From c9156c712b8e712139466e96fba4a00deb321198 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 13 Jul 2020 18:52:28 +0100 Subject: [PATCH] Switch remaining PHP sites to use FPM --- cookbooks/dmca/recipes/default.rb | 2 +- cookbooks/donate/recipes/default.rb | 2 +- cookbooks/donate/templates/default/apache.erb | 3 +-- cookbooks/wordpress/recipes/default.rb | 2 +- cookbooks/wordpress/templates/default/apache.erb | 14 ++++++++------ 5 files changed, 12 insertions(+), 11 deletions(-) diff --git a/cookbooks/dmca/recipes/default.rb b/cookbooks/dmca/recipes/default.rb index c0bd959a6..4190ef3cb 100644 --- a/cookbooks/dmca/recipes/default.rb +++ b/cookbooks/dmca/recipes/default.rb @@ -18,7 +18,7 @@ # include_recipe "apache" -include_recipe "php::apache" +include_recipe "php::apache-fpm" directory "/srv/dmca.openstreetmap.org" do owner "root" diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb index 1c36bfb1e..d67ad5b8c 100644 --- a/cookbooks/donate/recipes/default.rb +++ b/cookbooks/donate/recipes/default.rb @@ -21,7 +21,7 @@ include_recipe "accounts" include_recipe "apache" include_recipe "git" include_recipe "mysql" -include_recipe "php::apache" +include_recipe "php::apache-fpm" package %w[ php-cli diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb index 9404ad13a..4efae184e 100644 --- a/cookbooks/donate/templates/default/apache.erb +++ b/cookbooks/donate/templates/default/apache.erb @@ -27,8 +27,7 @@ DocumentRoot /srv/donate.openstreetmap.org - php_admin_value open_basedir /srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/ - php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" + ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=/srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen,proc_open" # Alias Dynamic Content to data folder to avoid serving dummy git content Alias /donors-eur.csv /srv/donate.openstreetmap.org/data/donors-eur.csv diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb index 800d3c600..df4500037 100644 --- a/cookbooks/wordpress/recipes/default.rb +++ b/cookbooks/wordpress/recipes/default.rb @@ -22,7 +22,7 @@ include_recipe "apache" include_recipe "fail2ban" include_recipe "git" include_recipe "mysql" -include_recipe "php::apache" +include_recipe "php::apache-fpm" package %w[ subversion diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index 34c25059d..ea2e20c0c 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -35,15 +35,15 @@ Alias <%= url %> <%= directory %> > AllowOverride None - php_admin_flag engine off Require all granted + + SetHandler None + <% end -%> - php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ - php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" - php_value upload_max_filesize 70M - php_value post_max_size 100M + ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=<%= @directory %>/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen,proc_open" + ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M" > RewriteEngine on @@ -71,7 +71,9 @@ /uploads> AllowOverride None AddType text/plain .html .htm .shtml - php_admin_flag engine off + + SetHandler None + -- 2.43.2