Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/php_website/templates/fpm_site.conf.j2 - annotation
8d272d91d3d2
801 B
text/plain
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 a99958de73d9 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 7727c37bce67 4dc3b09894e9 150ae0c46506 4dc3b09894e9 4dc3b09894e9 | ; Start a new named pool.
[{{ fqdn }}]
; Set the user and group that should execute the scripts.
user = {{ user }}
group = {{ user }}
; Listen on a dedicated UNIX socket.
listen = /run/php/{{ fqdn }}.sock
; Set-up UNIX socket permissions (allow web server to connect).
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
; Configure how processes are managed and how many are launched.
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
; Chdir to this directory at the start.
chdir = /
; Redirect worker stdout/stder into main error log. This will also allow Nginx
; to log errors in site-specific log file.
catch_workers_output = yes
{% for var, val in additional_fpm_config | dictsort %}
{{ var }} = {{ val }}
{% endfor %}
|