %} +{% for item_alias in item.aliases %} + ServerAlias {{ item_alias }} +{% endfor %} +{% endif %} + ServerAdmin webmaster@{{ item.fqdn }} + DocumentRoot /srv/http/{{ item.fqdn }} + Alias /error/ "/var/www/error/" +{% if item.proxy is defined %} + ProxyPass "/.well-known" "!" + ProxyPass "/phpMyAdmin" "!" + ProxyPass "/phpmyadmin" "!" + ProxyPass "/" "{{ item.proxy }}" + ProxyPassReverse "/" "{{ item.proxy }}" + ProxyTimeout 300 +{% endif %} +{% if item.redirect is defined %} + RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} +{% endif %} + + Require all denied + + + Require all denied + + + +{% endfor %} diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/welcome.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/welcome.conf new file mode 100644 index 0000000..232c251 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.d/welcome.conf @@ -0,0 +1,20 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# + + Options -Indexes + ErrorDocument 403 /.noindex.html + + + + AllowOverride None + Require all granted + + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /poweredby.png /usr/share/httpd/icons/apache_pb3.png +Alias /system_noindex_logo.png /usr/share/httpd/icons/system_noindex_logo.png diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-base.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-base.conf new file mode 100644 index 0000000..bae2bf6 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-base.conf @@ -0,0 +1,69 @@ +# +# This file loads most of the modules included with the Apache HTTP +# Server itself. +# + +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule allowmethods_module modules/mod_allowmethods.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbd_module modules/mod_authn_dbd.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule cache_module modules/mod_cache.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule cache_socache_module modules/mod_cache_socache.so +LoadModule data_module modules/mod_data.so +LoadModule dbd_module modules/mod_dbd.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule dumpio_module modules/mod_dumpio.so +LoadModule echo_module modules/mod_echo.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule include_module modules/mod_include.so +LoadModule info_module modules/mod_info.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule macro_module modules/mod_macro.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule mime_module modules/mod_mime.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule request_module modules/mod_request.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +LoadModule socache_dbm_module modules/mod_socache_dbm.so +LoadModule socache_memcache_module modules/mod_socache_memcache.so +LoadModule socache_redis_module modules/mod_socache_redis.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule status_module modules/mod_status.so +LoadModule substitute_module modules/mod_substitute.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule version_module modules/mod_version.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule watchdog_module modules/mod_watchdog.so + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-brotli.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-brotli.conf new file mode 100644 index 0000000..c2e0e9e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-brotli.conf @@ -0,0 +1 @@ +LoadModule brotli_module modules/mod_brotli.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-dav.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-dav.conf new file mode 100644 index 0000000..e6af8de --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-dav.conf @@ -0,0 +1,3 @@ +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-lua.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-lua.conf new file mode 100644 index 0000000..9e0d0db --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-lua.conf @@ -0,0 +1 @@ +LoadModule lua_module modules/mod_lua.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-mpm.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-mpm.conf new file mode 100644 index 0000000..647fa3d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-mpm.conf @@ -0,0 +1,23 @@ +# Select the MPM module which should be used by uncommenting exactly +# one of the following LoadModule lines. See the httpd.conf(5) man +# page for more information on changing the MPM. + +# prefork MPM: Implements a non-threaded, pre-forking web server +# See: http://httpd.apache.org/docs/2.4/mod/prefork.html +# +# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux +# boolean should be enabled, to allow graceful stop/shutdown. +# +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so + +# worker MPM: Multi-Processing Module implementing a hybrid +# multi-threaded multi-process web server +# See: http://httpd.apache.org/docs/2.4/mod/worker.html +# +#LoadModule mpm_worker_module modules/mod_mpm_worker.so + +# event MPM: A variant of the worker MPM with the goal of consuming +# threads only for connections with active processing +# See: http://httpd.apache.org/docs/2.4/mod/event.html +# +LoadModule mpm_event_module modules/mod_mpm_event.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-optional.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-optional.conf new file mode 100644 index 0000000..ef584ec --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-optional.conf @@ -0,0 +1,18 @@ +# +# This file lists modules included with the Apache HTTP Server +# which are not enabled by default. +# + +#LoadModule asis_module modules/mod_asis.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule speling_module modules/mod_speling.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-proxy.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-proxy.conf new file mode 100644 index 0000000..f0f84c2 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-proxy.conf @@ -0,0 +1,18 @@ +# This file configures all the proxy modules: +LoadModule proxy_module modules/mod_proxy.so +LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_express_module modules/mod_proxy_express.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-ssl.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-ssl.conf new file mode 100644 index 0000000..53235cd --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-ssl.conf @@ -0,0 +1 @@ +LoadModule ssl_module modules/mod_ssl.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-systemd.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-systemd.conf new file mode 100644 index 0000000..b208c97 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/00-systemd.conf @@ -0,0 +1,2 @@ +# This file configures systemd module: +LoadModule systemd_module modules/mod_systemd.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/01-cgi.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/01-cgi.conf new file mode 100644 index 0000000..4b680cf --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/01-cgi.conf @@ -0,0 +1,11 @@ +# This configuration file loads a CGI module appropriate to the MPM +# which has been configured in 00-mpm.conf. mod_cgid should be used +# with a threaded MPM; mod_cgi with the prefork MPM. + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgi_module modules/mod_cgi.so + + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/01-md.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/01-md.conf new file mode 100644 index 0000000..2739202 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/01-md.conf @@ -0,0 +1 @@ +LoadModule md_module modules/mod_md.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/10-h2.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/10-h2.conf new file mode 100644 index 0000000..12c28aa --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/10-h2.conf @@ -0,0 +1 @@ +LoadModule http2_module modules/mod_http2.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/10-proxy_h2.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/10-proxy_h2.conf new file mode 100644 index 0000000..61dc6d0 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/10-proxy_h2.conf @@ -0,0 +1 @@ +LoadModule proxy_http2_module modules/mod_proxy_http2.so diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/README b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/README new file mode 100644 index 0000000..f4b055d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf.modules.d/README @@ -0,0 +1,10 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. This directory contains +configuration fragments necessary only to load modules. +Administrators should use the directory "/etc/httpd/conf.d" to modify +the configuration of httpd, or any modules. + +Files are processed in sorted order and should have a two digit +numeric prefix. See httpd.conf(5) for more information. diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf/httpd.conf b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf/httpd.conf new file mode 100644 index 0000000..e49ab6a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf/httpd.conf @@ -0,0 +1,374 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# See the httpd.conf(5) man page for more information on this configuration, +# and httpd.service(8) on using and configuring the httpd service. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/etc/httpd" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on a specific IP address, but note that if +# httpd.service is enabled to run at boot time, the address may not be +# available when the service starts. See the httpd.service(8) man +# page for more information. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +Include conf.modules.d/*.conf + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User apache +Group apache + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Relax access to content within /var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + +# Supplemental configuration +# +# Load config files in the "/etc/httpd/conf.d" directory, if any. +IncludeOptional conf.d/*.conf diff --git a/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf/magic b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf/magic new file mode 100644 index 0000000..9a41b44 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/httpd/conf/magic @@ -0,0 +1,397 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + + +#------------------------------------------------------------------------------ +# application/x-coredump for LE/BE ELF +# +0 string \177ELF +>5 byte 1 +>16 leshort 4 application/x-coredump + +0 string \177ELF +>5 byte 2 +>16 beshort 4 application/x-coredump + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/logrotate.d/httpd b/roles/ensure_apache/templates/Fedora/42/etc/logrotate.d/httpd new file mode 100644 index 0000000..c5a008c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/logrotate.d/httpd @@ -0,0 +1,11 @@ +# Note that logs are not compressed unless "compress" is configured, +# which can be done either here or globally in /etc/logrotate.conf. +/var/log/httpd/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true + endscript +} diff --git a/roles/ensure_apache/templates/Fedora/42/etc/logrotate.d/php-fpm b/roles/ensure_apache/templates/Fedora/42/etc/logrotate.d/php-fpm new file mode 100644 index 0000000..25f9feb --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/logrotate.d/php-fpm @@ -0,0 +1,9 @@ +/var/log/php-fpm/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true + endscript +} diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-fpm.conf b/roles/ensure_apache/templates/Fedora/42/etc/php-fpm.conf new file mode 100644 index 0000000..750f987 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-fpm.conf @@ -0,0 +1,135 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Default Value: none +pid = /run/php-fpm/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Default Value: /var/log/php-fpm.log +error_log = /var/log/php-fpm/error.log + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +;process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +;process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +include=/etc/php-fpm.d/*.conf + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-fpm.d/www.conf b/roles/ensure_apache/templates/Fedora/42/etc/php-fpm.d/www.conf new file mode 100644 index 0000000..7294d39 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-fpm.d/www.conf @@ -0,0 +1,438 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or @php_fpm_prefix@) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +; RPM: apache user chosen to provide access to the same directories as httpd +user = apache +; RPM: Keep a group allowed to write in log dir. +group = apache + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php-fpm/www.sock + +; Set listen(2) backlog. +; Default Value: 511 +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = nobody +;listen.group = nobody +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +listen.acl_users = apache,nginx +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 50 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 5 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 5 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 35 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: @EXPANDED_DATADIR@/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/php-fpm/www-slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or @prefix@) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +php_admin_value[error_log] = /var/log/php-fpm/www-error.log +php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 128M + +; Set the following data paths to directories owned by the FPM process user. +; +; Do not change the ownership of existing system directories, if the process +; user does not have write permission, create dedicated directories for this +; purpose. +; +; See warning about choosing the location of these directories on your system +; at http://php.net/session.save-path +php_value[session.save_handler] = files +php_value[session.save_path] = /var/lib/php/session +php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache +;php_value[opcache.file_cache] = /var/lib/php/opcache diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/10-opcache.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/10-opcache.ini new file mode 100644 index 0000000..bbb4436 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/10-opcache.ini @@ -0,0 +1,148 @@ +; Enable Zend OPcache extension module +zend_extension=opcache + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +; This hack should only be enabled to work around "Cannot redeclare class" +; errors. +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. +opcache.blacklist_filename=/etc/php-zts.d/opcache*.blacklist + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +; RPM note : file cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +opcache.huge_code_pages=0 + +; Validate cached file permissions. +; Leads OPcache to check file readability on each access to cached file. +; This directive should be enabled in shared hosting environment, when few +; users (PHP-FPM pools) reuse the common OPcache shared memory. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +; This directive prevents file name collisions in different "chroot" +; environments. It should be enabled for sites that may serve requests in +; different "chroot" environments. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; http://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; http://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-bz2.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-bz2.ini new file mode 100644 index 0000000..ad6600e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-bz2.ini @@ -0,0 +1,2 @@ +; Enable bz2 extension module +extension=bz2 diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-calendar.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-calendar.ini new file mode 100644 index 0000000..8f1d291 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-calendar.ini @@ -0,0 +1,2 @@ +; Enable calendar extension module +extension=calendar diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-ctype.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-ctype.ini new file mode 100644 index 0000000..4bde80c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-ctype.ini @@ -0,0 +1,2 @@ +; Enable ctype extension module +extension=ctype diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-curl.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-curl.ini new file mode 100644 index 0000000..08697ce --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-curl.ini @@ -0,0 +1,2 @@ +; Enable curl extension module +extension=curl diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-dom.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-dom.ini new file mode 100644 index 0000000..7d77c45 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-dom.ini @@ -0,0 +1,2 @@ +; Enable dom extension module +extension=dom diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-exif.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-exif.ini new file mode 100644 index 0000000..40b0000 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-exif.ini @@ -0,0 +1,2 @@ +; Enable exif extension module +extension=exif diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-fileinfo.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-fileinfo.ini new file mode 100644 index 0000000..e54e360 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-fileinfo.ini @@ -0,0 +1,2 @@ +; Enable fileinfo extension module +extension=fileinfo diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-ftp.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-ftp.ini new file mode 100644 index 0000000..e492d12 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-ftp.ini @@ -0,0 +1,2 @@ +; Enable ftp extension module +extension=ftp diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-gettext.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-gettext.ini new file mode 100644 index 0000000..d67ae7d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-gettext.ini @@ -0,0 +1,2 @@ +; Enable gettext extension module +extension=gettext diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-iconv.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-iconv.ini new file mode 100644 index 0000000..03aee46 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-iconv.ini @@ -0,0 +1,2 @@ +; Enable iconv extension module +extension=iconv diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-json.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-json.ini new file mode 100644 index 0000000..2b6607b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-json.ini @@ -0,0 +1,2 @@ +; Enable json extension module +extension=json diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-mbstring.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-mbstring.ini new file mode 100644 index 0000000..625cc73 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-mbstring.ini @@ -0,0 +1,2 @@ +; Enable mbstring extension module +extension=mbstring diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-mysqlnd.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-mysqlnd.ini new file mode 100644 index 0000000..a66ea66 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-mysqlnd.ini @@ -0,0 +1,2 @@ +; Enable mysqlnd extension module +extension=mysqlnd diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-pdo.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-pdo.ini new file mode 100644 index 0000000..5a46a1f --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-pdo.ini @@ -0,0 +1,2 @@ +; Enable pdo extension module +extension=pdo diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-phar.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-phar.ini new file mode 100644 index 0000000..8224a1b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-phar.ini @@ -0,0 +1,2 @@ +; Enable phar extension module +extension=phar diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-simplexml.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-simplexml.ini new file mode 100644 index 0000000..6f13cb5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-simplexml.ini @@ -0,0 +1,2 @@ +; Enable simplexml extension module +extension=simplexml diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sockets.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sockets.ini new file mode 100644 index 0000000..f17ae3e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sockets.ini @@ -0,0 +1,2 @@ +; Enable sockets extension module +extension=sockets diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sodium.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sodium.ini new file mode 100644 index 0000000..c3a6b65 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sodium.ini @@ -0,0 +1,2 @@ +; Enable sodium extension module +extension=sodium diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sqlite3.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sqlite3.ini new file mode 100644 index 0000000..7a4c543 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-sqlite3.ini @@ -0,0 +1,2 @@ +; Enable sqlite3 extension module +extension=sqlite3 diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-tokenizer.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-tokenizer.ini new file mode 100644 index 0000000..44c800a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-tokenizer.ini @@ -0,0 +1,2 @@ +; Enable tokenizer extension module +extension=tokenizer diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xml.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xml.ini new file mode 100644 index 0000000..976ebf7 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xml.ini @@ -0,0 +1,2 @@ +; Enable xml extension module +extension=xml diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xmlwriter.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xmlwriter.ini new file mode 100644 index 0000000..3b92225 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xmlwriter.ini @@ -0,0 +1,2 @@ +; Enable xmlwriter extension module +extension=xmlwriter diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xsl.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xsl.ini new file mode 100644 index 0000000..5dd90a8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/20-xsl.ini @@ -0,0 +1,2 @@ +; Enable xsl extension module +extension=xsl diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-mysqli.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-mysqli.ini new file mode 100644 index 0000000..d50df50 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-mysqli.ini @@ -0,0 +1,2 @@ +; Enable mysqli extension module +extension=mysqli diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-pdo_mysql.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-pdo_mysql.ini new file mode 100644 index 0000000..933bef1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-pdo_mysql.ini @@ -0,0 +1,2 @@ +; Enable pdo_mysql extension module +extension=pdo_mysql diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-pdo_sqlite.