Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • chef-cookbooks/typo3_site
  • obi12341/typo3_site
2 results
Show changes
Commits on Source (97)
Hide whitespace changes
Inline Side-by-side
Showing
with 1045 additions and 481 deletions
README.md
View file @ 3f05f75b
# Don't use this cookbook anymore, because we added everything into the normal_site cookbook
https://gitlab.sgalinski.de/chef-cookbooks/normal_site
attributes/default.rb
View file @ 3f05f75b
default['tomcat']['base_version'] = 6
default['java']['jdk_version'] = 7
default['java']['install_flavor'] = 'oracle'
default['java']['oracle']['accept_oracle_download_terms'] = true
default['typo3_site']['ip_address'] = ''
default['typo3_site']['ip_address'] = false
default['typo3_site']['hostname'] = false
default['typo3_site']['webroot'] = '/var/www'
default['typo3_site']['site_configuration'] = 'SiteConfiguration.php'
default['typo3_site']['server_aliases'] = 'www.site.dev'
default['typo3_site']['hostname'] = 'site.dev'
default['typo3_site']['web_directory'] = 'web'
default['typo3_site']['repository'] = ''
default['typo3_site']['repository_hostname'] = ''
default['typo3_site']['repository_port'] = 22
default['typo3_site']['download_typo3'] = false
default['typo3_site']['typo3_version'] = '7.6'
default['typo3_site']['deploy_dump'] = '~/site/dump.sql'
default['typo3_site']['typo3_version'] = '10.4'
if node['platform_version'] == '16.04'
if node['platform_version'] == '20.04'
default['typo3_site']['mysql_version'] = '8.0'
elsif node['platform_version'] == '16.04'
default['typo3_site']['mysql_version'] = '5.7'
else
default['typo3_site']['mysql_version'] = '5.6'
end
# Default Solr Configuration
default['typo3_site']['solr']['init'] = false
default['typo3_site']['solr']['version_solr'] = '4.8.1' # latest supported solr version of the TYPO3 extension
default['typo3_site']['solr']['version_extension'] = '3.0' # branch of the TYPO3 extension
default['typo3_site']['solr']['version_plugin_access'] = '2.0' # access plugin of the TYPO3 extension
default['typo3_site']['solr']['version_plugin_utils'] = '1.2' # access plugin of the TYPO3 extension
default['typo3_site']['solr']['version_plugin_lang'] = '3.3.2' # access plugin of the TYPO3 extension
default['typo3_site']['solr']['languages'] = %w{ german english } # available languages for the cores
default['typo3_site']['solr']['version_solr'] = '7.6.0'
default['typo3_site']['solr']['version_extension'] = '9.0.0'
default['typo3_site']['solr']['version_tika_server'] = '1.24'
default['typo3_site']['solr']['config_directory'] = 'ext_solr_9_0_0'
default['typo3_site']['solr']['cores'] = [
{
:name => 'core-en_US',
......@@ -86,4 +82,4 @@ default['typo3_site']['sync_databases'] = []
# :target => '/var/www/fileadmin',
# }
# ]
default['typo3_site']['create_links'] = []
\ No newline at end of file
default['typo3_site']['create_links'] = []
metadata.rb
View file @ 3f05f75b
......@@ -9,13 +9,8 @@ recipe 'typo3_site::default', 'Main recipe'
issues_url 'https://gitlab.sgalinski.de/chef-cookbooks/typo3_site/issues'
source_url 'https://gitlab.sgalinski.de/chef-cookbooks/typo3_site'
depends 'apache2', '<= 3.2.1'
depends 'database', '~> 5.1.2'
depends 'graphicsmagick'
depends 'hostsfile'
depends 'java'
depends 'line'
depends 'mysql', '~> 7.2.0'
depends 'mysql2_chef_gem', '~> 1.1.0'
depends 'typo3_solr'
depends 'ubuntu_base'
\ No newline at end of file
recipes/default.rb
View file @ 3f05f75b
......@@ -22,18 +22,18 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
data_bag = data_bag_item('apps', 'global')
base_hostname = node['typo3_site']['hostname'] || node['ubuntu_base']['hostname']
##########################
### Add hostname entry ###
##########################
hostsfile_entry node['typo3_site']['ip_address'] do
hostname node['typo3_site']['hostname']
hostsfile_entry node['ubuntu_base']['ip_address'] do
hostname base_hostname
action :append
end
hostsfile_entry node['typo3_site']['ip_address'] do
hostsfile_entry node['ubuntu_base']['ip_address'] do
hostname node['typo3_site']['server_aliases']
action :append
end
......@@ -42,184 +42,288 @@ end
### Install additional packages ###
###################################
include_recipe 'graphicsmagick'
include_recipe 'apache2'
include_recipe 'apache2::mod_ssl'
if node['platform_version'] == '20.04'
apt_repository('php') do
uri 'http://ppa.launchpad.net/ondrej/php/ubuntu'
deb_src true
trusted true
keyserver 'keyserver.ubuntu.com'
key 'E5267A6C'
distribution 'focal'
components [:main]
arch 'amd64'
action :add
end
elsif node['platform_version'] == '16.04'
apt_repository('apache2') do
uri 'http://ppa.launchpad.net/ondrej/apache2/ubuntu'
deb_src true
trusted true
keyserver 'keyserver.ubuntu.com'
key 'E5267A6C'
distribution 'xenial'
components [:main]
arch 'amd64'
action :add
end
apt_repository('php7.1') do
uri 'http://ppa.launchpad.net/ondrej/php/ubuntu'
deb_src true
trusted true
keyserver 'keyserver.ubuntu.com'
key 'E5267A6C'
distribution 'xenial'
components [:main]
arch 'amd64'
action :add
end
end
if node['platform_version'] == '16.04'
package 'libapache2-mod-php7.0'
%w(php php-cli php-curl php-intl php-gd php-mcrypt php-mysql ).each do |name|
execute 'apt -y update'
package 'graphicsmagick'
package 'apache2'
if node['ubuntu_base']['php_version'] == '7.0'
%w(php7.0-fpm php7.0-cli php7.0-curl php7.0-intl php7.0-gd php7.0-mcrypt php7.0-mysql php7.0-xml php7.0-json php7.0-mbstring php7.0-soap php7.0-zip php7.0-imagick).each do |name|
package name do
action :install
end
end
elsif node['ubuntu_base']['php_version'] == '7.1'
%w(php7.1-fpm php7.1-cli php7.1-curl php7.1-intl php7.1-gd php7.1-mcrypt php7.1-mysql php7.1-xml php7.1-json php7.1-mbstring php7.1-soap php7.1-zip php7.1-imagick).each do |name|
package name do
action :install
