majic-ansible-roles Changeset

Changeset - 40473a82c752

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 11 years ago 2015-05-11 22:02:29
branko@majic.rs

MAR-5: Updated the PHP website role to be a bit more flexible when configuring the nginx.

3 files changed with 42 insertions and 32 deletions:

docs/rolereference.rst

roles/php_website/defaults/main.yml

roles/php_website/templates/nginx_site.j2

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -956,19 +956,28 @@ Parameters @@
 **fqdn** (string, mandatory)
   Fully-qualified domain name where the website is reachable. This value is used
   for calculating the user/group name for dedicated website user, as well as
   home directory of the website user (where data/code should be stored at).
 **php_rewrite_url** (string, optional)
   If implementing some form of clean URL schema, this parameter can be used for
   defining how the clean URLs should be mapped onto actual PHP scripts. When
   specifying this parameter, one special variable is available - ``$suburi``
   (which is the URI requested by HTTP client, usually in clean URL form). This
   is in addition to any other variables provided out of the box by ``nginx``
   (like ``$args`` and such).
 **index** (string, optional)
   Space-separated list of files which should be treated as index files by the
   web server. The web server will attempt opening these index files, in
   succession, until the first match, or until it runs out of matches, when a
   client requests an URI pointing to directory. Default is ``index.php``.
 **php_file_regex** (string, optional)
   Regular expression used for determining which file should be interepted via
   PHP. Default is ``\.php$``.
 **php_rewrite_urls** (list, optional)
   A list of rewrite rules that are applied to incoming requests. These rewrite
   rules are specifically targetted at prettying-up the URLs used by the PHP
   scripts. Each element of the list should be a string value compatible with the
   format of ``nginx`` option ``rewrite``. The keyword ``rewrite`` itself should
   be omitted, as well as trailing semi-colon (``;``).
 **rewrites** (list, optional)
   A list of rewrite rules that are applied to incoming requests. Each element of
   the list should be a string value compatible with the format of ``nginx``
   option ``rewrite``. The keyword ``rewrite`` itself should be omitted, as well
   as trailing semi-colon (``;``).
     ---
     - role: php_website
       fqdn: cloud.example.com
       uid: 2001
       admin: admin
-      php_rewrite_url: /index.php
+      php_file_regex: \.php($|/)
       rewrites:
         - ^/\.well-known/host-meta /public.php?service=host-meta
         - ^/\.well-known/host-meta\.json /public.php?service=host-meta-json
         - ^/\.well-known/carddav /remote.php/carddav/ redirect
         - ^/\.well-known/caldav /remote.php/caldav/ redirect
         - ^/apps/calendar/caldav\.php /remote.php/caldav/

roles/php_website/defaults/main.yml

➞

Show inline comments

 ---
 deny_files_regex: []
 index: index.php
 packages: []
 php_rewrite_url: ""
 php_file_regex: \.php$
 php_rewrite_urls: []
 rewrites: []

roles/php_website/templates/nginx_site.j2

➞

Show inline comments

 server {
     # Base settings.
     listen 80;
     root {{ home }}/htdocs/;
     index index.php;
     index {{ index }};
     server_name {{ fqdn }};
-    # Site rewrites.
+    # Generic URL rewrites.
     {% for rewrite in rewrites -%}
     rewrite {{ rewrite }};
     {% endfor %}
     # Interpret PHP files via FastCGI.
     location ~ \.php($|/) {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
+    }
     # Deny access to all hidden files (this will prevent access to
     # .htaccess too).
     location ~ /\. {
         deny all;
+    }
     {% for regex in deny_files_regex -%}
     {% if deny_files_regex -%}
     # Deny access to user-specified files.
     {% for regex in deny_files_regex -%}
     location ~ {{ regex }} {
         deny all;
+    }
     {% endfor %}
     {% endif %}
     # Interpret PHP files via FastCGI.
     location ~ {{ php_file_regex }} {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
+    }
     {% if php_rewrite_url -%}
     # Serve the remaining files directly or rewrite request for PHP processing
     # (clean URLs).
     # Serve the files.
     location ~ /(.*) {
         set $suburi $1;
 	try_files $uri $uri/ {{ php_rewrite_url }};
 	try_files $uri $uri/{% if php_rewrite_urls %}@php_rewrite{% endif %};
+    }
     {% if php_rewrite_urls -%}
     # Apply URL rewrites.
     location @php_rewrite {
         {% for rewrite in php_rewrite_urls -%}
         rewrite {{ rewrite }};
         {% endfor %}
+    }
     {% endif %}
     access_log /var/log/nginx/{{ fqdn }}-access.log;
     error_log /var/log/nginx/{{ fqdn }}-error.log;
+}

0 comments (0 inline, 0 general)