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-pdo_sqlite.ini new file mode 100644 index 0000000..f661146 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-pdo_sqlite.ini @@ -0,0 +1,2 @@ +; Enable pdo_sqlite extension module +extension=pdo_sqlite diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-xmlreader.ini b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-xmlreader.ini new file mode 100644 index 0000000..f87ebf8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/30-xmlreader.ini @@ -0,0 +1,2 @@ +; Enable xmlreader extension module +extension=xmlreader diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/opcache-default.blacklist b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/opcache-default.blacklist new file mode 100644 index 0000000..0cc2e18 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php-zts.d/opcache-default.blacklist @@ -0,0 +1,11 @@ +; The blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +; Files are usually triggered by one of the following three reasons: +; 1) Directories that contain auto generated code, like Smarty or ZFW cache. +; 2) Code that does not work well when accelerated, due to some delayed +; compile time evaluation. +; 3) Code that triggers an OPcache bug. + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/10-opcache.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/10-opcache.ini new file mode 100644 index 0000000..b3d4e6e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/10-opcache.ini @@ -0,0 +1,154 @@ +; Enable Zend OPcache extension module +zend_extension=opcache + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +; This hack should only be enabled to work around "Cannot redeclare class" +; errors. +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. +opcache.blacklist_filename=/etc/php.d/opcache*.blacklist + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +; RPM note : file cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; Under certain circumstances (if only a single global PHP process is +; started from which all others fork), this can increase performance +; by a tiny amount because TLB misses are reduced. On the other hand, this +; delays PHP startup, increases memory usage and degrades performance +; under memory pressure - use with care. +; Requires appropriate OS configuration. +opcache.huge_code_pages=0 + +; Validate cached file permissions. +; Leads OPcache to check file readability on each access to cached file. +; This directive should be enabled in shared hosting environment, when few +; users (PHP-FPM pools) reuse the common OPcache shared memory. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +; This directive prevents file name collisions in different "chroot" +; environments. It should be enabled for sites that may serve requests in +; different "chroot" environments. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-bz2.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-bz2.ini new file mode 100644 index 0000000..ad6600e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-bz2.ini @@ -0,0 +1,2 @@ +; Enable bz2 extension module +extension=bz2 diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-calendar.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-calendar.ini new file mode 100644 index 0000000..8f1d291 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-calendar.ini @@ -0,0 +1,2 @@ +; Enable calendar extension module +extension=calendar diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-ctype.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-ctype.ini new file mode 100644 index 0000000..4bde80c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-ctype.ini @@ -0,0 +1,2 @@ +; Enable ctype extension module +extension=ctype diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-curl.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-curl.ini new file mode 100644 index 0000000..08697ce --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-curl.ini @@ -0,0 +1,2 @@ +; Enable curl extension module +extension=curl diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-dom.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-dom.ini new file mode 100644 index 0000000..7d77c45 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-dom.ini @@ -0,0 +1,2 @@ +; Enable dom extension module +extension=dom diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-exif.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-exif.ini new file mode 100644 index 0000000..40b0000 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-exif.ini @@ -0,0 +1,2 @@ +; Enable exif extension module +extension=exif diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-fileinfo.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-fileinfo.ini new file mode 100644 index 0000000..e54e360 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-fileinfo.ini @@ -0,0 +1,2 @@ +; Enable fileinfo extension module +extension=fileinfo diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-ftp.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-ftp.ini new file mode 100644 index 0000000..e492d12 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-ftp.ini @@ -0,0 +1,2 @@ +; Enable ftp extension module +extension=ftp diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-gettext.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-gettext.ini new file mode 100644 index 0000000..d67ae7d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-gettext.ini @@ -0,0 +1,2 @@ +; Enable gettext extension module +extension=gettext diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-iconv.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-iconv.ini new file mode 100644 index 0000000..03aee46 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-iconv.ini @@ -0,0 +1,2 @@ +; Enable iconv extension module +extension=iconv diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-json.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-json.ini new file mode 100644 index 0000000..2b6607b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-json.ini @@ -0,0 +1,2 @@ +; Enable json extension module +extension=json diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-mbstring.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-mbstring.ini new file mode 100644 index 0000000..625cc73 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-mbstring.ini @@ -0,0 +1,2 @@ +; Enable mbstring extension module +extension=mbstring diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-mysqlnd.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-mysqlnd.ini new file mode 100644 index 0000000..a66ea66 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-mysqlnd.ini @@ -0,0 +1,2 @@ +; Enable mysqlnd extension module +extension=mysqlnd diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-pdo.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-pdo.ini new file mode 100644 index 0000000..5a46a1f --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-pdo.ini @@ -0,0 +1,2 @@ +; Enable pdo extension module +extension=pdo diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-phar.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-phar.ini new file mode 100644 index 0000000..8224a1b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-phar.ini @@ -0,0 +1,2 @@ +; Enable phar extension module +extension=phar diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-simplexml.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-simplexml.ini new file mode 100644 index 0000000..6f13cb5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-simplexml.ini @@ -0,0 +1,2 @@ +; Enable simplexml extension module +extension=simplexml diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sockets.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sockets.ini new file mode 100644 index 0000000..f17ae3e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sockets.ini @@ -0,0 +1,2 @@ +; Enable sockets extension module +extension=sockets diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sodium.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sodium.ini new file mode 100644 index 0000000..c3a6b65 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sodium.ini @@ -0,0 +1,2 @@ +; Enable sodium extension module +extension=sodium diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sqlite3.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sqlite3.ini new file mode 100644 index 0000000..7a4c543 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-sqlite3.ini @@ -0,0 +1,2 @@ +; Enable sqlite3 extension module +extension=sqlite3 diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-tokenizer.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-tokenizer.ini new file mode 100644 index 0000000..44c800a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-tokenizer.ini @@ -0,0 +1,2 @@ +; Enable tokenizer extension module +extension=tokenizer diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xml.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xml.ini new file mode 100644 index 0000000..976ebf7 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xml.ini @@ -0,0 +1,2 @@ +; Enable xml extension module +extension=xml diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xmlwriter.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xmlwriter.ini new file mode 100644 index 0000000..3b92225 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xmlwriter.ini @@ -0,0 +1,2 @@ +; Enable xmlwriter extension module +extension=xmlwriter diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xsl.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xsl.ini new file mode 100644 index 0000000..5dd90a8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/20-xsl.ini @@ -0,0 +1,2 @@ +; Enable xsl extension module +extension=xsl diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-mysqli.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-mysqli.ini new file mode 100644 index 0000000..d50df50 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-mysqli.ini @@ -0,0 +1,2 @@ +; Enable mysqli extension module +extension=mysqli diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-pdo_mysql.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-pdo_mysql.ini new file mode 100644 index 0000000..933bef1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-pdo_mysql.ini @@ -0,0 +1,2 @@ +; Enable pdo_mysql extension module +extension=pdo_mysql diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-pdo_sqlite.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-pdo_sqlite.ini new file mode 100644 index 0000000..f661146 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-pdo_sqlite.ini @@ -0,0 +1,2 @@ +; Enable pdo_sqlite extension module +extension=pdo_sqlite diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-xmlreader.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-xmlreader.ini new file mode 100644 index 0000000..f87ebf8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/30-xmlreader.ini @@ -0,0 +1,2 @@ +; Enable xmlreader extension module +extension=xmlreader diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.d/opcache-default.blacklist b/roles/ensure_apache/templates/Fedora/42/etc/php.d/opcache-default.blacklist new file mode 100644 index 0000000..0cc2e18 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.d/opcache-default.blacklist @@ -0,0 +1,11 @@ +; The blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +; Files are usually triggered by one of the following three reasons: +; 1) Directories that contain auto generated code, like Smarty or ZFW cache. +; 2) Code that does not work well when accelerated, due to some delayed +; compile time evaluation. +; 3) Code that triggers an OPcache bug. + diff --git a/roles/ensure_apache/templates/Fedora/42/etc/php.ini b/roles/ensure_apache/templates/Fedora/42/etc/php.ini new file mode 100644 index 0000000..cdd2c0b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/php.ini @@ -0,0 +1,1633 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. +; 3. A number of predefined registry keys on Windows +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (usually C:\windows) +; See the PHP docs for more specific information. +; https://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; https://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security-conscious applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is the php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; + +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +; zend.assertions +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 + +; zend.exception_ignore_args +; Default Value: Off +; Development Value: Off +; Production Value: On + +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to an empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; https://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; https://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; https://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; https://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; https://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; https://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; https://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; https://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; https://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; https://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; How many multipart body parts (combined input variable and file uploads) may +; be accepted. +; Default Value: -1 (Sum of max_input_vars and max_file_uploads) +;max_multipart_body_parts = 1500 + +; Maximum amount of memory a script may consume +; https://php.net/memory-limit +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; https://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; https://php.net/log-errors +log_errors = On + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; https://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; https://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; https://php.net/report-memleaks +report_memleaks = On + +; This setting is off by default. +;report_zend_debug = 0 + +; Turn off normal error reporting and emit XML-RPC error XML +; https://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; https://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from https://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; https://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; https://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; https://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; https://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; https://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; https://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; https://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; https://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; https://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; https://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; https://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; https://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; https://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/php/includes" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; https://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; https://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; https://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; https://php.net/extension-dir +;extension_dir = "./" +; On windows: +;extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; https://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; https://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; https://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; https://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; https://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; https://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; https://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; https://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; https://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; https://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; https://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; https://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; https://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; https://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename +; +; For example: +; +; extension=mysqli +; +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: +; +; extension=/path/to/extension/mysqli.so +; +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. + +;;;; +; Note: packaged extension modules are now loaded via the .ini files +; found in the directory /etc/php.d; these are loaded by default. +;;;; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; https://php.net/date.timezone +;date.timezone = + +; https://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; https://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 + +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 + +[filter] +; https://php.net/filter.default +;filter.default = unsafe_raw + +; https://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 + +[sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + +[Pcre] +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +pcre.jit=0 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; https://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +pdo_mysql.default_socket= + +[Phar] +; https://php.net/phar.readonly +;phar.readonly = On + +; https://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; https://php.net/sendmail-path +sendmail_path = /usr/sbin/sendmail -t -i + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; Use mixed LF and CRLF line separators to keep compatibility with some +; RFC 2822 non conformant MTA. +mail.mixed_lf_and_crlf = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[ODBC] +; https://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; https://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; https://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; https://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; https://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; https://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; https://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; https://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + +; Allow or prevent persistent links. +; https://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; https://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; https://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; https://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; https://php.net/mysqli.default-pw +mysqli.default_pw = + +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + +[PostgreSQL] +; Allow or prevent persistent links. +; https://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; https://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; https://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; https://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; https://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[bcmath] +; Number of decimal digits for all bcmath functions. +; https://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; https://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; https://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; https://php.net/session.save-path + +; RPM note : session directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;session.save_path = "/tmp" + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; https://php.net/session.use-cookies +session.use_cookies = 1 + +; https://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; https://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; https://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; https://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; https://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; https://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly +session.cookie_httponly = + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.gc-probability +session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; https://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; https://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; https://php.net/session.referer-check +session.referer_check = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; https://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; https://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; https://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; https://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; https://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; https://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! +; (For turning assertions on and off at run-time, toggle zend.assertions between the values 1 and 0) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; https://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; https://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; Enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; https://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; https://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; https://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; https://php.net/exif.encode-jis +;exif.encode_jis = + +; https://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; https://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; https://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; https://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; https://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; https://php.net/soap.wsdl-cache-dir + +; RPM note : cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; https://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[dba] +;dba.default_handler= + +[opcache] +; see /etc/php.d/10-opcache.ini + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +[ffi] +; see /etc/php.d/20-ffi.ini diff --git a/roles/ensure_apache/templates/Fedora/42/etc/sysconfig/htcacheclean b/roles/ensure_apache/templates/Fedora/42/etc/sysconfig/htcacheclean new file mode 100644 index 0000000..fffa17b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/etc/sysconfig/htcacheclean @@ -0,0 +1,16 @@ +# +# Configuration options for systemd service, htcacheclean.service. +# See htcacheclean(8) for more information on available options. +# + +# Interval between cache clean runs, in minutes +INTERVAL=15 + +# Default cache root. +CACHE_ROOT=/var/cache/httpd/proxy + +# Cache size limit in bytes (K=Kbytes, M=Mbytes) +LIMIT=100M + +# Any other options... +OPTIONS= diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/htcacheclean.service b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/htcacheclean.service new file mode 100644 index 0000000..e3eeef9 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/htcacheclean.service @@ -0,0 +1,16 @@ +[Unit] +Description=Disk Cache Cleaning Daemon for the Apache HTTP Server +After=httpd.service +Documentation=man:htcacheclean.service(8) + +[Service] +Type=forking +User=apache +PIDFile=/run/httpd/htcacheclean/pid +Environment=LANG=C +EnvironmentFile=/etc/sysconfig/htcacheclean +ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-init.service b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-init.service new file mode 100644 index 0000000..704c314 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-init.service @@ -0,0 +1,13 @@ +[Unit] +Description=One-time temporary TLS key generation for httpd.service +Documentation=man:httpd-init.service(8) + +ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt +ConditionPathExists=|!