end
end
elsif node['ubuntu_base']['php_version'] == '7.2'
%w(php7.2-fpm php7.2-cli php7.2-curl php7.2-intl php7.2-gd php7.2-mysql php7.2-xml php7.2-json php7.2-mbstring php7.2-soap php7.2-zip php7.2-imagick).each do |name|
package name do
action :install
end
end
elsif node['ubuntu_base']['php_version'] == '7.3'
%w(php7.3-fpm php7.3-cli php7.3-curl php7.3-intl php7.3-gd php7.3-mysql php7.3-xml php7.3-json php7.3-mbstring php7.3-soap php7.3-zip php7.3-imagick).each do |name|
package name do
action :install
end
end
elsif node['ubuntu_base']['php_version'] == '7.4'
%w(php7.4-fpm php7.4-cli php7.4-curl php7.4-intl php7.4-gd php7.4-mysql php7.4-xml php7.4-json php7.4-mbstring php7.4-soap php7.4-zip php7.4-imagick).each do |name|
package name do
action :install
end
end
elsif node['ubuntu_base']['php_version'] == '8.1'
%w(php8.1-fpm php8.1-cli php8.1-curl php8.1-intl php8.1-gd php8.1-mysql php8.1-xml php8.1-mbstring php8.1-soap php8.1-zip php8.1-imagick).each do |name|
package name do
action :install
end
end
else
include_recipe 'apache2::mod_php5'
%w(php5-curl php5-intl php5-gd php5-mcrypt php5-mysql php5-imagick).each do |name|
# no mcrypt anymore
%w(php8.2-fpm php8.2-cli php8.2-curl php8.2-intl php8.2-gd php8.2-mysql php8.2-xml php8.2-mbstring php8.2-soap php8.2-zip php8.2-imagick).each do |name|
package name do
action :install
end
end
end
%w{expires headers ssl deflate rewrite}.each do |name|
apache_module name do
enable true
end
# enable Apache modules
%w{expires deflate rewrite headers http2 ssl proxy_fcgi mpm_event}.each do |module_name|
execute 'a2enmod ' + module_name
end
####################################
### Modify PHP FPM Configuration ###
####################################
template "/etc/php/#{node['ubuntu_base']['php_version']}/fpm/pool.d/www.conf" do
source 'www.conf.erb'
owner 'root'
group 'root'
variables(
{
:php_version => node['ubuntu_base']['php_version']
}
)
end
service "php#{node['ubuntu_base']['php_version']}-fpm" do
action :restart
end
################################
### Modify PHP Configuration ###
################################
if node['platform_version'] == '16.04'
replace_or_add 'Increase time limit' do
path '/etc/php/7.0/fpm/php.ini'
pattern 'max_execution_time =.*'
line 'max_execution_time = 240'
end
replace_or_add 'Increase time limit - CLI' do
path '/etc/php/7.0/cli/php.ini'
pattern 'max_execution_time =.*'
line 'max_execution_time = 240'
end
replace_or_add 'Increase memory limit' do
path '/etc/php/7.0/fpm/php.ini'
pattern 'memory_limit =.*'
line 'memory_limit = 256M'
end
replace_or_add 'Increase upload size limit' do
path '/etc/php/7.0/fpm/php.ini'
pattern 'upload_max_filesize =.*'
line 'upload_max_filesize = 10M'
end
replace_or_add 'Increase time limit' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern 'max_execution_time =.*'
line 'max_execution_time = 240'
end
replace_or_add 'Increase upload size limit - CLI' do
path '/etc/php/7.0/cli/php.ini'
pattern 'upload_max_filesize =.*'
line 'upload_max_filesize = 10M'
end
replace_or_add 'Increase time limit - CLI' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/cli/php.ini'
pattern 'max_execution_time =.*'
line 'max_execution_time = 240'
end
replace_or_add 'Increase post_max_size limit' do
path '/etc/php/7.0/fpm/php.ini'
pattern 'post_max_size =.*'
line 'post_max_size = 10M'
end
replace_or_add 'Increase memory limit' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern 'memory_limit =.*'
line 'memory_limit = 256M'
end
replace_or_add 'Increase post_max_size limit - CLI' do
path '/etc/php/7.0/cli/php.ini'
pattern 'post_max_size =.*'
line 'post_max_size = 10M'
end
replace_or_add 'Increase upload size limit' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern 'upload_max_filesize =.*'
line 'upload_max_filesize = 10M'
end
replace_or_add 'Set date.timezone' do
path '/etc/php/7.0/fpm/php.ini'
pattern 'date.timezone =.*'
line 'date.timezone = Europe/Berlin'
end
replace_or_add 'Increase upload size limit - CLI' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/cli/php.ini'
pattern 'upload_max_filesize =.*'
line 'upload_max_filesize = 10M'
end
replace_or_add 'date.timezone - CLI' do
path '/etc/php/7.0/cli/php.ini'
pattern 'date.timezone =.*'
line 'date.timezone = Europe/Berlin'
end
else
replace_or_add 'Increase time limit' do
path '/etc/php5/apache2/php.ini'
pattern 'max_execution_time =.*'
line 'max_execution_time = 240'
end
replace_or_add 'Increase post_max_size limit' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern 'post_max_size =.*'
line 'post_max_size = 10M'
end
replace_or_add 'Increase time limit - CLI' do
path '/etc/php5/cli/php.ini'
pattern 'max_execution_time =.*'
line 'max_execution_time = 240'
end
replace_or_add 'Increase post_max_size limit - CLI' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/cli/php.ini'
pattern 'post_max_size =.*'
line 'post_max_size = 10M'
end
replace_or_add 'Increase memory limit' do
path '/etc/php5/apache2/php.ini'
pattern 'memory_limit =.*'
line 'memory_limit = 256M'
end
replace_or_add 'Set date.timezone' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern 'date.timezone =.*'
line 'date.timezone = Europe/Berlin'
end
replace_or_add 'Increase upload size limit' do
path '/etc/php5/apache2/php.ini'
pattern 'upload_max_filesize =.*'
line 'upload_max_filesize = 10M'
end
replace_or_add 'Set date.timezone - CLI' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/cli/php.ini'
pattern 'date.timezone =.*'
line 'date.timezone = Europe/Berlin'
end
replace_or_add 'Increase upload size limit - CLI' do
path '/etc/php5/cli/php.ini'
pattern 'upload_max_filesize =.*'
line 'upload_max_filesize = 10M'
end
replace_or_add 'Set max_input_vars' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern '.*max_input_vars =.*'
