diff --git a/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf b/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf
index 0e487ac..25a0ebf 100644
--- a/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf
+++ b/templates/Fedora/44/etc/httpd/conf.d/autoindex.conf
@@ -13,7 +13,7 @@
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
-IndexOptions FancyIndexing HTMLTable VersionSort
+IndexOptions FancyIndexing HTMLTable VersionSort Charset=UTF-8
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
@@ -21,7 +21,7 @@ IndexOptions FancyIndexing HTMLTable VersionSort
Alias /icons/ "/usr/share/httpd/icons/"
- Options Indexes MultiViews FollowSymlinks
+ Options MultiViews FollowSymlinks
AllowOverride None
Require all granted
diff --git a/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf b/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf
index 647fa3d..fbca66e 100644
--- a/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf
+++ b/templates/Fedora/44/etc/httpd/conf.modules.d/00-mpm.conf
@@ -10,11 +10,6 @@
#
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
-# worker MPM: Multi-Processing Module implementing a hybrid
-# multi-threaded multi-process web server
-# See: http://httpd.apache.org/docs/2.4/mod/worker.html
-#
-#LoadModule mpm_worker_module modules/mod_mpm_worker.so
# event MPM: A variant of the worker MPM with the goal of consuming
# threads only for connections with active processing
diff --git a/templates/Fedora/44/etc/httpd/conf/httpd.conf b/templates/Fedora/44/etc/httpd/conf/httpd.conf
index e49ab6a..ad5c7ee 100644
--- a/templates/Fedora/44/etc/httpd/conf/httpd.conf
+++ b/templates/Fedora/44/etc/httpd/conf/httpd.conf
@@ -199,6 +199,7 @@ LogLevel warn
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" PID: %P %{tid}P %T" combined_ext
LogFormat "%h %l %u %t \"%r\" %>s %b" common
@@ -216,10 +217,11 @@ LogLevel warn
#CustomLog "logs/access_log" common
#
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
+ # If you prefer a logfile with access, agent, referer, and process/thread
+ # information (an extended Combined Logfile Format), you can use the
+ # following directive.
#
- CustomLog "logs/access_log" combined
+ CustomLog "logs/access_log" combined_ext
diff --git a/templates/Fedora/44/etc/php.d/10-opcache.ini b/templates/Fedora/44/etc/php.d/10-opcache.ini
index b3d4e6e..252303a 100644
--- a/templates/Fedora/44/etc/php.d/10-opcache.ini
+++ b/templates/Fedora/44/etc/php.d/10-opcache.ini
@@ -1,6 +1,3 @@
-; Enable Zend OPcache extension module
-zend_extension=opcache
-
; Determines if Zend OPCache is enabled
opcache.enable=1
@@ -54,8 +51,6 @@ opcache.enable_cli=1
; passes
;opcache.optimization_level=0x7FFFBFFF
-; This hack should only be enabled to work around "Cannot redeclare class"
-; errors.
;opcache.dups_fix=0
; The location of the OPcache blacklist file (wildcards allowed).
@@ -99,6 +94,15 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
; for php-fpm, see /etc/php-fpm.d/*conf
;opcache.file_cache=
+; Enables or disables read-only mode for the second level cache directory.
+; It should improve performance for read-only containers,
+; when the cache is pre-warmed and packaged alongside the application.
+; Best used with `opcache.validate_timestamps=0`, `opcache.enable_file_override=1`
+; and `opcache.file_cache_consistency_checks=0`.
+; Note: A cache generated with a different build of PHP, a different file path,
+; or different settings (including which extensions are loaded), may be ignored.
+;opcache.file_cache_read_only=0
+
; Enables or disables opcode caching in shared memory.
;opcache.file_cache_only=0
diff --git a/templates/Fedora/44/etc/php.ini b/templates/Fedora/44/etc/php.ini
index cdd2c0b..1d8e01a 100644
--- a/templates/Fedora/44/etc/php.ini
+++ b/templates/Fedora/44/etc/php.ini
@@ -107,7 +107,7 @@
; error_reporting
; Default Value: E_ALL
; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+; Production Value: E_ALL & ~E_DEPRECATED
; log_errors
; Default Value: Off
@@ -119,16 +119,16 @@
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
+; mysqlnd.collect_memory_statistics
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+
; output_buffering
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
-; register_argc_argv
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
; request_order
; Default Value: None
; Development Value: "GP"
@@ -322,11 +322,6 @@ serialize_precision = -1
; https://php.net/disable-functions
disable_functions =
-; This directive allows you to disable certain classes.
