**New features/improvements**

* ``php_website`` role

  * Environment indicator can now be collapsed by clicking on the

    arrows on the left side.

* ``mail_server`` role

  * Protection against forging of sender addresses has been

    implemented, preventing logged-in users from using arbitrary

    sender mail addresses, even if authenticated. Authenticated users

**index** (string, optional, ``index.php``)

  Space-separated list of files which should be treated as index files by the

  web server. The web server will attempt opening these index files, in

  succession, until the first match, or until it runs out of matches, when a

  client requests an URI pointing to directory.

**https_tls_certificate** (string, mandatory)

  X.509 certificate used for TLS for HTTPS service. The file will be stored in

  directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.

**https_tls_key** (string, optional, mandatory)

  Private key used for TLS for HTTPS service. The file will be stored in

  does not have a dedicated group, and instead belongs to same group

  as the application user.

* PHP applications are executed via FastCGI, using *PHP-FPM*.

* If you ever need to set some additional PHP FPM settings, this can

  easily be done via the ``additional_fpm_config`` role

  parameter. This particular example does not set any, though.

* Mails delivered to local admin/application users are forwarded to

  ``root`` account (configurable via ``website_mail_recipients`` role

  parameter.

* If you ever find yourself mixing-up test and production websites,

  have a look at ``environment_indicator`` role parameter. It lets you

  insert small strip with environment information at bottom of each

php_file_regex: \.php$

php_rewrite_urls: []

rewrites: []

additional_fpm_config: {}

website_mail_recipients: "root"

environment_indicator: null

# Internal parameters.

php_fpm_service_name_per_release:

  bullseye: "php7.4-fpm"

  bookworm: "php8.2-fpm"

      https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.cert.pem') }}"

      https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.key.pem') }}"

      php_file_regex: "\\.myphp$"

      php_rewrite_urls:

        - ^/rewrite1/(.*)$ /rewrite.myphp?url=$1 last

        - ^/rewrite2/(.*)$ /rewrite.myphp?url=$1 last

      rewrites:

        - '^/rewrite_to_index1/(.*) /myindex.php last'

        - '^/rewrite_to_index2/(.*) /myindex.php last'

      packages:

        - "php-ldap"

        - "php-json"

        - myindex.myphp

        - path.myphp

        - secretfile.txt

        - info.myphp

        - 404.myphp

        - rewrite.myphp

    assert page.stdout == open("tests/data/php/optional/myindex.php").read().rstrip()

    page = host.run('curl https://parameters-optional.local/rewrite_to_index2/some/path')

    assert page.rc == 0

    assert page.stdout == open("tests/data/php/optional/myindex.php").read().rstrip()

    {% endif %}

    # Interpret PHP files via FastCGI.

    location ~ {{ php_file_regex }} {

        include snippets/fastcgi-php.conf;

        fastcgi_pass unix:/run/php/{{ fqdn }}.sock;

    }

    # Serve the files.

    location ~ /(.+) {

	try_files $uri $uri/{% if php_rewrite_urls %} @php_rewrite{% else %} =404{% endif %};

    }