**ldap_server_log_level** (string, optional, ``256``)

  Log level to use for the server. This should be compatible with OpenLDAP

  configuration option ``olcLogLevel``. See `OpenLDAP Administrator's Guide

  <http://www.openldap.org/doc/admin24/slapdconf2.html#cn=config>` for value

  description and syntax.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for LDAP service. The file will be copied to directory ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  LDAP service. The file will be copied to directory ``/etc/ssl/private/``.

**ldap_server_ssf** (number, optional, ``128``)

  Minimum *Security Strength Factor* to require from all incoming

  connections. This applies for both remote and local connections.

**xmpp_administrators** (list, mandatory)

  List of Prosody users that should be granted administrator privileges over

  Prosody. Each item is a string with value equal to XMPP user ID

  (i.e. ``john.doe@example.com``).

  Path to file on Ansible host that contains the private key used for TLS for

  XMPP service. The file will be copied to directory ``/etc/ssl/private/``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.

**xmpp_domains** (list, optional, ``ansible_facts[host]['domain']``)

  List of domains that are served by this Prosody instance. Each item is a

  string specifying a domain.

**mail_user_uid** (integer, optional, ``whatever OS picks``)

  UID of the user that owns all the mail files.

**mail_user_gid** (integer, optional, ``whatever OS picks``)

  GID of the user that owns all the mail files.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for IMAP and ManageSieve services. The file will be copied to directory

  ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  IMAP and ManageSieve services. The file will be copied to directory

  ``/etc/ssl/private/``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  SMTP service. The file will be copied to directory ``/etc/ssl/private/``.

**imap_folder_separator** (string, optional, ``/``)

  Character used for separating the IMAP folders when clients are requesting

  listing from the server. Usually either slash(``/``) or dot(``.``).

* Installs and configures PHP FPM as a common base for PHP apps.

Parameters

~~~~~~~~~~

  Path to file on Ansible host that contains the private key used for TLS for

  HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.

**web_default_title** (string, optional, ``Welcome``)

  Title for the default web page shown to users (if no other vhosts were matched).

* nginx communicates with PHP FPM over a dedicated Unix socket for each website.

Parameters

~~~~~~~~~~

  Name of the operating system user in charge of maintaining the website. This

  stored within the website directory.

**deny_files_regex** (list, optional)

  List of regular expressions for matching files/locations to which the web

  server should deny access. This is useful to block access to any sensitive

  files that should not be served directly by the web server. The format must be

**index** (string, optional)

  Space-separated list of files which should be treated as index files by the

  web server. The web server will attempt opening these index files, in

  succession, until the first match, or until it runs out of matches, when a

  client requests an URI pointing to directory. Default is ``index.php``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.

**php_file_regex** (string, optional)

  Regular expression used for determining which file should be interepted via

  PHP. Default is ``\.php$``.

  as trailing semi-colon (``;``).

**packages** (list, optional)

  A list of additional packages to install for this particular PHP

  appliction. This is usually going to be different PHP extensions.

  UID/GID (they are set-up to be the same) of the dedicated website

  user/group.

Examples

~~~~~~~~

deny_files_regex: []

index: index.php

packages: []

php_file_regex: \.php$

php_rewrite_urls: []

rewrites: []

- set_fact:

    user: "web-{{ fqdn | replace('.', '_') }}"

    home: "/var/www/{{ fqdn }}"

- name: Create PHP website group

- name: Create home directory for the user (avoid populating with skeleton)

  file: path="{{ home }}" state=directory

        owner="{{ admin }}" group="{{ user }}" mode=2750

- name: Create PHP website user

        system=yes createhome=no state=present

- name: Add nginx user to website group

  user: name="www-data" groups="{{ user }}" append="yes"

  notify:

    - Restart nginx

---

web_default_title: "Welcome"

web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."