/php5-fpm-apache2

Ansible Role to setup Apache2 and PHP5-FPM on Debian Stretch

BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

ansible role: php5-fpm and apache2 on debian stretch

configures php5-fpm + apache2 on a Debian Stretch

possible variables

user for fpm to run

php5_fpm: user: www-data group: www-data

listen user for fpm

listen_php_fpm: owner: www-data group: www-data

Log File to use for main fpm config

php_main_log: "/var/log/php5-fpm.log"

max fpm processes to start

max_process: "128"

log level. possible values notice, error, warning, debug, alert

log_level: "warning"

access and error logs for fpm

pool_access_log: "/var/log/www.php-access.log" pool_error_log: "/var/log/www-pool-php-fpm-error.log" pool_memory: "128M"

php and apache module to install

php_install_packages:

  • php-pear
  • php-mysql
  • php-redis
  • redis-server
  • imagemagick
  • php5.6-imagick
  • php5.6
  • php5.6-fpm
  • php5.6-cgi
  • php-memcache
  • php-memcached
  • memcached
  • libapache2-mod-rpaf
  • libapache2-mod-fcgid

dependencies for php repo

php_dep_install_packages:

  • apt-transport-https
  • lsb-release
  • ca-certificates

apache_enablerepo: ""

apache_listen_ip: "*" apache_listen_port: 80 apache_listen_port_ssl: 443

apache_create_vhosts: true apache_vhosts_filename: "vhosts.conf" apache_vhosts_template: "vhosts.conf.j2"

On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.

Set this to true to remove that default.

apache_remove_default_vhost: true

apache_global_vhost_settings: | DirectoryIndex index.php index.html vhost_documentroot: "/var/www/html" apache_vhosts:

Additional properties:

'serveradmin, serveralias, allow_override, options, extra_parameters'.

  • servername: "local.dev" serveralias: "www.local.dev" documentroot: "/var/www/html" rpaf: " \n RPAFenable On \n RemoteIPTrustedProxy 127.0.0.1 \n RemoteIPInternalProxy 127.0.0.1 \n RemoteIPHeader X-Forwarded-For \n \n \n RPAFenable On \n RPAFproxy_ips 127.0.0.1 \n RPAFheader X-Forwarded-For \n "

apache_allow_override: "All" apache_options: "-Indexes +FollowSymLinks"

apache_vhosts_ssl:

Additional properties:

'serveradmin, serveralias, allow_override, options, extra_parameters'.

- servername: "local.dev"
  serveralias: "www.local.dev"
  documentroot: "/var/www/html"
  certificate_file: "/home/cert-vMJggo"
  certificate_key_file: "/home/cert-T88wbH"
  certificate_ca_file: "/home/cert-vMJggo"

# Optional.

certificate_chain_file: "/path/to/certificate_chain.crt"

  rpaf: "<IfModule mod_remoteip.c> \n
        RPAFenable On \n
        RemoteIPTrustedProxy 127.0.0.1 \n
        RemoteIPInternalProxy 127.0.0.1 \n
        RemoteIPHeader X-Forwarded-For \n
       </IfModule> \n
       <IfModule rpaf_module> \n
         RPAFenable On \n
         RPAFproxy_ips 127.0.0.1 ::1 \n
         RPAFheader X-Forwarded-For \n
        </IfModule> \n"

apache_ignore_missing_ssl_certificate: false

apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"

Only used on Debian/Ubuntu.

apache_mods_enabled:

  • rewrite.load
  • ssl.load
  • rpaf.load
  • remoteip.load
  • proxy.load
  • proxy_fcgi.load
  • mpm_worker.load
  • fcgid.load
  • actions.load
  • alias.load
  • cgi.load apache_mods_disabled:
  • mpm_prefork.load
  • mpm_event.load

Set initial apache state. Recommended values: started or stopped

apache_state: started

Set apache state when configuration changes are made. Recommended values:

restarted or reloaded

apache_restart_state: restarted

Apache package state; use installed to make sure it's installed, or latest if

you want to upgrade or switch versions using a new repo.

apache_packages_state: installed