]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 749c528)
Use separate FPM pools for donate and dmca sites
authorTom Hughes <tom@compton.nu>
Thu, 23 Jul 2020 20:00:55 +0000 (21:00 +0100)
committerTom Hughes <tom@compton.nu>
Thu, 23 Jul 2020 20:23:37 +0000 (21:23 +0100)
cookbooks/dmca/recipes/default.rb patch | blob | history
cookbooks/dmca/templates/default/apache.erb patch | blob | history
cookbooks/donate/recipes/default.rb patch | blob | history
cookbooks/donate/templates/default/apache.erb patch | blob | history

diff --git a/cookbooks/dmca/recipes/default.rb b/cookbooks/dmca/recipes/default.rb
index 30ab6d9ab31aeb97e5f6065fa86c6921616d530e..7657504855a86855476ab00ec095d2ec8a3ac1a3 100644 (file)
--- a/cookbooks/dmca/recipes/default.rb
+++ b/cookbooks/dmca/recipes/default.rb
@@ -18,7 +18,7 @@
 #
 
 include_recipe "apache"
-include_recipe "php::apache"
+include_recipe "php::fpm"
 
 directory "/srv/dmca.openstreetmap.org" do
   owner "root"
@@ -41,6 +41,11 @@ ssl_certificate "dmca.openstreetmap.org" do
   notifies :reload, "service[apache2]"
 end
 
+php_fpm "dmca.openstreetmap.org" do
+  php_admin_values "open_basedir" => "/srv/dmca.openstreetmap.org/html/:/usr/share/php/:/tmp/",
+                   "disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
+end
+
 apache_site "dmca.openstreetmap.org" do
   template "apache.erb"
   directory "/srv/dmca.openstreetmap.org"
diff --git a/cookbooks/dmca/templates/default/apache.erb b/cookbooks/dmca/templates/default/apache.erb
index 373c63af276c800ccc7c110c52c8eb0bf0bbeedc..672a1be3e7d9903d7cce88779e9935c54d446e91 100644 (file)
--- a/cookbooks/dmca/templates/default/apache.erb
+++ b/cookbooks/dmca/templates/default/apache.erb
@@ -47,10 +47,12 @@
   DocumentRoot <%= @directory %>/html
 
   Options -Indexes
-
-  ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=<%= @directory %>/html/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen"
 </VirtualHost>
 
 <Directory <%= @directory %>/html>
   Require all granted
+
+  <FilesMatch ".+\.ph(ar|p|tml)$">
+    SetHandler "proxy:unix:/run/php/<%= @name %>.sock|fcgi://127.0.0.1"
+  </FilesMatch>
 </Directory>
diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
index ca38efbb11b3add0e0d342e9dc0e754b0d83f174..9d08b478bb104cf67e48dc133fb0621118ae24d1 100644 (file)
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -21,7 +21,7 @@ include_recipe "accounts"
 include_recipe "apache"
 include_recipe "git"
 include_recipe "mysql"
-include_recipe "php::apache"
+include_recipe "php::fpm"
 
 package %w[
   php-cli
@@ -78,6 +78,11 @@ ssl_certificate "donate.openstreetmap.org" do
   notifies :reload, "service[apache2]"
 end
 
+php_fpm "donate.openstreetmap.org" do
+  php_admin_values "open_basedir" => "/srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/",
+                   "disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
+end
+
 apache_site "donate.openstreetmap.org" do
   template "apache.erb"
 end
diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
index 2b3c2f18f15fa041456222c51c9b3beaf989acb6..329dc12bddbfb6e8cffd9aa8a1ba3872e4a0cb37 100644 (file)
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -27,8 +27,6 @@
 
   DocumentRoot /srv/donate.openstreetmap.org
 
-  ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=/srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen"
-
   # Alias Dynamic Content to data folder to avoid serving dummy git content
   Alias /donors-eur.csv /srv/donate.openstreetmap.org/data/donors-eur.csv
   Alias /donors.csv /srv/donate.openstreetmap.org/data/donors.csv
@@ -41,7 +39,11 @@
   Redirect permanent /server2015 https://donate.openstreetmap.org/
 
   <Directory /srv/donate.openstreetmap.org>
-       Require all granted
+    Require all granted
+
+    <FilesMatch ".+\.ph(ar|p|tml)$">
+      SetHandler "proxy:unix:/run/php/donate.openstreetmap.org.sock|fcgi://127.0.0.1"
+    </FilesMatch>
   </Directory>
 
   <Directory /srv/donate.openstreetmap.org/scripts>
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.