You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
239 lines
6.7 KiB
239 lines
6.7 KiB
---
|
|
# Variables listed here are applicable to all host groups
|
|
server_hostname: web01.redyhost.com
|
|
mysql_root_password: Ff!2KDSUOs10[tXR*M</_#mgvlJCkz5W
|
|
mysql_databases:
|
|
- name: drupal8db
|
|
encoding: utf8
|
|
collation: utf8_general_ci
|
|
mysql_users:
|
|
- name: drupal8user
|
|
host: "127.0.0.1"
|
|
password: "dcSEMWpH]O2P"
|
|
priv: "drupal8db.*:ALL"
|
|
- name: drupal8user
|
|
host: "localshot"
|
|
password: "dcSEMWpH]O2P"
|
|
priv: "drupal8db.*:ALL"
|
|
|
|
php_date_timezone: "Australia/Melbourne"
|
|
|
|
# Default user password for vmuser
|
|
default_user_username: "vmuser"
|
|
default_user_password: #uVOInGP&p<jfd}bkelLMEH!ZNRg$xiz
|
|
|
|
# Whether to enable BigPipe. Put Yes to enable.
|
|
nginx_bigpipe_enable: ""
|
|
|
|
# DO NOT MODIFY BELOW THIS LINE.
|
|
|
|
ansible_ssh_private_key_file: /home/redyhost/.ssh/id_rsa_provisioning
|
|
|
|
wp_version: 4.3
|
|
wp_sha256sum: 3b0db3abe8504f15a33cf64188a493ec0de01eaa8d20e37c3d6a1d9fa0a40fb4
|
|
|
|
# These are the WordPress database settings
|
|
wp_db_name: wordpress
|
|
wp_db_user: wordpress
|
|
wp_db_password: secret
|
|
|
|
# MySQL settings
|
|
mysql_root_password_update: yes
|
|
mysql_bind_address: '127.0.0.1'
|
|
mysql_slow_query_log_enabled: yes
|
|
mysql_slow_query_log_file: /var/log/mysql-slow.log
|
|
mysql_pid_file: /var/lib/mysql/mysql.pid
|
|
mysql_slow_query_time: 2
|
|
mysql_max_allowed_packet: "256M"
|
|
mysql_innodb_buffer_pool_size: "1G"
|
|
mysql_innodb_log_buffer_size: "1G"
|
|
mysql_innodb_log_file_size: "1G"
|
|
mysql_innodb_flush_log_at_trx_commit: "2"
|
|
mysql_innodb_file_per_table: 1
|
|
mysql_innodb_log_buffer_size: "16M"
|
|
|
|
# This is used for the nginx server configuration, but access to the
|
|
# WordPress site is not restricted by a named host.
|
|
nginx_port: 80
|
|
server_hostname: server.example.com
|
|
|
|
# Apache configuration behind Nginx reverse proxy.
|
|
apache_listen_ip: "127.0.0.1"
|
|
apache_listen_port: 82
|
|
apache_listen_port_ssl: 2443
|
|
apache_create_vhosts: true
|
|
apache_vhosts_filename: "vhosts.conf"
|
|
apache_remove_default_vhost: false
|
|
apache_state: started
|
|
apache_vhosts_version: "2.4"
|
|
apache_enable_event_mpm: true
|
|
apache_packages:
|
|
- mod_ssl
|
|
- mod_security
|
|
apache_mods_disabled:
|
|
- php
|
|
- php7
|
|
apache_vhosts_ssl: []
|
|
apache_vhosts:
|
|
- servername: "www.{{ server_hostname }}"
|
|
serveralias: "{{ server_hostname }}"
|
|
documentroot: "/var/www/html/{{ server_hostname }}"
|
|
extra_parameters: |
|
|
RewriteCond %{HTTP_HOST} !^www\. [NC]
|
|
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
|
ErrorLog "/var/log/httpd/{{ server_hostname }}_error.log"
|
|
ServerSignature Off
|
|
ProxyTimeout 600
|
|
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/{{ server_hostname }}/$1"
|
|
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
|
CustomLog "/var/log/httpd/{{ server_hostname }}_access.log" combined
|
|
<Proxy fcgi://localhost:9000>
|
|
ProxySet timeout=600
|
|
</Proxy>
|
|
<Directory "/var/www/html/{{ server_hostname }}">
|
|
Options Indexes FollowSymLinks
|
|
AllowOverride All
|
|
DirectoryIndex index.php
|
|
Require all granted
|
|
</Directory>
|
|
|
|
# Disable All Updates
|
|
# By default automatic updates are enabled, set this value to true to disable all automatic updates
|
|
auto_up_disable: false
|
|
|
|
#Define Core Update Level
|
|
# true = Development, minor, and major updates are all enabled
|
|
# false = Development, minor, and major updates are all disabled
|
|
# minor = Minor updates are enabled, development, and major updates are disabled
|
|
core_update_level: true
|
|
|
|
# Defines PHP values
|
|
php_enablerepo: "remi-php70"