line 'max_input_vars = 1500'
end
replace_or_add 'Increase post_max_size limit' do
path '/etc/php5/apache2/php.ini'
pattern 'post_max_size =.*'
line 'post_max_size = 10M'
end
replace_or_add 'Set max_input_vars - CLI' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/cli/php.ini'
pattern '.*max_input_vars =.*'
line 'max_input_vars = 1500'
end
replace_or_add 'Increase post_max_size limit - CLI' do
path '/etc/php5/cli/php.ini'
pattern 'post_max_size =.*'
line 'post_max_size = 10M'
end
execute 'mkdir -p /etc/apache2/ssl'
replace_or_add 'Set date.timezone' do
path '/etc/php5/apache2/php.ini'
pattern 'date.timezone =.*'
line 'date.timezone = Europe/Berlin'
end
replace_or_add 'Set curl ca certificate' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/fpm/php.ini'
pattern '.*curl.cainfo =.*'
line 'curl.cainfo = /etc/apache2/ssl/rootCA.pem'
end
replace_or_add 'date.timezone - CLI' do
path '/etc/php5/cli/php.ini'
pattern 'date.timezone =.*'
line 'date.timezone = Europe/Berlin'
end
replace_or_add 'Set curl ca certificate - CLI' do
path '/etc/php/' + node['ubuntu_base']['php_version'] + '/cli/php.ini'
pattern '.*curl.cainfo =.*'
line 'curl.cainfo = /etc/apache2/ssl/rootCA.pem'
end
################################
### Setup Apache Environment ###
################################
# copy ssl key data
template '/etc/apache2/ssl/sslKey.key' do
source 'sslKey.key'
owner 'vagrant'
group data_bag['groupId']
# create ssl certificate
# Instructions are from here: https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate/43666288#43666288
template '/etc/apache2/ssl/v3.ext' do
source 'v3.ext'
end
template '/etc/apache2/ssl/sslKey.crt' do
source 'sslKey.crt'
owner 'vagrant'
group data_bag['groupId']
template '/etc/apache2/ssl/create_certificate_for_domain.sh' do
source 'create_certificate_for_domain.sh'
end
# not needed (globally used, but maybe someone else needs this)
# template 'create_root_cert_and_key.sh' do
# source 'create_root_cert_and_key.sh'
# end
template '/etc/apache2/ssl/rootCA.key' do
source 'rootCA.key'
end
template '/etc/apache2/ssl/rootCA.pem' do
source 'rootCA.pem'
end
# concatenate the additional optional domains in order to avoid missing index exceptions
additional_domains = ''
if node.include?('webgrind') && node['webgrind'].include?('hostname') && node['webgrind']['hostname']
additional_domains = additional_domains + ' ' + node['webgrind']['hostname']
else
additional_domains = additional_domains + ' webgrind.' + base_hostname
end
if node.include?('mailhog') && node['mailhog'].include?('hostname') && node['mailhog']['hostname']
additional_domains = additional_domains + ' ' + node['mailhog']['hostname']
else
additional_domains = additional_domains + ' mailhog.' + base_hostname
end
bash 'Create Certificate' do
cwd '/etc/apache2/ssl/'
code <<-EOF
chmod 755 create_certificate_for_domain.sh
./create_certificate_for_domain.sh #{base_hostname} #{node['typo3_site']['server_aliases']}#{additional_domains}
EOF
action :run
end
# create vHost directory
directory "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}" do
owner 'vagrant'
group data_bag['groupId']
directory "#{node['typo3_site']['webroot']}/#{base_hostname}" do
mode '0755'
action :create
end
# create web app with an own virtual host
web_app node['typo3_site']['hostname'] do
template 'vHost.conf.erb'
docroot "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/"
server_name node['typo3_site']['hostname']
server_aliases node['typo3_site']['server_aliases']
template '/etc/apache2/sites-available/' + base_hostname + '.conf' do
source 'vHost.conf.erb'
mode '0644'
owner 'root'
group 'root'
variables(
{
:docroot => "#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/",
:server_name => base_hostname,
:server_aliases => node['typo3_site']['server_aliases'],
:php_version => node['ubuntu_base']['php_version']
}
)
end
# The apache must be running on the main group of the user that can be different, because of the group mapping feature
execute "a2ensite #{base_hostname}.conf"
# Switch to vagrant as Apache main user
replace_or_add 'Change the apache group to the users main group' do
path '/etc/apache2/envvars'
pattern 'export APACHE_RUN_GROUP=.*'
line "export APACHE_RUN_GROUP=#{data_bag['groupId']}"
line "export APACHE_RUN_GROUP=vagrant"
end
replace_or_add 'Change the apache group to the users main group' do
path '/etc/apache2/envvars'
pattern 'export APACHE_RUN_USER=.*'
line "export APACHE_RUN_USER=vagrant"
end
service 'apache2' do
......@@ -232,7 +336,7 @@ end
file '/home/vagrant/ssh_wrapper.sh' do
owner 'vagrant'
group data_bag['groupId']
group 'vagrant'
mode '0755'
content "#!/bin/sh\nexec /usr/bin/ssh -o \"StrictHostKeyChecking=no\" \"$@\""
end
......@@ -242,13 +346,13 @@ if node['typo3_site']['repository'] != ''
port node['typo3_site']['repository_port']
end
git "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}" do
repository node['typo3_site']['repository']
git "#{node['typo3_site']['webroot']}/#{base_hostname}" do
remote 'origin'
repository node['typo3_site']['repository']
checkout_branch 'master'
enable_checkout false
revision 'master'
timeout 100000
user 'vagrant'
group data_bag['groupId']
action :checkout
ssh_wrapper '/home/vagrant/ssh_wrapper.sh'
end
......@@ -262,7 +366,7 @@ bash 'Setup TYPO3' do
cwd '/home/vagrant/'
user 'vagrant'
group data_bag['groupId']
group 'vagrant'
timeout 3000000
only_if { node['typo3_site']['download_typo3'] }
......@@ -277,8 +381,8 @@ bash 'Setup TYPO3' do
-C #{node['typo3_site']['webroot']}/typo3_src-#{node['typo3_site']['typo3_version']};
fi
mkdir -p #{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']};
cd #{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}
mkdir -p #{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}