/etc/pki/tls/private/localhost.key + +[Service] +Type=oneshot +RemainAfterExit=no +PrivateTmp=true + +ExecStart=/usr/libexec/httpd-ssl-gencerts diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-reload.service b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-reload.service new file mode 100644 index 0000000..baf9c71 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-reload.service @@ -0,0 +1,9 @@ +[Unit] +Description=Reload Apache for Let's Encrypt Certificate Insert + +[Service] +Type=oneshot +ExecStart=/bin/systemctl reload httpd.service + +[Install] +WantedBy=httpd.service diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-reload.timer b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-reload.timer new file mode 100644 index 0000000..4a45a99 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd-reload.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Reload Apache for Let's Encrypt Certificate Insert + +[Timer] +OnUnitActiveSec=5min + +[Install] +WantedBy=httpd.service diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.service b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.service new file mode 100644 index 0000000..b75e28c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.service @@ -0,0 +1,50 @@ +# See httpd.service(8) for more information on using the httpd service. + +# Modifying this file in-place is not recommended, because changes +# will be overwritten during package upgrades. To customize the +# behaviour, run "systemctl edit httpd" to create an override unit. + +# For example, to pass additional options (such as -D definitions) to +# the httpd binary at startup, create an override unit (as is done by +# systemctl edit) and enter the following: + +# [Service] +# Environment=OPTIONS=-DMY_DEFINE + +[Unit] +Description=The Apache HTTP Server +Wants=httpd-init.service +After=network.target remote-fs.target nss-lookup.target httpd-init.service +Documentation=man:httpd.service(8) + +[Service] +Type=notify +Environment=LANG=C + +ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND +ExecReload=/usr/sbin/httpd $OPTIONS -k graceful +# Send SIGWINCH for graceful stop +KillSignal=SIGWINCH +KillMode=mixed +DevicePolicy=closed +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +OOMPolicy=continue +PrivateDevices=yes +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=yes +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.socket b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.socket new file mode 100644 index 0000000..074695e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.socket @@ -0,0 +1,13 @@ +# See httpd.socket(8) for more information on using the httpd service. + +[Unit] +Description=Apache httpd Server Socket +Documentation=man:httpd.socket(8) + +[Socket] +ListenStream=80 +NoDelay=true +DeferAcceptSec=30 + +[Install] +WantedBy=sockets.target diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf new file mode 100644 index 0000000..7e2df97 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf @@ -0,0 +1,5 @@ +# This file is part of mod_ssl. It enables listening on port 443 when +# socket activation is used. + +[Socket] +ListenStream=443 diff --git a/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd@.service b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd@.service new file mode 100644 index 0000000..8b20b90 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/42/usr/lib/systemd/system/httpd@.service @@ -0,0 +1,43 @@ +# This is a template for httpd instances. +# See httpd@.service(8) for more information. + +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target +Documentation=man:httpd@.service(8) + +[Service] +Type=notify +Environment=LANG=C +Environment=HTTPD_INSTANCE=%i +ExecStartPre=/bin/mkdir -m 710 -p /run/httpd/instance-%i +ExecStartPre=/bin/chown root.apache /run/httpd/instance-%i +ExecStartPre=/bin/mkdir -m 700 -p /var/lib/httpd/instance-%i +ExecStartPre=/bin/chown apache.apache /var/lib/httpd/instance-%i +ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND -f conf/%i.conf +ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf +# Send SIGWINCH for graceful stop +KillSignal=SIGWINCH +KillMode=mixed +DevicePolicy=closed +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +OOMPolicy=continue +PrivateDevices=yes +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=yes +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/README b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/README new file mode 100644 index 0000000..6071deb --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/README @@ -0,0 +1,9 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. The directory is used in +addition to the directory /etc/httpd/conf.modules.d/, which contains +configuration files necessary to load modules. + +Files are processed in sorted order. See httpd.conf(5) for more +information. diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/autoindex.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/autoindex.conf new file mode 100644 index 0000000..0e487ac --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/autoindex.conf @@ -0,0 +1,93 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + + + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* +AddIconByType /icons/bomb.gif application/x-coredump + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/php.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/php.conf new file mode 100644 index 0000000..639652b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/php.conf @@ -0,0 +1,62 @@ +# +# The following lines prevent .user.ini files from being viewed by Web clients. +# + + Require all denied + + +# +# Allow php to handle Multiviews +# +AddType text/html .php + +# +# Add index.php to the list of files that will be served as directory +# indexes. +# +DirectoryIndex index.php + +# +# Redirect to local php-fpm (no mod_php in default configuration) +# + + # Enable http authorization headers + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + + SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" + + + +# +# mod_php is deprecated as FPM is now used by default with httpd in event mode +# mod_php is only used when explicitly enabled or httpd switch to prefork mode +# +# mod_php options +# + + # + # Cause the PHP interpreter to handle files with a .php extension. + # + + SetHandler application/x-httpd-php + + + # + # Uncomment the following lines to allow PHP to pretty-print .phps + # files as PHP source code: + # + # + # SetHandler application/x-httpd-php-source + # + + # + # Apache specific PHP configuration options + # those can be override in each configured vhost + # + php_value session.save_handler "files" + php_value session.save_path "/var/lib/php/session" + php_value soap.wsdl_cache_dir "/var/lib/php/wsdlcache" + + #php_value opcache.file_cache "/var/lib/php/opcache" + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/ssl.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..373b9e5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/ssl.conf @@ -0,0 +1,219 @@ +# +# When we also provide SSL we have to listen to the +# standard HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# List the protocol versions which clients are allowed to connect with. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +#SSLProtocol all -SSLv3 +#SSLProxyProtocol all -SSLv3 + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +SSLCipherSuite PROFILE=SYSTEM +SSLProxyCipherSuite PROFILE=SYSTEM + +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that restarting httpd will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) +# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) +# require an ECC certificate which can also be configured in +# parallel. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +# ECC keys, when in use, can also be configured in parallel +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convenience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is sent or allowed to be received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is sent and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/userdir.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/vhost.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/vhost.conf new file mode 100644 index 0000000..b3d60e1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/vhost.conf @@ -0,0 +1,72 @@ +MDBaseServer on +MDCertificateAgreement accepted +MDCertificateAuthority {{ lets_encrypt_url }} +MDContactEmail {{ lets_encrypt_admin }} +MDPrivateKeys secp384r1 secp256r1 RSA 4096 +MDRequireHttps temporary +MDStoreDir md + + + AllowOverride None + Require all granted + + +{% for item in http_vhost %} + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + + ServerName {{ item.fqdn }} +{% if item.aliases is defined %} +{% for item_alias in item.aliases %} + ServerAlias {{ item_alias }} +{% endfor %} +{% endif %} + ServerAdmin webmaster@{{ item.fqdn }} + DocumentRoot /srv/http/{{ item.fqdn }} +{% if item.redirect is defined %} + RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} +{% endif %} + + +MDomain {{ item.fqdn }} + + + SSLEngine on + SSLProtocol all -TLSv1.1 + SSLProxyProtocol all -TLSv1.1 + SSLHonorCipherOrder on + SSLCipherSuite PROFILE=SYSTEM + SSLProxyCipherSuite PROFILE=SYSTEM + ServerName {{ item.fqdn }} +{% if item.aliases is defined %} +{% for item_alias in item.aliases %} + ServerAlias {{ item_alias }} +{% endfor %} +{% endif %} + ServerAdmin webmaster@{{ item.fqdn }} + DocumentRoot /srv/http/{{ item.fqdn }} + Alias /error/ "/var/www/error/" +{% if item.proxy is defined %} + ProxyPass "/.well-known" "!" + ProxyPass "/phpMyAdmin" "!" + ProxyPass "/phpmyadmin" "!" + ProxyPass "/" "{{ item.proxy }}" + ProxyPassReverse "/" "{{ item.proxy }}" + ProxyTimeout 300 +{% endif %} +{% if item.redirect is defined %} + RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} +{% endif %} + + Require all denied + + + Require all denied + + + +{% endfor %} diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/welcome.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/welcome.conf new file mode 100644 index 0000000..232c251 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.d/welcome.conf @@ -0,0 +1,20 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# + + Options -Indexes + ErrorDocument 403 /.noindex.html + + + + AllowOverride None + Require all granted + + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /poweredby.png /usr/share/httpd/icons/apache_pb3.png +Alias /system_noindex_logo.png /usr/share/httpd/icons/system_noindex_logo.png diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-base.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-base.conf new file mode 100644 index 0000000..bae2bf6 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-base.conf @@ -0,0 +1,69 @@ +# +# This file loads most of the modules included with the Apache HTTP +# Server itself. +# + +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule allowmethods_module modules/mod_allowmethods.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbd_module modules/mod_authn_dbd.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule cache_module modules/mod_cache.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule cache_socache_module modules/mod_cache_socache.so +LoadModule data_module modules/mod_data.so +LoadModule dbd_module modules/mod_dbd.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule dumpio_module modules/mod_dumpio.so +LoadModule echo_module modules/mod_echo.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule include_module modules/mod_include.so +LoadModule info_module modules/mod_info.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule macro_module modules/mod_macro.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule mime_module modules/mod_mime.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule request_module modules/mod_request.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +LoadModule socache_dbm_module modules/mod_socache_dbm.so +LoadModule socache_memcache_module modules/mod_socache_memcache.so +LoadModule socache_redis_module modules/mod_socache_redis.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule status_module modules/mod_status.so +LoadModule substitute_module modules/mod_substitute.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule version_module modules/mod_version.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule watchdog_module modules/mod_watchdog.so + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-brotli.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-brotli.conf new file mode 100644 index 0000000..c2e0e9e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-brotli.conf @@ -0,0 +1 @@ +LoadModule brotli_module modules/mod_brotli.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-dav.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-dav.conf new file mode 100644 index 0000000..e6af8de --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-dav.conf @@ -0,0 +1,3 @@ +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-lua.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-lua.conf new file mode 100644 index 0000000..9e0d0db --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-lua.conf @@ -0,0 +1 @@ +LoadModule lua_module modules/mod_lua.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-mpm.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-mpm.conf new file mode 100644 index 0000000..647fa3d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-mpm.conf @@ -0,0 +1,23 @@ +# Select the MPM module which should be used by uncommenting exactly +# one of the following LoadModule lines. See the httpd.conf(5) man +# page for more information on changing the MPM. + +# prefork MPM: Implements a non-threaded, pre-forking web server +# See: http://httpd.apache.org/docs/2.4/mod/prefork.html +# +# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux +# boolean should be enabled, to allow graceful stop/shutdown. +# +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so + +# worker MPM: Multi-Processing Module implementing a hybrid +# multi-threaded multi-process web server +# See: http://httpd.apache.org/docs/2.4/mod/worker.html +# +#LoadModule mpm_worker_module modules/mod_mpm_worker.so + +# event MPM: A variant of the worker MPM with the goal of consuming +# threads only for connections with active processing +# See: http://httpd.apache.org/docs/2.4/mod/event.html +# +LoadModule mpm_event_module modules/mod_mpm_event.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-optional.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-optional.conf new file mode 100644 index 0000000..ef584ec --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-optional.conf @@ -0,0 +1,18 @@ +# +# This file lists modules included with the Apache HTTP Server +# which are not enabled by default. +# + +#LoadModule asis_module modules/mod_asis.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule speling_module modules/mod_speling.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-proxy.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-proxy.conf new file mode 100644 index 0000000..f0f84c2 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-proxy.conf @@ -0,0 +1,18 @@ +# This file configures all the proxy modules: +LoadModule proxy_module modules/mod_proxy.so +LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_express_module modules/mod_proxy_express.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-ssl.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-ssl.conf new file mode 100644 index 0000000..53235cd --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-ssl.conf @@ -0,0 +1 @@ +LoadModule ssl_module modules/mod_ssl.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-systemd.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-systemd.conf new file mode 100644 index 0000000..b208c97 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/00-systemd.conf @@ -0,0 +1,2 @@ +# This file configures systemd module: +LoadModule systemd_module modules/mod_systemd.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/01-cgi.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/01-cgi.conf new file mode 100644 index 0000000..4b680cf --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/01-cgi.conf @@ -0,0 +1,11 @@ +# This configuration file loads a CGI module appropriate to the MPM +# which has been configured in 00-mpm.conf. mod_cgid should be used +# with a threaded MPM; mod_cgi with the prefork MPM. + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgi_module modules/mod_cgi.so + + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/01-md.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/01-md.conf new file mode 100644 index 0000000..2739202 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/01-md.conf @@ -0,0 +1 @@ +LoadModule md_module modules/mod_md.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/10-h2.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/10-h2.conf new file mode 100644 index 0000000..12c28aa --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/10-h2.conf @@ -0,0 +1 @@ +LoadModule http2_module modules/mod_http2.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/10-proxy_h2.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/10-proxy_h2.conf new file mode 100644 index 0000000..61dc6d0 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/10-proxy_h2.conf @@ -0,0 +1 @@ +LoadModule proxy_http2_module modules/mod_proxy_http2.so diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/README b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/README new file mode 100644 index 0000000..f4b055d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf.modules.d/README @@ -0,0 +1,10 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. This directory contains +configuration fragments necessary only to load modules. +Administrators should use the directory "/etc/httpd/conf.d" to modify +the configuration of httpd, or any modules. + +Files are processed in sorted order and should have a two digit +numeric prefix. See httpd.conf(5) for more information. diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf/httpd.conf b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf/httpd.conf new file mode 100644 index 0000000..e49ab6a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf/httpd.conf @@ -0,0 +1,374 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# See the httpd.conf(5) man page for more information on this configuration, +# and httpd.service(8) on using and configuring the httpd service. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/etc/httpd" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on a specific IP address, but note that if +# httpd.service is enabled to run at boot time, the address may not be +# available when the service starts. See the httpd.service(8) man +# page for more information. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +Include conf.modules.d/*.conf + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User apache +Group apache + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Relax access to content within /var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + +# Supplemental configuration +# +# Load config files in the "/etc/httpd/conf.d" directory, if any. +IncludeOptional conf.d/*.conf diff --git a/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf/magic b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf/magic new file mode 100644 index 0000000..9a41b44 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/httpd/conf/magic @@ -0,0 +1,397 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + + +#------------------------------------------------------------------------------ +# application/x-coredump for LE/BE ELF +# +0 string \177ELF +>5 byte 1 +>16 leshort 4 application/x-coredump + +0 string \177ELF +>5 byte 2 +>16 beshort 4 application/x-coredump + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/logrotate.d/httpd b/roles/ensure_apache/templates/Fedora/43/etc/logrotate.d/httpd new file mode 100644 index 0000000..c5a008c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/logrotate.d/httpd @@ -0,0 +1,11 @@ +# Note that logs are not compressed unless "compress" is configured, +# which can be done either here or globally in /etc/logrotate.conf. +/var/log/httpd/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true + endscript +} diff --git a/roles/ensure_apache/templates/Fedora/43/etc/logrotate.d/php-fpm b/roles/ensure_apache/templates/Fedora/43/etc/logrotate.d/php-fpm new file mode 100644 index 0000000..25f9feb --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/logrotate.d/php-fpm @@ -0,0 +1,9 @@ +/var/log/php-fpm/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true + endscript +} diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-fpm.conf b/roles/ensure_apache/templates/Fedora/43/etc/php-fpm.conf new file mode 100644 index 0000000..750f987 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-fpm.conf @@ -0,0 +1,135 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Default Value: none +pid = /run/php-fpm/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Default Value: /var/log/php-fpm.log +error_log = /var/log/php-fpm/error.log + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +;process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +;process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +include=/etc/php-fpm.d/*.conf + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-fpm.d/www.conf b/roles/ensure_apache/templates/Fedora/43/etc/php-fpm.d/www.conf new file mode 100644 index 0000000..7294d39 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-fpm.d/www.conf @@ -0,0 +1,438 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or @php_fpm_prefix@) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +; RPM: apache user chosen to provide access to the same directories as httpd +user = apache +; RPM: Keep a group allowed to write in log dir. +group = apache + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php-fpm/www.sock + +; Set listen(2) backlog. +; Default Value: 511 +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = nobody +;listen.group = nobody +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +listen.acl_users = apache,nginx +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 50 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 5 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 5 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 35 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: @EXPANDED_DATADIR@/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/php-fpm/www-slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or @prefix@) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +php_admin_value[error_log] = /var/log/php-fpm/www-error.log +php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 128M + +; Set the following data paths to directories owned by the FPM process user. +; +; Do not change the ownership of existing system directories, if the process +; user does not have write permission, create dedicated directories for this +; purpose. +; +; See warning about choosing the location of these directories on your system +; at http://php.net/session.save-path +php_value[session.save_handler] = files +php_value[session.save_path] = /var/lib/php/session +php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache +;php_value[opcache.file_cache] = /var/lib/php/opcache diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/10-opcache.