-; It receives a comma-delimited list of class names.
-; https://php.net/disable-classes
-disable_classes =
-
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; would work.
; https://php.net/syntax-highlighting
@@ -433,6 +428,7 @@ max_input_time = 60
; Maximum amount of memory a script may consume
; https://php.net/memory-limit
memory_limit = 128M
+max_memory_limit = -1
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
@@ -444,7 +440,7 @@ memory_limit = 128M
; operators. The error level constants are below here for convenience as well as
; some common settings and their meanings.
; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
-; those related to E_NOTICE and E_STRICT, which together cover best practices and
+; those related to E_NOTICE, which together cover best practices and
; recommended coding standards in PHP. For performance reasons, this is the
; recommend error reporting setting. Your production server shouldn't be wasting
; resources complaining about best practices and coding standards. That's what
@@ -464,9 +460,6 @@ memory_limit = 128M
; intentional (e.g., using an uninitialized variable and
; relying on the fact it is automatically initialized to an
; empty string)
-; E_STRICT - run-time notices, enable to have PHP suggest changes
-; to your code which will ensure the best interoperability
-; and forward compatibility of your code
; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
; initial startup
@@ -482,13 +475,12 @@ memory_limit = 128M
; Common Values:
; E_ALL (Show all errors, warnings and notices including coding standards.)
; E_ALL & ~E_NOTICE (Show all errors, except for notices)
-; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; Default Value: E_ALL
; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+; Production Value: E_ALL & ~E_DEPRECATED
; https://php.net/error-reporting
-error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+error_reporting = E_ALL & ~E_DEPRECATED
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
@@ -537,12 +529,6 @@ ignore_repeated_errors = Off
; https://php.net/ignore-repeated-source
ignore_repeated_source = Off
-; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This is only effective in a debug compile, and if
-; error reporting includes E_WARNING in the allowed list
-; https://php.net/report-memleaks
-report_memleaks = On
-
; This setting is off by default.
;report_zend_debug = 0
@@ -621,6 +607,12 @@ report_memleaks = On
; Development value: 0
; Production value: 0
+; This directive controls whether PHP will output the backtrace of fatal errors.
+; Default Value: On
+; Development Value: On
+; Production Value: On
+;fatal_error_backtraces = On
+
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
@@ -670,14 +662,12 @@ request_order = "GP"
; that were passed when the script was invoked. These arrays are extremely
; useful when running scripts from the command line. When this directive is
; enabled, registering these variables consumes CPU cycles and memory each time
-; a script is executed. For performance reasons, this feature should be disabled
-; on production servers.
-; Note: This directive is hardcoded to On for the CLI SAPI
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
+; a script is executed. For security reasons, this feature should be disabled
+; for non-CLI SAPIs.
+; Note: This directive is ignored for the CLI SAPI
+; This directive is deprecated.
; https://php.net/register-argc-argv
-register_argc_argv = Off
+;register_argc_argv = Off
; When enabled, the ENV, REQUEST and SERVER variables are created when they're
; first used (Just In Time) instead of when the script starts. If these
@@ -818,6 +808,12 @@ enable_dl = Off
; https://php.net/fastcgi.impersonate
;fastcgi.impersonate = 1
+; Prevent decoding of SCRIPT_FILENAME when using Apache ProxyPass or
+; ProxyPassMatch. This should only be used if script file paths are already
+; stored in an encoded format on the file system.
+; Default is 0.
+;fastcgi.script_path_encoded = 1
+
; Disable logging through FastCGI connection. PHP's default behavior is to enable
; this feature.
;fastcgi.logging = 0
@@ -968,20 +964,17 @@ cli_server.color = On
; otherwise output encoding conversion cannot be performed.
;iconv.output_encoding =
-[imap]
-; rsh/ssh logins are disabled by default. Use this INI entry if you want to
-; enable them. Note that the IMAP library does not filter mailbox names before
-; passing them to rsh/ssh command, thus passing untrusted data to this function
-; with rsh/ssh enabled is insecure.
-;imap.enable_insecure_rsh=0
-
[intl]
;intl.default_locale =
; This directive allows you to produce PHP errors when some error
; happens within intl functions. The value is the level of the error produced.
; Default is 0, which does not produce any errors.
+; This directive is deprecated.
;intl.error_level = E_WARNING
-;intl.use_exceptions = 0
+; If enabled this directive indicates that when an error occurs within an
+; intl function a IntlException should be thrown.
+; Default is Off, which means errors need to be handled manually.
