**index** (string, optional, ``index.php``)

  Space-separated list of files which should be treated as index files by the

  web server. The web server will attempt opening these index files, in

  succession, until the first match, or until it runs out of matches, when a

  client requests an URI pointing to directory.

  X.509 certificate used for TLS for HTTPS service. The file will be stored in

  directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.

  Private key used for TLS for HTTPS service. The file will be stored in

  directory ``/etc/ssl/private/`` under name ``{{ fqdn }}_https.key``.

**php_file_regex** (string, optional, ``\.php$``)

  Regular expression used for determining which file should be interepted via

  PHP.

      dependencies:

        # Ok, so this role helps us set-up Nginx virtual host for serving our

        # app.

        - role: php_website

          # Our virtual host will for PHP website will respond to this name.

          fqdn: tbg.example.com

          # Some additional packages are required in order to deploy and use TBG.

          packages:

            - php-gd

            - php-curl

            - php-mbstring

            - php-xml

enforce_https: true

index: index.php

packages: []

php_file_regex: \.php$

php_rewrite_urls: []

rewrites: []

additional_fpm_config: {}

website_mail_recipients: "root"

environment_indicator: null

# Internal parameters.

admin: "admin-{{ fqdn | replace('.', '_') }}"

      testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

    # web_server

    default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/php-website_https.cert.pem') }}"

    default_https_tls_key: "{{ lookup('file', 'tests/data/x509/php-website_https.key.pem') }}"

  roles:

    - role: php_website

      fqdn: parameters-mandatory

    - role: php_website

      additional_fpm_config:

        "env[PATH]": "\"/usr/local/bin:/usr/bin:/bin\""

        "security.limit_extensions": ".php .myphp"

      additional_nginx_config:

        tls_file = host.file('/etc/ssl/private/parameters-mandatory_https.key')

        assert tls_file.is_file

        assert tls_file.user == 'root'

        assert tls_file.group == 'root'

        assert tls_file.mode == 0o640

        tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem')

        assert tls_file.is_file

        assert tls_file.user == 'root'

        assert tls_file.group == 'root'

        assert tls_file.mode == 0o644

def test_certificate_validity_check_configuration(host):

    """

    Tests if certificate validity check configuration file has been deployed

    correctly.