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/10-opcache.ini new file mode 100644 index 0000000..bbb4436 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/10-opcache.ini @@ -0,0 +1,148 @@ +; Enable Zend OPcache extension module +zend_extension=opcache + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +; This hack should only be enabled to work around "Cannot redeclare class" +; errors. +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. +opcache.blacklist_filename=/etc/php-zts.d/opcache*.blacklist + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +; RPM note : file cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +opcache.huge_code_pages=0 + +; Validate cached file permissions. +; Leads OPcache to check file readability on each access to cached file. +; This directive should be enabled in shared hosting environment, when few +; users (PHP-FPM pools) reuse the common OPcache shared memory. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +; This directive prevents file name collisions in different "chroot" +; environments. It should be enabled for sites that may serve requests in +; different "chroot" environments. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; http://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; http://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-bz2.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-bz2.ini new file mode 100644 index 0000000..ad6600e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-bz2.ini @@ -0,0 +1,2 @@ +; Enable bz2 extension module +extension=bz2 diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-calendar.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-calendar.ini new file mode 100644 index 0000000..8f1d291 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-calendar.ini @@ -0,0 +1,2 @@ +; Enable calendar extension module +extension=calendar diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-ctype.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-ctype.ini new file mode 100644 index 0000000..4bde80c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-ctype.ini @@ -0,0 +1,2 @@ +; Enable ctype extension module +extension=ctype diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-curl.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-curl.ini new file mode 100644 index 0000000..08697ce --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-curl.ini @@ -0,0 +1,2 @@ +; Enable curl extension module +extension=curl diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-dom.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-dom.ini new file mode 100644 index 0000000..7d77c45 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-dom.ini @@ -0,0 +1,2 @@ +; Enable dom extension module +extension=dom diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-exif.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-exif.ini new file mode 100644 index 0000000..40b0000 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-exif.ini @@ -0,0 +1,2 @@ +; Enable exif extension module +extension=exif diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-fileinfo.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-fileinfo.ini new file mode 100644 index 0000000..e54e360 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-fileinfo.ini @@ -0,0 +1,2 @@ +; Enable fileinfo extension module +extension=fileinfo diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-ftp.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-ftp.ini new file mode 100644 index 0000000..e492d12 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-ftp.ini @@ -0,0 +1,2 @@ +; Enable ftp extension module +extension=ftp diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-gettext.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-gettext.ini new file mode 100644 index 0000000..d67ae7d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-gettext.ini @@ -0,0 +1,2 @@ +; Enable gettext extension module +extension=gettext diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-iconv.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-iconv.ini new file mode 100644 index 0000000..03aee46 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-iconv.ini @@ -0,0 +1,2 @@ +; Enable iconv extension module +extension=iconv diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-json.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-json.ini new file mode 100644 index 0000000..2b6607b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-json.ini @@ -0,0 +1,2 @@ +; Enable json extension module +extension=json diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-mbstring.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-mbstring.ini new file mode 100644 index 0000000..625cc73 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-mbstring.ini @@ -0,0 +1,2 @@ +; Enable mbstring extension module +extension=mbstring diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-mysqlnd.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-mysqlnd.ini new file mode 100644 index 0000000..a66ea66 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-mysqlnd.ini @@ -0,0 +1,2 @@ +; Enable mysqlnd extension module +extension=mysqlnd diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-pdo.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-pdo.ini new file mode 100644 index 0000000..5a46a1f --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-pdo.ini @@ -0,0 +1,2 @@ +; Enable pdo extension module +extension=pdo diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-phar.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-phar.ini new file mode 100644 index 0000000..8224a1b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-phar.ini @@ -0,0 +1,2 @@ +; Enable phar extension module +extension=phar diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-simplexml.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-simplexml.ini new file mode 100644 index 0000000..6f13cb5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-simplexml.ini @@ -0,0 +1,2 @@ +; Enable simplexml extension module +extension=simplexml diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sockets.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sockets.ini new file mode 100644 index 0000000..f17ae3e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sockets.ini @@ -0,0 +1,2 @@ +; Enable sockets extension module +extension=sockets diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sodium.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sodium.ini new file mode 100644 index 0000000..c3a6b65 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sodium.ini @@ -0,0 +1,2 @@ +; Enable sodium extension module +extension=sodium diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sqlite3.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sqlite3.ini new file mode 100644 index 0000000..7a4c543 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-sqlite3.ini @@ -0,0 +1,2 @@ +; Enable sqlite3 extension module +extension=sqlite3 diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-tokenizer.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-tokenizer.ini new file mode 100644 index 0000000..44c800a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-tokenizer.ini @@ -0,0 +1,2 @@ +; Enable tokenizer extension module +extension=tokenizer diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xml.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xml.ini new file mode 100644 index 0000000..976ebf7 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xml.ini @@ -0,0 +1,2 @@ +; Enable xml extension module +extension=xml diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xmlwriter.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xmlwriter.ini new file mode 100644 index 0000000..3b92225 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xmlwriter.ini @@ -0,0 +1,2 @@ +; Enable xmlwriter extension module +extension=xmlwriter diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xsl.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xsl.ini new file mode 100644 index 0000000..5dd90a8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/20-xsl.ini @@ -0,0 +1,2 @@ +; Enable xsl extension module +extension=xsl diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-mysqli.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-mysqli.ini new file mode 100644 index 0000000..d50df50 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-mysqli.ini @@ -0,0 +1,2 @@ +; Enable mysqli extension module +extension=mysqli diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-pdo_mysql.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-pdo_mysql.ini new file mode 100644 index 0000000..933bef1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-pdo_mysql.ini @@ -0,0 +1,2 @@ +; Enable pdo_mysql extension module +extension=pdo_mysql diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-pdo_sqlite.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-pdo_sqlite.ini new file mode 100644 index 0000000..f661146 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-pdo_sqlite.ini @@ -0,0 +1,2 @@ +; Enable pdo_sqlite extension module +extension=pdo_sqlite diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-xmlreader.ini b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-xmlreader.ini new file mode 100644 index 0000000..f87ebf8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/30-xmlreader.ini @@ -0,0 +1,2 @@ +; Enable xmlreader extension module +extension=xmlreader diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/opcache-default.blacklist b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/opcache-default.blacklist new file mode 100644 index 0000000..0cc2e18 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php-zts.d/opcache-default.blacklist @@ -0,0 +1,11 @@ +; The blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +; Files are usually triggered by one of the following three reasons: +; 1) Directories that contain auto generated code, like Smarty or ZFW cache. +; 2) Code that does not work well when accelerated, due to some delayed +; compile time evaluation. +; 3) Code that triggers an OPcache bug. + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/10-opcache.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/10-opcache.ini new file mode 100644 index 0000000..b3d4e6e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/10-opcache.ini @@ -0,0 +1,154 @@ +; Enable Zend OPcache extension module +zend_extension=opcache + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +; This hack should only be enabled to work around "Cannot redeclare class" +; errors. +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. +opcache.blacklist_filename=/etc/php.d/opcache*.blacklist + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +; RPM note : file cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; Under certain circumstances (if only a single global PHP process is +; started from which all others fork), this can increase performance +; by a tiny amount because TLB misses are reduced. On the other hand, this +; delays PHP startup, increases memory usage and degrades performance +; under memory pressure - use with care. +; Requires appropriate OS configuration. +opcache.huge_code_pages=0 + +; Validate cached file permissions. +; Leads OPcache to check file readability on each access to cached file. +; This directive should be enabled in shared hosting environment, when few +; users (PHP-FPM pools) reuse the common OPcache shared memory. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +; This directive prevents file name collisions in different "chroot" +; environments. It should be enabled for sites that may serve requests in +; different "chroot" environments. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-bz2.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-bz2.ini new file mode 100644 index 0000000..ad6600e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-bz2.ini @@ -0,0 +1,2 @@ +; Enable bz2 extension module +extension=bz2 diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-calendar.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-calendar.ini new file mode 100644 index 0000000..8f1d291 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-calendar.ini @@ -0,0 +1,2 @@ +; Enable calendar extension module +extension=calendar diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-ctype.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-ctype.ini new file mode 100644 index 0000000..4bde80c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-ctype.ini @@ -0,0 +1,2 @@ +; Enable ctype extension module +extension=ctype diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-curl.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-curl.ini new file mode 100644 index 0000000..08697ce --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-curl.ini @@ -0,0 +1,2 @@ +; Enable curl extension module +extension=curl diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-dom.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-dom.ini new file mode 100644 index 0000000..7d77c45 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-dom.ini @@ -0,0 +1,2 @@ +; Enable dom extension module +extension=dom diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-exif.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-exif.ini new file mode 100644 index 0000000..40b0000 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-exif.ini @@ -0,0 +1,2 @@ +; Enable exif extension module +extension=exif diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-fileinfo.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-fileinfo.ini new file mode 100644 index 0000000..e54e360 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-fileinfo.ini @@ -0,0 +1,2 @@ +; Enable fileinfo extension module +extension=fileinfo diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-ftp.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-ftp.ini new file mode 100644 index 0000000..e492d12 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-ftp.ini @@ -0,0 +1,2 @@ +; Enable ftp extension module +extension=ftp diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-gettext.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-gettext.ini new file mode 100644 index 0000000..d67ae7d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-gettext.ini @@ -0,0 +1,2 @@ +; Enable gettext extension module +extension=gettext diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-iconv.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-iconv.ini new file mode 100644 index 0000000..03aee46 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-iconv.ini @@ -0,0 +1,2 @@ +; Enable iconv extension module +extension=iconv diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-json.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-json.ini new file mode 100644 index 0000000..2b6607b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-json.ini @@ -0,0 +1,2 @@ +; Enable json extension module +extension=json diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-mbstring.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-mbstring.ini new file mode 100644 index 0000000..625cc73 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-mbstring.ini @@ -0,0 +1,2 @@ +; Enable mbstring extension module +extension=mbstring diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-mysqlnd.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-mysqlnd.ini new file mode 100644 index 0000000..a66ea66 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-mysqlnd.ini @@ -0,0 +1,2 @@ +; Enable mysqlnd extension module +extension=mysqlnd diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-pdo.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-pdo.ini new file mode 100644 index 0000000..5a46a1f --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-pdo.ini @@ -0,0 +1,2 @@ +; Enable pdo extension module +extension=pdo diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-phar.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-phar.ini new file mode 100644 index 0000000..8224a1b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-phar.ini @@ -0,0 +1,2 @@ +; Enable phar extension module +extension=phar diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-simplexml.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-simplexml.ini new file mode 100644 index 0000000..6f13cb5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-simplexml.ini @@ -0,0 +1,2 @@ +; Enable simplexml extension module +extension=simplexml diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sockets.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sockets.ini new file mode 100644 index 0000000..f17ae3e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sockets.ini @@ -0,0 +1,2 @@ +; Enable sockets extension module +extension=sockets diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sodium.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sodium.ini new file mode 100644 index 0000000..c3a6b65 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sodium.ini @@ -0,0 +1,2 @@ +; Enable sodium extension module +extension=sodium diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sqlite3.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sqlite3.ini new file mode 100644 index 0000000..7a4c543 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-sqlite3.ini @@ -0,0 +1,2 @@ +; Enable sqlite3 extension module +extension=sqlite3 diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-tokenizer.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-tokenizer.ini new file mode 100644 index 0000000..44c800a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-tokenizer.ini @@ -0,0 +1,2 @@ +; Enable tokenizer extension module +extension=tokenizer diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xml.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xml.ini new file mode 100644 index 0000000..976ebf7 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xml.ini @@ -0,0 +1,2 @@ +; Enable xml extension module +extension=xml diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xmlwriter.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xmlwriter.ini new file mode 100644 index 0000000..3b92225 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xmlwriter.ini @@ -0,0 +1,2 @@ +; Enable xmlwriter extension module +extension=xmlwriter diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xsl.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xsl.ini new file mode 100644 index 0000000..5dd90a8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/20-xsl.ini @@ -0,0 +1,2 @@ +; Enable xsl extension module +extension=xsl diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-mysqli.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-mysqli.ini new file mode 100644 index 0000000..d50df50 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-mysqli.ini @@ -0,0 +1,2 @@ +; Enable mysqli extension module +extension=mysqli diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-pdo_mysql.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-pdo_mysql.ini new file mode 100644 index 0000000..933bef1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-pdo_mysql.ini @@ -0,0 +1,2 @@ +; Enable pdo_mysql extension module +extension=pdo_mysql diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-pdo_sqlite.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-pdo_sqlite.ini new file mode 100644 index 0000000..f661146 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-pdo_sqlite.ini @@ -0,0 +1,2 @@ +; Enable pdo_sqlite extension module +extension=pdo_sqlite diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-xmlreader.