+;intl.use_exceptions = On
[sqlite3]
; Directory pointing to SQLite3 extensions
@@ -1049,6 +1042,14 @@ mail.add_x_header = Off
; RFC 2822 non conformant MTA.
mail.mixed_lf_and_crlf = Off
+; Control line ending mode for mail messages and headers.
+; Possible values: "crlf" (default), "lf", "mixed", "os"
+; - crlf: Use CRLF line endings
+; - lf: Use LF line endings only (converts CRLF in message to LF)
+; - mixed: Same as mail.mixed_lf_and_crlf = On
+; - os: Use CRLF on Windows, LF on other systems
+mail.cr_lf_mode = crlf
+
; The path to a log file that will log all mail() calls. Log entries include
; the full path of the script, line number, To address and headers.
;mail.log =
@@ -1118,10 +1119,7 @@ mysqli.allow_persistent = On
; https://php.net/mysqli.max-links
mysqli.max_links = -1
-; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
-; at MYSQL_PORT.
+; Default port number for mysqli_connect().
; https://php.net/mysqli.default-port
mysqli.default_port = 3306
@@ -1130,15 +1128,15 @@ mysqli.default_port = 3306
; https://php.net/mysqli.default-socket
mysqli.default_socket =
-; Default host for mysqli_connect() (doesn't apply in safe mode).
+; Default host for mysqli_connect().
; https://php.net/mysqli.default-host
mysqli.default_host =
-; Default user for mysqli_connect() (doesn't apply in safe mode).
+; Default user for mysqli_connect().
; https://php.net/mysqli.default-user
mysqli.default_user =
-; Default password for mysqli_connect() (doesn't apply in safe mode).
+; Default password for mysqli_connect().
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
; and reveal this password! And of course, any users with read access to this
@@ -1158,6 +1156,9 @@ mysqlnd.collect_statistics = On
; Enable / Disable collection of memory usage statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
mysqlnd.collect_memory_statistics = Off
; Records communication from all extensions using mysqlnd to the specified log
@@ -1276,6 +1277,9 @@ session.use_cookies = 1
; https://php.net/session.cookie-secure
;session.cookie_secure =
+; https://php.net/session.cookie-partitioned
+;session.cookie_partitioned = 0
+
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
@@ -1541,7 +1545,7 @@ zend.assertions = -1
; With mbstring support this will automatically be converted into the encoding
; given by corresponding encode setting. When empty mbstring.internal_encoding
; is used. For the decode settings you can distinguish between motorola and
-; intel byte order. A decode setting cannot be empty.
+; intel byte order. A decode setting must not be empty.
; https://php.net/exif.encode-unicode
;exif.encode_unicode = ISO-8859-15
@@ -1629,5 +1633,13 @@ ldap.max_links = -1
; SSL stream context option.
;openssl.capath=
+; The libctx is an OpenSSL library context. OpenSSL defines a default library
+; context, but PHP OpenSSL also defines its own library context to avoid
+; interference with other libraries using OpenSSL and to provide an independent
+; context for each thread in ZTS. Possible values:
+; "custom" - use a custom library context (default)
+; "default" - use the default OpenSSL library context
+;openssl.libctx=custom
+
[ffi]
; see /etc/php.d/20-ffi.ini
diff --git a/templates/Fedora/44/usr/lib/systemd/system/httpd.service.d/php-fpm.conf b/templates/Fedora/44/usr/lib/systemd/system/httpd.service.d/php-fpm.conf
new file mode 100644
index 0000000..2b4e775
--- /dev/null
+++ b/templates/Fedora/44/usr/lib/systemd/system/httpd.service.d/php-fpm.conf
@@ -0,0 +1,12 @@
+# This file provides default configuration and will be overwritten on package upgrades.
+# Do not edit it directly.
+#
+# To customize:
+# 1. Copy this file, preserving its name, to /etc/systemd/system/.d/
+# (create the directory if it does not exist)
+# 2. Edit the copy as needed
+# 3. Run: systemctl daemon-reload
+
+[Unit]
+Wants=php-fpm.service
+
diff --git a/vars/Fedora-44-default.yml b/vars/Fedora-44-default.yml
index d4e42c1..64b807a 100644
--- a/vars/Fedora-44-default.yml
+++ b/vars/Fedora-44-default.yml
@@ -220,6 +220,11 @@ template_list:
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service'
+ - dest: '/usr/lib/systemd/system/httpd.service.d/php-fpm.conf'
+ group: 'root'
+ mode: '0644'
+ owner: 'root'
+ src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/php-fpm.conf'
- dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
group: 'root'
mode: '0644'