cd #{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}
rm -f typo3_src
ln -s ../typo3_src-#{node['typo3_site']['typo3_version']} typo3_src
touch typo3conf/ENABLE_INSTALL_TOOL
......@@ -301,29 +405,30 @@ end
#########################
node['typo3_site']['sync_directories'].each do |sync_data|
ssh_known_hosts_entry "Add host to known hosts: #{sync_data['hostname']}" do
port sync_data['port']
only_if { sync_data['hostname'] }
if sync_data['hostname']
ssh_known_hosts_entry sync_data['hostname'] do
port sync_data['port']
end
end
bash "Synchronize #{sync_data['local']}" do
user 'vagrant'
group data_bag['groupId']
group 'vagrant'
timeout 3000000
only_if {
sync_data['sync'] or not ::File.exists?("#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/#{sync_data['local']}")
sync_data['sync'] or not ::File.exists?("#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/#{sync_data['local']}")
}
if sync_data['hostname']
code <<-EOF
rsync --delete -auvz --progress -e "ssh -p #{sync_data['port']} -o StrictHostKeyChecking=no" \
--no-o --no-g #{sync_data['user']}@#{sync_data['hostname']}:#{sync_data['remote']} \
"#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/#{sync_data['local']}";
"#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/#{sync_data['local']}";
EOF
else
code <<-EOF
rsync --delete -auvz --progress --no-o --no-g #{sync_data['remote']} \
"#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/#{sync_data['local']}";
"#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/#{sync_data['local']}";
EOF
end
action :run
......@@ -349,24 +454,23 @@ end
### Provide site specific configuration ###
###########################################
directory "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/typo3conf/" do
owner 'vagrant'
directory "#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/typo3conf/" do
mode '0755'
action :create
end
template "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/typo3conf/#{node['typo3_site']['site_configuration']}" do
template "#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/typo3conf/#{node['typo3_site']['site_configuration']}" do
source 'SiteConfiguration.php.erb'
owner 'vagrant'
mode '0660'
variables ({
:group_id => data_bag['groupId']
})
end
template "#{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/typo3conf/AdditionalConfiguration.php" do
template "#{node['typo3_site']['webroot']}/#{base_hostname}/.env.local" do
source 'env.local.erb'
mode '0660'
end
template "#{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/typo3conf/AdditionalConfiguration.php" do
source 'AdditionalConfiguration.php'
owner 'vagrant'
mode '0660'
action :create_if_missing
end
......@@ -375,24 +479,15 @@ end
### Setup MySQL ###
###################
mysql_service 'default' do
version node['typo3_site']['mysql_version']
initial_root_password 'root'
action [:create, :start]
end
package 'mysql-server-' + node['typo3_site']['mysql_version']
mysql_config 'default' do
template '/etc/mysql/mysql.cnf' do
source "my-#{node['typo3_site']['mysql_version']}.cnf.erb"
action :create
end
mysql_client 'default' do
version node['typo3_site']['mysql_version']
action :create
owner 'root'
group 'root'
end
# important, because the set configuration isn't used otherwise in the next steps
mysql_service 'default' do
service 'mysql' do
action :restart
end
......@@ -400,29 +495,19 @@ end
### Create Databases ###
########################
# install the necessary mysql2 gem
mysql2_chef_gem 'default' do
action :install
end
# create the databases
connection_info = {:host => '127.0.0.1', :username => 'root', :password => 'root'}
node['typo3_site']['sync_databases'].each do |database_data|
# create database
mysql_database database_data['database_name'] do
connection connection_info
action :create
end
# create user
mysql_database_user database_data['database_user'] do
connection connection_info
database_name database_data['database_name']
password database_data['database_password']
host '127.0.0.1'
privileges [:select, :update, :insert, :create, :alter, :drop, :delete]
action :grant
bash 'Create database and user' do
code <<-EOF
mysql -u root -proot -e "create database if not exists \\\`#{database_data['database_name']}\\\`;"
mysql -u root -proot -e "DROP USER '#{database_data['database_user']}'@'127.0.0.1';"
mysql -u root -proot -e "create user '#{database_data['database_user']}'@'127.0.0.1' IDENTIFIED WITH mysql_native_password BY '#{database_data['database_password']}';"
mysql -u root -proot -e "grant usage on \\\`#{database_data['database_name']}\\\`.* to '#{database_data['database_user']}'@'127.0.0.1' IDENTIFIED WITH mysql_native_password BY '#{database_data['database_password']}';"
mysql -u root -proot -e "grant all privileges on \\\`#{database_data['database_name']}\\\`.* to '#{database_data['database_user']}'@'127.0.0.1';"
mysql -u root -proot -e "grant process on *.* to '#{database_data['database_user']}'@'127.0.0.1';"
mysql -u root -proot -e "flush privileges;"
EOF
timeout 10000
action :run
end
if database_data['dump_hostname']
......@@ -434,7 +519,7 @@ node['typo3_site']['sync_databases'].each do |database_data|
# download the sql data
bash 'Download Dump for ' + database_data['database_name'] do
user 'vagrant'
group data_bag['groupId']
group 'vagrant'
timeout 3000000
code <<-EOF
rsync --delete -auvz --progress -e "ssh -p #{database_data['dump_port']} -o StrictHostKeyChecking=no" \
......@@ -449,32 +534,33 @@ node['typo3_site']['sync_databases'].each do |database_data|
# load the dump
bash 'Import Dump for ' + database_data['database_name'] do
code <<-EOF
mysql -h 127.0.0.1 -u root -proot #{database_data['database_name']} < #{database_data['dump_local']}
mysql -u root -proot #{database_data['database_name']} < #{database_data['dump_local']}