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-xmlreader.ini new file mode 100644 index 0000000..f87ebf8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/30-xmlreader.ini @@ -0,0 +1,2 @@ +; Enable xmlreader extension module +extension=xmlreader diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.d/opcache-default.blacklist b/roles/ensure_apache/templates/Fedora/43/etc/php.d/opcache-default.blacklist new file mode 100644 index 0000000..0cc2e18 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.d/opcache-default.blacklist @@ -0,0 +1,11 @@ +; The blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +; Files are usually triggered by one of the following three reasons: +; 1) Directories that contain auto generated code, like Smarty or ZFW cache. +; 2) Code that does not work well when accelerated, due to some delayed +; compile time evaluation. +; 3) Code that triggers an OPcache bug. + diff --git a/roles/ensure_apache/templates/Fedora/43/etc/php.ini b/roles/ensure_apache/templates/Fedora/43/etc/php.ini new file mode 100644 index 0000000..cdd2c0b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/php.ini @@ -0,0 +1,1633 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. +; 3. A number of predefined registry keys on Windows +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (usually C:\windows) +; See the PHP docs for more specific information. +; https://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; https://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security-conscious applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is the php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; + +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +; zend.assertions +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 + +; zend.exception_ignore_args +; Default Value: Off +; Development Value: Off +; Production Value: On + +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to an empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; https://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; https://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; https://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; https://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; https://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; https://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; https://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; https://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; https://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; https://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; How many multipart body parts (combined input variable and file uploads) may +; be accepted. +; Default Value: -1 (Sum of max_input_vars and max_file_uploads) +;max_multipart_body_parts = 1500 + +; Maximum amount of memory a script may consume +; https://php.net/memory-limit +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; https://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; https://php.net/log-errors +log_errors = On + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; https://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; https://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; https://php.net/report-memleaks +report_memleaks = On + +; This setting is off by default. +;report_zend_debug = 0 + +; Turn off normal error reporting and emit XML-RPC error XML +; https://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; https://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from https://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; https://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; https://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; https://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; https://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; https://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; https://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; https://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; https://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; https://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; https://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; https://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; https://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; https://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/php/includes" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; https://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; https://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; https://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; https://php.net/extension-dir +;extension_dir = "./" +; On windows: +;extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; https://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; https://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; https://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; https://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; https://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; https://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; https://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; https://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; https://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; https://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; https://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; https://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; https://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; https://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename +; +; For example: +; +; extension=mysqli +; +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: +; +; extension=/path/to/extension/mysqli.so +; +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. + +;;;; +; Note: packaged extension modules are now loaded via the .ini files +; found in the directory /etc/php.d; these are loaded by default. +;;;; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; https://php.net/date.timezone +;date.timezone = + +; https://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; https://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 + +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 + +[filter] +; https://php.net/filter.default +;filter.default = unsafe_raw + +; https://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 + +[sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + +[Pcre] +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +pcre.jit=0 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; https://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +pdo_mysql.default_socket= + +[Phar] +; https://php.net/phar.readonly +;phar.readonly = On + +; https://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; https://php.net/sendmail-path +sendmail_path = /usr/sbin/sendmail -t -i + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; Use mixed LF and CRLF line separators to keep compatibility with some +; RFC 2822 non conformant MTA. +mail.mixed_lf_and_crlf = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[ODBC] +; https://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; https://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; https://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; https://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; https://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; https://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; https://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; https://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + +; Allow or prevent persistent links. +; https://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; https://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; https://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; https://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; https://php.net/mysqli.default-pw +mysqli.default_pw = + +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + +[PostgreSQL] +; Allow or prevent persistent links. +; https://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; https://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; https://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; https://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; https://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[bcmath] +; Number of decimal digits for all bcmath functions. +; https://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; https://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; https://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; https://php.net/session.save-path + +; RPM note : session directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;session.save_path = "/tmp" + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; https://php.net/session.use-cookies +session.use_cookies = 1 + +; https://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; https://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; https://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; https://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; https://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; https://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly +session.cookie_httponly = + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.gc-probability +session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; https://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; https://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; https://php.net/session.referer-check +session.referer_check = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; https://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; https://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; https://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; https://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; https://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; https://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! +; (For turning assertions on and off at run-time, toggle zend.assertions between the values 1 and 0) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; https://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; https://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; Enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; https://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; https://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; https://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; https://php.net/exif.encode-jis +;exif.encode_jis = + +; https://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; https://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; https://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; https://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; https://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; https://php.net/soap.wsdl-cache-dir + +; RPM note : cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; https://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[dba] +;dba.default_handler= + +[opcache] +; see /etc/php.d/10-opcache.ini + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +[ffi] +; see /etc/php.d/20-ffi.ini diff --git a/roles/ensure_apache/templates/Fedora/43/etc/sysconfig/htcacheclean b/roles/ensure_apache/templates/Fedora/43/etc/sysconfig/htcacheclean new file mode 100644 index 0000000..fffa17b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/etc/sysconfig/htcacheclean @@ -0,0 +1,16 @@ +# +# Configuration options for systemd service, htcacheclean.service. +# See htcacheclean(8) for more information on available options. +# + +# Interval between cache clean runs, in minutes +INTERVAL=15 + +# Default cache root. +CACHE_ROOT=/var/cache/httpd/proxy + +# Cache size limit in bytes (K=Kbytes, M=Mbytes) +LIMIT=100M + +# Any other options... +OPTIONS= diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/htcacheclean.service b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/htcacheclean.service new file mode 100644 index 0000000..e3eeef9 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/htcacheclean.service @@ -0,0 +1,16 @@ +[Unit] +Description=Disk Cache Cleaning Daemon for the Apache HTTP Server +After=httpd.service +Documentation=man:htcacheclean.service(8) + +[Service] +Type=forking +User=apache +PIDFile=/run/httpd/htcacheclean/pid +Environment=LANG=C +EnvironmentFile=/etc/sysconfig/htcacheclean +ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-init.service b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-init.service new file mode 100644 index 0000000..704c314 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-init.service @@ -0,0 +1,13 @@ +[Unit] +Description=One-time temporary TLS key generation for httpd.service +Documentation=man:httpd-init.service(8) + +ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt +ConditionPathExists=|!/etc/pki/tls/private/localhost.key + +[Service] +Type=oneshot +RemainAfterExit=no +PrivateTmp=true + +ExecStart=/usr/libexec/httpd-ssl-gencerts diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-reload.service b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-reload.service new file mode 100644 index 0000000..baf9c71 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-reload.service @@ -0,0 +1,9 @@ +[Unit] +Description=Reload Apache for Let's Encrypt Certificate Insert + +[Service] +Type=oneshot +ExecStart=/bin/systemctl reload httpd.service + +[Install] +WantedBy=httpd.service diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-reload.timer b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-reload.timer new file mode 100644 index 0000000..4a45a99 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd-reload.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Reload Apache for Let's Encrypt Certificate Insert + +[Timer] +OnUnitActiveSec=5min + +[Install] +WantedBy=httpd.service diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.service b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.service new file mode 100644 index 0000000..b75e28c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.service @@ -0,0 +1,50 @@ +# See httpd.service(8) for more information on using the httpd service. + +# Modifying this file in-place is not recommended, because changes +# will be overwritten during package upgrades. To customize the +# behaviour, run "systemctl edit httpd" to create an override unit. + +# For example, to pass additional options (such as -D definitions) to +# the httpd binary at startup, create an override unit (as is done by +# systemctl edit) and enter the following: + +# [Service] +# Environment=OPTIONS=-DMY_DEFINE + +[Unit] +Description=The Apache HTTP Server +Wants=httpd-init.service +After=network.target remote-fs.target nss-lookup.target httpd-init.service +Documentation=man:httpd.service(8) + +[Service] +Type=notify +Environment=LANG=C + +ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND +ExecReload=/usr/sbin/httpd $OPTIONS -k graceful +# Send SIGWINCH for graceful stop +KillSignal=SIGWINCH +KillMode=mixed +DevicePolicy=closed +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +OOMPolicy=continue +PrivateDevices=yes +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=yes +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.socket b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.socket new file mode 100644 index 0000000..074695e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.socket @@ -0,0 +1,13 @@ +# See httpd.socket(8) for more information on using the httpd service. + +[Unit] +Description=Apache httpd Server Socket +Documentation=man:httpd.socket(8) + +[Socket] +ListenStream=80 +NoDelay=true +DeferAcceptSec=30 + +[Install] +WantedBy=sockets.target diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf new file mode 100644 index 0000000..7e2df97 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf @@ -0,0 +1,5 @@ +# This file is part of mod_ssl. It enables listening on port 443 when +# socket activation is used. + +[Socket] +ListenStream=443 diff --git a/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd@.service b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd@.service new file mode 100644 index 0000000..8b20b90 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/43/usr/lib/systemd/system/httpd@.service @@ -0,0 +1,43 @@ +# This is a template for httpd instances. +# See httpd@.service(8) for more information. + +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target +Documentation=man:httpd@.service(8) + +[Service] +Type=notify +Environment=LANG=C +Environment=HTTPD_INSTANCE=%i +ExecStartPre=/bin/mkdir -m 710 -p /run/httpd/instance-%i +ExecStartPre=/bin/chown root.apache /run/httpd/instance-%i +ExecStartPre=/bin/mkdir -m 700 -p /var/lib/httpd/instance-%i +ExecStartPre=/bin/chown apache.apache /var/lib/httpd/instance-%i +ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND -f conf/%i.conf +ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf +# Send SIGWINCH for graceful stop +KillSignal=SIGWINCH +KillMode=mixed +DevicePolicy=closed +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +OOMPolicy=continue +PrivateDevices=yes +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=yes +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/README b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/README new file mode 100644 index 0000000..6071deb --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/README @@ -0,0 +1,9 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. The directory is used in +addition to the directory /etc/httpd/conf.modules.d/, which contains +configuration files necessary to load modules. + +Files are processed in sorted order. See httpd.conf(5) for more +information. diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf new file mode 100644 index 0000000..25a0ebf --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf @@ -0,0 +1,93 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort Charset=UTF-8 + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + + + Options MultiViews FollowSymlinks + AllowOverride None + Require all granted + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* +AddIconByType /icons/bomb.gif application/x-coredump + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/php.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/php.conf new file mode 100644 index 0000000..639652b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/php.conf @@ -0,0 +1,62 @@ +# +# The following lines prevent .user.ini files from being viewed by Web clients. +# + + Require all denied + + +# +# Allow php to handle Multiviews +# +AddType text/html .php + +# +# Add index.php to the list of files that will be served as directory +# indexes. +# +DirectoryIndex index.php + +# +# Redirect to local php-fpm (no mod_php in default configuration) +# + + # Enable http authorization headers + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + + SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" + + + +# +# mod_php is deprecated as FPM is now used by default with httpd in event mode +# mod_php is only used when explicitly enabled or httpd switch to prefork mode +# +# mod_php options +# + + # + # Cause the PHP interpreter to handle files with a .php extension. + # + + SetHandler application/x-httpd-php + + + # + # Uncomment the following lines to allow PHP to pretty-print .phps + # files as PHP source code: + # + # + # SetHandler application/x-httpd-php-source + # + + # + # Apache specific PHP configuration options + # those can be override in each configured vhost + # + php_value session.save_handler "files" + php_value session.save_path "/var/lib/php/session" + php_value soap.wsdl_cache_dir "/var/lib/php/wsdlcache" + + #php_value opcache.file_cache "/var/lib/php/opcache" + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/ssl.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..373b9e5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/ssl.conf @@ -0,0 +1,219 @@ +# +# When we also provide SSL we have to listen to the +# standard HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# List the protocol versions which clients are allowed to connect with. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +#SSLProtocol all -SSLv3 +#SSLProxyProtocol all -SSLv3 + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +SSLCipherSuite PROFILE=SYSTEM +SSLProxyCipherSuite PROFILE=SYSTEM + +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that restarting httpd will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) +# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) +# require an ECC certificate which can also be configured in +# parallel. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +# ECC keys, when in use, can also be configured in parallel +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convenience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is sent or allowed to be received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is sent and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/userdir.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/vhost.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/vhost.conf new file mode 100644 index 0000000..b3d60e1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/vhost.conf @@ -0,0 +1,72 @@ +MDBaseServer on +MDCertificateAgreement accepted +MDCertificateAuthority {{ lets_encrypt_url }} +MDContactEmail {{ lets_encrypt_admin }} +MDPrivateKeys secp384r1 secp256r1 RSA 4096 +MDRequireHttps temporary +MDStoreDir md + + + AllowOverride None + Require all granted + + +{% for item in http_vhost %} + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + + ServerName {{ item.fqdn }} +{% if item.aliases is defined %} +{% for item_alias in item.aliases %} + ServerAlias {{ item_alias }} +{% endfor %} +{% endif %} + ServerAdmin webmaster@{{ item.fqdn }} + DocumentRoot /srv/http/{{ item.fqdn }} +{% if item.redirect is defined %} + RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} +{% endif %} + + +MDomain {{ item.fqdn }} + + + SSLEngine on + SSLProtocol all -TLSv1.1 + SSLProxyProtocol all -TLSv1.1 + SSLHonorCipherOrder on + SSLCipherSuite PROFILE=SYSTEM + SSLProxyCipherSuite PROFILE=SYSTEM + ServerName {{ item.fqdn }} +{% if item.aliases is defined %} +{% for item_alias in item.aliases %} + ServerAlias {{ item_alias }} +{% endfor %} +{% endif %} + ServerAdmin webmaster@{{ item.fqdn }} + DocumentRoot /srv/http/{{ item.fqdn }} + Alias /error/ "/var/www/error/" +{% if item.proxy is defined %} + ProxyPass "/.well-known" "!" + ProxyPass "/phpMyAdmin" "!" + ProxyPass "/phpmyadmin" "!" + ProxyPass "/" "{{ item.proxy }}" + ProxyPassReverse "/" "{{ item.proxy }}" + ProxyTimeout 300 +{% endif %} +{% if item.redirect is defined %} + RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} +{% endif %} + + Require all denied + + + Require all denied + + + +{% endfor %} diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/welcome.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/welcome.conf new file mode 100644 index 0000000..232c251 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.d/welcome.conf @@ -0,0 +1,20 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# + + Options -Indexes + ErrorDocument 403 /.noindex.html + + + + AllowOverride None + Require all granted + + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /poweredby.png /usr/share/httpd/icons/apache_pb3.png +Alias /system_noindex_logo.png /usr/share/httpd/icons/system_noindex_logo.png diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-base.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-base.conf new file mode 100644 index 0000000..bae2bf6 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-base.conf @@ -0,0 +1,69 @@ +# +# This file loads most of the modules included with the Apache HTTP +# Server itself. +# + +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule allowmethods_module modules/mod_allowmethods.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbd_module modules/mod_authn_dbd.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule cache_module modules/mod_cache.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule cache_socache_module modules/mod_cache_socache.so +LoadModule data_module modules/mod_data.so +LoadModule dbd_module modules/mod_dbd.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule dumpio_module modules/mod_dumpio.so +LoadModule echo_module modules/mod_echo.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule include_module modules/mod_include.so +LoadModule info_module modules/mod_info.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule macro_module modules/mod_macro.