|
|
|
|
# PHP-FPM configuration.
|
|
php_enable_php_fpm: true
|
|
php_fpm_pool_user: vmuser
|
|
php_fpm_pool_group: www-php
|
|
|
|
php_apc_shm_size: "128M"
|
|
php_post_max_size: "256M"
|
|
php_upload_max_filesize: "1024M"
|
|
php_max_input_vars: "4000"
|
|
|
|
# Interaction with which web server
|
|
php_webserver_daemon: "nginx"
|
|
|
|
php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE & ~E_WARNING"
|
|
|
|
php_packages:
|
|
- php
|
|
- php-cli
|
|
- php-common
|
|
- php-devel
|
|
- php-fpm
|
|
- php-gd
|
|
- php-imap
|
|
- php-ldap
|
|
- php-mbstring
|
|
- php-mcrypt
|
|
- php-memcached
|
|
- php-mysql
|
|
- php-opcache
|
|
- php-pdo
|
|
- php-pear
|
|
- php-pecl-apcu
|
|
- php-xml
|
|
- php-twig
|
|
- php-xmlrpc
|
|
- php-pecl-uploadprogress
|
|
|
|
# Drush
|
|
drush_keep_updated: yes
|
|
drush_force_update: yes
|
|
|
|
# Listing Vhost domains, required to create docroot directories.
|
|
vhost_domains:
|
|
first:
|
|
name: '{{ server_hostname }}'
|
|
|
|
# Nginx vhosts configuration
|
|
nginx_vhosts:
|
|
- listen: "{{ nginx_port }}"
|
|
server_name: "{{ server_hostname }} www.{{ server_hostname }}"
|
|
root: "/var/www/html/{{ server_hostname }}"
|
|
open_file_cache: "max=2000 inactive=120s"
|
|
open_file_cache_valid: "240s"
|
|
open_file_cache_min_uses: "5"
|
|
open_file_cache_errors: "off"
|
|
client_max_body_size: "5m"
|
|
client_body_timeout: "60"
|
|
index: "index.php index.html index.htm"
|
|
error_page: "403 =404"
|
|
access_log: "/var/log/nginx/{{ server_hostname }}_access.log"
|
|
error_log: "/var/log/nginx/{{ server_hostname }}_error.log"
|
|
extra_parameters: |
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
location / {
|
|
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
add_header X-Cache $upstream_cache_status;
|
|
add_header X-Loaded "/";
|
|
}
|
|
location ~ \.php$ {
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Host $host;
|
|
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
|
|
add_header X-Cache $upstream_cache_status;
|
|
add_header X-Loaded "php";
|
|
}
|
|
location = /backup {
|
|
deny all;
|
|
}
|
|
location ~* \.(txt|log)$ {
|
|
allow 127.0.0.1;
|
|
deny all;
|
|
}
|
|
location ~ \..*/.*\.php$ {
|
|
return 403;
|
|
}
|
|
location ~ ^/sites/.*/files/styles/ {
|
|
try_files $uri @rewrite;
|
|
}
|
|
location ~ ^/sites/default/files/ {
|
|
try_files $uri @rewrite;
|
|
}
|
|
location ~* \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css)(\?[a-zA-Z0-9\.\-_,])?$ {
|
|
expires max;
|
|
log_not_found off;
|
|
add_header Cache-Control "public";
|
|
add_header X-Cache $upstream_cache_status;
|
|
}
|
|
location ~ /\. {
|
|
access_log off;
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
location ~ ~$ {
|
|
access_log off;
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
location @rewrite {
|
|
# Some modules enforce no slash (/) at the end of the URL
|
|
# Else this rewrite block wouldn't be needed (GlobalRedirect)
|
|
rewrite ^/(.*)$ /index.php?q=$1 last;
|
|
}
|
|
|