EOF
timeout 10000
action :run
end
# causes still strange issues that leads to crashes of the MySQL server
# don't waste more time on this one as it seems like he is executing this as one
# really big sql query and then runs into heavy limitation issues. The way above is much more stable.
# mysql_database 'Import Dump for ' + database_data['database_name'] do
# connection connection_info
# database_name database_data['database_name']
# sql { ::File.open(database_data['dump_local']).read }
# action :query
# end
if database_data['post_install_queries']
database_data['post_install_queries'].each do |query|
mysql_database 'Execute Post Install Query' do
connection connection_info
database_name database_data['database_name']
sql query
action :query
bash 'Execute Query: ' + query do
code <<-EOF
mysql -u root -proot #{database_data['database_name']} -e "#{query}"
EOF
timeout 10000
action :run
end
end
end
end
if database_data['dump_hostname'] and database_data['dump_local']
bash 'Remove downloaded ' + database_data['dump_local'] do
code <<-EOF
rm -f #{database_data['dump_local']}
EOF
action :run
end
end
end
##################
......@@ -482,30 +568,27 @@ end
##################
if node['typo3_site']['solr']['init']
include_recipe 'java'
openjdk_install '11'
include_recipe 'typo3_solr'
typo3_solr_app 'solr' do
solr node['typo3_site']['solr']['version_solr']
extension node['typo3_site']['solr']['version_extension']
plugin_access node['typo3_site']['solr']['version_plugin_access']
plugin_utils node['typo3_site']['solr']['version_plugin_utils']
plugin_lang node['typo3_site']['solr']['version_plugin_lang']
languages node['typo3_site']['solr']['languages']
tika_server node['typo3_site']['solr']['version_tika_server']
end
node['typo3_site']['solr']['cores'].each do |core_data|
typo3_solr_core core_data['name'] do
language core_data['language']
app 'solr'
config_directory node['typo3_site']['solr']['config_directory']
action :add
end
end
execute 'solr-updateConnections' do
command "php #{node['typo3_site']['webroot']}/#{node['typo3_site']['hostname']}/typo3/cli_dispatch.phpsh solr updateConnections || true"
command "php #{node['typo3_site']['webroot']}/#{base_hostname}/#{node['typo3_site']['web_directory']}/typo3/cli_dispatch.phpsh extbase solr:updateconnections || true"
user 'vagrant'
group data_bag['groupId']
group 'vagrant'
action :run
end
end
\ No newline at end of file
end
templates/default/SiteConfiguration.php.erb
View file @ 3f05f75b
<?php
$GLOBALS['TYPO3_CONF_VARS']['DB']['database'] = 'typo3';
$GLOBALS['TYPO3_CONF_VARS']['DB']['username'] = 'typo3';
$GLOBALS['TYPO3_CONF_VARS']['DB']['password'] = 'typo3';
$GLOBALS['TYPO3_CONF_VARS']['DB']['host'] = '127.0.0.1';
if (!isset($GLOBALS['TYPO3_CONF_VARS']['DB']['Connections'])) {
$GLOBALS['TYPO3_CONF_VARS']['DB']['Connections'] = [];
}
$typo_db = 'typo3';
$typo_db_username = 'typo3';
$typo_db_password = 'typo3';
$typo_db_host = '127.0.0.1';
$GLOBALS['TYPO3_CONF_VARS']['DB']['Connections']['Default'] = [
'charset' => 'utf8mb4',
'dbname' => 'typo3',
'driver' => 'mysqli',
'host' => '127.0.0.1',
'password' => 'typo3',
'port' => 3306,
'user' => 'typo3',
'initCommands' => 'SET SESSION sql_mode=\'\'',
'persistentConnection' => FALSE,
'tableoptions' => [
'charset' => 'utf8mb4',
'collate' => 'utf8mb4_unicode_ci',
],
];
// SSL settings for the backend login
//
......@@ -20,30 +30,45 @@ $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] = 2;
// Change install tool password to joh316
$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] = '$P$CCuX8EzzYaSOHJS5o32X9Uk3Vg79ji1';
// show failed sql queries and php errors
$GLOBALS['TYPO3_CONF_VARS']['SYS']['enableDeprecationLog'] = 0;
// change the systemLog location
$GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLog'] = 'file,/var/www/typo3.log,3';
// show failed sql queries and php errors
if (!$GLOBALS['TYPO3_DISABLE_DEBUG']) {
$GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG'] = 0;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'] = '*';
$GLOBALS['TYPO3_CONF_VARS']['SYS']['sqlDebug'] = 1;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['displayErrors'] = 1;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['enableDeprecationLog'] = 0;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['errorHandlerErrors'] = 'E_ALL ^ E_NOTICE';
$GLOBALS['TYPO3_CONF_VARS']['SYS']['systemLogLevel'] = 0;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['exceptionalErrors'] = 28674;
// Don't use this in live instances as normal user may not be allowed to clear the dangerous system cache!
// Use the following setting for dedicated users/groups to give them the permission.
// options.clearCache.system = 1
$GLOBALS['TYPO3_CONF_VARS']['SYS']['clearCacheSystem'] = TRUE;
}
// enable logs in general
//$GLOBALS['TYPO3_CONF_VARS']['enableLogs'] = TRUE;
// customize the solr log if required
//$GLOBALS['TYPO3_CONF_VARS']['LOG']['ApacheSolrForTypo3']['Solr']['writerConfiguration'] = [
// // or DEBUG | INFO
// \TYPO3\CMS\Core\Log\LogLevel::INFO => [
// 'TYPO3\\CMS\\Core\\Log\\Writer\\FileWriter' => [
// 'logFile' => 'typo3temp/var/logs/solr.log'
// ]
// ],
//];
// Vagrant specific stuff (if your user has another main group id than 1000, especially required on MacOSX)
$GLOBALS['TYPO3_CONF_VARS']['BE']['createGroup'] = '<%= @group_id %>';
$GLOBALS['TYPO3_CONF_VARS']['BE']['createGroup'] = 'vagrant';
?>
// Disable MFA and IPmaskList
$GLOBALS['TYPO3_CONF_VARS']['BE']['requireMfa'] = 0;
$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'] = '';
// Mail configuration for vagrant machines
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'smtp';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_sendmail_command'] = '';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_encrypt'] = false;
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_password'] = '';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_server'] = 'localhost:1025';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_username'] = '';
// Paid extensions development license keys
$paidExtensionKeys = [
'sg_account',
'sg_comments',
'sg_mail',
'sg_news',
'sg_newsletter',
'sg_routes'
];
foreach($paidExtensionKeys as $extensionKey) {
if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS'][$extensionKey])) {
$GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS'][$extensionKey]['key'] = 'XXXXXX-XXXXXX-XXXXXX-XXXXXX';
}
}
templates/default/create_certificate_for_domain.sh 0 → 100755
View file @ 3f05f75b
#!/usr/bin/env bash
if [ -z "$1" ]
then
echo "Please supply a subdomain to create a certificate for";
echo "e.g. www.mysite.com"
exit;
fi
if [ ! -f rootCA.pem ]; then
echo 'Please run "create_root_cert_and_key.sh" first, and try again!'
exit;
fi
if [ ! -f v3.ext ]; then
echo 'Please download the "v3.ext" file and try again!'