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule mime_module modules/mod_mime.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule request_module modules/mod_request.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +LoadModule socache_dbm_module modules/mod_socache_dbm.so +LoadModule socache_memcache_module modules/mod_socache_memcache.so +LoadModule socache_redis_module modules/mod_socache_redis.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule status_module modules/mod_status.so +LoadModule substitute_module modules/mod_substitute.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule version_module modules/mod_version.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule watchdog_module modules/mod_watchdog.so + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-brotli.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-brotli.conf new file mode 100644 index 0000000..c2e0e9e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-brotli.conf @@ -0,0 +1 @@ +LoadModule brotli_module modules/mod_brotli.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-dav.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-dav.conf new file mode 100644 index 0000000..e6af8de --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-dav.conf @@ -0,0 +1,3 @@ +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-lua.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-lua.conf new file mode 100644 index 0000000..9e0d0db --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-lua.conf @@ -0,0 +1 @@ +LoadModule lua_module modules/mod_lua.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf new file mode 100644 index 0000000..fbca66e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf @@ -0,0 +1,18 @@ +# Select the MPM module which should be used by uncommenting exactly +# one of the following LoadModule lines. See the httpd.conf(5) man +# page for more information on changing the MPM. + +# prefork MPM: Implements a non-threaded, pre-forking web server +# See: http://httpd.apache.org/docs/2.4/mod/prefork.html +# +# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux +# boolean should be enabled, to allow graceful stop/shutdown. +# +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so + + +# event MPM: A variant of the worker MPM with the goal of consuming +# threads only for connections with active processing +# See: http://httpd.apache.org/docs/2.4/mod/event.html +# +LoadModule mpm_event_module modules/mod_mpm_event.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-optional.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-optional.conf new file mode 100644 index 0000000..ef584ec --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-optional.conf @@ -0,0 +1,18 @@ +# +# This file lists modules included with the Apache HTTP Server +# which are not enabled by default. +# + +#LoadModule asis_module modules/mod_asis.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule speling_module modules/mod_speling.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-proxy.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-proxy.conf new file mode 100644 index 0000000..f0f84c2 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-proxy.conf @@ -0,0 +1,18 @@ +# This file configures all the proxy modules: +LoadModule proxy_module modules/mod_proxy.so +LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_express_module modules/mod_proxy_express.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-ssl.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-ssl.conf new file mode 100644 index 0000000..53235cd --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-ssl.conf @@ -0,0 +1 @@ +LoadModule ssl_module modules/mod_ssl.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-systemd.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-systemd.conf new file mode 100644 index 0000000..b208c97 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/00-systemd.conf @@ -0,0 +1,2 @@ +# This file configures systemd module: +LoadModule systemd_module modules/mod_systemd.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/01-cgi.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/01-cgi.conf new file mode 100644 index 0000000..4b680cf --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/01-cgi.conf @@ -0,0 +1,11 @@ +# This configuration file loads a CGI module appropriate to the MPM +# which has been configured in 00-mpm.conf. mod_cgid should be used +# with a threaded MPM; mod_cgi with the prefork MPM. + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgi_module modules/mod_cgi.so + + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/01-md.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/01-md.conf new file mode 100644 index 0000000..2739202 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/01-md.conf @@ -0,0 +1 @@ +LoadModule md_module modules/mod_md.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/10-h2.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/10-h2.conf new file mode 100644 index 0000000..12c28aa --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/10-h2.conf @@ -0,0 +1 @@ +LoadModule http2_module modules/mod_http2.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/10-proxy_h2.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/10-proxy_h2.conf new file mode 100644 index 0000000..61dc6d0 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/10-proxy_h2.conf @@ -0,0 +1 @@ +LoadModule proxy_http2_module modules/mod_proxy_http2.so diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/README b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/README new file mode 100644 index 0000000..f4b055d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf.modules.d/README @@ -0,0 +1,10 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. This directory contains +configuration fragments necessary only to load modules. +Administrators should use the directory "/etc/httpd/conf.d" to modify +the configuration of httpd, or any modules. + +Files are processed in sorted order and should have a two digit +numeric prefix. See httpd.conf(5) for more information. diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf/httpd.conf b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf/httpd.conf new file mode 100644 index 0000000..ad5c7ee --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf/httpd.conf @@ -0,0 +1,376 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# See the httpd.conf(5) man page for more information on this configuration, +# and httpd.service(8) on using and configuring the httpd service. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/etc/httpd" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on a specific IP address, but note that if +# httpd.service is enabled to run at boot time, the address may not be +# available when the service starts. See the httpd.service(8) man +# page for more information. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +Include conf.modules.d/*.conf + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User apache +Group apache + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Relax access to content within /var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" PID: %P %{tid}P %T" combined_ext + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, referer, and process/thread + # information (an extended Combined Logfile Format), you can use the + # following directive. + # + CustomLog "logs/access_log" combined_ext + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + +# Supplemental configuration +# +# Load config files in the "/etc/httpd/conf.d" directory, if any. +IncludeOptional conf.d/*.conf diff --git a/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf/magic b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf/magic new file mode 100644 index 0000000..9a41b44 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/httpd/conf/magic @@ -0,0 +1,397 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + + +#------------------------------------------------------------------------------ +# application/x-coredump for LE/BE ELF +# +0 string \177ELF +>5 byte 1 +>16 leshort 4 application/x-coredump + +0 string \177ELF +>5 byte 2 +>16 beshort 4 application/x-coredump + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/logrotate.d/httpd b/roles/ensure_apache/templates/Fedora/44/etc/logrotate.d/httpd new file mode 100644 index 0000000..c5a008c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/logrotate.d/httpd @@ -0,0 +1,11 @@ +# Note that logs are not compressed unless "compress" is configured, +# which can be done either here or globally in /etc/logrotate.conf. +/var/log/httpd/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true + endscript +} diff --git a/roles/ensure_apache/templates/Fedora/44/etc/logrotate.d/php-fpm b/roles/ensure_apache/templates/Fedora/44/etc/logrotate.d/php-fpm new file mode 100644 index 0000000..25f9feb --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/logrotate.d/php-fpm @@ -0,0 +1,9 @@ +/var/log/php-fpm/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true + endscript +} diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-fpm.conf b/roles/ensure_apache/templates/Fedora/44/etc/php-fpm.conf new file mode 100644 index 0000000..750f987 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-fpm.conf @@ -0,0 +1,135 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Default Value: none +pid = /run/php-fpm/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Default Value: /var/log/php-fpm.log +error_log = /var/log/php-fpm/error.log + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +;process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +;process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +include=/etc/php-fpm.d/*.conf + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-fpm.d/www.conf b/roles/ensure_apache/templates/Fedora/44/etc/php-fpm.d/www.conf new file mode 100644 index 0000000..7294d39 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-fpm.d/www.conf @@ -0,0 +1,438 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or @php_fpm_prefix@) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +; RPM: apache user chosen to provide access to the same directories as httpd +user = apache +; RPM: Keep a group allowed to write in log dir. +group = apache + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php-fpm/www.sock + +; Set listen(2) backlog. +; Default Value: 511 +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = nobody +;listen.group = nobody +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +listen.acl_users = apache,nginx +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 50 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 5 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 5 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 35 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: @EXPANDED_DATADIR@/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/php-fpm/www-slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or @prefix@) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +php_admin_value[error_log] = /var/log/php-fpm/www-error.log +php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 128M + +; Set the following data paths to directories owned by the FPM process user. +; +; Do not change the ownership of existing system directories, if the process +; user does not have write permission, create dedicated directories for this +; purpose. +; +; See warning about choosing the location of these directories on your system +; at http://php.net/session.save-path +php_value[session.save_handler] = files +php_value[session.save_path] = /var/lib/php/session +php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache +;php_value[opcache.file_cache] = /var/lib/php/opcache diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/10-opcache.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/10-opcache.ini new file mode 100644 index 0000000..bbb4436 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/10-opcache.ini @@ -0,0 +1,148 @@ +; Enable Zend OPcache extension module +zend_extension=opcache + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +; This hack should only be enabled to work around "Cannot redeclare class" +; errors. +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. +opcache.blacklist_filename=/etc/php-zts.d/opcache*.blacklist + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +; RPM note : file cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +opcache.huge_code_pages=0 + +; Validate cached file permissions. +; Leads OPcache to check file readability on each access to cached file. +; This directive should be enabled in shared hosting environment, when few +; users (PHP-FPM pools) reuse the common OPcache shared memory. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +; This directive prevents file name collisions in different "chroot" +; environments. It should be enabled for sites that may serve requests in +; different "chroot" environments. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; http://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; http://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-bz2.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-bz2.ini new file mode 100644 index 0000000..ad6600e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-bz2.ini @@ -0,0 +1,2 @@ +; Enable bz2 extension module +extension=bz2 diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-calendar.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-calendar.ini new file mode 100644 index 0000000..8f1d291 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-calendar.ini @@ -0,0 +1,2 @@ +; Enable calendar extension module +extension=calendar diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-ctype.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-ctype.ini new file mode 100644 index 0000000..4bde80c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-ctype.ini @@ -0,0 +1,2 @@ +; Enable ctype extension module +extension=ctype diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-curl.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-curl.ini new file mode 100644 index 0000000..08697ce --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-curl.ini @@ -0,0 +1,2 @@ +; Enable curl extension module +extension=curl diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-dom.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-dom.ini new file mode 100644 index 0000000..7d77c45 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-dom.ini @@ -0,0 +1,2 @@ +; Enable dom extension module +extension=dom diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-exif.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-exif.ini new file mode 100644 index 0000000..40b0000 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-exif.ini @@ -0,0 +1,2 @@ +; Enable exif extension module +extension=exif diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-fileinfo.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-fileinfo.ini new file mode 100644 index 0000000..e54e360 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-fileinfo.ini @@ -0,0 +1,2 @@ +; Enable fileinfo extension module +extension=fileinfo diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-ftp.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-ftp.ini new file mode 100644 index 0000000..e492d12 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-ftp.ini @@ -0,0 +1,2 @@ +; Enable ftp extension module +extension=ftp diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-gettext.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-gettext.ini new file mode 100644 index 0000000..d67ae7d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-gettext.ini @@ -0,0 +1,2 @@ +; Enable gettext extension module +extension=gettext diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-iconv.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-iconv.ini new file mode 100644 index 0000000..03aee46 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-iconv.ini @@ -0,0 +1,2 @@ +; Enable iconv extension module +extension=iconv diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-json.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-json.ini new file mode 100644 index 0000000..2b6607b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-json.ini @@ -0,0 +1,2 @@ +; Enable json extension module +extension=json diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-mbstring.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-mbstring.ini new file mode 100644 index 0000000..625cc73 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-mbstring.ini @@ -0,0 +1,2 @@ +; Enable mbstring extension module +extension=mbstring diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-mysqlnd.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-mysqlnd.ini new file mode 100644 index 0000000..a66ea66 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-mysqlnd.ini @@ -0,0 +1,2 @@ +; Enable mysqlnd extension module +extension=mysqlnd diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-pdo.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-pdo.ini new file mode 100644 index 0000000..5a46a1f --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-pdo.ini @@ -0,0 +1,2 @@ +; Enable pdo extension module +extension=pdo diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-phar.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-phar.ini new file mode 100644 index 0000000..8224a1b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-phar.ini @@ -0,0 +1,2 @@ +; Enable phar extension module +extension=phar diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-simplexml.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-simplexml.ini new file mode 100644 index 0000000..6f13cb5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-simplexml.ini @@ -0,0 +1,2 @@ +; Enable simplexml extension module +extension=simplexml diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sockets.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sockets.ini new file mode 100644 index 0000000..f17ae3e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sockets.ini @@ -0,0 +1,2 @@ +; Enable sockets extension module +extension=sockets diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sodium.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sodium.ini new file mode 100644 index 0000000..c3a6b65 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sodium.ini @@ -0,0 +1,2 @@ +; Enable sodium extension module +extension=sodium diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sqlite3.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sqlite3.ini new file mode 100644 index 0000000..7a4c543 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-sqlite3.ini @@ -0,0 +1,2 @@ +; Enable sqlite3 extension module +extension=sqlite3 diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-tokenizer.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-tokenizer.ini new file mode 100644 index 0000000..44c800a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-tokenizer.ini @@ -0,0 +1,2 @@ +; Enable tokenizer extension module +extension=tokenizer diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xml.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xml.ini new file mode 100644 index 0000000..976ebf7 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xml.ini @@ -0,0 +1,2 @@ +; Enable xml extension module +extension=xml diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xmlwriter.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xmlwriter.ini new file mode 100644 index 0000000..3b92225 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xmlwriter.ini @@ -0,0 +1,2 @@ +; Enable xmlwriter extension module +extension=xmlwriter diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xsl.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xsl.ini new file mode 100644 index 0000000..5dd90a8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/20-xsl.ini @@ -0,0 +1,2 @@ +; Enable xsl extension module +extension=xsl diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-mysqli.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-mysqli.ini new file mode 100644 index 0000000..d50df50 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-mysqli.ini @@ -0,0 +1,2 @@ +; Enable mysqli extension module +extension=mysqli diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-pdo_mysql.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-pdo_mysql.ini new file mode 100644 index 0000000..933bef1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-pdo_mysql.ini @@ -0,0 +1,2 @@ +; Enable pdo_mysql extension module +extension=pdo_mysql diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-pdo_sqlite.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-pdo_sqlite.ini new file mode 100644 index 0000000..f661146 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-pdo_sqlite.ini @@ -0,0 +1,2 @@ +; Enable pdo_sqlite extension module +extension=pdo_sqlite diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-xmlreader.ini b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-xmlreader.ini new file mode 100644 index 0000000..f87ebf8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/30-xmlreader.ini @@ -0,0 +1,2 @@ +; Enable xmlreader extension module +extension=xmlreader diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/opcache-default.blacklist b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/opcache-default.blacklist new file mode 100644 index 0000000..0cc2e18 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php-zts.d/opcache-default.blacklist @@ -0,0 +1,11 @@ +; The blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +; Files are usually triggered by one of the following three reasons: +; 1) Directories that contain auto generated code, like Smarty or ZFW cache. +; 2) Code that does not work well when accelerated, due to some delayed +; compile time evaluation. +; 3) Code that triggers an OPcache bug. + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/10-opcache.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/10-opcache.ini new file mode 100644 index 0000000..252303a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/10-opcache.ini @@ -0,0 +1,158 @@ +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=1 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. +opcache.blacklist_filename=/etc/php.d/opcache*.blacklist + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +; RPM note : file cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;opcache.file_cache= + +; Enables or disables read-only mode for the second level cache directory. +; It should improve performance for read-only containers, +; when the cache is pre-warmed and packaged alongside the application. +; Best used with `opcache.validate_timestamps=0`, `opcache.enable_file_override=1` +; and `opcache.file_cache_consistency_checks=0`. +; Note: A cache generated with a different build of PHP, a different file path, +; or different settings (including which extensions are loaded), may be ignored. +;opcache.file_cache_read_only=0 + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; Under certain circumstances (if only a single global PHP process is +; started from which all others fork), this can increase performance +; by a tiny amount because TLB misses are reduced. On the other hand, this +; delays PHP startup, increases memory usage and degrades performance +; under memory pressure - use with care. +; Requires appropriate OS configuration. +opcache.huge_code_pages=0 + +; Validate cached file permissions. +; Leads OPcache to check file readability on each access to cached file. +; This directive should be enabled in shared hosting environment, when few +; users (PHP-FPM pools) reuse the common OPcache shared memory. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +; This directive prevents file name collisions in different "chroot" +; environments. It should be enabled for sites that may serve requests in +; different "chroot" environments. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-bz2.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-bz2.ini new file mode 100644 index 0000000..ad6600e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-bz2.ini @@ -0,0 +1,2 @@ +; Enable bz2 extension module +extension=bz2 diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-calendar.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-calendar.ini new file mode 100644 index 0000000..8f1d291 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-calendar.ini @@ -0,0 +1,2 @@ +; Enable calendar extension module +extension=calendar diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-ctype.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-ctype.ini new file mode 100644 index 0000000..4bde80c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-ctype.ini @@ -0,0 +1,2 @@ +; Enable ctype extension module +extension=ctype diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-curl.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-curl.ini new file mode 100644 index 0000000..08697ce --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-curl.ini @@ -0,0 +1,2 @@ +; Enable curl extension module +extension=curl diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-dom.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-dom.ini new file mode 100644 index 0000000..7d77c45 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-dom.ini @@ -0,0 +1,2 @@ +; Enable dom extension module +extension=dom diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-exif.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-exif.ini new file mode 100644 index 0000000..40b0000 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-exif.ini @@ -0,0 +1,2 @@ +; Enable exif extension module +extension=exif diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-fileinfo.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-fileinfo.ini new file mode 100644 index 0000000..e54e360 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-fileinfo.ini @@ -0,0 +1,2 @@ +; Enable fileinfo extension module +extension=fileinfo diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-ftp.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-ftp.ini new file mode 100644 index 0000000..e492d12 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-ftp.ini @@ -0,0 +1,2 @@ +; Enable ftp extension module +extension=ftp diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-gettext.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-gettext.ini new file mode 100644 index 0000000..d67ae7d --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-gettext.ini @@ -0,0 +1,2 @@ +; Enable gettext extension module +extension=gettext diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-iconv.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-iconv.ini new file mode 100644 index 0000000..03aee46 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-iconv.ini @@ -0,0 +1,2 @@ +; Enable iconv extension module +extension=iconv diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-json.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-json.ini new file mode 100644 index 0000000..2b6607b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-json.ini @@ -0,0 +1,2 @@ +; Enable json extension module +extension=json diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-mbstring.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-mbstring.ini new file mode 100644 index 0000000..625cc73 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-mbstring.ini @@ -0,0 +1,2 @@ +; Enable mbstring extension module +extension=mbstring diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-mysqlnd.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-mysqlnd.ini new file mode 100644 index 0000000..a66ea66 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-mysqlnd.ini @@ -0,0 +1,2 @@ +; Enable mysqlnd extension module +extension=mysqlnd diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-pdo.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-pdo.ini new file mode 100644 index 0000000..5a46a1f --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-pdo.ini @@ -0,0 +1,2 @@ +; Enable pdo extension module +extension=pdo diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-phar.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-phar.ini new file mode 100644 index 0000000..8224a1b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-phar.ini @@ -0,0 +1,2 @@ +; Enable phar extension module +extension=phar diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-simplexml.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-simplexml.ini new file mode 100644 index 0000000..6f13cb5 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-simplexml.ini @@ -0,0 +1,2 @@ +; Enable simplexml extension module +extension=simplexml diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sockets.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sockets.ini new file mode 100644 index 0000000..f17ae3e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sockets.ini @@ -0,0 +1,2 @@ +; Enable sockets extension module +extension=sockets diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sodium.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sodium.ini new file mode 100644 index 0000000..c3a6b65 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sodium.ini @@ -0,0 +1,2 @@ +; Enable sodium extension module +extension=sodium diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sqlite3.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sqlite3.ini new file mode 100644 index 0000000..7a4c543 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-sqlite3.ini @@ -0,0 +1,2 @@ +; Enable sqlite3 extension module +extension=sqlite3 diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-tokenizer.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-tokenizer.ini new file mode 100644 index 0000000..44c800a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-tokenizer.ini @@ -0,0 +1,2 @@ +; Enable tokenizer extension module +extension=tokenizer diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xml.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xml.ini new file mode 100644 index 0000000..976ebf7 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xml.ini @@ -0,0 +1,2 @@ +; Enable xml extension module +extension=xml diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xmlwriter.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xmlwriter.ini new file mode 100644 index 0000000..3b92225 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xmlwriter.ini @@ -0,0 +1,2 @@ +; Enable xmlwriter extension module +extension=xmlwriter diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xsl.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xsl.ini new file mode 100644 index 0000000..5dd90a8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/20-xsl.ini @@ -0,0 +1,2 @@ +; Enable xsl extension module +extension=xsl diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-mysqli.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-mysqli.ini new file mode 100644 index 0000000..d50df50 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-mysqli.ini @@ -0,0 +1,2 @@ +; Enable mysqli extension module +extension=mysqli diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-pdo_mysql.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-pdo_mysql.ini new file mode 100644 index 0000000..933bef1 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-pdo_mysql.ini @@ -0,0 +1,2 @@ +; Enable pdo_mysql extension module +extension=pdo_mysql diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-pdo_sqlite.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-pdo_sqlite.ini new file mode 100644 index 0000000..f661146 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-pdo_sqlite.ini @@ -0,0 +1,2 @@ +; Enable pdo_sqlite extension module +extension=pdo_sqlite diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-xmlreader.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-xmlreader.ini new file mode 100644 index 0000000..f87ebf8 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/30-xmlreader.ini @@ -0,0 +1,2 @@ +; Enable xmlreader extension module +extension=xmlreader diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.d/opcache-default.blacklist b/roles/ensure_apache/templates/Fedora/44/etc/php.d/opcache-default.blacklist new file mode 100644 index 0000000..0cc2e18 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.d/opcache-default.blacklist @@ -0,0 +1,11 @@ +; The blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +; Files are usually triggered by one of the following three reasons: +; 1) Directories that contain auto generated code, like Smarty or ZFW cache. +; 2) Code that does not work well when accelerated, due to some delayed +; compile time evaluation. +; 3) Code that triggers an OPcache bug. + diff --git a/roles/ensure_apache/templates/Fedora/44/etc/php.ini b/roles/ensure_apache/templates/Fedora/44/etc/php.ini new file mode 100644 index 0000000..1d8e01a --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/php.ini @@ -0,0 +1,1645 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. +; 3. A number of predefined registry keys on Windows +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (usually C:\windows) +; See the PHP docs for more specific information. +; https://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; https://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security-conscious applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is the php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; + +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; mysqlnd.collect_memory_statistics +; Default Value: Off +; Development Value: On +; Production Value: Off + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +; zend.assertions +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 + +; zend.exception_ignore_args +; Default Value: Off +; Development Value: Off +; Production Value: On + +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to an empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; https://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; https://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; https://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; https://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; https://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; https://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; https://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; https://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; https://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; https://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; How many multipart body parts (combined input variable and file uploads) may +; be accepted. +; Default Value: -1 (Sum of max_input_vars and max_file_uploads) +;max_multipart_body_parts = 1500 + +; Maximum amount of memory a script may consume +; https://php.net/memory-limit +memory_limit = 128M +max_memory_limit = -1 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED +; https://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; https://php.net/log-errors +log_errors = On + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; https://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; https://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; This setting is off by default. +;report_zend_debug = 0 + +; Turn off normal error reporting and emit XML-RPC error XML +; https://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; https://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from https://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; https://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; https://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; https://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +; This directive controls whether PHP will output the backtrace of fatal errors. +; Default Value: On +; Development Value: On +; Production Value: On +;fatal_error_backtraces = On + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; https://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; https://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; https://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; https://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For security reasons, this feature should be disabled +; for non-CLI SAPIs. +; Note: This directive is ignored for the CLI SAPI +; This directive is deprecated. +; https://php.net/register-argc-argv +;register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; https://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; https://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; https://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; https://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; https://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/php/includes" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; https://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; https://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; https://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; https://php.net/extension-dir +;extension_dir = "./" +; On windows: +;extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; https://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; https://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; https://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; https://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; https://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Prevent decoding of SCRIPT_FILENAME when using Apache ProxyPass or +; ProxyPassMatch. This should only be used if script file paths are already +; stored in an encoded format on the file system. +; Default is 0. +;fastcgi.script_path_encoded = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; https://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; https://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; https://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; https://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; https://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; https://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; https://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; https://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; https://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename +; +; For example: +; +; extension=mysqli +; +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: +; +; extension=/path/to/extension/mysqli.so +; +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. + +;;;; +; Note: packaged extension modules are now loaded via the .ini files +; found in the directory /etc/php.d; these are loaded by default. +;;;; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; https://php.net/date.timezone +;date.timezone = + +; https://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; https://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 + +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 + +[filter] +; https://php.net/filter.default +;filter.default = unsafe_raw + +; https://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +; This directive is deprecated. +;intl.error_level = E_WARNING +; If enabled this directive indicates that when an error occurs within an +; intl function a IntlException should be thrown. +; Default is Off, which means errors need to be handled manually. +;intl.use_exceptions = On + +[sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + +[Pcre] +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +pcre.jit=0 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; https://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +pdo_mysql.default_socket= + +[Phar] +; https://php.net/phar.readonly +;phar.readonly = On + +; https://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; https://php.net/sendmail-path +sendmail_path = /usr/sbin/sendmail -t -i + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; Use mixed LF and CRLF line separators to keep compatibility with some +; RFC 2822 non conformant MTA. +mail.mixed_lf_and_crlf = Off + +; Control line ending mode for mail messages and headers. +; Possible values: "crlf" (default), "lf", "mixed", "os" +; - crlf: Use CRLF line endings +; - lf: Use LF line endings only (converts CRLF in message to LF) +; - mixed: Same as mail.mixed_lf_and_crlf = On +; - os: Use CRLF on Windows, LF on other systems +mail.cr_lf_mode = crlf + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[ODBC] +; https://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; https://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; https://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; https://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; https://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; https://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; https://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; https://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + +; Allow or prevent persistent links. +; https://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; https://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). +; https://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; https://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect(). +; https://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect(). +; https://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect(). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; https://php.net/mysqli.default-pw +mysqli.default_pw = + +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; Default Value: Off +; Development Value: On +; Production Value: Off +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + +[PostgreSQL] +; Allow or prevent persistent links. +; https://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; https://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; https://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; https://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; https://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[bcmath] +; Number of decimal digits for all bcmath functions. +; https://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; https://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; https://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; https://php.net/session.save-path + +; RPM note : session directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +;session.save_path = "/tmp" + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; https://php.net/session.use-cookies +session.use_cookies = 1 + +; https://php.net/session.cookie-secure +;session.cookie_secure = + +; https://php.net/session.cookie-partitioned +;session.cookie_partitioned = 0 + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; https://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; https://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; https://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; https://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; https://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly +session.cookie_httponly = + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.gc-probability +session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; https://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; https://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; https://php.net/session.referer-check +session.referer_check = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; https://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; https://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; https://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; https://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; https://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; https://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! +; (For turning assertions on and off at run-time, toggle zend.assertions between the values 1 and 0) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; https://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; https://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; Enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting must not be empty. +; https://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; https://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; https://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; https://php.net/exif.encode-jis +;exif.encode_jis = + +; https://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; https://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; https://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; https://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; https://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; https://php.net/soap.wsdl-cache-dir + +; RPM note : cache directory must be owned by process owner +; for mod_php, see /etc/httpd/conf.d/php.conf +; for php-fpm, see /etc/php-fpm.d/*conf +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; https://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[dba] +;dba.default_handler= + +[opcache] +; see /etc/php.d/10-opcache.ini + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +; The libctx is an OpenSSL library context. OpenSSL defines a default library +; context, but PHP OpenSSL also defines its own library context to avoid +; interference with other libraries using OpenSSL and to provide an independent +; context for each thread in ZTS. Possible values: +; "custom" - use a custom library context (default) +; "default" - use the default OpenSSL library context +;openssl.libctx=custom + +[ffi] +; see /etc/php.d/20-ffi.ini diff --git a/roles/ensure_apache/templates/Fedora/44/etc/sysconfig/htcacheclean b/roles/ensure_apache/templates/Fedora/44/etc/sysconfig/htcacheclean new file mode 100644 index 0000000..fffa17b --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/etc/sysconfig/htcacheclean @@ -0,0 +1,16 @@ +# +# Configuration options for systemd service, htcacheclean.service. +# See htcacheclean(8) for more information on available options. +# + +# Interval between cache clean runs, in minutes +INTERVAL=15 + +# Default cache root. +CACHE_ROOT=/var/cache/httpd/proxy + +# Cache size limit in bytes (K=Kbytes, M=Mbytes) +LIMIT=100M + +# Any other options... +OPTIONS= diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/htcacheclean.service b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/htcacheclean.service new file mode 100644 index 0000000..e3eeef9 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/htcacheclean.service @@ -0,0 +1,16 @@ +[Unit] +Description=Disk Cache Cleaning Daemon for the Apache HTTP Server +After=httpd.service +Documentation=man:htcacheclean.service(8) + +[Service] +Type=forking +User=apache +PIDFile=/run/httpd/htcacheclean/pid +Environment=LANG=C +EnvironmentFile=/etc/sysconfig/htcacheclean +ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-init.service b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-init.service new file mode 100644 index 0000000..704c314 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-init.service @@ -0,0 +1,13 @@ +[Unit] +Description=One-time temporary TLS key generation for httpd.service +Documentation=man:httpd-init.service(8) + +ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt +ConditionPathExists=|!