exit;
fi
# Add root certificate, so the website can be called from within the vagrant machine (needed for crawler cron jobs)
cp rootCA.pem /usr/local/share/ca-certificates/rootCA.crt
update-ca-certificates
# Create a new private key if one doesnt exist, or use the existing one if it does
if [ -f device.key ]; then
KEY_OPT="-key"
else
KEY_OPT="-keyout"
fi
DOMAIN=$1
COMMON_NAME=${2:-*.$1}
SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=${COMMON_NAME}"
NUM_OF_DAYS=300
cp v3.ext /tmp/__v3.ext
DOMAIN_COUNTER=1
for domain_in_list in "$@"
do
echo "DNS.${DOMAIN_COUNTER} = ${domain_in_list}" >> /tmp/__v3.ext
((DOMAIN_COUNTER++))
done
openssl req -new -newkey rsa:2048 -sha256 -nodes ${KEY_OPT} device.key -subj "${SUBJECT}" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days ${NUM_OF_DAYS} -sha256 -extfile /tmp/__v3.ext
# move output files to final filenames
mv device.csr "${DOMAIN}.csr"
cp device.crt "${DOMAIN}.crt"
# remove temp file
rm -f device.crt;
echo
echo "###########################################################################"
echo Done!
echo "###########################################################################"
echo "To use these files on your server, simply copy both ${DOMAIN}.csr and"
echo "device.key to your webserver, and use like so (if Apache, for example)"
echo
echo " SSLCertificateFile /path_to_your_files/${DOMAIN}.crt"
echo " SSLCertificateKeyFile /path_to_your_files/device.key"
templates/default/create_root_cert_and_key.sh 0 → 100755
View file @ 3f05f75b
#!/usr/bin/env bash
# Hint regarding the .srl file (Serial File)
# The first time you use your CA to sign a certificate you can use the -CAcreateserial option. This option will create a file (ca.srl) containing a serial number. You are probably going to create more certificate, and the next time you will have to do that use the -CAserial option (and no more -CAcreateserial) followed with the name of the file containing your serial number. This file will be incremented each time you sign a new certificate. This serial number will be readable using a browser (once the certificate is imported to a pkcs12 format). And we can have an idea of the number of certificate created by a CA.
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
templates/default/env.local.erb 0 → 100644
View file @ 3f05f75b
TYPO3_CONTEXT=Development/Local
SOLR_HOST=solr:password@localhost
SOLR_PORT=8983
\ No newline at end of file
templates/default/my-5.6.cnf.erb
View file @ 3f05f75b
[mysqld]
# disable the strict mode
sql-mode=""
key_buffer_size = 32M
max_allowed_packet = 16M
......
templates/default/my-5.7.cnf.erb
View file @ 3f05f75b
[mysqld]
# disable the strict mode
sql-mode=""
key_buffer_size = 32M
max_allowed_packet = 16M
......@@ -41,13 +38,15 @@ long_query_time = 3
slow_query_log = 1
slow_query_log_file = /var/log/mysql-default/log-slow-queries.log
show_compatibility_56 = on
[mysqldump]
quick
quote-names
max_allowed_packet = 128M
max_allowed_packet = 128M
[isamchk]
key_buffer = 32M
key_buffer = 32M
[mysql]
default-character-set=utf8
default-character-set = utf8
templates/default/my-8.0.cnf.erb 0 → 100644
View file @ 3f05f75b
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
[mysqld]
key_buffer_size = 32M
max_allowed_packet = 16M
max_connections = 214
thread_cache_size = 200
tmp_table_size = 128M
max_heap_table_size = 128M
table_definition_cache = 800
join_buffer_size = 4M
table_open_cache = 200
open_files_limit = 512
#myisam-recover = BACKUP
myisam_sort_buffer_size = 32M
myisam_recover_options = BACKUP
innodb_buffer_pool_size = 512M
innodb_flush_method = O_DIRECT
innodb_thread_concurrency = 0
innodb_read_io_threads = 64
innodb_write_io_threads = 64
slave_net_timeout = 60
collation_server = utf8mb4_unicode_ci
character_set_server = utf8mb4
long_query_time = 3
slow_query_log = 1
slow_query_log_file = /var/log/mysql-default/log-slow-queries.log
[mysqldump]
quick
quote-names
max_allowed_packet = 128M
[isamchk]
key_buffer = 32M
[mysql]
default-character-set = utf8
templates/default/rootCA.key 0 → 100644
View file @ 3f05f75b
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzTjFXaZAt8gASJpw8EkIsqtRbIR+1RO/p5NcOsZuFCoa8nho
0llUN6SSttdf2jyJJR8QUSOF/3VUjkx9LIzhmd2ksa1X4TZPSYef6Gyb4WsaodRH
OzahErqyVLz2CAt0M6JUaNGOGjrDpJA/HSb6rvu0LaqCul/QSiH0le3/pkRDmugQ
nQFAzdm3Rqr1azrMnrfynPgqXlxRMBihrappgkpi4rQBNqKzQD4zm/Zm+q6zydOL
X9mQ3PW13kxTNHJf0Rw8t49b3IIzGwLJhcVm/2Fm5CXAsxnQXkgU9Ll6k/1zt9i7
dtLypdGLkbewAOU9doppL4qsP8Rr/2aYmNACZQIDAQABAoIBAHqxrF4XHa5C5tiB
bXBbWdXoUx/7/xBJZFY95fBF3l4z5jR9BL5uJcm2nPivv2DsvFnzPoAkKuLWNR12
YYgXGnIxb1vC9T1yiOi/Kz18YZ3duOhzz7p5KMfX0vKSns2ke267aJfaYYkRBRMI
IpO9UDb5yXlb7hibXB5WOrLAvg2awuYgYYrOWXFK/IHTLDUpIm/U+n4uTcfqGwu/
9jyr+1p4rvldbxO/2T0HI4b/MJGfYJ9wVIAo3D5WbQatC0Isuy2CqskV4p07FG1Y
ditOqwwLjGjKNOrL2xs9JPjp9D9LRLJDfk7AKhRP4zi4+ZHeUVdvU3dcMgjeYgEo
M1iF0EECgYEA/wEA3FLcHSDvDI/Xn0W/WiRLmp/UX8I+et2MHsha9UdfdYhIqVHs
fjPr8FIJt+7cnVAfTbWIoX2L97qpBoHfXeacKeH4NE9LCNhHLCRgPTCtVxMZAsX6
71KCskEJ27uuq1tpESK5HoDtz7LdzahTC7in0eAim8tNVogrvpKsH70CgYEAzgX8
ovzGVcOz/rEhXFaNzyu5H+WPs2oBJfswGZiNU8FQWHOs83NzulClu48Bm3P+MCWs
8yPEYZ/r7C5QN/cIk9lldCXHlWaGgvH1Y10NJzqBC1vEdLeUQznYLMKQQ77DtU/n
SsQs5sMEK3XrhePNlwpc/GF0XU81MXVwNwTJY8kCgYA4Gq1ozCY3lm5h0if7l+ng
2El2DKI6K0950tKoVyaD/p8HCeQKtMaWga/wYOxYdoo9Zkps23rjJO8tovjbQKm3
TCyhnmDwiV2V5ZfLI3m1HMeWd9Ix5QMvsnSk6WBU4vcsJmF4bq5SAsXPw6e/PsB+
vLLXnzueEV3DoxQUyspp9QKBgFH2rcjGGb3bKwvjumr7AFXwhij7ck0lmilbIoq8
V1V/7hASjTcZsmvoU9cnkLMg1XqgMotUqndQYVLIJh/txtrTPXqU4S8957vGuSJ7
zZTSwK4dJy5sLq8EH03HZg+doEzM6i6jl12DLnB/7GCK/arec5nwx5OrxHTVzPwG
inyJAoGBAN3kUkjsp4o46WhuPyI0M6Y63i1LEXU8KJV3eT764q08PwdYfpRDNLwc
D33X7bK8ZNreB4RW52n8FhHPC7PjXa+B6CWUee+JDin0Yr3GTbP6VgSEyO6MsPH4
+onke33Z1TVoc3APwYfdb7FU7mWSB4/BBc1uyWPxjKxcMN5FeKMq
-----END RSA PRIVATE KEY-----
templates/default/rootCA.pem 0 → 100644
View file @ 3f05f75b
-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIUPiuzWyOvtPS1RxWkYSsGDLssROcwDQYJKoZIhvcNAQEL
BQAwgZMxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
dW5pY2gxEjAQBgNVBAoMCVNHQUxJTlNLSTENMAsGA1UECwwEVEVDSDEZMBcGA1UE
AwwQd3d3LnNnYWxpbnNraS5kZTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBzZ2Fs
aW5za2kuZGUwHhcNMjAxMDI5MTg1MDM4WhcNMjMwODE5MTg1MDM4WjCBkzELMAkG
A1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDESMBAG
A1UECgwJU0dBTElOU0tJMQ0wCwYDVQQLDARURUNIMRkwFwYDVQQDDBB3d3cuc2dh
bGluc2tpLmRlMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QHNnYWxpbnNraS5kZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM04xV2mQLfIAEiacPBJCLKr
UWyEftUTv6eTXDrGbhQqGvJ4aNJZVDekkrbXX9o8iSUfEFEjhf91VI5MfSyM4Znd
pLGtV+E2T0mHn+hsm+FrGqHURzs2oRK6slS89ggLdDOiVGjRjho6w6SQPx0m+q77
tC2qgrpf0Eoh9JXt/6ZEQ5roEJ0BQM3Zt0aq9Ws6zJ638pz4Kl5cUTAYoa2qaYJK
YuK0ATais0A+M5v2Zvqus8nTi1/ZkNz1td5MUzRyX9EcPLePW9yCMxsCyYXFZv9h
ZuQlwLMZ0F5IFPS5epP9c7fYu3bS8qXRi5G3sADlPXaKaS+KrD/Ea/9mmJjQAmUC
AwEAAaNTMFEwHQYDVR0OBBYEFImRUkTdLzgdjCwLazLv4TWCz/tIMB8GA1UdIwQY
MBaAFImRUkTdLzgdjCwLazLv4TWCz/tIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAJoDttFRvuzu5VPADL//uBy7w2hQxbflw+8yyEVTooIr9hg5
pMbSooKuHfVMw+ciQAwfr7/nwO7oQJW53fa3VwYwdLMObNCYe94HjWK5Bl8HlwDV
64swh8dO+0bJDao321bZicBHmnZEmVAn3b/CNlAmpXd5CD6RoRSwuZL3BaYLMBKP
jlI2TPjNwNeQOQ9i/speA1RXoySk6e5f8NeRINcgR6c8Tf6XsJPIP7dTEeuP5Ctm
QdMcUPpQZBmJ5GmnZ0dgGhPBw+uoaGmUiLcX4Adonj6qsNbwvC0uccehTBHfdn1d
8ckBvW89/CVNWii7qVKGbHqEZ8rzIRuiglTkAtc=
-----END CERTIFICATE-----
templates/default/sslKey.crt deleted 100644 → 0
View file @ 05098886
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIJAORC8MQ0C9DzMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxJDAiBgNV
BAoMG3NnYWxpbnNraSBJbnRlcm5ldCBTZXJ2aWNlczAeFw0xNTA0MjExNzQzMTda
Fw0xNjA0MjAxNzQzMTdaMFYxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlh
MQ8wDQYDVQQHDAZNdW5pY2gxJDAiBgNVBAoMG3NnYWxpbnNraSBJbnRlcm5ldCBT
ZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSgEUitUshZ
hpIcKxI5IBSaHx8UEelHuJLCqe2uOPS5LwGLfwftwwJkPYCmQgDRVN3EarZU7ssq
kkeQ3LoAS6GzZ/R8XKVm2bs8qme9w7K13/Nntv2k3qhtNVfbbB9l3xDzilYRhNY/
BZ1RxpjSMRKenzkv7KfdDLVQ2xX/YtLjS2qEGTE09oop7m75H7j2PpvnUMz9exnQ
g1R91177iBhhWPa/HA0+QUirqQ0cica6YgHx4imGmJ8fXCUDpn5kRxqPIl5+Gwrw
Y/+zUzFcwamz9XJJo2inWRZHz+uHQWHt00g8RPZdJMClPLvcf/a8hXM8Q0V0z+xk
/RAU9knwS6kCAwEAAaNQME4wHQYDVR0OBBYEFOkJIQ36tTSNGCnwFI6baqxtDKXH
MB8GA1UdIwQYMBaAFOkJIQ36tTSNGCnwFI6baqxtDKXHMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBAAhRxgilKKFKWg9jOSu+7qDmxVdnlK17rYNVnDoU
L6emvKOEHR7eIpLVx/4wwPKfCe8SaKzTQ8EP/y0bAnuv2qrNOiQ/wv3kJa3Miu9x
47E//+13AY22ADdB0lXDKS6RveJaL8YfgYtjV1aKa3kvnbBpeDD5Lh60n55tXod5
DVU0WhOxH62d1EgllYP4DN7Pzl8QrSDEREHewj+5gSAfbYqOHr6e865iXZh3lpdi
C+BYNsvTHWnMC7AxqeEDRpfxJ9paYhgjVU7mNyjhDuvict+bXQ/iqKS/h2tN24fw
oSPkeMBC4ZxhmYkM+D06FAGBvjGVm9tr5m8sJ9FIkoCWQWY=
-----END CERTIFICATE-----
\ No newline at end of file
templates/default/sslKey.key deleted 100644 → 0
View file @ 05098886
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1KARSK1SyFmGkhwrEjkgFJofHxQR6Ue4ksKp7a449LkvAYt/
B+3DAmQ9gKZCANFU3cRqtlTuyyqSR5DcugBLobNn9HxcpWbZuzyqZ73DsrXf82e2