/etc/pki/tls/private/localhost.key + +[Service] +Type=oneshot +RemainAfterExit=no +PrivateTmp=true + +ExecStart=/usr/libexec/httpd-ssl-gencerts diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-reload.service b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-reload.service new file mode 100644 index 0000000..baf9c71 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-reload.service @@ -0,0 +1,9 @@ +[Unit] +Description=Reload Apache for Let's Encrypt Certificate Insert + +[Service] +Type=oneshot +ExecStart=/bin/systemctl reload httpd.service + +[Install] +WantedBy=httpd.service diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-reload.timer b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-reload.timer new file mode 100644 index 0000000..4a45a99 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd-reload.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Reload Apache for Let's Encrypt Certificate Insert + +[Timer] +OnUnitActiveSec=5min + +[Install] +WantedBy=httpd.service diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.service b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.service new file mode 100644 index 0000000..b75e28c --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.service @@ -0,0 +1,50 @@ +# See httpd.service(8) for more information on using the httpd service. + +# Modifying this file in-place is not recommended, because changes +# will be overwritten during package upgrades. To customize the +# behaviour, run "systemctl edit httpd" to create an override unit. + +# For example, to pass additional options (such as -D definitions) to +# the httpd binary at startup, create an override unit (as is done by +# systemctl edit) and enter the following: + +# [Service] +# Environment=OPTIONS=-DMY_DEFINE + +[Unit] +Description=The Apache HTTP Server +Wants=httpd-init.service +After=network.target remote-fs.target nss-lookup.target httpd-init.service +Documentation=man:httpd.service(8) + +[Service] +Type=notify +Environment=LANG=C + +ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND +ExecReload=/usr/sbin/httpd $OPTIONS -k graceful +# Send SIGWINCH for graceful stop +KillSignal=SIGWINCH +KillMode=mixed +DevicePolicy=closed +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +OOMPolicy=continue +PrivateDevices=yes +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=yes +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.service.d/php-fpm.conf b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.service.d/php-fpm.conf new file mode 100644 index 0000000..2b4e775 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.service.d/php-fpm.conf @@ -0,0 +1,12 @@ +# This file provides default configuration and will be overwritten on package upgrades. +# Do not edit it directly. +# +# To customize: +# 1. Copy this file, preserving its name, to /etc/systemd/system/.d/ +# (create the directory if it does not exist) +# 2. Edit the copy as needed +# 3. Run: systemctl daemon-reload + +[Unit] +Wants=php-fpm.service + diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.socket b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.socket new file mode 100644 index 0000000..074695e --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.socket @@ -0,0 +1,13 @@ +# See httpd.socket(8) for more information on using the httpd service. + +[Unit] +Description=Apache httpd Server Socket +Documentation=man:httpd.socket(8) + +[Socket] +ListenStream=80 +NoDelay=true +DeferAcceptSec=30 + +[Install] +WantedBy=sockets.target diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf new file mode 100644 index 0000000..7e2df97 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf @@ -0,0 +1,5 @@ +# This file is part of mod_ssl. It enables listening on port 443 when +# socket activation is used. + +[Socket] +ListenStream=443 diff --git a/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd@.service b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd@.service new file mode 100644 index 0000000..8b20b90 --- /dev/null +++ b/roles/ensure_apache/templates/Fedora/44/usr/lib/systemd/system/httpd@.service @@ -0,0 +1,43 @@ +# This is a template for httpd instances. +# See httpd@.service(8) for more information. + +[Unit] +Description=The Apache HTTP Server +After=network.target remote-fs.target nss-lookup.target +Documentation=man:httpd@.service(8) + +[Service] +Type=notify +Environment=LANG=C +Environment=HTTPD_INSTANCE=%i +ExecStartPre=/bin/mkdir -m 710 -p /run/httpd/instance-%i +ExecStartPre=/bin/chown root.apache /run/httpd/instance-%i +ExecStartPre=/bin/mkdir -m 700 -p /var/lib/httpd/instance-%i +ExecStartPre=/bin/chown apache.apache /var/lib/httpd/instance-%i +ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND -f conf/%i.conf +ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf +# Send SIGWINCH for graceful stop +KillSignal=SIGWINCH +KillMode=mixed +DevicePolicy=closed +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +OOMPolicy=continue +PrivateDevices=yes +PrivateTmp=true +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=yes +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff --git a/roles/ensure_apache/tests/inventory b/roles/ensure_apache/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/ensure_apache/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/ensure_apache/tests/test.yml b/roles/ensure_apache/tests/test.yml new file mode 100644 index 0000000..62b43ee --- /dev/null +++ b/roles/ensure_apache/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ensure_apache \ No newline at end of file diff --git a/roles/ensure_apache/vars/Fedora-42-default.yml b/roles/ensure_apache/vars/Fedora-42-default.yml new file mode 100644 index 0000000..d4e42c1 --- /dev/null +++ b/roles/ensure_apache/vars/Fedora-42-default.yml @@ -0,0 +1,229 @@ +--- +# vars file for ensure_apache +package_list: + - name: 'httpd' + state: 'present' + - name: 'httpd-filesystem' + state: 'present' + - name: 'httpd-tools' + state: 'present' + - name: 'mod_http2' + state: 'present' + - name: 'mod_md' + state: 'present' + - name: 'mod_ssl' + state: 'present' + - name: 'php' + state: 'present' + - name: 'php-cli' + state: 'present' + - name: 'php-common' + state: 'present' + - name: 'php-fpm' + state: 'present' + - name: 'php-mbstring' + state: 'present' + - name: 'php-mysqlnd' + state: 'present' + - name: 'php-opcache' + state: 'present' + - name: 'php-pdo' + state: 'present' + - name: 'php-sodium' + state: 'present' + - name: 'php-xml' + state: 'present' +firewall_list: + - permanent: 'yes' + service: 'http' + state: 'enabled' + - permanent: 'yes' + service: 'https' + state: 'enabled' +permission_list: + - path: '/etc/httpd/md' + group: 'apache' + owner: 'root' + mode: '0770' + state: 'directory' + setype: 'httpd_var_lib_t' +seboolean_list: + - name: 'httpd_can_network_connect' + persistent: 'yes' + state: 'yes' + - name: 'httpd_can_network_connect_db' + persistent: 'yes' + state: 'yes' +service_list: + - name: 'httpd.service' + state: 'started' + enabled: 'yes' + - name: 'httpd-reload.timer' + state: 'started' + enabled: 'yes' + - name: 'php-fpm.service' + state: 'started' + enabled: 'yes' +template_list: + - dest: '/etc/httpd/conf.d/autoindex.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/autoindex.conf' + - dest: '/etc/httpd/conf.d/README' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/README' + - dest: '/etc/httpd/conf.d/vhost.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/vhost.conf' + - dest: '/etc/httpd/conf.d/ssl.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/ssl.conf' + - dest: '/etc/httpd/conf.d/userdir.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/userdir.conf' + - dest: '/etc/httpd/conf.d/welcome.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/welcome.conf' + - dest: '/etc/httpd/conf/httpd.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf/httpd.conf' + - dest: '/etc/httpd/conf/magic' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf/magic' + - dest: '/etc/httpd/conf.modules.d/00-base.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf' + - dest: '/etc/httpd/conf.modules.d/00-brotli.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-brotli.conf' + - dest: '/etc/httpd/conf.modules.d/00-dav.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-dav.conf' + - dest: '/etc/httpd/conf.modules.d/00-lua.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-lua.conf' + - dest: '/etc/httpd/conf.modules.d/00-mpm.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-mpm.conf' + - dest: '/etc/httpd/conf.modules.d/00-optional.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-optional.conf' + - dest: '/etc/httpd/conf.modules.d/00-proxy.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-proxy.conf' + - dest: '/etc/httpd/conf.modules.d/00-ssl.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-ssl.conf' + - dest: '/etc/httpd/conf.modules.d/00-systemd.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-systemd.conf' + - dest: '/etc/httpd/conf.modules.d/01-cgi.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/01-cgi.conf' + - dest: '/etc/httpd/conf.modules.d/01-md.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/01-md.conf' + - dest: '/etc/httpd/conf.modules.d/10-h2.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/10-h2.conf' + - dest: '/etc/httpd/conf.modules.d/10-proxy_h2.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/10-proxy_h2.conf' + - dest: '/etc/httpd/conf.modules.d/README' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/README' + - dest: '/etc/logrotate.d/httpd' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/logrotate.d/httpd' + - dest: '/etc/sysconfig/htcacheclean' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/sysconfig/htcacheclean' + - dest: '/usr/lib/systemd/system/htcacheclean.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/htcacheclean.service' + - dest: '/usr/lib/systemd/system/httpd.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.service' + - dest: '/usr/lib/systemd/system/httpd.socket' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket' + - dest: '/usr/lib/systemd/system/httpd-init.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-init.service' + - dest: '/usr/lib/systemd/system/httpd-reload.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-reload.service' + - dest: '/usr/lib/systemd/system/httpd-reload.timer' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-reload.timer' + - dest: '/usr/lib/systemd/system/httpd@.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service' + - dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf' +... + diff --git a/roles/ensure_apache/vars/Fedora-43-default.yml b/roles/ensure_apache/vars/Fedora-43-default.yml new file mode 100644 index 0000000..d4e42c1 --- /dev/null +++ b/roles/ensure_apache/vars/Fedora-43-default.yml @@ -0,0 +1,229 @@ +--- +# vars file for ensure_apache +package_list: + - name: 'httpd' + state: 'present' + - name: 'httpd-filesystem' + state: 'present' + - name: 'httpd-tools' + state: 'present' + - name: 'mod_http2' + state: 'present' + - name: 'mod_md' + state: 'present' + - name: 'mod_ssl' + state: 'present' + - name: 'php' + state: 'present' + - name: 'php-cli' + state: 'present' + - name: 'php-common' + state: 'present' + - name: 'php-fpm' + state: 'present' + - name: 'php-mbstring' + state: 'present' + - name: 'php-mysqlnd' + state: 'present' + - name: 'php-opcache' + state: 'present' + - name: 'php-pdo' + state: 'present' + - name: 'php-sodium' + state: 'present' + - name: 'php-xml' + state: 'present' +firewall_list: + - permanent: 'yes' + service: 'http' + state: 'enabled' + - permanent: 'yes' + service: 'https' + state: 'enabled' +permission_list: + - path: '/etc/httpd/md' + group: 'apache' + owner: 'root' + mode: '0770' + state: 'directory' + setype: 'httpd_var_lib_t' +seboolean_list: + - name: 'httpd_can_network_connect' + persistent: 'yes' + state: 'yes' + - name: 'httpd_can_network_connect_db' + persistent: 'yes' + state: 'yes' +service_list: + - name: 'httpd.service' + state: 'started' + enabled: 'yes' + - name: 'httpd-reload.timer' + state: 'started' + enabled: 'yes' + - name: 'php-fpm.service' + state: 'started' + enabled: 'yes' +template_list: + - dest: '/etc/httpd/conf.d/autoindex.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/autoindex.conf' + - dest: '/etc/httpd/conf.d/README' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/README' + - dest: '/etc/httpd/conf.d/vhost.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/vhost.conf' + - dest: '/etc/httpd/conf.d/ssl.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/ssl.conf' + - dest: '/etc/httpd/conf.d/userdir.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/userdir.conf' + - dest: '/etc/httpd/conf.d/welcome.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/welcome.conf' + - dest: '/etc/httpd/conf/httpd.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf/httpd.conf' + - dest: '/etc/httpd/conf/magic' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf/magic' + - dest: '/etc/httpd/conf.modules.d/00-base.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf' + - dest: '/etc/httpd/conf.modules.d/00-brotli.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-brotli.conf' + - dest: '/etc/httpd/conf.modules.d/00-dav.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-dav.conf' + - dest: '/etc/httpd/conf.modules.d/00-lua.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-lua.conf' + - dest: '/etc/httpd/conf.modules.d/00-mpm.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-mpm.conf' + - dest: '/etc/httpd/conf.modules.d/00-optional.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-optional.conf' + - dest: '/etc/httpd/conf.modules.d/00-proxy.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-proxy.conf' + - dest: '/etc/httpd/conf.modules.d/00-ssl.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-ssl.conf' + - dest: '/etc/httpd/conf.modules.d/00-systemd.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-systemd.conf' + - dest: '/etc/httpd/conf.modules.d/01-cgi.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/01-cgi.conf' + - dest: '/etc/httpd/conf.modules.d/01-md.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/01-md.conf' + - dest: '/etc/httpd/conf.modules.d/10-h2.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/10-h2.conf' + - dest: '/etc/httpd/conf.modules.d/10-proxy_h2.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/10-proxy_h2.conf' + - dest: '/etc/httpd/conf.modules.d/README' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/README' + - dest: '/etc/logrotate.d/httpd' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/logrotate.d/httpd' + - dest: '/etc/sysconfig/htcacheclean' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/sysconfig/htcacheclean' + - dest: '/usr/lib/systemd/system/htcacheclean.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/htcacheclean.service' + - dest: '/usr/lib/systemd/system/httpd.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.service' + - dest: '/usr/lib/systemd/system/httpd.socket' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket' + - dest: '/usr/lib/systemd/system/httpd-init.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-init.service' + - dest: '/usr/lib/systemd/system/httpd-reload.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-reload.service' + - dest: '/usr/lib/systemd/system/httpd-reload.timer' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-reload.timer' + - dest: '/usr/lib/systemd/system/httpd@.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service' + - dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf' +... + diff --git a/roles/ensure_apache/vars/Fedora-44-default.yml b/roles/ensure_apache/vars/Fedora-44-default.yml new file mode 100644 index 0000000..861232d --- /dev/null +++ b/roles/ensure_apache/vars/Fedora-44-default.yml @@ -0,0 +1,234 @@ +--- +# vars file for ensure_apache +package_list: + - name: 'httpd' + state: 'present' + - name: 'httpd-filesystem' + state: 'present' + - name: 'httpd-tools' + state: 'present' + - name: 'mod_http2' + state: 'present' + - name: 'mod_md' + state: 'present' + - name: 'mod_ssl' + state: 'present' + - name: 'php' + state: 'present' + - name: 'php-cli' + state: 'present' + - name: 'php-common' + state: 'present' + - name: 'php-fpm' + state: 'present' + - name: 'php-mbstring' + state: 'present' + - name: 'php-mysqlnd' + state: 'present' + - name: 'php-opcache' + state: 'present' + - name: 'php-pdo' + state: 'present' + - name: 'php-sodium' + state: 'present' + - name: 'php-xml' + state: 'present' +firewall_list: + - permanent: 'yes' + service: 'http' + state: 'enabled' + - permanent: 'yes' + service: 'https' + state: 'enabled' +permission_list: + - path: '/etc/httpd/md' + group: 'apache' + owner: 'root' + mode: '0770' + state: 'directory' + setype: 'httpd_var_lib_t' +seboolean_list: + - name: 'httpd_can_network_connect' + persistent: 'yes' + state: 'yes' + - name: 'httpd_can_network_connect_db' + persistent: 'yes' + state: 'yes' +service_list: + - name: 'httpd.service' + state: 'started' + enabled: 'yes' + - name: 'httpd-reload.timer' + state: 'started' + enabled: 'yes' + - name: 'php-fpm.service' + state: 'started' + enabled: 'yes' +template_list: + - dest: '/etc/httpd/conf.d/autoindex.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/autoindex.conf' + - dest: '/etc/httpd/conf.d/README' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/README' + - dest: '/etc/httpd/conf.d/vhost.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/vhost.conf' + - dest: '/etc/httpd/conf.d/ssl.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/ssl.conf' + - dest: '/etc/httpd/conf.d/userdir.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/userdir.conf' + - dest: '/etc/httpd/conf.d/welcome.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.d/welcome.conf' + - dest: '/etc/httpd/conf/httpd.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf/httpd.conf' + - dest: '/etc/httpd/conf/magic' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf/magic' + - dest: '/etc/httpd/conf.modules.d/00-base.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf' + - dest: '/etc/httpd/conf.modules.d/00-brotli.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-brotli.conf' + - dest: '/etc/httpd/conf.modules.d/00-dav.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-dav.conf' + - dest: '/etc/httpd/conf.modules.d/00-lua.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-lua.conf' + - dest: '/etc/httpd/conf.modules.d/00-mpm.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-mpm.conf' + - dest: '/etc/httpd/conf.modules.d/00-optional.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-optional.conf' + - dest: '/etc/httpd/conf.modules.d/00-proxy.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-proxy.conf' + - dest: '/etc/httpd/conf.modules.d/00-ssl.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-ssl.conf' + - dest: '/etc/httpd/conf.modules.d/00-systemd.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-systemd.conf' + - dest: '/etc/httpd/conf.modules.d/01-cgi.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/01-cgi.conf' + - dest: '/etc/httpd/conf.modules.d/01-md.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/01-md.conf' + - dest: '/etc/httpd/conf.modules.d/10-h2.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/10-h2.conf' + - dest: '/etc/httpd/conf.modules.d/10-proxy_h2.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/10-proxy_h2.conf' + - dest: '/etc/httpd/conf.modules.d/README' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/README' + - dest: '/etc/logrotate.d/httpd' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/logrotate.d/httpd' + - dest: '/etc/sysconfig/htcacheclean' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/sysconfig/htcacheclean' + - dest: '/usr/lib/systemd/system/htcacheclean.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/htcacheclean.service' + - dest: '/usr/lib/systemd/system/httpd.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.service' + - dest: '/usr/lib/systemd/system/httpd.socket' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket' + - dest: '/usr/lib/systemd/system/httpd-init.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-init.service' + - dest: '/usr/lib/systemd/system/httpd-reload.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-reload.service' + - dest: '/usr/lib/systemd/system/httpd-reload.timer' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-reload.timer' + - dest: '/usr/lib/systemd/system/httpd@.service' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service' + - dest: '/usr/lib/systemd/system/httpd.service.d/php-fpm.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.service.d/php-fpm.conf' + - dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf' + group: 'root' + mode: '0644' + owner: 'root' + src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf' +... + diff --git a/roles/ensure_apache/vars/default.yml b/roles/ensure_apache/vars/default.yml new file mode 100644 index 0000000..c7215c2 --- /dev/null +++ b/roles/ensure_apache/vars/default.yml @@ -0,0 +1,2 @@ +--- +# vars file for ensure_apache \ No newline at end of file diff --git a/roles/ensure_apache/vars/main.yml b/roles/ensure_apache/vars/main.yml new file mode 100644 index 0000000..c7215c2 --- /dev/null +++ b/roles/ensure_apache/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ensure_apache \ No newline at end of file