/aTeqG01V9tsH2XfEPOKVhGE1j8FnVHGmNIxEp6fOS/sp90MtVDbFf9i0uNLaoQZ
MTT2iinubvkfuPY+m+dQzP17GdCDVH3XXvuIGGFY9r8cDT5BSKupDRyJxrpiAfHi
KYaYnx9cJQOmfmRHGo8iXn4bCvBj/7NTMVzBqbP1ckmjaKdZFkfP64dBYe3TSDxE
9l0kwKU8u9x/9ryFczxDRXTP7GT9EBT2SfBLqQIDAQABAoIBADL6gcpcDAoPNO2Z
JVaELcXiwe1woW6+DGnblGRxLiS2tad4K6faALR1Fi3fLtoFVoSpUDCRIoPBnDre
Z52M7pVBb341xvy9MRzsSar/24jghGZWipA71EqrjGuZJ05L3XSx/4vtPV0k1RLI
BYakdrGRKHnMnMAOhrp+PVkD10zaVFuAbiKZKc5Qg5m+KD7785VMY5bBfqZwh66w
igeqFw0ZU6MZtaVGKeJzxWJGZxW5vbvjJGb/doLxMHYqzn4tjpFopXc0peOk0GiO
0A76zJVMWCOuQElui4amXC6EmD61GySub3fiBA1NEcptcIu6HVQqGi1dSb1aRbyV
oeqvRZECgYEA7ADxtY/WqafJadeIVnUkPZFSoyx4Q9X0W4/B2p56e22phJfU2CMZ
48/Fss79Q80nSKQNlRWmm8dMtQ5m+WqTVhL63OYtl0wb93/DGejEfqyt8oWboWmp
xqfSnFNOdTzH1GX6qAv/fWhU5oJ9PQ8EZCAuUgockwhcqEk+VCoPu50CgYEA5qQI
J8nZhzw9ZKu+oXXump/NR4FBEzpLItg7hw2x3Zyef9sfGuxxPuG2PpyvkV+RHsgm
3dDNTvc042mmMkAdLVPnpAyBw7hmMI32X0fMfEUzBQ7zxY6X09/OB5Mw8s060c6A
LDeEnAhygAnHWljTVlnj4u+YLubNUbdSeo/RcH0CgYEAyBU81xsteQRhRDSQyAvk
P7ZXAzQOeiSIWKAWT8yQNtiQIXO/5cZMitF54NCP882YgoNjaIPEjsl3BQFC2C48
33qT6HfVKzJBe6F7vRmUjXjEuJoBieVVJLDfY91U5Rw0pqQW0CXr41xyrkLu/rce
l+yYmMEt3JH4TExcZWqLkBkCgYBvl3vurGYYXZgixkoU2veYTqtG5o3y3KiP8mlS
3dhqLiYuHHn/T9k3IIRJ5Qu5XbDcYOEVP7qmc0teoLZt58F2NfuEzxxV8zlWUsma
riWNFvopf2OI+YYSWF3aImhzgcLs0moHetEpoZisxI508zdFt3ZgTaanQrqix/0b
GcyvDQKBgQC3R9KNQygh/a6Bw/SHRAVa06WLgxF5WP905XWhmwZeFKsjX4dbef5a
3/hpnutUKdUxZ5Tvx9dQAxOQpfKlltbjy0VFDi5i61268Q63y9ON3UPUuduVb7Y3
EZmYqUTDz8VWDrxp6U/r3gJXxvNCkYf3EmEUNk575QhVZeLiUJXgPA==
-----END RSA PRIVATE KEY-----
\ No newline at end of file
templates/default/v3.ext 0 → 100644
View file @ 3f05f75b
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
templates/default/vHost.conf.erb
View file @ 3f05f75b
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName <%= @params[:server_name] %>
ServerAlias <%= @params[:server_aliases] %>
DocumentRoot <%= @params[:docroot] %>
<Directory <%= @params[:docroot] %>>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# intermediate configuration, tweak to your needs
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
ErrorLog /var/log/apache2/ssl-error.log
CustomLog /var/log/apache2/ssl-access.log combined
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName <%= @server_name %>
ServerAlias <%= @server_aliases %>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Activate HTTP/2
Protocols h2 h2c http/1.1
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/apache2/ssl/sslKey.crt
SSLCertificateKeyFile /etc/apache2/ssl/sslKey.key
SSLCertificateFile /etc/apache2/ssl/<%= @server_name %>.crt
SSLCertificateKeyFile /etc/apache2/ssl/device.key
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php<%= @php_version %>-fpm.sock|fcgi://localhost/"
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
ErrorLog /var/log/apache2/ssl-error.log
CustomLog /var/log/apache2/ssl-access.log combined
</VirtualHost>
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLProtocol all -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName <%= @params[:server_name] %>
ServerAlias <%= @params[:server_aliases] %>
ServerName <%= @server_name %>
ServerAlias <%= @server_aliases %>
# Activate HTTP/2
Protocols h2 h2c http/1.1
DocumentRoot <%= @params[:docroot] %>
<Directory <%= @params[:docroot] %>>
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php<%= @php_version %>-fpm.sock|fcgi://localhost/"
</FilesMatch>
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
ErrorLog /var/log/apache2/ssl-error.log
CustomLog /var/log/apache2/ssl-access.log combined
</VirtualHost>
templates/default/www.conf.erb 0 → 100644
View file @ 3f05f75b
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = vagrant
group = vagrant
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php/php<%= @php_version %>-fpm.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = vagrant
listen.group = vagrant
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 30
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 5
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
; pm.process_idle_timeout = 5s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 5000
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.3/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{strftime_format}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{strftime_format}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = /var/log/php-fpm-7.3/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 60s
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M